Build AuthenticationRecords from ADFS identity tokens #13341
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chlowell
added
Client
xiangyan99
reviewed
Aug 28, 2020
xiangyan99
previously approved these changes
Aug 28, 2020
mccoyp
reviewed
Aug 31, 2020
| sub="subject", | ||
| aud="client-id", | ||
| username="username", | ||
| tenant_id="tenant-id", |
There was a problem hiding this comment.
Is there a reason the tenant_id here is "tenant-id" but tenant_id is "tenant" in build_id_token()?
There was a problem hiding this comment.
Not a conscious one. I typically slug fake IDs because real ones are GUIDs and I can imagine something in the stack choking on a space. That's probably why past me dropped the " id" above. Can't say why he didn't slug it instead or do similar to "object id".
While thinking about this, I realized these fake tokens shouldn't contain a tenant ID (or an object ID) at all because real ones never do. So I made some changes here to improve consistency and accuracy. Thanks for the scrutiny!
mccoyp
approved these changes
Sep 1, 2020
iscai-msft
added a commit
to iscai-msft/azure-sdk-for-python
that referenced
this pull request
Sep 2, 2020
…into link_om_sample * 'master' of https://github.com/Azure/azure-sdk-for-python: (23 commits) Int32 serialization (Azure#13452) add output to opinion mining sample (Azure#13494) Add Document w/ Eng Sys Checks (Azure#13492) update version (Azure#13495) Remove resources post test (Azure#13379) bing_id -> bing_entity_search_api_id (Azure#13491) [EventGrid] Read me + improve docstrings (Azure#13484) Build AuthenticationRecords from ADFS identity tokens (Azure#13341) Support Subject Name/Issuer authentication (Azure#13350) Add KeyVaultAccessControlClient for data plane RBAC (Azure#13372) [text analytics] Add redacted_text (Azure#13449) add python sdk sample (Azure#13338) [text analytics] add versionadded sphinx documentation (Azure#13450) [text analytics] add bing_id property to LinkedEntity class (Azure#13446) fix typing for paging methods (Azure#13410) [text analytics] add domain_filter param (Azure#13451) fix issue Azure#11658 for is_valid_resource_id (Azure#11709) added create_table_if_not_exists method to table service client (Azure#13385) [ServiceBus] Test and failure improvements (Azure#13345) Proper encoding and decoding of source URLs - Fixes special characters in source URL issue (Azure#13275) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ADFS identity tokens have different claims than do AAD identity tokens. This change ensures credentials can build a correct
AuthenticationRecordfrom either authority's tokens.