{Core} Decouple MSAL credentials from SDK get_token protocol#29955
Merged
{Core} Decouple MSAL credentials from SDK get_token protocol#29955
get_token protocol#29955Conversation
️✔️AzureCLI-FullTest
|
|
Hi @jiasli, |
️✔️AzureCLI-BreakingChangeTest
|
Collaborator
|
Core |
microsoft-github-policy-service
bot
added
Auto-Assign
jiasli
commented
Feb 13, 2025
Member
Author
There was a problem hiding this comment.
I am considering defining an abstract base classes MsalCredential and let all MSAL credentials inherit from it.
However, Azure Identity only defines TokenCredential as a Protocol
class TokenCredential(Protocol):
"""Protocol for classes able to provide OAuth tokens."""
def get_token(
self,
*scopes: str,
claims: Optional[str] = None,
tenant_id: Optional[str] = None,
enable_cae: bool = False,
**kwargs: Any,
) -> AccessToken:A real credential looks like:
class AzureCliCredential:There is no hard constraints that it must implement get_token method.
jiasli
requested review from
bebound,
calvinhzy,
evelyn-ys,
jsntcy,
kairu-ms,
necusjz,
wangzelin007 and
zhoxing-ms
as code owners
jiasli
changed the title
jiasli
changed the title
get_token protocol
evelyn-ys
approved these changes
Mar 4, 2025
bebound
approved these changes
Mar 4, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR mainly changes the functionality and logic of MSAL credentials and
CredentialAdaptor:MSAL credentials
Decouple MSAL credentials from SDK's
get_tokenprotocol. Make MSAL credentials implementacquire_tokenand return MSAL tokendict.CredentialAdaptorCredentialAdaptorwas initially introduced as an adaptor for both Track 1 and Track 2 SDKs by implementing bothsigned_sessionandget_tokenprotocol. As Track 1 SDK andsigned_sessionsupport has been dropped (#29631),CredentialAdaptoris now repurposed as an adaptor between Track 2 SDK and MSAL credentials. So we moveAccessToken's building logic toCredentialAdaptorand makeCredentialAdaptorimplementget_token().In the future,
CredentialAdaptorwill be changed to implement the newget_token_info()protocol (Azure/azure-sdk-for-python#36565, Azure/azure-sdk-for-python#36882).