FluidFramework icon indicating copy to clipboard operation
FluidFramework copied to clipboard
verified publisher icon microsoft

[rc2] Use public client auth for odsp e2e flows (#21091)

Open Abe27342 opened this issue 1 year ago • 1 comments

Description

Currently, we use the ropc flow with a confidential client to authenticate in our e2e/stress tests against odsp. This is less appropriate than using a public client flow, since our application registration really only needs to have delegated permissions. This PR adjusts things to use a public flow--I've updated the relevant app registrations to allow both forms of auth already.

Using a public flow also means our infrastructure setup here aligns exactly with this relatively recent MSFT guidance.

Cherry-pick of #21091. This change needs to be in every branch we plan on maintaining real service tests against odsp for, as I plan on removing the application configuration enabling confidential client auth.

Abe27342 avatar May 16 '24 00:05 Abe27342

Could not find a usable baseline build with search starting at CI 91777ec1f7f1612bd81f73e79066b7a431aa481b

Generated by :no_entry_sign: dangerJS against 129d9777e57cc2c01bf4932beb84220931ee6b66

msfluid-bot avatar May 16 '24 01:05 msfluid-bot