Add Claims and Capability Support to Managed Identity Flows #3350
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gladjohn
commented
May 1, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.ManagedIdentity.cs
Show resolved
Hide resolved
gladjohn
force-pushed
the
gladjohn/puremsi_idweb_tr
branch
from
544e885 to
797a382
Compare
gladjohn
commented
May 1, 2025
bgavrilMS
reviewed
May 1, 2025
src/Microsoft.Identity.Web.TokenAcquisition/ManagedIdentityTestHooks.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
reviewed
May 1, 2025
bgavrilMS
reviewed
May 1, 2025
jmprieur
requested changes
May 1, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactoryTesting.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
approved these changes
May 1, 2025
gladjohn
changed the title
gladjohn
force-pushed
the
gladjohn/puremsi_idweb_tr
branch
from
69c1e47 to
8478dd3
Compare
bgavrilMS
reviewed
May 9, 2025
bgavrilMS
reviewed
May 9, 2025
bgavrilMS
reviewed
May 9, 2025
bgavrilMS
reviewed
May 9, 2025
bgavrilMS
reviewed
May 9, 2025
bgavrilMS
approved these changes
May 9, 2025
bgavrilMS
reviewed
May 9, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerTestHooks.cs
Outdated
Show resolved
Hide resolved
@jmprieur this enables us to inject HttpClient into ManagedIdentityApplication, but now this uses DI for the mocks. |
gladjohn
force-pushed
the
gladjohn/puremsi_idweb_tr
branch
2 times, most recently
from
f2795da to
4f5cd8d
Compare
bgavrilMS
reviewed
May 21, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
reviewed
May 21, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.ManagedIdentity.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
reviewed
May 21, 2025
src/Microsoft.Identity.Web.TokenAcquisition/IManagedIdentityHttpClientFactory.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
approved these changes
May 22, 2025
gladjohn
force-pushed
the
gladjohn/puremsi_idweb_tr
branch
from
19bab4b to
ef579b2
Compare
jmprieur
approved these changes
Jun 3, 2025
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactoryTesting.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerTestHooks.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerTestHooks.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.Identity.Web.TokenAcquisition/IManagedIdentityTestHttpClientFactory.cs
Outdated
Show resolved
Hide resolved
|
Thanks @jmprieur @bgavrilMS @jennyf19, just needs one re-approval |
bgavrilMS
approved these changes
Jun 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Claims and Capability Support to Managed Identity Flows
Summary of the changes (copilot generated)
This pull request introduces several updates to the
Microsoft.Identity.Weblibrary, focusing on enabling Continuous Access Evaluation (CAE) for Managed Identity, adding a new test-only interface for custom HTTP client factories, and enhancing token acquisition functionality. Additionally, it includes updates to the solution file and adds a new test application. Below is a summary of the most important changes:Continuous Access Evaluation (CAE) for Managed Identity
cp1client capability in Managed Identity applications. This includes automatic handling of 401 responses with claims challenges, bypassing the token cache, and retrying the request with a fresh token. [1] [2] [3]docs/design/managed_identity_capabilities_devex.md.New Test-Only Interface for Custom HTTP Client Factories
IManagedIdentityTestHttpClientFactory, an internal interface to allow unit tests to provide customIMsalHttpClientFactoryimplementations.Enhancements to Token Acquisition
TokenAcquisitionclass to support client capabilities and claims challenges during token acquisition for Managed Identity. [1] [2] [3]_miHttpFactoryto inject custom HTTP client factories into Managed Identity applications. [1] [2]Solution File Updates
daemon-app-msi, to the solution file (Microsoft.Identity.Web.sln). This includes updates to the project list, build configurations, and project dependencies. [1] [2] [3]New Test Application
daemon-app-msi, to demonstrate token acquisition for Managed Identity and interaction with a downstream API (e.g., Azure Key Vault).Detail
Fixes #2759650
Fixes #3370