-
Notifications
You must be signed in to change notification settings - Fork 829
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[keyvault] add cae support #23543
base: main
Are you sure you want to change the base?
[keyvault] add cae support #23543
Conversation
default: | ||
t.Fatal("unexpected token request") | ||
} | ||
return azcore.AccessToken{Token: accessTk, ExpiresOn: time.Now().Add(time.Hour)}, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please also check that the policy uses the correct access token after handling the CAE challenge? Something simple like this should do in the credential:
return azcore.AccessToken{Token: accessTk, ExpiresOn: time.Now().Add(time.Hour)}, nil | |
return azcore.AccessToken{Token: fmt.Sprint(tkReqs), ExpiresOn: time.Now().Add(time.Hour)}, nil |
...then a predicate in the AppendResponse
calls can compare the actual value of the Authorization
header
accessTk = "***" | ||
kvChallenge = `Bearer authorization="https://login.microsoftonline.com/tenant", resource="https://vault.azure.net"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider sharing these constants with the test above
Closes https://github.com/Azure/azure-sdk-for-go-pr/issues/43
Adding CAE support to key vault libraries: