-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Core] Annotate TokenCredential for auditing #41662
Conversation
The focus of these changes is to annotate the `TokenCredential` methods that acquire a token as participants in security-related operations which callers may wish to consider auditing.
API change check API changes are not detected in this pull request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have a good understanding of when we add this attribute to libraries, but I know there is established thinking about how we do it ... @jsquire, do we have this written down anywhere? Out of curiosity, what prompted us to add this to Token Credential now? Is it the first instance of adding it to a Core library type? (I am not pushing back, BTW, just seeking to leave a paper-trail to understand the topic better!)
Also -- it looks like this didn't trigger a new APIView -- is this not considered a public API addition? Or is it not something we track in APIView? |
It is not a change to the public API; the attribute added has |
Forwarded you an email thread with context. The internal tracking item is here. The archboard recording and original issue can be found on the linked PR. @tg-msft owns this workstream, please feel free to reach out to him if you're looking for additional context. |
Summary
The focus of these changes is to annotate the
TokenCredential
methods that acquire a token as participants in security-related operations which callers may wish to consider auditing.References and related