Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.46k stars 4.8k forks source link

[FEATURE REQ] Provide option to exclude `UsernamePasswordCredential` from `EnvironmentCredential` #32228

Closed peombwa closed 3 days ago

peombwa commented 2 years ago

Library name

Azure.Identity

Please describe the feature.

EnvironmentCredential uses a ClientSecretCredential, ClientCertificateCredential, or UsernamePasswordCredential to perform the authentication. For our scenario, we don't support UsernamePasswordCredential and we strongly encourage customers not to use password grant type for auth. To support our scenario, it would be nice to provide an option to exclude UsernamePasswordCredential from EnvironmentCredential as we do not support it.

scottaddie commented 2 years ago

@peombwa Could you use ChainedTokenCredential instead of EnvironmentCredential? With it, you can form your own custom credential chain, thereby excluding UsernamePasswordCredential.

jsquire commented 2 years ago

//cc: @schaabs

peombwa commented 2 years ago

@peombwa Could you use ChainedTokenCredential instead of EnvironmentCredential? With it, you can form your own custom credential chain, thereby excluding UsernamePasswordCredential.

Thanks for the response. Using ChainedTokenCredential would require us to write our own implementation of environment variable credential as we will need to read the environment variables ourselves to set them to the right TokenCredential classes. It also adds a maintenance cost as we will need to keep up with new environment variables added in the future.

Using the existing EnvironmentCredential implementation works well for us, we'd just like to have the option to exclude UsernamePasswordCredential from the list of TokenCredentials used to acquire a token. This would be something like Exclude* properties in DefaultAzureCredentialOptions.

github-actions[bot] commented 3 days ago

Hi @peombwa, we deeply appreciate your input into this project. Regrettably, this issue has remained unresolved for over 2 years and inactive for 30 days, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.