Skip to content

Commit ed7619e

Browse files
Avery-DunnAvery-Dunn
authored
Merge pull request #954 from AzureAD/avdunn/imds-fix
Correct IMDS resource ID query parameter
2 parents 6bebbdf + 26b7a6c commit ed7619e

File tree

3 files changed

+13
-2
lines changed

3 files changed

+13
-2
lines changed

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ final class Constants {
1616

1717
public static final String MANAGED_IDENTITY_CLIENT_ID = "client_id";
1818
public static final String MANAGED_IDENTITY_RESOURCE_ID = "mi_res_id";
19+
public static final String MANAGED_IDENTITY_RESOURCE_ID_IMDS = "msi_res_id";
1920
public static final String MANAGED_IDENTITY_OBJECT_ID = "object_id";
2021
public static final String MANAGED_IDENTITY_DEFAULT_TENTANT = "managed_identity";
2122

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityRequest.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,13 @@ void addUserAssignedIdToQuery(ManagedIdentityIdType idType, String userAssignedI
6868
break;
6969
case RESOURCE_ID:
7070
LOG.info("[Managed Identity] Adding user assigned resource id to the request.");
71-
queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(userAssignedId));
71+
if (ManagedIdentityClient.getManagedIdentitySource() == ManagedIdentitySourceType.IMDS) {
72+
// IMDS seems to accept both mi_res_id and msi_res_id but their API only documents msi_res_id,
73+
// and using mi_res_id leads to issues in some scenarios that use the IMDS code path.
74+
queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID_IMDS, Collections.singletonList(userAssignedId));
75+
} else {
76+
queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(userAssignedId));
77+
}
7278
break;
7379
case OBJECT_ID:
7480
LOG.info("[Managed Identity] Adding user assigned object id to the request.");

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,11 @@ private HttpRequest expectedRequest(ManagedIdentitySourceType source, String res
138138
queryParameters.put("client_id", Collections.singletonList(id.getUserAssignedId()));
139139
break;
140140
case RESOURCE_ID:
141-
queryParameters.put("mi_res_id", Collections.singletonList(id.getUserAssignedId()));
141+
if (ManagedIdentityClient.getManagedIdentitySource() == ManagedIdentitySourceType.IMDS) {
142+
queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID_IMDS, Collections.singletonList(id.getUserAssignedId()));
143+
} else {
144+
queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(id.getUserAssignedId()));
145+
}
142146
break;
143147
case OBJECT_ID:
144148
queryParameters.put("object_id", singletonList(id.getUserAssignedId()));

0 commit comments

Comments
 (0)