CredentialDescription.TokenExchangeAuthority Property

Definition

Namespace:: Microsoft.Identity.Abstractions

Assembly:: Microsoft.Identity.Abstractions.dll

Package:: Microsoft.Identity.Abstractions v9.5.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

When SourceType is SignedAssertionFromManagedIdentity, specifies the authority URL to use for token exchange. This is useful in scenarios where the issuer for the token exchange is different from the application's authority.

public string? TokenExchangeAuthority { get; set; }

member this.TokenExchangeAuthority : string with get, set

Public Property TokenExchangeAuthority As String

Property Value

String

Examples

The JSON fragment below describes a workload identity federation with a user assigned managed identity:

{
    "ClientCredentials": [
    {
        "SourceType": "SignedAssertionFromManagedIdentity",
        "ManagedIdentityClientId": "GUID",
        "TokenExchangeUrl" : "api://AzureADTokenExchangeSomeCloud1",
        "TokenExchangeAuthority": "https://login.microsoftonline.cloud2/33e01921-4d64-4f8c-a055-5bdaffd5e33d/v2.0"
    }]
}

The code below describes programmatically in C#, the same workload identity federation with a user assigned managed identity.

// Arrange
var credentialDescription = new CredentialDescription
{
    SourceType = CredentialSource.SignedAssertionFromManagedIdentity,
    ManagedIdentityClientId = "GUID",
    TokenExchangeUrl = "api://AzureADTokenExchangeSomeCloud1",
    TokenExchangeAuthority = "https://login.microsoftonline.cloud2/33e01921-4d64-4f8c-a055-5bdaffd5e33d/v2.0"
};

// Act
var actualTokenExchangeAuthority = credentialDescription.TokenExchangeAuthority;

Remarks

If you want to use the default authority, don't provide a token exchange authority URL.

Applies to

Обратная связь

Были ли сведения на этой странице полезными?