Feature: Add On-Behalf-Of (OBO) Auth Flow for the Microsoft Graph Team #15804
Assignees
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
feature-request
This issue requires a new behavior in the product in order be resolved.
Milestone
Comments
joshfree
added
Client
This was referenced Jun 17, 2021
Closed
|
.NET’s PR: Azure/azure-sdk-for-net#22146 |
|
Here’s the design proposals I’m proposing to the architects: https://gist.github.com/sadasant/ece98248cb8cd2df5edd03ab92749f35 @xirzec , @chradek , @bterlson , when you have the time, your feedback is appreciated. cc: @schaabs |
|
After discussing the designs with @xirzec , we believe the “swapping credentials” approach to be the most promising one. I will be working on a pull request. |
This was referenced Aug 13, 2021
|
Update:
Based on that, I’ll move these issues to the backlog: |
This was referenced Aug 25, 2021
[Identity] Ensure all the LRO pollers pass OperationOptions to all of their internal requests
#17044
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The OAuth 2.0 On-Behalf-Of flow (OBO) serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API. The idea is to propagate the delegated user identity and permissions through the request chain. For the middle-tier service to make authenticated requests to the downstream service, it needs to secure an access token from the Microsoft identity platform, on behalf of the user.
Related Links:
Prototype: jongio/azidext#41
Documenation: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
.NET Design: https://gist.github.com/christothes/15b9903f7da0954aee166166a8fa1919
MS Graph Team's tracking issue: microsoftgraph/msgraph-sdk-java-core#132
The text was updated successfully, but these errors were encountered: