[GitHub] [hadoop] steveloughran commented on a change in pull request #1481: HADOOP-16587: Made auth endpoints configurable for MSI and refresh token flows

Wed, 02 Oct 2019 11:08:58 -0700 

steveloughran commented on a change in pull request #1481: HADOOP-16587: Made 
auth endpoints configurable for MSI and refresh token flows
URL: https://github.com/apache/hadoop/pull/1481#discussion_r330694773
 
 

 ##########
 File path: 
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator.java
 ##########
 @@ -109,17 +112,15 @@ public static AzureADToken 
getTokenUsingClientCreds(String authEndpoint,
    * @return {@link AzureADToken} obtained using the creds
    * @throws IOException throws IOException if there is a failure in obtaining 
the token
    */
-  public static AzureADToken getTokenFromMsi(String tenantGuid, String 
clientId,
-                                             boolean bypassCache) throws 
IOException {
-    String authEndpoint = 
"http://169.254.169.254/metadata/identity/oauth2/token";;
-
+  public static AzureADToken getTokenFromMsi(final String authEndpoint,
+      final String tenantGuid, final String clientId, String authority,
+      boolean bypassCache) throws IOException {
     QueryParams qp = new QueryParams();
     qp.add("api-version", "2018-02-01");
     qp.add("resource", RESOURCE_NAME);
 
-
     if (tenantGuid != null && tenantGuid.length() > 0) {
-      String authority = "https://login.microsoftonline.com/"; + tenantGuid;
+      authority = authority + tenantGuid;
 
 Review comment:
   * how about adding a "/" when needed; i can see this being a common config 
problem.
   * do you think a check for authority being valid here is needed? or just let 
the request fail? 
   
   Maybe we should just add a debug level log here so that at least when 
someone is troubleshooting they can see ths.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to