Extension name (the extension in question)
SSH
Description of issue (in as much detail as possible)
In the old ADAL-based Azure CLI, no interface is provided to pass data to ADAL and AAD to get an SSH cert. None of these methods can do this:
That's why Profile.get_msal_token is introduced (Azure/azure-cli#12999) to send data to MSAL and AAD.
Now in the new beta MSAL-based Azure CLI, Profile.get_login_credentials returns a CredentialAdaptor which is compatible with Track 2 SDK's TokenCredential.
SSH extension should detect the CLI version or other field added in the future whether the underlying auth library is MSAL. If so, it should call Profile.get_login_credentials and call get_token on the returned credential instead of calling Profile.get_msal_token:
|
_, certificate = profile.get_msal_token(scopes, data) |
which will be deprecated in the GA release of MSAL-based Azure CLI.
Extension name (the extension in question)
SSH
Description of issue (in as much detail as possible)
In the old ADAL-based Azure CLI, no interface is provided to pass
datato ADAL and AAD to get an SSH cert. None of these methods can do this:Profile.get_raw_tokenAdalAuthentication.signed_sessionAdalAuthentication.get_tokenThat's why
Profile.get_msal_tokenis introduced (Azure/azure-cli#12999) to senddatato MSAL and AAD.Now in the new beta MSAL-based Azure CLI,
Profile.get_login_credentialsreturns aCredentialAdaptorwhich is compatible with Track 2 SDK'sTokenCredential.SSH extension should detect the CLI version or other field added in the future whether the underlying auth library is MSAL. If so, it should call
Profile.get_login_credentialsand callget_tokenon the returned credential instead of callingProfile.get_msal_token:azure-cli-extensions/src/ssh/azext_ssh/custom.py
Line 58 in ecaacbb
which will be deprecated in the GA release of MSAL-based Azure CLI.