Skip to content

[Feature Request] Support for new Azure ML Managed Identity #5167

New issue
New issue
Closed
Feature
Closed
[Feature Request] Support for new Azure ML Managed Identity#5167
Feature
Labels
Feature RequestP3confidential-clientscenario:ManagedIdentity
@gladjohn

Description

@gladjohn
gladjohn
opened on Mar 3, 2025

MSAL client type

Managed identity

Problem statement

The Azure ML Managed Identity API is not the same as the App Service 2017-09-01 API, requiring explicit support to accommodate its unique authentication flow.

Key Differences

  1. Expiration Time Format

    • The expires_on field is returned as an integer, whereas App Service returns it as a string.
    • The implementation must correctly handle integer-based expiration times

  2. Mandatory clientid Parameter

    • Unlike App Service, all token requests must specify a clientid, even for system-assigned managed identities.
    • The platform provides a default client ID via the environment variable:
      • DEFAULT_IDENTITY_CLIENT_ID
    • The system should default to this environment variable when no client ID is explicitly provided.

Proposed solution

Add explicit support for the Azure ML Managed Identity API in MSAL.

Alternatives

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Feature RequestP3confidential-clientscenario:ManagedIdentity

    Type

    Feature

    Projects

    MSAL Customer Trust

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions