search

Azure / azure-sdk-for-cpp

This repository is for active development of the Azure SDK for C++. For consumers of the SDK we recommend visiting our versioned developer docs at https://azure.github.io/azure-sdk-for-cpp.
MIT License
177 stars 126 forks source link

Only invalidate the BearerTokenAuthenticationPolicy token cache if the policy is not part of the challenge-based authentication flow. #6186

Closed ahsonkhan closed 3 weeks ago

ahsonkhan commented 3 weeks ago

When the AuthenticateAndAuthorizeRequest function gets invoked from ChallengeBasedAuth in KeyVault, tokenRequestContext != m_tokenRequestContext. When we use stock BearerTokenAuthenticationPolicy , tokenRequestContext == m_tokenRequestContext.

ahsonkhan commented 3 weeks ago

/azp run cpp - keyvault

azure-pipelines[bot] commented 3 weeks ago
Azure Pipelines successfully started running 1 pipeline(s).
azure-sdk commented 3 weeks ago

API change check

API changes are not detected in this pull request.

ahsonkhan commented 3 weeks ago

https://github.com/Azure/azure-sdk-for-cpp/pull/6190 supersedes this and hence limiting the token cache invalidation only to bearer token authentication policy is not necessary. The same invalidation can (and should) be applied to the challenge-based authentication flows as well.

It turned out most of the KeyVault challenge base authentication policy tests were failing due to an existing overflow issue which happened to be exposed when we set the minimum expiration to a really large value (in https://github.com/Azure/azure-sdk-for-cpp/pull/6151). That overflow issue has been fixed in https://github.com/Azure/azure-sdk-for-cpp/pull/6190 and the remaining failing KeyVault test has been updated to reflect the expected behavior in https://github.com/Azure/azure-sdk-for-cpp/pull/6191