search

AzureAD / microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
MIT License
683 stars 215 forks source link

Public API LoadFirstValidCredentialsAsync still loads skipped credentials #3022

Open bgavrilMS opened 1 month ago

bgavrilMS commented 1 month ago

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

3.10.0

Web app

Not Applicable

Web API

Not Applicable

Token cache serialization

Not Applicable

Description

  1. Create a list of CredentialDescription with 2 credentials, and mark the first one with SKIP=true;
  2. Call the public API LoadFirstValidCredentialsAsync(list)

Actual: it loads the first credential, and then it doesn't use it Expected: do not load the first credential and do not use it.

Reproduction steps

^^

Error message

No response

Id Web logs

No response

Relevant code snippets

CredentialDescription[] credentialDescriptions = new[]
{
    new CredentialDescription
    {
        SourceType = CredentialSource.SignedAssertionFromManagedIdentity,
        Skip = true
    },

    new CredentialDescription
    {
        SourceType = CredentialSource.KeyVault,
        KeyVaultUrl = "https://bogus.net",
        KeyVaultCertificateName = "Self-Signed-5-5-22"
    }
};
await DefaultCredentialLoader.LoadFirstValidCredentialsAsync(credentialDescriptions );

// Actual: credential1 (managed identity) is still attempted.

Regression

No response

Expected behavior

don't load skipped creds

jmprieur commented 1 month ago

Is it a regression?

jennyf19 commented 1 month ago

Are you expecting my team to pick this up?

bgavrilMS commented 1 month ago

Good first issue for someone from MSAL team to pick up.