Do not require AZURE_USERNAME for shared cache#8095
Merged
ellismg merged 4 commits intoAzure:masterfrom Oct 24, 2019
ellismg:ellismg/fix-7944
Merged
Do not require AZURE_USERNAME for shared cache#8095ellismg merged 4 commits intoAzure:masterfrom ellismg:ellismg/fix-7944
ellismg merged 4 commits intoAzure:masterfrom
ellismg:ellismg/fix-7944
Conversation
|
Can one of the admins verify this patch? |
johanste
reviewed
Oct 21, 2019
johanste
reviewed
Oct 21, 2019
johanste
reviewed
Oct 21, 2019
johanste
reviewed
Oct 21, 2019
chlowell
reviewed
Oct 22, 2019
mayurid
added
Azure.Identity
blocking-release
Member
Author
Previously, a username was required when using the SharedTokenCacheCredential, in order to handle the case where multiple identities were found in the cache. Since it is common to have only a single account in your user cache (e.g. you have signed in with only a single identity), we should allow reading from the cache even when an explicit AZURE_USERNAME is not specified, if there is exactly one account in the cache. When username is unset, if we can not find a token in the cache or we find multiple tokens, a `ClientAuthenticationError` error is raised, with the text "No cached token found". This is similar to how other cache related failures are handled by the API (they raise this error with similar text but it includes a hint about what username was used.) As part of this work, `DefaultAzureCredential` now unconditionally uses the shared cache on supported platforms. This behavior matches how we handle this case in both the .NET and Java SDKs. Fixes #7944
chlowell
approved these changes
Oct 24, 2019
Member
chlowell
left a comment
chlowell
left a comment
There was a problem hiding this comment.
LGTM, thanks for making it happen 🎂
joshfree
reviewed
Oct 24, 2019
joshfree
approved these changes
Oct 24, 2019
jianghaolu
approved these changes
Oct 24, 2019
fengzhou-msft
pushed a commit
that referenced
this pull request
Nov 5, 2019
Previously, a username was required when using the SharedTokenCacheCredential, in order to handle the case where multiple identities were found in the cache. Since it is common to have only a single account in your user cache (e.g. you have signed in with only a single identity), we should allow reading from the cache even when an explicit AZURE_USERNAME is not specified, if there is exactly one account in the cache. When username is unset, if we can not find a token in the cache or we find multiple tokens, a `ClientAuthenticationError` error is raised, with the text "No cached token found". This is similar to how other cache related failures are handled by the API (they raise this error with similar text but it includes a hint about what username was used.) As part of this work, `DefaultAzureCredential` now unconditionally uses the shared cache on supported platforms. This behavior matches how we handle this case in both the .NET and Java SDKs. Fixes #7944
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously, a username was required when using the
SharedTokenCacheCredential, in order to handle the case where multiple
identities were found in the cache. Since it is common to have only a
single account in your user cache (e.g. you have signed in with only a
single identity), we should allow reading from the cache even when an
explicit AZURE_USERNAME is not specified, if there is exactly one
account in the cache.
When username is unset, if we can not find a token in the cache or we
find multiple tokens, a
ClientAuthenticationErrorerror is raised,with the text "No cached token found". This is similar to how other
cache related failures are handled by the API (they raise this error
with similar text but it includes a hint about what username was used.)
As part of this work,
DefaultAzureCredentialnow unconditionally usesthe shared cache on supported platforms.
This behavior matches how we handle this case in both the .NET and Java
SDKs.
Fixes #7944