Add support for an optional login and document level access control system.#624
Merged
mattgotteiner merged 84 commits intoAzure-Samples:mainfrom Sep 25, 2023
Merged
Conversation
added 23 commits
September 4, 2023 20:40
pamelafox
reviewed
Sep 13, 2023
pamelafox
reviewed
Sep 13, 2023
pamelafox
reviewed
Sep 13, 2023
mattgotteiner
commented
Sep 13, 2023
pamelafox
reviewed
Sep 13, 2023
pamelafox
reviewed
Sep 25, 2023
pamelafox
reviewed
Sep 25, 2023
pamelafox
approved these changes
Sep 25, 2023
Collaborator
pamelafox
left a comment
pamelafox
left a comment
There was a problem hiding this comment.
Please double check that sh/ps1 scripts work when no auth/datalake is being used, if you haven't already.
And please update the README with link to your blog post when that's written.
Thanks for all the changes!
|
Login is also possible using App Service "easy auth" |
Collaborator
Author
This is true - but you can't use that for document level access control |
|
Yes, that's true -- that's why I only suggested 'easy auth' as a possible option for "Logins". "Easy auth" can be implemented without making changes in the web app code, but it won't go that extra mile to provide granular document access controls. It could be an intermediate solution for some use cases, though. |
Collaborator
Author
Agreed. We already have a PR to implement this easy-auth solution. We are planning on automating setup of the access control, and perhaps we can add a "login-only" option that uses the easy-auth you are suggesting. Thanks for your feedback! |
HughRunyan
pushed a commit
to RMI/RMI_chatbot
that referenced
this pull request
Mar 26, 2024
…ystem. (Azure-Samples#624) * conditional login button * fixing conditional login button * updating frontend * snapshot: OBO flow works * auth login working e2e * cannot use env vars from frontend * add adls gen2 setup * more changes to prepdocs * fix auth + streaming * fixing up scripts * add view action to manageacl * Writing documentation * doc WIP * push auth config from server to client * updating docs, some minor code edits to be consistent * checkpoint * manual setup only for now * remove manual logging * remove optional print * typo * hosting on localhost for redirect uri * remove ms graph sdk * run black, ruff * dependency injection for AuthenticationHelper * encrypted token cache * more feedback * more feedback, port adlsgen2 to python * ruff, black * ruff, black don't change files i didn't write * fix manage acl script * update start to support codespaces * run black * manual test, github codespaces localhost still works * fixing prepdocs after manual test of azd up without auth * adding sh files; fixing script errors * debugging auth on codespaces * running through setup instructions * note about consent * change default scope * switch to unordered list * missing note * addressing feedback... * more feedback around * doc strings * formatting * feedback on group claims * switch to transitivememberof * readme feedback * refactor approach to use common filtering method * more feedback * refactoring * writing tests * tests * test adls gen2 prepdocs * fixing tests using env vars; adding adls gen2 tests * broken? * fixing tests * more tests * fixing CI errors * feedback * fix script * fix script * fix script * bicep deployment; add documentation for troubleshooting * lowercase true for env comparison * feedback * fix sh syntax errors * fixing syntax errors * Script fixes --------- Co-authored-by: Matt Gotteiner <magottei@microsoft.com>
vuculescu
pushed a commit
to vuculescu/azure-search-openai-demo
that referenced
this pull request
Jan 27, 2025
…ystem. (Azure-Samples#624) * conditional login button * fixing conditional login button * updating frontend * snapshot: OBO flow works * auth login working e2e * cannot use env vars from frontend * add adls gen2 setup * more changes to prepdocs * fix auth + streaming * fixing up scripts * add view action to manageacl * Writing documentation * doc WIP * push auth config from server to client * updating docs, some minor code edits to be consistent * checkpoint * manual setup only for now * remove manual logging * remove optional print * typo * hosting on localhost for redirect uri * remove ms graph sdk * run black, ruff * dependency injection for AuthenticationHelper * encrypted token cache * more feedback * more feedback, port adlsgen2 to python * ruff, black * ruff, black don't change files i didn't write * fix manage acl script * update start to support codespaces * run black * manual test, github codespaces localhost still works * fixing prepdocs after manual test of azd up without auth * adding sh files; fixing script errors * debugging auth on codespaces * running through setup instructions * note about consent * change default scope * switch to unordered list * missing note * addressing feedback... * more feedback around * doc strings * formatting * feedback on group claims * switch to transitivememberof * readme feedback * refactor approach to use common filtering method * more feedback * refactoring * writing tests * tests * test adls gen2 prepdocs * fixing tests using env vars; adding adls gen2 tests * broken? * fixing tests * more tests * fixing CI errors * feedback * fix script * fix script * fix script * bicep deployment; add documentation for troubleshooting * lowercase true for env comparison * feedback * fix sh syntax errors * fixing syntax errors * Script fixes --------- Co-authored-by: Matt Gotteiner <magottei@microsoft.com>
hasithb
pushed a commit
to Adalex-AI/azure-search-openai-demo
that referenced
this pull request
Oct 19, 2025
…ystem. (Azure-Samples#624) * conditional login button * fixing conditional login button * updating frontend * snapshot: OBO flow works * auth login working e2e * cannot use env vars from frontend * add adls gen2 setup * more changes to prepdocs * fix auth + streaming * fixing up scripts * add view action to manageacl * Writing documentation * doc WIP * push auth config from server to client * updating docs, some minor code edits to be consistent * checkpoint * manual setup only for now * remove manual logging * remove optional print * typo * hosting on localhost for redirect uri * remove ms graph sdk * run black, ruff * dependency injection for AuthenticationHelper * encrypted token cache * more feedback * more feedback, port adlsgen2 to python * ruff, black * ruff, black don't change files i didn't write * fix manage acl script * update start to support codespaces * run black * manual test, github codespaces localhost still works * fixing prepdocs after manual test of azd up without auth * adding sh files; fixing script errors * debugging auth on codespaces * running through setup instructions * note about consent * change default scope * switch to unordered list * missing note * addressing feedback... * more feedback around * doc strings * formatting * feedback on group claims * switch to transitivememberof * readme feedback * refactor approach to use common filtering method * more feedback * refactoring * writing tests * tests * test adls gen2 prepdocs * fixing tests using env vars; adding adls gen2 tests * broken? * fixing tests * more tests * fixing CI errors * feedback * fix script * fix script * fix script * bicep deployment; add documentation for troubleshooting * lowercase true for env comparison * feedback * fix sh syntax errors * fixing syntax errors * Script fixes --------- Co-authored-by: Matt Gotteiner <magottei@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Does this introduce a breaking change?
Pull Request Type
What kind of change does this Pull Request introduce?
How to Test
Get the code
Test the code
LoginAndAclSetup.md.azd upor running locally, a login button will appear at the top right. Use this to log into your account in your Azure AD tenant.oidsorgroupssecurity filters in the developer settings. Sample access control can be setup by settingAZURE_ADLS_GEN2_STORAGE_ACCOUNTto a valid data lake storage account prior to runningazd upor runningprepdocs.py. Access control values can also be manually managed using themanageacl.ps1script.Other Information