Support SNI authentication from EnvironmentCredential/DAC #41031
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When constructing a confidential client, if `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN` is `true` or `1`, send the x5c chain. Fixes Azure#40013
billwert
requested review from
a team,
JonathanGiles,
alzimmermsft,
anuchandy,
g2vinay,
joshfree,
lmolkova,
mssfang,
srnagar and
vcolin7
as code owners
billwert
requested review from
ahsonkhan,
chlowell,
maorleger,
schaabs and
xiangyan99
Collaborator
|
API change check API changes are not detected in this pull request. |
g2vinay
approved these changes
Jul 10, 2024
g2vinay
requested changes
Jul 10, 2024
Member
g2vinay
left a comment
g2vinay
left a comment
There was a problem hiding this comment.
This feature should be supported via DAC / ENV credential only, I believe.
Currently, it will be picked up under Client Cert Credential too.
Contributor
Author
fixed. |
g2vinay
reviewed
Jul 10, 2024
g2vinay
approved these changes
Jul 10, 2024
vcolin7
approved these changes
Jul 10, 2024
lmolkova
approved these changes
Jul 10, 2024
Merged
3 tasks
maorleger
added a commit
to Azure/azure-sdk-for-js
that referenced
this pull request
Jul 30, 2024
#30570) ### Packages impacted by this PR @azure/identity ### Issues associated with this PR Resolves #29592 ### Describe the problem that is addressed by this PR SNI authentication is a 1p certificate feature supported by ClientCertificateCredential. In order to implement SNI based auth one has to use ClientCertificateCredential directly instead of DefaultAzureCredential because there's no way to configure sendCertificateChain from DAC. For consistency with other languages, we're adding support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN as an env var here ### Provide a list of related PRs _(if any)_ Azure/azure-sdk-for-java#41031
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When constructing a confidential client, if
AZURE_CLIENT_SEND_CERTIFICATE_CHAINistrueor1, send the x5c chain.Fixes #40013