Managed Identity Support - How To, Until Lib supports it.

[fowl2]

It's fairly trivial^ to hook up Azure.Identity in code, but it'd be nice if the connection string supported managed identity directly.

^ I'm not sure this handles token caching correctly

    var factory = new AzureIdentityOrgSvcFactory(new ("https://....dynamics.com"), new Azure.Identity.DefaultAzureCredential(), logger);

    class AzureIdentityOrgSvcFactory : IOrganizationServiceFactory
    {
        readonly Uri uri;
        readonly TokenCredential tokenCredential;
        readonly ILogger logger;

        public OrgSvcFactory(Uri uri, TokenCredential tokenCredential, ILogger logger)
        {
            this.logger = logger;
            this.uri = uri;
            this.tokenCredential = tokenCredential;
        }

        public IOrganizationService CreateOrganizationService(Guid? userId)
        {
            var c = new Microsoft.PowerPlatform.Dataverse.Client.ServiceClient(uri, GetToken, logger: logger);

            if (userId is Guid callerId)
                c.CallerId = callerId;

            return c;
        }

        async Task<string> GetToken(string instance)
        {
            var option = new TokenRequestContext(new[] { uri.AbsoluteUri + ".default" });
            var token = await tokenCredential.GetTokenAsync(option, default);
            return token.Token;
        }
    }

[MattB-msft]

The ServiceClient handles S2S Token Caching and supports 2 forms of token caching for User PW flows... either in Memory or File. If you want to use other token caching processes, currently, you need to use external auth and implement the caching mechanic of your choice.

Regarding Managed Identity and automatic certificate rollover flows (SubjectName Auth), we do want to add support for those in the future but have yet to work though the issue related to them. As both of those flows have a strong Azure dependency, and have behavorial differences between various Azure hosts, we would like to deal with them as AddOn packages for the ServiceClient vs built in feature.

[fowl2]

Absolutely and with the library story is still being in so much flux at the moment it's totally understandable.

Just thought I'd register the interest in our bold secretless future and help any others that want to give it a go today :)

[MattB-msft]

Moved to Show/Tell section of discussions for easier access.