Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use interactive browser as the fallback for non azure cli users #281

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion shell/agents/Microsoft.Azure.Agent/Schema.cs
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,7 @@ internal class UserAccessToken
{
private readonly TokenRequestContext _tokenContext;
private AccessToken? _accessToken;
private const string ApplicationId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"; // AppId that need to be configurated in orchestrator side. Use Azure Cli's Application Id for now

/// <summary>
/// The access token.
Expand Down Expand Up @@ -386,7 +387,8 @@ internal async Task CreateOrRenewTokenAsync(CancellationToken cancellationToken)

if (needRefresh)
{
_accessToken = await new AzureCliCredential()
_accessToken = await new ChainedTokenCredential(new AzureCliCredential(),
new InteractiveBrowserCredential(ApplicationId))
Copy link
Member

@daxian-dbw daxian-dbw Nov 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good idea, but we will need to do a lot more:

  1. What about scenarios where browser is not available? Like when user is using AIShell on a remote machine via SSH connection. How do we detect that and switch to "device code" login?
  2. The error handling (e.g. error messages to help with mitigation) regarding access token failures will need to be updated accordingly.
  3. Maybe we should not recommend /replace when AzCLI is not installed. And we shouldn't recommend /code post for AzCLI commands when it's not installed.

I think we should revisit this post public preview, and will definitely need to involve PMs to think about the scenarios when AzCLI is not installed.

.GetTokenAsync(_tokenContext, cancellationToken);
}
}
Expand Down