Added token revocation functionality to Managed Identity's App Service and Service Fabric sources #7679
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
documentation
Robbie-Microsoft
changed the title
Robbie-Microsoft
requested review from
sameerag,
tnorling,
hectormmg,
peterzenz and
a team
as code owners
bgavrilMS
reviewed
Apr 3, 2025
lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts
Outdated
Show resolved
Hide resolved
bgavrilMS
reviewed
Apr 3, 2025
bgavrilMS
reviewed
Apr 3, 2025
lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts
Outdated
Show resolved
Hide resolved
bgavrilMS
reviewed
Apr 3, 2025
Robbie-Microsoft
requested review from
jo-arroyo,
lalimasharda,
konstantin-msft and
shylasummers
as code owners
bgavrilMS
reviewed
Apr 4, 2025
lib/msal-node/test/client/ManagedIdentitySources/AppService.spec.ts
Outdated
Show resolved
Hide resolved
Robbie-Microsoft
commented
Apr 7, 2025
| @@ -176,6 +178,70 @@ describe("Acquires a token successfully via an App Service Managed Identity", () | |||
| }); | |||
| }); | |||
|
|
|||
| describe("Miscellaneous", () => { | |||
| test("ignores a cached token when claims are provided and the Managed Identity does support token revocation, and ensures the token revocation query parameter token_sha256_to_refresh was included in the network request to the Managed Identity", async () => { | |||
There was a problem hiding this comment.
Add test when just the capabilities are set and claims are not passed?
gladjohn
reviewed
Apr 10, 2025
| } from "../../utils/Constants.js"; | ||
| import { CryptoProvider } from "../../crypto/CryptoProvider.js"; | ||
| import { ManagedIdentityRequestParameters } from "../../config/ManagedIdentityRequestParameters.js"; | ||
| import { ManagedIdentityId } from "../../config/ManagedIdentityId.js"; | ||
| import { NodeStorage } from "../../cache/NodeStorage.js"; | ||
|
|
||
| // MSI Constants. Docs for MSI are available here https://docs.microsoft.com/azure/app-service/overview-managed-identity | ||
| const APP_SERVICE_MSI_API_VERSION: string = "2019-08-01"; | ||
| const APP_SERVICE_MSI_API_VERSION: string = "2025-03-30"; |
There was a problem hiding this comment.
Alternatively, remove the app service changes from this PR, and then we can merge it for Service Fabric. We will create a new PR later after app service deploys their token revocation support.
There was a problem hiding this comment.
@gladjohn Expected GA for App Service token revocation is 5/30? I will wait to merge until then if you can confirm.
There was a problem hiding this comment.
Expected GA for App Service token revocation is 5/30?
5/30 is availability of the feature in test ring.
gladjohn
approved these changes
Apr 10, 2025
microsoft-github-policy-service
bot
added
the
Needs: Attention 👋
microsoft-github-policy-service
bot
removed
the
Needs: Attention 👋
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Token Revocation spec