Closed joshfree closed 11 months ago
After going through the existing threat model checklist, the changes required for WAM support in the Identity library do not require any additional updates. Based on previous discussion, the items listed in the threat model report were not applicable. WAM support is toggled with a boolean parameter from Identity. WAM support is also not in the main-line InteractiveBrowserCredential and instead must be installed and used via a separate package azure-identity-broker
.
On both the Identity and MSAL-side, static code security analysis was run using bandit
, and no noteworthy issues were found.
Tracking item for Azure Identity Threat Model Update and Review
Threat Models
tab in OneNote)