New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Identity] [localhost to cloud proposal] @azure/identity-spa #21028
Conversation
This pull request is protected by Check Enforcer. What is Check Enforcer?Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass. Why am I getting this message?You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged. What should I do now?If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows: What if I am onboarding a new service?Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment: |
const pageLoadResult = await credential.onPageLoad(); | ||
if (pageLoadResult) { | ||
state = JSON.parse(pageLoadResult.state); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
State and pageLoadResult need to move up.
// A browser application can keep track of its own state and resume after authenticating. | ||
let state = { | ||
application: "state" | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
State might not be useful in popup mode.
// Interactive authentication will happen via a popup window that will appear when the authenticate() method is called. | ||
await credential.authenticate(scopes, { | ||
// The authenticate() method supports sending the browser application state. | ||
state: JSON.stringify(state) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
State might not be useful in popup mode.
code: hash.get("code") || undefined, | ||
state: hash.get("state") || undefined, | ||
}; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn’t useful for the PopupCredential, but it is useful for the RedirectCredential.
*/ | ||
async authenticate( | ||
scopes: string | string[], | ||
options: GetTokenOptions = {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Options here should include a state
property.
): Promise<AuthenticationRecord | undefined> { | ||
return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => { | ||
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes]; | ||
await this.msalFlow.getToken(arrayScopes, newOptions); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The MSAL flow should pass the state
property to MSAL.
5fd06a7
to
622423a
Compare
sdk/identity/identity-spa/README.md
Outdated
|
||
// On page load, developers can retrieve the state of the previous authentication. | ||
const pageLoadResult = await credential.onPageLoad(); | ||
if (pageLoadResult) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (pageLoadResult) { | |
if (pageLoadResult.state) { |
if (pageLoadResult) { | |
if (pageLoadResult) { |
API change check for API changes have been detected in API changes + readonly scopes?: string[]; |
…re-sdk-for-js into identity/spa-plugin
@@ -321,6 +321,7 @@ export interface SerializerOptions { | |||
export class ServiceClient { | |||
constructor(options?: ServiceClientOptions); | |||
readonly pipeline: Pipeline; | |||
readonly scopes?: string[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The authenticate method requires user to pass in the scope
- this is a way for the user to retrieve the
scope
from the client.
|
||
// @public | ||
export interface SPACredentialOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions { | ||
clientId?: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CredentialPersistenceOptions not needed, since the persistence is already done by the MSAL browser
Hi @sadasant. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days. |
Please leave this PR open. Don't close Pleaseee |
Hi @sadasant. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days. |
Hi @sadasant. Thank you for your contribution. Since there hasn't been recent engagement, we're going to close this out. Feel free to respond with a comment containing "/reopen" if you'd like to continue working on these changes. Please be sure to use the command to reopen or remove the "no-recent-activity" label; otherwise, this is likely to be closed again with the next cleanup pass. |
This package is a WORK IN PROGRESS.
This PR introduces two credentials:
RedirectCredential
andPopupCredential
through a new package,@azure/identity-spa
. This effort aims to simplify the development of web backend applications, from localhost to the Azure cloud.Before I make the actual proposal, I’ll use this draft PR to ask for feedback, and to build the package for the Playwright-based champion scenarios that I’m making.
Fixes #21050
If you want to try out how the new design looks in comparison to the old design, I’m working on mocked tests here: