Closed rikroe closed 3 months ago
Hi @alexbourret - I have interest in this option too, is there any movement on this feature? Currently, the plugin isnt using the most secure methods of connecting to the product.
Another question, if this change was to be merged, how is this released to the product, would a new release be needed, or can we just perform an update? (Sorry not overly familiar with the plugin part of the product)
Another question, if this change was to be merged, how is this released to the product, would a new release be needed, or can we just perform an update? (Sorry not overly familiar with the plugin part of the product)
You just need to update the plugin, not Dataiku itself.
We are running with this we created this PR.
@alexbourret please let me know if I should rebase this PR (and onto which branch) or if any other changes are required.
Hi @pkbullock - We just got the new sharepoint QA instance to test this feature, so it is next on the list @rikroe - Thank you for the PR ! No need to rebase, I can do it since we have to add a few things (tests, support for keys containing "encrypted" in the header...)
Thank you @alexbourret - do you have a ball park timeline for this?
@pkbullock - the feature is now released in v1.1.3. @rikroe - Thank you again for your contribution ! I'm closing this PR but your code is now included and I've added your name to the contributors file.
Feature merged with PR #50
This PR adds an additional preset and login mechanism: Azure AD app registrations with certificate authentication.
If there are any change requests in terms of wording for this PR or suggestions how to better deal with the private key in the parameters (especially regarding spaces/newlines), happy to incorporate them. The
client_secret
can unfortunately not be used.I've added the
msal
library to do the authentication, but it could be done manually usingPyJWT[crypto]
andcryptography
.Reason
Microsoft is by default deactivating the ability to add new Site App registrations or change those permissions by mid of September (see MC660075). While it can be turned on again, our Sharepoint Admins won't do this.
To access specific sites only, one can create an App Registration in Azure AD and grant the Sharepoint
Sites.Selected
permission. While this was orignally only available to Graph APIs, it is now possible to use these permissions with the original Sharepoint REST API (as used by this plugin) as well. More information and how to grant permission can be found in the announcement blog post and this detailled blog post.