search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.61k stars 2.82k forks source link

Support PoP token binding via Signed HTTP Request (SHR) for public client apps #26482

Closed scottaddie closed 1 month ago

scottaddie commented 2 years ago

Intro: Proof of Possession is intended to ensure that the client that requests a token is the only client that can use the token. This is accomplished by the client generating a key pair and requesting that the public key be included in the issued access token. The client library then generates a wrapper token signing it with the private key that is only known to it.

Proposal:

  1. Ensure all Azure Identity SDKs are able to call into WAM (this will give RT binding on Windows, for public client). This feature is available in .NET as a preview.
  2. Add API support for using access token binding. This requires the app developer to inform the SDK about the protected API they're about to call (i.e. what is the target URL), and to extract a nonce from 401 and 200 headers.
azure-sdk commented 2 years ago

Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'IoT:0.10892465,App Services:0.06740505,Cosmos:0.060353283'

github-actions[bot] commented 1 month ago

Hi @scottaddie, we deeply appreciate your input into this project. Regrettably, this issue has remained unresolved for over 2 years and inactive for 30 days, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.