Support regional ESTS (ests-r)
See original GitHub issueProblem
AAD is adding support for regional STS (ESTSR). Currently only S2S (client_credentials) flow and available via opt-in (1st party only for now). Although a DNS-only solution is preferred, this is not practical. The client SDK needs to help route the traffic to the regional authority.
Goals
- Provide an API that allows traffic to be routed to a regional authority (P0)
- Help developers detect the region (P1)
- Existing telemetry needs to work. We must detect if user region != detected region and report it via telemetry.
Proposal
// if app knows the region, use it as MSAL cannot reliably detect it
string region = Config.Region ?? ConfidentialClientApplication.AttemptRegionDiscovery;
var cca = ConfidentialClientApplicationBuilder(client_id)
.WithAuthority(AzureCloud.PublicCloud)
.WithRegion(region)
.Build();
Behavior
- if region = null, ignore
- if cloud is PUBLIC cloud, use {region}.microsoft.com
- otherwise, use {region}.environment
Issue Analytics
- State:
- Created 2 years ago
- Comments:12 (7 by maintainers)
Top Results From Across the Web
Region discovery troubleshooting - MSAL.NET
In this article ... Azure AD has adding support for regional STS (ESTS-Regional). Currently only the service to service flow (client_credentials / ...
Read more >Xbox Supported Countries & Regions
Find a list of countries and regions where Xbox consoles, games, and services are supported. See what products are available in your country...
Read more >Sacramento Regional Transit Real Estate
Current Properties for Sale ... SacRT's Transit Oriented Development program seeks to create mixed-use and mixed-income equitable communities through development ...
Read more >Cambiar el país o la región de tu Apple ID
Consulta los Términos y condiciones de Apple Media Services. * Si no quieres ingresar un método de pago, espera a estar físicamente en...
Read more >Banking Services: Checking, Savings, Mortgage | Regions Bank
Regions offers a full spectrum of banking services. Visit us online or at one of our many bank branch locations for checking, savings,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@jabbera, thanks for the added details to your question. Networking issues including DNS issues are not covered with this change, for DNS and network handling we allow you to pass in a HttpClientFactory where you can do what is right for your service to mitigate those issues (e.g. small outages to DNS would typically not be felt as DNS is cached on the node and only refreshed at certain intervals, you can decide which interval would be the right for your scenario).
Two other perspectives that regional and MSAL in general helps with for the scenario you are describing is:
Hope this helped bring some perspectives to the question you raised. Please also feel free to share what you believe should happen and how it can be done.
@jabbera : Not sure exactly what you mean. Can you please provide more context to the question?
Region means the traffic will stay in the region, thus impacts from other regions or even global will not impact a service running in a another region.