FluidFramework icon indicating copy to clipboard operation
FluidFramework copied to clipboard
verified publisher icon microsoft

[rc4] Use public client auth for odsp e2e flows (#21091)

Open Abe27342 opened this issue 1 year ago • 1 comments

Description

Currently, we use the ropc flow with a confidential client to authenticate in our e2e/stress tests against odsp. This is less appropriate than using a public client flow, since our application registration really only needs to have delegated permissions. This PR adjusts things to use a public flow--I've updated the relevant app registrations to allow both forms of auth already.

Using a public flow also means our infrastructure setup here aligns exactly with this relatively recent MSFT guidance.

Cherry-pick of #21091. This change needs to be in every branch we plan on maintaining real service tests against odsp for, as I plan on removing the application configuration enabling confidential client auth.

Abe27342 avatar May 16 '24 00:05 Abe27342

Baseline CI build failed, cannot generate bundle analysis at this time

Baseline commit: df291683aaf1a58ca4b9fcf6f311a97c01ae4f30

Generated by :no_entry_sign: dangerJS against f6bda00bcfbb39017436c3b191756a93daaed20e

msfluid-bot avatar May 16 '24 01:05 msfluid-bot