search

Azure / ms-rest-nodeauth

node.js based authentication library for Azure with type definitions
MIT License
33 stars 33 forks source link

Subscriptions not returned calling loginWithServicePrincipalSecretWithAuthResponse when tokenAudience is 'RoleBased' #60

Closed dwalleck closed 5 years ago

dwalleck commented 5 years ago

Package Version: 2.0.0

Describe the bug To be honest, I'm not sure if this is a bug or intended change in behavior between the older ms-rest-azure and this newer package. As part of my application logic, I perform some checks around the subscriptions associated with the principal that authenticated. When using the ms-rest-azure, authentication and getting the list of associated subscriptions could be accomplished by using the loginWithServicePrincipalSecretWithAuthResponse function.

Since the ms-rest-azure package is on a path to deprecation, I upgraded my application to use this library instead which has the same function. However, in any authentication response the list of subscriptions returned is always empty. I checked the source code and there appears to be a difference in logic on whether the subscriptions property should be populated:

ms-rest-azure: https://github.com/Azure/azure-sdk-for-node/blob/8691046c2ca738552d815f6967f5f54b04840276/runtime/ms-rest-azure/lib/login.js#L440 ms-rest-nodeauth: https://github.com/Azure/ms-rest-nodeauth/blob/master/lib/login.ts#L165

To Reproduce I have a gist with a short script to reproduce this behavior: https://gist.github.com/dwalleck/4d049d3515e82bb4b687fe95a1da194d

  1. Call the loginWithServicePrincipalSecretWithAuthResponse function of @azure/ms-rest-nodeauth with service principal credentials.
  2. The subscriptions property is an empty list

Expected behavior The subscriptions property should be propagated with any subscriptions associated with the user.

Additional context

The output I'm currently getting from my test script shows the difference in behavior:

msRestAzure subscriptions: [
    {
        "id": "XXXXX",
        "state": "Enabled",
        "authorizationSource": "RoleBased",
        "tenantId": "XXXXX",
        "user": {
            "name": "XXXXX",
            "type": "servicePrincipal"
        },
        "environmentName": "Azure",
        "name": "XXXXX"
    }
]
msRestNodeAuth subscriptions: []
amarzavery commented 5 years ago

@dwalleck - Please use the new version 2.0.1 that has fixed this issue.