Workload Identity Federation support?

[LPmaverick]

I found ticket #717 from 2023 where it mentions it isn't supported yet and directs me to another library. Is this feature supported in this library? Or do I use the other library for this authentication flow?

https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation

[Avery-Dunn]

Hello @LPmaverick : As that doc you linked says, you can use a workload identity federation to configure a managed identity. Managed identities are supported as of version 1.16.0 of MSAL Java and version 1.14.0 of the azure-identity package of Azure SDK.

So yes, I believe as long as you're running on Azure and using the newest versions of MSAL Java (either directly or through the Azure SDK's azure-identity package) workload identity federation is supported via managed identities.

[Avery-Dunn]

Closing due to inactivity. If you still have issues or other questions, feel free to re-open this thread or start a new one.

[LPmaverick]

Apologies for late reply. After digging through the documentation and samples, I changed to using azure-identity v1.14. Specifically, the following code snippet approach, which is working nicely...

TokenCredential clientAssertionCredential = new ClientAssertionCredentialBuilder()
            .tenantId(props.getTenetId())
            .clientId(props.getClientId())
            .authorityHost(props.getAuthority())
            .clientAssertion(() -> getIdpAccessToken())
            .build();

public String getAccessTokenByWorkloadIdentityFederation(final String scope) {
      logger.info("Obtaining new Azure access token for scope {}...", scope);

      TokenRequestContext req = new TokenRequestContext().addScopes(scope + "/.default");
      AccessToken token = clientAssertionCredential.getTokenSync(req);

      logger.info("...access token obtained");
      return token.getToken();
}