Add support for Federated Identity Credentials in connection methods and parameters

[gautamdsheth]

Before creating a pull request, make sure that you have read the contribution file located at

https://github.com/pnp/powerShell/blob/dev/CONTRIBUTING.md

Type

• Bug Fix
• New Feature
• Sample

Related Issues?

Fixes #X, partially fixes #Y, mentioned in #Z, etc.

What is in this Pull Request ?

Please describe the changes in the PR.

Guidance

• You can delete this section when you are submitting the pull request.*
• Please update this PR information accordingly. We use this as part of our release notes in monthly communications.
• Please target your PR to Dev branch. If you do not target the Dev branch we will not accept this PR.

[gautamdsheth]

Hey @reshmee011 , any chance you might be able to test out this auth mode ? Just saw you do some interesting stuff in this area and was wondering if you might be able to help here with the FIC approach, no pressure 😊
Appreciate any help in this.

[reshmee011]

@gautamdsheth : that's a very cool addition/feature. I will try to spare some time over the weekend to test it. Thanks so much to make the product better.

[Copilot]

Pull Request Overview

This PR adds support for Federated Identity Credentials across connection methods and parameters.

• Introduces a new FederatedIdentity enum value and initialization type
• Implements federated token exchange for GitHub Actions and Azure DevOps
• Extends ConnectOnline, PnPConnection, TokenHandler, and documentation to handle the new flow

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/Commands/Model/ConnectionMethod.cs	Added FederatedIdentity enum value
src/Commands/Enums/InitializationType.cs	Added FederatedIdentity initialization type
src/Commands/Base/TokenHandler.cs	Implemented GetFederatedIdentityTokenAsync and related helpers
src/Commands/Base/PnPSharePointCmdlet.cs	Extended access-token properties to handle federated identity
src/Commands/Base/PnPConnection.cs	Added CreateWithFederatedIdentity and updated CreateWithManagedIdentity
src/Commands/Base/ConnectOnline.cs	Added parameter set and ConnectFederatedIdentity method
documentation/Connect-PnPOnline.md	Documented -FederatedIdentity switch and example

Comments suppressed due to low confidence (3)

src/Commands/Base/TokenHandler.cs:265

• The XML doc comment for GetFederatedIdentityTokenAsync is copy-pasted from the workload identity method and does not match this method’s purpose or parameters. Update <summary> and <param> tags to reflect federated identity semantics and the actual method signature.

/// Returns an access token based on a Azure AD Workload Identity. Only works within Azure components supporting workload identities.

src/Commands/Base/ConnectOnline.cs:90

• The Url parameter is optional in the FederatedIdentity parameter set, but it’s required to form the resource URI. Mark it Mandatory = true to avoid null references when building the token scope.

[Parameter(Mandatory = false, Position = 0, ParameterSetName = ParameterSet_FEDERATEDIDENTITY, ValueFromPipeline = true)]

src/Commands/Base/PnPConnection.cs:408

• Replacing the original AuthenticationManager constructor call with CreateWithManagedIdentity(null, null, ...) drops the endpoint and header fallback logic. This will break MSI token acquisition outside your default environment. Restore or refactor the endpoint/header resolution.

using (var authManager = Framework.AuthenticationManager.CreateWithManagedIdentity(null, null, managedIdentityType, managedIdentityUserAssignedIdentifier))

[gautamdsheth]

hey @martinlingstuyl , any chance you can try this out , would be available starting with tomorrow's nightly builds ? Would love to hear your feedback on this 😊🙏

[martinlingstuyl]

I'll look into it. What scenario are you supporting with this? GitHub? AzDO?

[gautamdsheth]

Should work in both !