Support for Oauth Access Tokens #50
Comments
|
Thank you for submitting this request! For others who are interested in this, please stick a 👍 on this issue. We’re currently developing an internal process to review and prioritize feature requests. |
|
Thanks @fairclothjm, I just opened a PR that implements this (I'm not sure why I didn't do that a while back). The PR will certainly need to be rebased and documentation added at a minimum. I'll be away from the computer next week but potentially could look into some of these things the following week. |
|
@mdgreenfield That's great, thanks! Feel free to ping me on this issue when you get it updated! |
|
Hi @fairclothjm, I could use some feedback/thoughts on #147 (comment) if you all get some time. |
|
Hello, are there any updates on this? We would also desperately wait for that feature! |
Requesting a new
tokenendpoint for retrieving access tokens.Similar to
vault-plugin-secrets-gcp, requests to create a Vault role would create the Azure App/ServicePrincipal, store the corresponding client credentials in the plugin's internal storage, and use those same client credentials to generate an oauth access token when a user callsazure/token/:roleBy supporting this and allowing Azure API callers to use oauth tokens for authentication we can sidestep the client credentials global replication delay issue brought up in #23. This is because typically the Azure role is created ahead of time in an out-of-band process (either manual or automated) thereby giving client credentials time to replicate globally before a user calls the
azure/token/:roleendpoint.The text was updated successfully, but these errors were encountered: