-
Notifications
You must be signed in to change notification settings - Fork 88
How to use ests r support in code
Abhidnya edited this page Apr 26, 2022
·
2 revisions
As of 2021 May, regional service is only available for
AcquireTokenByCredential()
sent by any of the following scenarios::
- An app with managed identity, which is formerly known as MSI. (However MSAL Go does not support managed identity, so this one does not apply.)
- An app authenticated by Subject Name/Issuer (SNI). This can be enabled using
confidential.WithX5C()
on application initialization. - An app which already onboard to the region's allow-list.
MSAL's default value is None, which means region behavior remains off.
If enabled, the relevant traffic would remain inside that region. App developer can opt in to a regional endpoint, by provide its region name, such as "westus", "eastus2". You can find a full list of regions by running
az account list-locations -o table
, or referencing to this doc. An app running inside Azure Functions and Azure VM can use a special keywordconfidential.AutoDetectRegion()
to auto-detect region.
app, err := confidential.New("your_client_id", credential,
confidential.WithAuthority("your_authority"),
confidential.WithAzureRegion("your_region"),
if err != nil {
log.Fatal(err)
}
result, err := app.AcquireTokenByCredential(context.Background(), []string{"your_scope"})
if err != nil {
log.Fatal(err)
}
app, err := confidential.New("your_client_id", credential,
confidential.WithAuthority("your_authority"),
confidential.WithAzureRegion(confidential.AutoDetectRegion()))
if err != nil {
log.Fatal(err)
}
result, err := app.AcquireTokenByCredential(context.Background(), []string{"your_scope"})
if err != nil {
log.Fatal(err)
}