Skip to content

{Core} Decouple MSAL credentials from SDK get_token protocol #29955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jiasli merged 1 commit into from
Mar 4, 2025
Merged

{Core} Decouple MSAL credentials from SDK get_token protocol #29955

jiasli merged 1 commit into from
Mar 4, 2025

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented Sep 23, 2024
edited
Loading

Description

This PR mainly changes the functionality and logic of MSAL credentials and CredentialAdaptor:

MSAL credentials

Decouple MSAL credentials from SDK's get_token protocol. Make MSAL credentials implement acquire_token and return MSAL token dict.

CredentialAdaptor

CredentialAdaptor was initially introduced as an adaptor for both Track 1 and Track 2 SDKs by implementing both signed_session and get_token protocol. As Track 1 SDK and signed_session support has been dropped (#29631), CredentialAdaptor is now repurposed as an adaptor between Track 2 SDK and MSAL credentials. So we move AccessToken's building logic to CredentialAdaptor and make CredentialAdaptor implement get_token().

In the future, CredentialAdaptor will be changed to implement the new get_token_info() protocol (Azure/azure-sdk-for-python#36565, Azure/azure-sdk-for-python#36882).

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Sep 23, 2024
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.9
️✔️ams
️✔️latest
️✔️3.12
️✔️3.9
️✔️apim
️✔️latest
️✔️3.12
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.9
️✔️aro
️✔️latest
️✔️3.12
️✔️3.9
️✔️backup
️✔️latest
️✔️3.12
️✔️3.9
️✔️batch
️✔️latest
️✔️3.12
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.9
️✔️billing
️✔️latest
️✔️3.12
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.9
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.9
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.9
️✔️config
️✔️latest
️✔️3.12
️✔️3.9
️✔️configure
️✔️latest
️✔️3.12
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.9
️✔️container
️✔️latest
️✔️3.12
️✔️3.9
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️dls
️✔️latest
️✔️3.12
️✔️3.9
️✔️dms
️✔️latest
️✔️3.12
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.9
️✔️find
️✔️latest
️✔️3.12
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.9
️✔️identity
️✔️latest
️✔️3.12
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️lab
️✔️latest
️✔️3.12
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.9
️✔️maps
️✔️latest
️✔️3.12
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.9
️✔️profile
️✔️latest
️✔️3.12
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.9
️✔️redis
️✔️latest
️✔️3.12
️✔️3.9
️✔️relay
️✔️latest
️✔️3.12
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️role
️✔️latest
️✔️3.12
️✔️3.9
️✔️search
️✔️latest
️✔️3.12
️✔️3.9
️✔️security
️✔️latest
️✔️3.12
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.9
️✔️sql
️✔️latest
️✔️3.12
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9
️✔️util
️✔️latest
️✔️3.12
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.12
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.12
️✔️3.9
️✔️latest
️✔️3.12
️✔️3.9

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Sep 23, 2024

Hi @jiasli,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Sep 23, 2024
edited
Loading

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@yonzhan
Copy link
Collaborator

yonzhan commented Sep 23, 2024

Core

@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Core CLI core infrastructure labels Sep 23, 2024
@jiasli jiasli mentioned this pull request Sep 24, 2024
Closed
@jiasli jiasli mentioned this pull request Feb 5, 2025
Merged
jiasli
jiasli commented Feb 13, 2025
View reviewed changes
src/azure-cli-core/azure/cli/core/auth/msal_credentials.py
Copy link
Member Author

@jiasli jiasli Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am considering defining an abstract base classes MsalCredential and let all MSAL credentials inherit from it.

However, Azure Identity only defines TokenCredential as a Protocol

https://github.com/Azure/azure-sdk-for-python/blob/87d4a3273cc36f2e6cf2c8797a59060a5e6d275b/sdk/core/azure-core/azure/core/credentials.py#L72

class TokenCredential(Protocol):
    """Protocol for classes able to provide OAuth tokens."""

    def get_token(
        self,
        *scopes: str,
        claims: Optional[str] = None,
        tenant_id: Optional[str] = None,
        enable_cae: bool = False,
        **kwargs: Any,
    ) -> AccessToken:

A real credential looks like:

https://github.com/Azure/azure-sdk-for-python/blob/87d4a3273cc36f2e6cf2c8797a59060a5e6d275b/sdk/identity/azure-identity/azure/identity/_credentials/azure_cli.py#L39

class AzureCliCredential:

There is no hard constraints that it must implement get_token method.

@jiasli jiasli marked this pull request as ready for review February 19, 2025 09:40
@jiasli jiasli changed the title {Core} Refactor CredentialAdaptor {Core} Decouple from SDK authentication protocol Mar 3, 2025
@jiasli jiasli changed the title {Core} Decouple from SDK authentication protocol {Core} Decouple MSAL credentials from SDK get_token protocol Mar 3, 2025
@jiasli jiasli removed this from the Backlog milestone Mar 3, 2025
@jiasli jiasli added this to the April 2025 (2025-04-01) milestone Mar 3, 2025
@jiasli jiasli mentioned this pull request Mar 3, 2025
Merged
@jiasli jiasli merged commit 3b70655 into Azure:dev Mar 4, 2025
53 checks passed
@jiasli jiasli deleted the auth branch March 4, 2025 09:47
@jiasli jiasli mentioned this pull request Mar 6, 2025
Merged
@jiasli jiasli mentioned this pull request Jun 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bebound bebound bebound approved these changes

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@yonzhan yonzhan Awaiting requested review from yonzhan

@calvinhzy calvinhzy Awaiting requested review from calvinhzy calvinhzy is a code owner

@jsntcy jsntcy Awaiting requested review from jsntcy jsntcy is a code owner

@kairu-ms kairu-ms Awaiting requested review from kairu-ms kairu-ms is a code owner

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms zhoxing-ms is a code owner

@necusjz necusjz Awaiting requested review from necusjz necusjz is a code owner

@wangzelin007 wangzelin007 Awaiting requested review from wangzelin007 wangzelin007 is a code owner

Assignees

@jiasli jiasli

Labels

Auto-Assign Auto assign by bot Core CLI core infrastructure

Projects

None yet

Milestone

April 2025 (2025-04-01)

Development

Successfully merging this pull request may close these issues.

4 participants

@jiasli @yonzhan @bebound @evelyn-ys