Merge pull request #223177 from OwenRichards1/azure-docs-fix-article2

prmerger-automator[bot] · web-flow · commit 0cfd399ca38b · 2023-01-06T16:43:10.000Z
Resolving #93895 (Urgent attention)
diff --git a/articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md b/articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md
@@ -2,15 +2,15 @@
 title: Access Azure resources from Google Cloud without credentials
 description: Access Azure AD protected resources from a service running in Google Cloud without using secrets or certificates.  Use workload identity federation to set up a trust relationship between an app in Azure AD and an identity in Google Cloud. The workload running in Google Cloud can get an access token from Microsoft identity platform and access Azure AD protected resources.
 services: active-directory
-author: rwike77
+author: OwenRichards1
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 08/07/2022
-ms.author: ryanwi
+ms.date: 01/06/2023
+ms.author: owenrichards
 ms.custom: aaddev
 ms.reviewer: udayh
 #Customer intent: As an application developer, I want to create a trust relationship with a Google Cloud identity so my service in Google Cloud can access Azure AD protected resources without managing secrets.
@@ -206,32 +206,32 @@ class ClientAssertionCredential implements TokenCredential {
 
         // Get the ID token from Google.
         return getGoogleIDToken() // calling this directly just for clarity, 
-                               // this should be a callback
-        // pass this as a client assertion to the confidential client app
-        .then((clientAssertion:any)=> {
-            var msalApp: any;
-            msalApp = new msal.ConfidentialClientApplication({
-                auth: {
-                    clientId: this.clientID,
-                    authority: this.aadAuthority + this.tenantID,
-                    clientAssertion: clientAssertion,
-                }
+
+            let aadAudience = "api://AzureADTokenExchange"
+            const jwt = axios({
+            url: "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=" 
+            + aadAudience,
+            method: "GET",
+            headers: {
+                "Metadata-Flavor": "Google"
+                    }}).then(response => {
+                        console.log("AXIOS RESPONSE");
+                        return response.data;
+                    });
+                return jwt;
+            .then(function(aadToken) {
+                // return in form expected by TokenCredential.getToken
+                let returnToken = {
+                    token: aadToken.accessToken,
+                    expiresOnTimestamp: aadToken.expiresOn.getTime(),
+                };
+                return (returnToken);
+            })
+            .catch(function(error) {
+                // error stuff
             });
-            return msalApp.acquireTokenByClientCredential({ scopes })
-        })
-        .then(function(aadToken) {
-            // return in form expected by TokenCredential.getToken
-            let returnToken = {
-                token: aadToken.accessToken,
-                expiresOnTimestamp: aadToken.expiresOn.getTime(),
-            };
-            return (returnToken);
-        })
-        .catch(function(error) {
-            // error stuff
-        });
+        }
     }
-}
 export default ClientAssertionCredential;
 ```
 
