Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Windows broker (WAM) #323

Merged
merged 6 commits into from
Apr 19, 2021
Merged

Add support for Windows broker (WAM) #323

merged 6 commits into from
Apr 19, 2021

Conversation

mjcheetham
Copy link
Collaborator

@mjcheetham mjcheetham commented Apr 9, 2021
edited
Loading

Add support for broker-assisted authentication on Windows using "WAM" (Web Authentication Manager) as provided by the MSAL.Desktop library.

The GCM_MSAUTH_USEBROKER environment variable or the credential.msauthUseBroker configuration option will control if WAM is enabled or not. By default WAM is enabled.

This ended up being simpler then I expected. Looks like the VS AAD app registration has now been updated to have the required WAM redirect URI which was previously a technical blocker.

Fixes #211

Update: WAM is now default disabled due to concerns about the maturity of the UX and technology. cc: @bgavrilMS

@mjcheetham
msauth: add support for Windows broker (WAM)
c81bd22 
Add support for broker-assisted authentication on Windows using "WAM"
(Web Authentication Manager) as provided by the MSAL.Desktop library.

The GCM_MSAUTH_USEBROKER environment variable or the
credential.msauthUseBroker configuration option will control if WAM is
enabled or not. By default WAM _is_ enabled.
dscho
dscho approved these changes Apr 9, 2021
View reviewed changes
Copy link
Collaborator

@dscho dscho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to be worried about these warnings (StorageCreationPropertiesBuilder() being obsolete)?

docs/configuration.md Outdated Show resolved Hide resolved
docs/environment.md Outdated Show resolved Hide resolved
docs/environment.md Show resolved Hide resolved
src/shared/Microsoft.Git.CredentialManager/Authentication/MicrosoftAuthentication.cs Show resolved Hide resolved
src/shared/Microsoft.Git.CredentialManager/Authentication/MicrosoftAuthentication.cs Show resolved Hide resolved
src/shared/Microsoft.Git.CredentialManager/Authentication/MicrosoftAuthentication.cs Show resolved Hide resolved
src/shared/Microsoft.Git.CredentialManager/PlatformUtils.cs Outdated Show resolved Hide resolved
@mjcheetham
msauth: reorder CanUseBroker logic
ef2305e 
Reorder the CanUseBroker logic to be easier to grok.
vtbassmatt
vtbassmatt approved these changes Apr 9, 2021
View reviewed changes
docs/configuration.md Outdated Show resolved Hide resolved
docs/configuration.md Outdated Show resolved Hide resolved
docs/environment.md Outdated Show resolved Hide resolved
@mjcheetham
docs: improve GCM_MSAUTH_FLOW wording
fa282a1 
Improve the wording around which settings and values cause the auth-flow
setting to be ignored. Grammer iz hard.
@mjcheetham
msauth: fix typo
a8f9e0a
@mjcheetham
msauth: drop deprecated TokenCache storage props ctor
c882674 
Remove the usage of a now deprecated constructor for the shared token
cache storage properties. This constructor took the client ID which was
only used to eventing; GCM doesn't use this.
@mjcheetham
msauth: default to NOT use WAM/broker
550ebe5
@git-ecosystem git-ecosystem deleted a comment from APACGAMONDE Apr 12, 2021
@mjcheetham
Copy link
Collaborator Author

Do we need to be worried about these warnings (StorageCreationPropertiesBuilder() being obsolete)?

@dscho I've removed the warnings by dropping that extra (not needed) argument from the constructor in question.
We updated the dependency and in the new version, that API is marked obsolete.

@mjcheetham mjcheetham merged commit 0ea7f4f into git-ecosystem:master Apr 19, 2021
@mjcheetham mjcheetham deleted the wam branch April 19, 2021 13:53
@mjcheetham mjcheetham mentioned this pull request May 6, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dscho dscho dscho approved these changes

@derrickstolee derrickstolee derrickstolee approved these changes

@vtbassmatt vtbassmatt vtbassmatt approved these changes

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@jeffhostetler jeffhostetler Awaiting requested review from jeffhostetler

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support FIDO and features like Windows Hello
5 participants
@mjcheetham @dscho @derrickstolee @vtbassmatt @bgavrilMS