Skip to content

Fix Instance/Tenant Parsing for V2 Authority #2954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 31, 2024
Merged

Fix Instance/Tenant Parsing for V2 Authority #2954

merged 6 commits into from
Jul 31, 2024

Conversation

jackj-msft
Copy link
Contributor

Fix Instance/Tenant Parsing for V2 Authority

  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Summary of the changes (Less than 80 chars)
Fix the tenant parsing in MergedOptions for V2 authority endpoints.

Description

Currently ParseAuthorityIfNecessary assumes the authority to be formatted as {Instance}/{Tenant}.
With the introduction of v2.0 authority endpoints, this breaks the parsing of the authority.
i.e. given the authority of https://testinstance/tenant123/v2.0
The existing method will return the following:

Instance = https://testinstance/tenant123
TenantId = v2.0

What we expect is the following:

Instance = https://testinstance
TenantId = tenant123

Assumptions made:

  • All authority endpoints starts with https:// (or a prefix longer than 8 characters)
  • The authority is of the format {Instance}/{Tenant}/{Version} with the version being optional

@jackj-msft jackj-msft requested a review from a team as a code owner July 26, 2024 07:23
abatishchev
abatishchev reviewed Jul 26, 2024
View reviewed changes
@jackj-msft jackj-msft requested a review from abatishchev July 27, 2024 07:19
jmprieur
jmprieur approved these changes Jul 30, 2024
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks @jackj-msft

Do you have repro steps for that bug (end to end repro steps)?

@jennyf19
Copy link
Collaborator

@jackj-msft is there a specific version which is having the issue?

@jackj-msft
Copy link
Contributor Author

LGTM Thanks @jackj-msft

Do you have repro steps for that bug (end to end repro steps)?

If you specify any outbound policy that uses an AppToken AND a v2 authority endpoint (either inferred by MISE or specified)
Getting the client token will fail
This is all outlined in the bug in ADO (bug 2986056)

@jackj-msft is there a specific version which is having the issue?

I've been using the latest 1.27 of the Microsoft.Identity.ServiceEssentials.AspNetCore metapackage.
The dependent Microsoft.Identity.Web package is version 2.20

@pmaytak pmaytak added this to the 3.1.0 milestone Jul 31, 2024
@sruke sruke merged commit 0fdfc96 into AzureAD:master Jul 31, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmprieur jmprieur jmprieur approved these changes

@sruke sruke sruke approved these changes

@abatishchev abatishchev Awaiting requested review from abatishchev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.
6 participants
@jackj-msft @jennyf19 @abatishchev @jmprieur @sruke @pmaytak