saxenapranav commented on code in PR #5953:
URL: https://github.com/apache/hadoop/pull/5953#discussion_r1449840869
##########
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator.java:
##########
@@ -103,14 +105,55 @@ public static AzureADToken
getTokenUsingClientCreds(String authEndpoint,
} else {
qp.add("resource", RESOURCE_NAME);
}
- qp.add("grant_type", "client_credentials");
+ qp.add("grant_type", CLIENT_CREDENTIALS);
qp.add("client_id", clientId);
qp.add("client_secret", clientSecret);
LOG.debug("AADToken: starting to fetch token using client creds for client
ID " + clientId);
return getTokenCall(authEndpoint, qp.serialize(), null, null);
}
+ /**
+ * Gets Azure Active Directory token using the user ID and a JWT assertion
+ * generated by a federated authentication process.
+ *
+ * The federation process uses a feature from Azure Active Directory
+ * called workload identity. A workload identity is an identity used
+ * by a software workload (such as an application, service, script,
+ * or container) to authenticate and access other services and resources.
+ *
+ *
+ * @param authEndpoint the OAuth 2.0 token endpoint associated
+ * with the user's directory (obtain from
+ * Active Directory configuration)
+ * @param clientId the client ID (GUID) of the client web app
+ * obtained from Azure Active Directory configuration
+ * @param clientAssertion the JWT assertion token
+ * @return {@link AzureADToken} obtained using the creds
+ * @throws IOException throws IOException if there is a failure in
connecting to Azure AD
+ */
+ public static AzureADToken getTokenUsingJWTAssertion(String authEndpoint,
+ String clientId, String clientAssertion) throws IOException {
+ Preconditions.checkNotNull(authEndpoint, "authEndpoint");
+ Preconditions.checkNotNull(clientId, "clientId");
+ Preconditions.checkNotNull(clientAssertion, "clientAssertion");
+ boolean isVersion2AuthenticationEndpoint =
authEndpoint.contains("/oauth2/v2.0/");
+
+ QueryParams qp = new QueryParams();
+ if (isVersion2AuthenticationEndpoint) {
+ qp.add("scope", SCOPE);
+ } else {
+ qp.add("resource", RESOURCE_NAME);
+ }
+ qp.add("grant_type", CLIENT_CREDENTIALS);
+ qp.add("client_id", clientId);
+ qp.add("client_assertion", clientAssertion);
+ qp.add("client_assertion_type", JWT_BEARER_ASSERTION);
+ LOG.debug("AADToken: starting to fetch token using client assertion for
client ID " + clientId);
+
+ return getTokenCall(authEndpoint, qp.serialize(), null, null);
Review Comment:
Lets explicitly pass the methodName for better readability.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
