Added AdditionallyAllowedTenants to the following credential options to force explicit opt-in behavior for multi-tenant authentication:
AuthorizationCodeCredentialOptions
AzureCliCredentialOptions
AzurePowerShellCredentialOptions
ClientAssertionCredentialOptions
ClientCertificateCredentialOptions
ClientSecretCredentialOptions
DefaultAzureCredentialOptions
OnBehalfOfCredentialOptions
UsernamePasswordCredentialOptions
VisualStudioCodeCredentialOptions
VisualStudioCredentialOptions
Added TenantId to DefaultAzureCredentialOptions to avoid having to set InteractiveBrowserTenantId, SharedTokenCacheTenantId, VisualStudioCodeTenantId, and VisualStudioTenantId individually.
Bugs Fixed
Fixed overly restrictive scope validation to allow the '_' character, for common scopes such as user_impersonation#30647
Breaking Changes
Credential types supporting multi-tenant authentication will now throw AuthenticationFailedException if the requested tenant ID doesn't match the credential's tenant ID, and is not included in the AdditionallyAllowedTenants option. Applications must now explicitly add additional tenants to the AdditionallyAllowedTenants list, or add '*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See BREAKING_CHANGES.md.
ManagedIdentityCredential token caching added in 1.7.0-beta.1 has been removed from this release and will be added back in 1.8.0-beta.1
Commits
3627e3c Identity Updating docs for 1.7.0 release (#31251)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps Azure.Identity from 1.6.0 to 1.7.0.
Release notes
Sourced from Azure.Identity's releases.
Commits
3627e3cIdentity Updating docs for 1.7.0 release (#31251)927b214[Identity] Updating scope validation (#31154)5a6a0fa[Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth (...e5e03d7Preparing Azure.Identity for 1.6.1 patch release (#30390)48c0f9c[Event Hubs] Release Prep + Partition Key Tests (#30391)5ec3a56Resolving Error Checks for AzurePowerShellCredential Fall Back (#30214)ffb2f96Address archboard review comments for Migrate (#30384)039cef1Update AutoRest C# version to 3.0.0-beta.20220805.3 (#30375)99ac63a[Media Composition] Introducing polymorphic models (#30365)388a5bcSync eng/common directory with azure-sdk-tools for PR 3860 (#30372)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)