-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MSAL Migration] device code flow is not supported in Managed Device in Conditional Access #62
Comments
pending on token cache feature in Azure/azure-sdk-for-go#6602 |
adapter between ADAL and AzIdentity |
The device code flow is much less convenient than interactive browser, so please migrate. Additionally, ADAL has been deprecated and will no longer receive security updates:
|
Hi @aelij, yes, completely agree with you. I'm ramping up a new hire on this project. Hopefully we can tackle it soon. Though, I'm curious to learn what "inconvenience" you are referring to? |
The fact that you have to copy the device code, open the browser, paste it and login, rather than having the browser simply open :) |
Any update on the progress to migrate kubelogin to MSAL? Would changing to MSAL result in the access_token be included in the _claim_sources member when a distrubted claim is returned? We can't use kubelogin with anything other than AKS due to this limitation when users have more than 200 groups. |
closing this issue as web interactive login mode is compatible with conditional access policy |
@weinong I think you should keep this open until ADAL is fully removed from the repo (or track in a different issue). The library was deprecated a while ago and presents a security risk. |
The limitation is documented here.
The fix is to adopt auth code grant flow
Sample code: https://github.com/Azure/azure-sdk-for-go/blob/master/sdk/azidentity/interactive_browser_credential.go
The text was updated successfully, but these errors were encountered: