-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDK inconsistency across langs: support AZURE_CLIENT_SEND_CERTIFICATE_CHAIN from DAC #40013
Labels
Azure.Identity
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
feature-request
This issue requires a new behavior in the product in order be resolved.
Milestone
Comments
github-actions
bot
added
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
labels
May 2, 2024
maurolscla
changed the title
[FEATURE REQ] Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential()
Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential()
May 2, 2024
maurolscla
changed the title
Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential()
[FEATURE REQ] Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential()
May 3, 2024
joshfree
added
Azure.Identity
feature-request
This issue requires a new behavior in the product in order be resolved.
and removed
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
labels
May 6, 2024
github-actions
bot
removed
the
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
label
May 6, 2024
Thanks for reporting this issue, @maurolscla. @scottaddie @christothes @g2vinay can you please follow up? |
joshfree
changed the title
[FEATURE REQ] Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential()
SDK inconsistency across langs: support AZURE_CLIENT_SEND_CERTIFICATE_CHAIN from DAC
May 6, 2024
@KarishmaGhiya this tracking issue likely needs to be duplicated for other language repos |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Azure.Identity
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
feature-request
This issue requires a new behavior in the product in order be resolved.
Is your feature request related to a problem? Please describe.
In order to implement SNI cert-based auth one has to leverage ClientCertificateCredential instead of DefaultAzureCredential. This happens because the latter does not support the AZURE_CLIENT_SEND_CERTIFICATE_CHAIN env var so that appropriate x5c header is sent. If a codebase has to support both SNI and MSI auth it follows it must have different code paths for each. This makes the auth logic convoluted and can lead to code obscurity.
Describe the solution you'd like
Add support for AZURE_CLIENT_SEND_CERTIFICATE_CHAIN when using DefaultAzureCredential() so that it can pick up said env var and send the appropriate x5c header.
Additional context
Other azure SDKs already have support for that (golang and .NET). It makes sense to make this behaviour uniform acroos all SDKs.
The text was updated successfully, but these errors were encountered: