Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Feature Request] WWWAuthenticate Resource property obsolete with warning instead of error

See original GitHub issue

Is your feature request related to a problem? Please describe. In #3160 the Resource property in WWWAuthenticateParameters was marked as obsolete. There was a question on the PR as to whether the ObsoleteAttribute.IsError property should be set to true, and the decision was made to do it, with the rationale that callers should know the resource they are requesting.

The issue is that there are scenarios, such as this security advisory from Azure Key Vault, where clients are supposed to inspect the resource parameter in the response to ensure it matches the set of well known domains.

Because the ObsoleteAttribute now throws a compiler error, it doesn’t allow consumers to decide on how they want to address this issue - it can’t be suppressed as a warning could be.

Describe the solution you’d like I’d like the IsError property to be set to the default of false.

Describe alternatives you’ve considered I’ve tried various ways of suppressing the error - other than conditional compilation I don’t know of a way, and that certainly seems like overkill.

Additional context

Issue Analytics

State:
Created 4 months ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

bgavrilMScommented, Jun 6, 2023

Clients that perform resource validation (e.g. by comparing the host part of the resource against a list of known good hosts), can still use the indexer to retrieve the raw value of the resource / scope. If a resource is used, add “/.default” to it to transform it into a scope, e.g. “https://graph.microsoft.com/.default” is the OAuth2 scope for “https://graph.microsoft.com” resource.

authParams["resource"]

I added a PR that updates the API docs.

0reactions

jmprieurcommented, Jun 6, 2023

@bgavrilMS would this GetScopes() method provide scopes for the intersection of the allowedResourceHosts and the resources in the WWW-Authenticate header?

Top Results From Across the Web

Document --sdk-auth as deprecated #20743 - Azure/azure-cli

Azure SDK is not consuming it anymore, so we marked it as deprecated in #19414. Please simply forget about it and do not...

Updating to Spring Security 6.0 - replacing Removed and ...

I'm trying to upgrade to Spring Boot 3.0.0 and Spring Security 6.0. I've found that method for securing requests authorizeRequests() has been ...

Enable support for TLS 1.2 in your environment for Azure ...

This article describes how to enable support for TLS 1.2 in your environment, in preparation for upcoming Azure AD TLS 1.0/1.1 deprecation.

Serverless Framework Deprecations

Starting with "v3.0.0", attempt to enable S3 Transfer Acceleration on user provided bucket will result in error instead of a warning.

Error Messages | Maps JavaScript API

This page describes the error messages that can be returned by the Maps JavaScript API. The Maps JavaScript API writes error and warning...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

[Feature Request] WWWAuthenticate Resource property obsolete with warning instead of error

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[Bug] AbstractAcquireTokenParameterBuilder<T>.WithTenantId() should be supported for CIAM authorities

[Feature Request] MI Add support for Object / Principal ID in UAMI