From ad5cdacd0c31db300edc56ccd6e677527a9a46e0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 13 Mar 2024 09:18:12 -0500 Subject: [PATCH] address review --- source/auth/auth.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source/auth/auth.md b/source/auth/auth.md index b21ce98660..6ddd3f6da4 100644 --- a/source/auth/auth.md +++ b/source/auth/auth.md @@ -1285,7 +1285,8 @@ Metadata: true ``` where `` is the value of the `TOKEN_RESOURCE` mechanism property and `` is the `username` from the -connection string. If a `username` is not provided, the `object_id` query parameter should be omitted. +connection string. If a `username` is not provided, the `object_id` query parameter should be omitted. The timeout +should equal the `callbackTimeoutMS` parameter given to the callback. Example code for the above using curl, where `$TOKEN_RESOURCE` is the value of the `TOKEN_RESOURCE` mechanism property. @@ -1293,6 +1294,7 @@ Example code for the above using curl, where `$TOKEN_RESOURCE` is the value of t curl -X GET \ -H "Accept: application/json" \ -H "Metadata: true" \ + --max-time $CALLBACK_TIMEOUT_MS \ "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$TOKEN_RESOURCE" ``` @@ -1310,7 +1312,8 @@ The JSON response will be in this format: } ``` -The driver MUST use the returned `"access_token"` value as the access token in a `JwtStepRequest`. +The driver MUST use the returned `"access_token"` value as the access token in a `JwtStepRequest`. If the response does +not return a status code of 200, the driver MUST raise an error including the HTTP response body. For more details, see [How to use managed identities for Azure resources on an Azure VM to acquire an access token](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token).