-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Azure resource with multiple managed identities #4791
Comments
Hi Chris, we will have this functionality in the next release of AppAuth that we are working on releasing now. We will also update our existing samples that will show how to use this new functionality shortly after. |
Hi Chris, we have released AppAuth 1.2.0-preview, which contains the support for user-assigned identities. You can find the new release here. As for how to use multiple managed identities, we have published minor updates for the following AppAuth VM samples that include instructions for how to specific a managed identity: Let us know if you have any feedback, thanks! |
Hello, |
Hi @gilknyaz, what connection string did you use? |
Initially I just tried "AppId=" + clientID, but got an error about missing RunAs. I inspected the code of AzureServiceTokenProviderFactory, and I see that TenantID isn't actually used for this flow, so I can really place anything I want there. |
Ok, this looks like a bug. Tenant id is not required for user assigned MSI. We will get it fixed soon. Thanks for reporting! |
Tenant Id is not required anymore, as of preview2. @shahabhijeet , can you please close this issue? Thanks! |
Closing, this is done. |
When the AppAuthentication library requests a token using the Azure Instance Metadata Service (IMDS) endpoint, it currently does not specify any values for the optional object_id or client_id query string parameters. In order for applications to request a token on a VM with multiple user-assigned managed identities, exactly one of those two parameters needs to be specified. It would be great for the AppAuthentication library to provide a way for applications to specify:
The text was updated successfully, but these errors were encountered: