Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate access token for a Managed identity #548

Closed
pievalentin opened this issue Apr 5, 2023 · 4 comments · Fixed by #480
Closed

Generate access token for a Managed identity #548

pievalentin opened this issue Apr 5, 2023 · 4 comments · Fixed by #480
Labels
invalid

Comments

@pievalentin
Copy link

pievalentin commented Apr 5, 2023
edited
Loading

Bug description

I am an Azure costumer. I can't use MSAL to generate an access token for the scope of my app reg using my managed identity.

I have this setup:

  • I deployed an Azure function app that is validating access token of an Application registration. It checks that the Client has the correct role.
  • I have a compute instance that is assigned a Managed identity. I want to send a HTTP request to my azure function with an access token generated for my Managed Identity.

It might be related to #58

To Reproduce

  1. Create an app reg with a custom role
  2. Create a managed identity
  3. Assign the custom role to the managed identity
  4. Create a compute instance and assigned it the managed identity
  5. In the compute instance run:
from azure.identity import ManagedIdentityCredential
cred = ManagedIdentityCredential(client_id="<managed-identity-client-id>")
token = cred.get_token("api://<app-reg-client-id>/.default")

The code will run indefinitely

Expected behavior
After running token = cred.get_token("api://<app-reg-client-id>/.default") the token should be generated

What you see instead
image
Code is still running and no token is generated.

The MSAL Python version you are using
1.21.0
@rayluo rayluo added the invalid label Apr 5, 2023
@rayluo
Copy link
Collaborator

rayluo commented Apr 5, 2023

Hi @pievalentin , your code snippet is using a different library, Azure SDK for Python, so, you would want to create a similar github issue there.

This repo here is about Microsoft Authentication Library (MSAL) for Python. MSAL Python is currently implementing Managed Identity feature. If you are interested in trying out the bleeding edge, you can follow the instruction in #480 to try it out.

@pievalentin
Copy link
Author

Oh my bad. Thanks a lot for the kind and fast help @rayluo. Will try what you suggested on my company laptop tomorrow morning!

@pievalentin
Copy link
Author

My azureml environment is very restricted (SSL inspection), I have some trouble installing your draft PR. I am still working on it.

@rayluo rayluo mentioned this issue Jul 2, 2023
Merged
@bgavrilMS
Copy link
Member

@rayluo - is this PR not merged? I though MSAL Py supports MI now. Can you please post a link to the sample and docs?

@bgavrilMS bgavrilMS closed this as not planned Won't fix, can't repro, duplicate, stale Sep 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Projects
None yet
Milestone
No milestone
3 participants
@rayluo @bgavrilMS @pievalentin