[Identity] Updating scope validation #31154
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
API change check API changes are not detected in this pull request. |
christothes
reviewed
Sep 15, 2022
| { | ||
| private const string DefaultSuffix = "/.default"; | ||
| private const string ScopePattern = "^[0-9a-zA-Z-.:/]+$"; | ||
| private const string ScopePattern = "^[0-9a-zA-Z-_.:/]+$"; |
Member
There was a problem hiding this comment.
Should this validation be used for all sub-process based credentials? It looks like only Cli and Powershell use it today.
Contributor
Author
There was a problem hiding this comment.
Yes, it should, although it might not be at the moment. Also, when I made this update, I did a brief investigation I found that there are other possible scope characters that this regex is still not supporting. We need to do a deeper investigation of both, but given that we have 2 customers blocked by this, and user_impersonation is such a common scope, I think we should push out this minor fix although it might be incomplete. I created a new issue #31170, to track what work remains here.
christothes
approved these changes
Sep 15, 2022
schaabs
added a commit
that referenced
this pull request
Sep 20, 2022
* [Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth (#31037) * [Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth * updating API spec * adding dev-time credentials * adding user-auth credentials * refactor additional tenants to base options * adding default and environment credentials * update/add tests * update API spec * update changelog and breaking_changes * update assembly version * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AuthorizationCodeCredentialOptions.cs Co-authored-by: Christopher Scott <[email protected]> * Update sdk/identity/Azure.Identity/src/TenantIdResolver.cs Co-authored-by: Christopher Scott <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * fb * fb * fb * fb * fb * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientAssertionCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzureCliCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/UsernamePasswordCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/OnBehalfOfCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientSecretCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * updating troubleshooting.md * update snippets * undo snippet indent Co-authored-by: Heath Stewart <[email protected]> Co-authored-by: Christopher Scott <[email protected]> Co-authored-by: Scott Addie <[email protected]> * [Identity] Updating scope validation (#31154) * Identity Updating docs for 1.7.0 release (#31251) * Identity Updating docs for 1.7.0 release * update release date * re-add DAC devcred timeout test coverage * fix formatting issues introduced by merge * update api spec Co-authored-by: Heath Stewart <[email protected]> Co-authored-by: Christopher Scott <[email protected]> Co-authored-by: Scott Addie <[email protected]>
sofiar-msft
pushed a commit
to sofiar-msft/azure-sdk-for-net
that referenced
this pull request
Dec 7, 2022
…1258) * [Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth (Azure#31037) * [Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth * updating API spec * adding dev-time credentials * adding user-auth credentials * refactor additional tenants to base options * adding default and environment credentials * update/add tests * update API spec * update changelog and breaking_changes * update assembly version * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AuthorizationCodeCredentialOptions.cs Co-authored-by: Christopher Scott <[email protected]> * Update sdk/identity/Azure.Identity/src/TenantIdResolver.cs Co-authored-by: Christopher Scott <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Heath Stewart <[email protected]> * fb * fb * fb * fb * fb * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientAssertionCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/AzureCliCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/CHANGELOG.md Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/VisualStudioCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/UsernamePasswordCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/OnBehalfOfCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientSecretCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * Update sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs Co-authored-by: Scott Addie <[email protected]> * updating troubleshooting.md * update snippets * undo snippet indent Co-authored-by: Heath Stewart <[email protected]> Co-authored-by: Christopher Scott <[email protected]> Co-authored-by: Scott Addie <[email protected]> * [Identity] Updating scope validation (Azure#31154) * Identity Updating docs for 1.7.0 release (Azure#31251) * Identity Updating docs for 1.7.0 release * update release date * re-add DAC devcred timeout test coverage * fix formatting issues introduced by merge * update api spec Co-authored-by: Heath Stewart <[email protected]> Co-authored-by: Christopher Scott <[email protected]> Co-authored-by: Scott Addie <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relaxes scope validation to allow '_' character, for common scopes such as
user_impersonationFixes #30647