Library or service name.
Azure.Identity
Is your feature request related to a problem? Please describe.
The guidance from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by MsalConfidentialClient, namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).
Today, when using the regional AAD endpoint with Azure.Identity (using a ClientCertificateCredential), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).
It would be good see guidance on using the regional authentication endpoint with Azure.Identity.
Related C#: Azure/azure-sdk-for-net#20027
Library or service name.
Azure.Identity
Is your feature request related to a problem? Please describe.
The guidance from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g.
https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by MsalConfidentialClient, namelyWithAuthority(Uri, bool)andWithInstanceDicoveryMetadata(string).Today, when using the regional AAD endpoint with Azure.Identity (using a ClientCertificateCredential), we see an error
Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance.The error goes away when using a global endpoint (https://login.microsoftonline.com/).It would be good see guidance on using the regional authentication endpoint with Azure.Identity.
Related C#: Azure/azure-sdk-for-net#20027