search

AzureAD / microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
MIT License
282 stars 137 forks source link

[Bug] Managed Identity App sends POST request instead of GET on CloudShell #771

Closed g2vinay closed 6 months ago

g2vinay commented 6 months ago

Library version used

14.4.2-beta

Java version

JDK 17

Scenario

ManagedIdentityClient - managed identity

Is this a new or an existing app?

None

Issue description and reproduction steps

Managed Identity App sends a POST request instead of a GET request for cloud shell case. This causes service side error of missing aud parameter in the request when sent via pluggable Netty Client.

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

Avery-Dunn commented 6 months ago

Per some discussions, closing as not an issue. Many of the other services explicitly document using GET requests (Azure VM, Service Fabric, etc.) but Cloud Shell does not (though a simple curl on the Cloud Shell endpoint using GET shows that it can get a token).

However, some Cloud Shell folks have said to use POST since "it's more robust and handles the extra options such as the ssh-cert token type, but for simple token requests GET would also work." MSAL Python also has been using POST in production for some time, so this likely not an issue for Cloud Shell (though the others will use GET).