Upgrade Microsoft.Identity.Client package reference #7
Conversation
|
changes looks good. please enable MSAL logging, this will help us with troubleshooting any issues you may see. |
Thanks @gladjohn - we plan to enable MSAL logging in an upcoming release once StackExchange.Redis itself supports a logging story |
| @@ -41,7 +41,7 @@ public static async Task<ConfigurationOptions> ConfigureForAzureWithSystemAssign | |||
| /// Throws on failure by default (configurable in the <see cref="ConfigureForAzureAsync"/> method). | |||
| /// </summary> | |||
| /// <param name="configurationOptions">The configuration to update.</param> | |||
| /// <param name="clientId">Client ID of the user-assigned managed identity.</param> | |||
| /// <param name="clientId">Client ID or resource ID of the user-assigned managed identity.</param> | |||
| /// <param name="principalId">Principal (object) ID of the user-assigned managed identity.</param> | |||
There was a problem hiding this comment.
MSAL does not support principalId for Managed Identity. Is this something you want us to support?
There was a problem hiding this comment.
@samsaha-ms can you comment on this? We pass the MI's object/principal ID as the username for the Redis connection, so I believe we use it in some capacity while validating tokens on the server side
There was a problem hiding this comment.
Yes, this is something related to what our extension does to interact with Redis, not related to MSAL.
It does two things 1. Acquire token from MSAL 2. Send AUTH request to Redis with principal-id and token to comply with redis command format "auth username password" and we validate this pair in server side.
We could actually make this field optional here, we could parse the acquired token and get the oid field in token and use that value while sending to redis. We can choose it do later after giving some thought as it might add client side overhead of parsing token.
Fix #6, #15, #18, #34