Skip to content

Port WorkloadIdentityCredential's auth flow to ClientAssertionCredential. #46285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Port WorkloadIdentityCredential's auth flow to ClientAssertionCredential. #46285

wants to merge 8 commits into from

Conversation

anannya03
Copy link
Member

@anannya03 anannya03 commented Aug 5, 2025
edited
Loading

Description

Porting WorkloadIdentityCredential's auth flow to ClientAssertionCredential.

Porting Auth Flow

Please add an informative description that covers that changes made by the pull request and link all relevant issues.

If an SDK is being regenerated based on a new swagger spec, a link to the pull request containing these swagger spec changes has been included above.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

@Copilot Copilot AI review requested due to automatic review settings August 5, 2025 23:45
@anannya03 anannya03 requested review from g2vinay, joshfree and a team as code owners August 5, 2025 23:45
@anannya03 anannya03 marked this pull request as draft August 5, 2025 23:46
Copilot
Copilot AI reviewed Aug 5, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the WorkloadIdentityCredential class to use ClientAssertionCredential internally instead of the lower-level IdentityClient and IdentitySyncClient implementations. The change simplifies the implementation by delegating to an existing credential type while maintaining the same external API.

  • Replaces direct use of IdentityClient/IdentitySyncClient with ClientAssertionCredential
  • Introduces a private method to read federated tokens from files
  • Updates constructor to build ClientAssertionCredential with proper configuration transfer
Comments suppressed due to low confidence (1)

sdk/identity/azure-identity/src/main/java/com/azure/identity/WorkloadIdentityCredential.java:148

  • The new readFederatedTokenFromFile method lacks test coverage. This method handles file I/O and exception scenarios that should be thoroughly tested, including IOException handling and file reading edge cases.
    private String readFederatedTokenFromFile(String filePath) {

@anannya03 anannya03 changed the title Changes for porting Port WorkloadIdentityCredential's auth flow to ClientAssertionCredential. Aug 11, 2025
@anannya03 anannya03 force-pushed the auth_flow_clientAssertion branch from 1977cef to fbf9815 Compare August 20, 2025 01:54
@anannya03 anannya03 marked this pull request as ready for review August 20, 2025 01:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@g2vinay g2vinay g2vinay left review comments

@alzimmermsft alzimmermsft alzimmermsft left review comments

Copilot code review Copilot Copilot left review comments

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner

@maorleger maorleger Awaiting requested review from maorleger maorleger is a code owner automatically assigned from Azure/azure-sdk-write-identity

@pvaneck pvaneck Awaiting requested review from pvaneck pvaneck is a code owner automatically assigned from Azure/azure-sdk-write-identity

@scottaddie scottaddie Awaiting requested review from scottaddie scottaddie is a code owner automatically assigned from Azure/azure-sdk-write-identity

@chlowell chlowell Awaiting requested review from chlowell chlowell is a code owner automatically assigned from Azure/azure-sdk-write-identity

@minhanh-phan minhanh-phan Awaiting requested review from minhanh-phan minhanh-phan is a code owner automatically assigned from Azure/azure-sdk-write-identity

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Azure.Identity
Projects
Azure Identity SDK Improvements
Status: Untriaged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anannya03 @g2vinay @alzimmermsft