Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support authnscheme in AcquireTokenByUsernamePassword flow #472

Merged
merged 4 commits into from
Feb 16, 2024
Merged

Support authnscheme in AcquireTokenByUsernamePassword flow #472

merged 4 commits into from
Feb 16, 2024

Conversation

rharpavat
Copy link

@rharpavat rharpavat commented Jan 26, 2024
edited
Loading

What is the change?

Adds support for authnScheme in AcquireTokenByUsernamePassword flow.

Currently, automated testing for AzRBAC and PoP token flow relies on SPN login, which uses the msal confidential client. However, most customers will be using the interactive login flow which uses msal's public client. In order to enable better testing of the customer scenario, this change enables PoP token support for username/password flow so that automated testing can be conducted for the public client.

How was the change tested?

Vendored this commit on msal into my local branch of kubelogin. Was able to successfully build kubelogin and get a PoP token using ropc (username/password flow):

./kubelogin get-token -l ropc --client-id <clientid> --server-id <serverid> --tenant-id <msft-tenant-id> --username [email protected] --password <redacted> --pop-enabled --pop-claims "u=/subscriptions/91d1cf86-13c9-4318-b47a-e536e3533061/resourceGroups/rharpavat-test/providers/Microsoft.Kubernetes/connectedClusters/e2et1"

Outputted token is in correct format:

{
  "typ": "pop",
  "alg": "RS256",
  "kid": "<kid>"
}.{
  "at": "<redacted>",
  "ts": 1707327222,
  "u": "/subscriptions/91d1cf86-13c9-4318-b47a-e536e3533061/resourceGroups/rharpavat-test/providers/Microsoft.Kubernetes/connectedClusters/e2et1",
  "cnf": {
    "jwk": {
      "e": "AQAB",
      "kty": "RSA",
      "n": "<n>",
      "alg": "RS256",
      "kid": "<kid>"
    }
  },
  "nonce": "014adc9d8a974430b6f5200e6801026f"
}.[Signature]

@julienstroheker julienstroheker added the enhancement New feature or request label Feb 14, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@julienstroheker julienstroheker added enhancement New feature or request and removed enhancement New feature or request labels Feb 14, 2024
@bgavrilMS
Copy link
Member

I'm working on fixing the build. Hope to get this in this week.

@bgavrilMS bgavrilMS merged commit 728b089 into AzureAD:main Feb 16, 2024
3 of 5 checks passed
@rharpavat rharpavat mentioned this pull request Feb 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@julienstroheker julienstroheker julienstroheker approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rharpavat @bgavrilMS @julienstroheker