search

Azure / azure-sdk-for-cpp

This repository is for active development of the Azure SDK for C++. For consumers of the SDK we recommend visiting our versioned developer docs at https://azure.github.io/azure-sdk-for-cpp.
MIT License
174 stars 124 forks source link

Support of AuthFlow without client secret #5050

Open ganapathysuresh opened 10 months ago

ganapathysuresh commented 10 months ago

Is your feature request related to a problem? Please describe. Azure Identity support ClientSecretCredential which is used to get token by supplying client secret. This is good for a confidential client. But for public client, we need to support the method of getting token without supplying the client secret

Describe the solution you'd like A new class derived from TokenCredential should be implemented which needs only Tenant id, client id and redirection url and the public client flow will be implemented in this new class , say PublicClientCredential

Describe alternatives you've considered This is only method inline with other TokenCredentials. So alternative considered as that will violate existing TokenCredentails

Additional context We need to attempt C# equivalent of PublicClientConfigurationBuilder. Also we may attempt to optionally support .NET feature of "withBroker" feature to support SSO

Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

ahsonkhan commented 10 months ago

@sureshganapathylgri Thanks for reaching out. I want to understand your use case a bit better. Can you provide more details on what you are trying to accomplish here (what you were doing in C# which now you want to do in C++)? For example, which Azure C++ SDK library and service are you trying to use with a public credential?

Also, PublicClientConfigurationBuilder is an MSAL type for .NET, which is a different abstraction than TokenCredential. Are you using that through the Azure.Identity library for .NET, and if so, how?

ganapathysuresh commented 10 months ago

Sorry for the ambiguity... Let me simplify my query:

In https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/identity/azure-identity/src, do have support for public clients ?

public clients are supported in .NET/C++ via PublicClientConfigurationBuilder. In Azure SDK cpp, how can I get token from Azure AD without sending client secret?

ahsonkhan commented 10 months ago

In https://github.com/Azure/azure-sdk-for-cpp/tree/main/sdk/identity/azure-identity/src, do have support for public clients ?

That's a good question. Currently, we don't.

We'll take your feature request into consideration and route it appropriately.

To help with prioritization, could you share more details on what you are trying to do in your application. If we add support for this in C++, which Azure service or SDK would you use this public credential with (for example Storage Blobs, KeyVault, etc...).

public clients are supported in .NET/C++ via PublicClientConfigurationBuilder

To clarify, that is a .NET type and feature, and not related to C++.

ganapathysuresh commented 10 months ago

My use case is : A Desktop Client/UI application written in C++ which need to get token from Azure AD. As this application will run in end user's desktop, I do not and can not have access to Client Secret.

In such case, I can not use Azure SDK unless public client flow is supported. I gave .NET example to show public client flow is supported elsewhere but not in Azure SDK for cpp.

Kindly let me know if you will be prioritise this feature (public client flow) in your SDK