Open Id Issuer validation Reporting, Fixes AB#3268088#2751
Conversation
|
❌ Work item link check failed. Description does not contain AB#{ID}. Click here to Learn more. |
|
❌ Work item link check failed. Description contains AB#3268088 but the Bot could not link it to an Azure Boards work item. Click here to learn more. |
|
✅ Work item link check complete. Description contains link AB#3268088 to an Azure Boards work item. |
github-actions
Bot
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR implements OpenID issuer validation in the OpenIdProviderConfigurationClient to detect and report cases where the issuer returned in the metadata document doesn't match the expected authority. The validation is gated behind a feature flag and includes telemetry reporting for different validation failure scenarios.
Key changes:
- Added issuer validation logic with telemetry reporting for OpenID configuration mismatches
- Introduced new OpenTelemetry attributes and metrics for tracking validation failures
- Added utility methods for Azure Active Directory cloud validation
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| OpenIdProviderConfigurationClient.java | Main implementation of issuer validation with telemetry reporting |
| AzureActiveDirectoryCloud.java | Made isValidated() method public for validation checks |
| AzureActiveDirectory.java | Added utility methods for cloud discovery and public cloud validation |
| AttributeName.java | Added new OpenTelemetry attribute names for issuer validation |
| CommonFlight.java | Added feature flag to control issuer validation reporting |
| changelog.txt | Updated changelog with PR description |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
mohitc1
changed the title
Fixes AB#3268088
This PR implements OpenID issuer validation in the OpenIdProviderConfigurationClient to detect and report cases where the issuer returned in the metadata document doesn't match the expected authority. The validation is gated behind a feature flag and includes telemetry reporting for different validation failure scenarios.
Key changes: