Skip to content

Update proposal document for GetManagedIdentityCapabilitiesAsync#6040

Merged
Robbie-Microsoft merged 12 commits into
mainfrom
gladjohn-patch-17
Jun 3, 2026
Merged

Update proposal document for GetManagedIdentityCapabilitiesAsync#6040
Robbie-Microsoft merged 12 commits into
mainfrom
gladjohn-patch-17

Address Bogdan review: drop history/phasing, add superseded-names app…

0aa0902
Select commit
Loading
Failed to load commit list.
Azure Pipelines / .NET MSAL PR (YAML) succeeded Jun 3, 2026 in 4m 46s

Build #20260603.6 had test failures

0 errors / 3 warnings

Details

Tests

  • Failed: 4 (0.09%)
  • Passed: 4,438 (97.77%)
  • Other: 97 (2.14%)
  • Total: 4,539
Code coverage

  • 23501 of 27786 blocks covered (84.58%)
  • 13454 of 16412 lines covered (81.98%)

Annotations

Check failure on line 1 in Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds-SAMI

See this annotation in the file changed.

@azure-pipelines azure-pipelines / .NET MSAL PR (YAML)

Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds-SAMI 

Test method Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds threw exception:
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] Error Code: invalid_request Error Description: AADSTS1000901: The provided certificate cannot be used for requesting tokens. The value of token_not_after extension on the certificate should be greater than the current time. Trace ID: 4581dfe9-d498-4b7b-9f51-8bd4e44c0800 Correlation ID: 01971224-f2ad-49a5-8eb2-fbe7e5dec2ae Timestamp: 2026-06-03 22:18:44Z
Raw output 
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 188
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 154
   at Microsoft.Identity.Client.ManagedIdentity.V2.ImdsV2ManagedIdentitySource.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/V2/ImdsV2ManagedIdentitySource.cs:line 194
   at Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient.SendTokenRequestForManagedIdentityAsync(RequestContext requestContext, AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs:line 50
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 227
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 198
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 153
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass13_1.<<RunAsync>b__1>d.MoveNext() in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 97
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) in /_/src/client/Microsoft.Identity.Client/Utils/StopWatchService.cs:line 57
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 92
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ApiConfig/Executors/ManagedIdentityExecutor.cs:line 50
   at Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds(String id, String idType) in /_/tests/Microsoft.Identity.Test.E2E/ManagedIdentityImdsV2Tests.cs:line 77
   at Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.Execution.TestMethodInfo.ExecuteInternalAsync(Object[] arguments, CancellationTokenSource timeoutTokenSource) in /_/src/Adapter/MSTestAdapter.PlatformServices/Execution/TestMethodInfo.cs:line 407

Check failure on line 1 in Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_GracefulDegradation_WhenCredentialGuardUnavailable

See this annotation in the file changed.

@azure-pipelines azure-pipelines / .NET MSAL PR (YAML)

Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_GracefulDegradation_WhenCredentialGuardUnavailable 

Test method Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_GracefulDegradation_WhenCredentialGuardUnavailable threw exception:
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] Error Code: invalid_request Error Description: AADSTS1000901: The provided certificate cannot be used for requesting tokens. The value of token_not_after extension on the certificate should be greater than the current time. Trace ID: a8ac23fb-ed9d-4b24-884e-18f2b3790c00 Correlation ID: 756d0bff-4324-462c-a4fd-417509fa3067 Timestamp: 2026-06-03 22:18:44Z
Raw output 
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 188
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 154
   at Microsoft.Identity.Client.ManagedIdentity.V2.ImdsV2ManagedIdentitySource.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/V2/ImdsV2ManagedIdentitySource.cs:line 194
   at Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient.SendTokenRequestForManagedIdentityAsync(RequestContext requestContext, AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs:line 50
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 227
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 198
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 153
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass13_1.<<RunAsync>b__1>d.MoveNext() in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 97
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) in /_/src/client/Microsoft.Identity.Client/Utils/StopWatchService.cs:line 57
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 92
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ApiConfig/Executors/ManagedIdentityExecutor.cs:line 50
   at Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_GracefulDegradation_WhenCredentialGuardUnavailable() in /_/tests/Microsoft.Identity.Test.E2E/ManagedIdentityImdsV2Tests.cs:line 129
   at Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.Execution.TestMethodInfo.ExecuteInternalAsync(Object[] arguments, CancellationTokenSource timeoutTokenSource) in /_/src/Adapter/MSTestAdapter.PlatformServices/Execution/TestMethodInfo.cs:line 407

Check failure on line 1 in Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds-UAMI-ClientId

See this annotation in the file changed.

