Create an Amazing Dev-time Credential Experience for Azure.Identity

[joshfree]

Tracking issue for feature work specific to Developer-time Azure.Identity Credential Experience

• Bring back file based auth for Management Plane: https://docs.microsoft.com/en-us/dotnet/azure/dotnet-sdk-azure-authenticate?view=azure-dotnet#mgmt-auth AZURE_AUTH_LOCATION (see Support AZURE_AUTH_LOCATION azure-sdk-for-net#9312) (@ellismg driving design requirements)

• Add Support for writing back to the SharedTokenCache (@schaabs driving design requirements)

• Add Linux and Mac SharedTokenCache Support (@jianghaolu driving design requirements)

• Improve DefaultAzureCredential/ChainedTokenCredential - e.g., tell me what Credential I'm using for dev debug scenarios (@catalinaperalta driving design requirements)

• Have ManagedIdentityCredential utilize the AZURE_CLIENT_ID environment variable. To allow user assigned identities to utilize DefaultAzureCredential (@jongio driving implementation with vendor team)

• Have TokenCredentialOptions utilize AZURE_AUTHORITY_HOST environment variable. To allow other clouds to use DefaultAzureCredential. (@jongio driving implementation with vendor team)

• CliCredentials / Better support for dev creds: CLI, PSH, VS, VS CODE, VS ONLINE, CLOUD SHELL

  • devCredentials (@schaabs driving design requirements)
  • CliCredential (@jongio driving implementation with vendor team)

[chlowell]

Closing this as complete, we've either implemented or decided not to implement each item

[weinong]

Closing this as complete, we've either implemented or decided not to implement each item

@chlowell, so it is implemented or not? 😂

[chlowell]

Are you interested in a particular item? Of the ones above, these are implemented:

• authentication via Azure CLI, Cloud Shell
• better error messages for DefaultAzureCredential and ChainedTokenCredential
• credentials observe AZURE_AUTHORITY_HOST

[weinong]

@chlowell we need token cache support for interactive browser credential. Is it implemented?

[chlowell]

Depends on the sort of cache you want. That credential has an in-memory cache today. We plan to add an optional persistent cache but have no ETA for that.

[weinong]

any chance to accelerate that? i'm the maintainer of https://github.com/Azure/kubelogin which is a client side tool just like az cli. in memory cache will not help

[chlowell]

I really don't know when we could ship persistent caching. We're waiting on AzureAD/microsoft-authentication-library-for-go#58. I'll take your comment as a vote for increasing its priority and pass it along to the MSAL team (feel free to comment on the MSAL issue as well). I expect they will still want to implement their current high priority features first though.

[weinong]

should we open an issue for this particular feature?

[chlowell]

We're already tracking it with #16643