Add documentation for Managed Identity v2 Hackathon#885
Add documentation for Managed Identity v2 Hackathon#885
Conversation
Document the results and outcomes of the Managed Identity v2 Multi-Language Implementation Hackathon, highlighting the achievements and deliverables.
There was a problem hiding this comment.
Pull request overview
This PR adds a comprehensive documentation file under spikes/prototype/ describing the results and deliverables of a Managed Identity v2 Multi-Language Implementation Hackathon. The document covers the creation of PowerShell and Python implementations of MSI v2 with mTLS Proof-of-Possession token support, with the Python package published on PyPI as msal-msiv2==1.35.0rc3.
Changes:
- Adds a 458-line Markdown document (
2026_MS_SecurityHackathon_MSIV2.md) documenting the hackathon objectives, deliverables, architecture diagrams, security properties, testing results, and learnings. - Documents both PowerShell (in the dotnet MSAL repo) and Python implementations, including API examples, pipeline integration details, and comparison tables.
- Includes Mermaid diagrams for the MSI v2 flow and end-to-end sequence.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| **Location:** `prototype/MsiV2UsingPowerShell/` | ||
| Repository: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tree/main/prototype/MsiV2UsingPowerShell |
There was a problem hiding this comment.
The "Location" value looks like a path within this repository, but the referenced PowerShell implementation actually lives in a different repo (linked on the next line). Consider rewording this to avoid implying the folder exists locally (e.g., say it's in the dotnet repo and/or provide a direct link to the folder).
| **Location:** `prototype/MsiV2UsingPowerShell/` | |
| Repository: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tree/main/prototype/MsiV2UsingPowerShell | |
| **Location:** In the dotnet repo at [`prototype/MsiV2UsingPowerShell/`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tree/main/prototype/MsiV2UsingPowerShell) | |
| Repository: `AzureAD/microsoft-authentication-library-for-dotnet` |
| ```powershell | ||
| .\get-token.ps1 | ||
| .\get-token.ps1 -Scope "https://management.azure.com/.default" | ||
| .\get-token.ps1 -ResourceUrl "https://mtlstb.graph.microsoft.com/v1.0/applications?$top=5" |
There was a problem hiding this comment.
The example ResourceUrl uses mtlstb.graph.microsoft.com, which appears environment-specific and may not work for most readers. Consider either switching the example to a public endpoint (e.g., graph.microsoft.com) or adding a short note explaining what mtlstb is and when it should be used.
| .\get-token.ps1 -ResourceUrl "https://mtlstb.graph.microsoft.com/v1.0/applications?$top=5" | |
| .\get-token.ps1 -ResourceUrl "https://graph.microsoft.com/v1.0/applications?$top=5" |
| Repo: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet | ||
|
|
||
| **Pipeline files** | ||
| - `build/template-run-mi-e2e-imdsv2-python.yaml` — E2E test template for Python MSI v2 | ||
| - `build/template-build-and-run-all-tests.yaml` — Main pipeline orchestration updated |
There was a problem hiding this comment.
These pipeline file paths (build/...) do not exist in this repository, and the section could be read as instructions for where to find the YAML here. Consider linking directly to the files in the dotnet repo (or clarifying they are in that repo) to prevent confusion for readers of this document.
| Repo: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet | |
| **Pipeline files** | |
| - `build/template-run-mi-e2e-imdsv2-python.yaml` — E2E test template for Python MSI v2 | |
| - `build/template-build-and-run-all-tests.yaml` — Main pipeline orchestration updated | |
| External repo: [AzureAD/microsoft-authentication-library-for-dotnet](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) | |
| **Pipeline files in the dotnet repo** | |
| - [`build/template-run-mi-e2e-imdsv2-python.yaml`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/build/template-run-mi-e2e-imdsv2-python.yaml) — E2E test template for Python MSI v2 | |
| - [`build/template-build-and-run-all-tests.yaml`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/build/template-build-and-run-all-tests.yaml) — Main pipeline orchestration updated |
| Build ID: 1597011 | ||
| Status: ✅ PASSED | ||
| Duration: 44 seconds (Python MSI v2 job) | ||
| Environment: MSALMSIV2 pool (Windows 2022 VM) |
There was a problem hiding this comment.
This block includes internal Azure DevOps details (Build ID, pool name) that are not actionable for external readers and may be sensitive in a public repo. Consider replacing with a public link (if available) or summarizing results without internal identifiers.
| Build ID: 1597011 | |
| Status: ✅ PASSED | |
| Duration: 44 seconds (Python MSI v2 job) | |
| Environment: MSALMSIV2 pool (Windows 2022 VM) | |
| Status: ✅ PASSED | |
| Duration: 44 seconds (Python MSI v2 job) | |
| Environment: Hosted Windows 2022 environment |
Document the results and outcomes of the Managed Identity v2 Multi-Language Implementation Hackathon, highlighting the achievements and deliverables.