Closed msJinLei closed 1 month ago
Thank you for your feedback. Tagging and routing to the team member best able to assist.
Hi @msJinLei Currently we do not support the username/password flow because it is not recommended for security reasons. MSAL's documentation mentions this here.
Based on the linked issue scenario, it sounds like AzurePipelinesCredential
might be a better fit for their scenario.
Hi @msJinLei. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.
Hi @msJinLei Currently we do not support the username/password flow because it is not recommended for security reasons. MSAL's documentation mentions this here.
Based on the linked issue scenario, it sounds like
AzurePipelinesCredential
might be a better fit for their scenario.
We also deprecate Username password flow in Azure PowerShell. However, we cannot break the customers who already use it for now.
Library name and version
Azure.Identity 1.12.0.0
Describe the bug
The customers of Azure PowerShell report that when WAM enabled, they cannot retrieve token by SharedTokenCacheCredential If the token is acquired by UsernamePasswordCredential. Refer to https://github.com/Azure/azure-powershell/issues/25028. We find UsernamePasswordCredential doesn't have broker option, as
InteractiveBrowserCredentialBrokerOptions
orSharedTokenCacheCredentialBrokerOptions
. We get the information from MSAL that in MSAL.Net, interactive and username password flows support WAM while device code does not. We request Azure. Identity to provide the interface such asUsernamePasswordCredentialBrokerOptions
. If WAM enabled, we are going to callUsernamePasswordCredentialBrokerOptions
to acquire token so that the account information will go intoWAM and can be retrieved by SharedTokenCacheCredentialExpected behavior
Provides the interface such as
UsernamePasswordCredentialBrokerOptions
to enable Username Password account to go to WAMActual behavior
Username Password account cannot go to WAM
Reproduction Steps
Login with user name password
Accquire token silently with WAM (Fail)
Environment
dotnet standard 2.0