legacy flag does not work from version v0.0.30 when the login method is spn #331
Comments
|
hmm. i think that is not supported in the new sdk (azidentity) that we migrated in v0.0.30. Are you managing your own k8s AAD configuration? would it be possible to migrate the server side? |
|
Changing the server side will require api restart and we are seeing if we can avoid that This is failing only for serviceprincipal flow, the deviceToken flow is still working as expected |
|
are you okay to stay on v0.0.29 and work on your backend migration? I want to avoid reverting that change for an outdated sdk |
|
Any reason why is the device code flow not switched to azidentity, it is still using adal library - https://github.com/Azure/kubelogin/blob/master/pkg/token/devicecode.go I am not asking you to revert it, but can we use legacy flag to decide to use azidentity or adal for getting the token ? |
|
i might migrate devicelogin to azidentity when i have free resources :) your proposal is fine, but it still requires us to have outdated adal sdk. |
It's worse than that actually, it requires control plane rebuild and takes 30 minutes, so it's not an option |
|
i will see if I can bring back the old code when --legacy is enabled next week |
How to reproduce it
kubelogin get-token --tenant-id <> --server-id <> --client-id <> --client-secret <> --login spn --legacy
Expected outcome:
token with audience field has "spn:" prefix
It works fine on version v0.0.29 and lower
The text was updated successfully, but these errors were encountered: