Skip to content

CAE support for ARM clients #19902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chlowell merged 6 commits into from
Feb 2, 2023
Merged

CAE support for ARM clients #19902

chlowell merged 6 commits into from
Feb 2, 2023

Conversation

@chlowell
Copy link
Member

@chlowell chlowell commented Jan 31, 2023

This is the azcore side of #14931. I'm targeting the beta branch because the end-to-end scenario requires an azidentity beta. ARM is the only SDK service that supports CAE (continuous access evaluation) today. Briefly, it works like this: ARM evaluates security policies for the access token attached to each request. When a token doesn't satisfy policy, ARM responds 401 with an authentication challenge. The client must retry the request with a new access token having the claims specified by the challenge. So, this PR adds challenge handling to ARM's auth policy, and a TokenRequestOptions.Claims field that enables the policy to request claims when calling GetToken().

@chlowell chlowell added Mgmt This issue is related to a management-plane library. Azure.Core labels Jan 31, 2023
jhendrixMSFT
jhendrixMSFT reviewed Feb 1, 2023
View reviewed changes
jhendrixMSFT
jhendrixMSFT reviewed Feb 1, 2023
View reviewed changes
@chlowell chlowell merged commit 871e10b into Azure:release/azcore-1.4.0-beta Feb 2, 2023
@chlowell chlowell deleted the cae-azcore branch February 2, 2023 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhendrixMSFT jhendrixMSFT jhendrixMSFT approved these changes

@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner

@richardpark-msft richardpark-msft Awaiting requested review from richardpark-msft richardpark-msft is a code owner

Assignees

No one assigned

Labels

Azure.Core Mgmt This issue is related to a management-plane library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chlowell @jhendrixMSFT