[Identity] MSAL integration for interactive browser and device code#10994
Conversation
sophiajt
requested review from
bterlson,
daviwil and
sadasant
as code owners
| if (tokenResponse === null) { | ||
| const deviceCodeResponse = await this.sendDeviceCodeRequest(scopeString, newOptions); | ||
| const deviceCodeRequest = { | ||
| deviceCodeCallback: this.userPromptCallback, |
There was a problem hiding this comment.
I'm assuming our DeviceCodePromptCallback type has the same shape as the what's expected by deviceCodeCallback?
There was a problem hiding this comment.
Not quite sure what you're asking here
There was a problem hiding this comment.
I'm saying the DeviceCodeCredential takes userPromptCallback: DeviceCodePromptCallback, on construction. Here we're passing the callback directly to acquireTokenByDeviceCode. These callbacks have the same shape? Mostly I wanted to make sure we weren't exporting types from MSAL.
There was a problem hiding this comment.
Yup, they're different though compatible in this direction.
Here's the MSAL version:
export declare type DeviceCodeResponse = {
userCode: string;
deviceCode: string;
verificationUri: string;
expiresIn: number;
interval: number;
message: string;
};And here's the identity version:
export interface DeviceCodeInfo {
/**
* The device code that the user must enter into the verification page.
*/
userCode: string;
/**
* The verification URI to which the user must navigate to enter the device
* code.
*/
verificationUri: string;
/**
* A message that may be shown to the user to instruct them on how to enter
* the device code in the page specified by the verification URI.
*/
message: string;
}
sadasant
left a comment
sadasant
left a comment
There was a problem hiding this comment.
This is good on the Key Vault part. Thank you!
3 participants
This integrates @azure/msal-node for handling interactive browser (in Node) and device code credentials.
Interactive browser
The interactive browser credential works by creating an http server that will handle the auth code redirection, opening a web browser for the auth code authentication, and then passing the information received via the redirect to MSAL to complete the authorization. Once authorized, we use the access token as normal.
Device code
The MSAL-based device code credential works similarly to our previous version. The developer can pass in a callback we'll invoke that describes the steps to use for device code authentication and then will wait until the device code was received. The logic for device code is largely based in MSAL itself, with the Azure SDK side acting largely as a shim that fits with our existing API design.
Note: This should be considered this an initial implementation as future features, like caching, are planned and should follow after the first beta release. We're also planning to do a mock testing using the http mock once we enable configuring the http request pipeline.