@azure-pipelines azure-pipelines / .NET MSAL PR (YAML)

Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds-UAMI-ClientId 

Test method Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds threw exception:
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] Error Code: invalid_request Error Description: AADSTS1000901: The provided certificate cannot be used for requesting tokens. The value of token_not_after extension on the certificate should be greater than the current time. Trace ID: a8ac23fb-ed9d-4b24-884e-18f2b1790c00 Correlation ID: 81ccaa18-653a-4f9c-8da5-2a0861303a47 Timestamp: 2026-06-03 22:18:44Z
Raw output 
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 188
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 154
   at Microsoft.Identity.Client.ManagedIdentity.V2.ImdsV2ManagedIdentitySource.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/V2/ImdsV2ManagedIdentitySource.cs:line 194
   at Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient.SendTokenRequestForManagedIdentityAsync(RequestContext requestContext, AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs:line 50
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 227
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 198
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 153
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass13_1.<<RunAsync>b__1>d.MoveNext() in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 97
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) in /_/src/client/Microsoft.Identity.Client/Utils/StopWatchService.cs:line 57
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 92
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ApiConfig/Executors/ManagedIdentityExecutor.cs:line 50
   at Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireToken_OnImdsV2_MtlsPoP_WithAttestation_Succeeds(String id, String idType) in /_/tests/Microsoft.Identity.Test.E2E/ManagedIdentityImdsV2Tests.cs:line 77
   at Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.Execution.TestMethodInfo.ExecuteInternalAsync(Object[] arguments, CancellationTokenSource timeoutTokenSource) in /_/src/Adapter/MSTestAdapter.PlatformServices/Execution/TestMethodInfo.cs:line 407

Check failure on line 1 in Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireTokenAndCallAKV_OnImdsV2_MtlsPoP_WithAttestation_Succeeds

See this annotation in the file changed.

@azure-pipelines azure-pipelines / .NET MSAL PR (YAML)

Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireTokenAndCallAKV_OnImdsV2_MtlsPoP_WithAttestation_Succeeds 

Test method Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireTokenAndCallAKV_OnImdsV2_MtlsPoP_WithAttestation_Succeeds threw exception:
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] Error Code: invalid_request Error Description: AADSTS1000901: The provided certificate cannot be used for requesting tokens. The value of token_not_after extension on the certificate should be greater than the current time. Trace ID: 73d0818d-b759-4782-ba6c-6ac2afe82100 Correlation ID: bcf91b09-0593-4b04-8c50-02c6e7472735 Timestamp: 2026-06-03 22:18:44Z
Raw output 
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 188
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs:line 154
   at Microsoft.Identity.Client.ManagedIdentity.V2.ImdsV2ManagedIdentitySource.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/V2/ImdsV2ManagedIdentitySource.cs:line 194
   at Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient.SendTokenRequestForManagedIdentityAsync(RequestContext requestContext, AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs:line 50
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 227
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 198
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:line 153
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass13_1.<<RunAsync>b__1>d.MoveNext() in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 97
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) in /_/src/client/Microsoft.Identity.Client/Utils/StopWatchService.cs:line 57
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs:line 92
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken) in /_/src/client/Microsoft.Identity.Client/ApiConfig/Executors/ManagedIdentityExecutor.cs:line 50
   at Microsoft.Identity.Test.E2E.ManagedIdentityImdsV2Tests.AcquireTokenAndCallAKV_OnImdsV2_MtlsPoP_WithAttestation_Succeeds() in /_/tests/Microsoft.Identity.Test.E2E/ManagedIdentityImdsV2Tests.cs:line 169
   at Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.Execution.TestMethodInfo.ExecuteInternalAsync(Object[] arguments, CancellationTokenSource timeoutTokenSource) in /_/src/Adapter/MSTestAdapter.PlatformServices/Execution/TestMethodInfo.cs:line 407
View more details on Azure Pipelines