Add Workload Identity Auth Support in KV JCA

[g2vinay]

Adds Workload Identity Auth Support in KV JCA

[Copilot]

Pull Request Overview

This PR adds support for Azure Workload Identity authentication for Azure Kubernetes Service (AKS) workloads in the Key Vault JCA library. This enables credential-free authentication for AKS pods using federated tokens.

Key changes:

• Implemented federated token-based authentication flow using environment variables (AZURE_FEDERATED_TOKEN_FILE, AZURE_CLIENT_ID, AZURE_TENANT_ID)
• Added automatic detection and prioritization of Workload Identity authentication
• Updated documentation with detailed authentication method examples and selection logic

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java	Added Workload Identity support with detection logic, token file reading, and OAuth2 client assertion flow implementation
sdk/keyvault/azure-security-keyvault-jca/README.md	Added comprehensive authentication method documentation with examples for Service Principal, Managed Identity, and Workload Identity
sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md	Documented new Workload Identity feature in the unreleased version section

[writemevenkat]

Any ETA for this implementation ?

[github-actions]

Hi @g2vinay. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days.

[writemevenkat]

Hi Azure SDK Team,

Our team is currently blocked from moving to AKS due to the absence of this feature. Please prioritize this enhancement, as it is critical for our migration plans. @g2vinay

[rujche]

Please update the PR according to the comments and this PR: https://github.com/Azure/azure-sdk-for-java/pull/47749/files

[github-actions]

Hi @g2vinay. Thank you for your contribution. Since there hasn't been recent engagement, we're going to close this out. Feel free to respond with a comment containing /reopen if you'd like to continue working on these changes. Please be sure to use the command to reopen or remove the no-recent-activity label; otherwise, this is likely to be closed again with the next cleanup pass.

[writemevenkat]

Hi @g2vinay, @rujche - I’m not sure why this PR was auto-closed even though there was recent activity. Could you please take a look and continue/reopen it? We’ve been waiting for this feature to be available.

[github-actions]

Sorry, @writemevenkat, only the original author can reopen this pull request.

[rujche]

Hi, @g2vinay I opened this PR. Could you please update this PR when you have time?

[rujche]

Please add another auth type from here: #47850

[rujche]

Again, please add the auth type of access token. And sort them by priority.

[g2vinay]

added it.

[g2vinay]

Thanks @rujche for the feedback, I will be addressing the feedback today for this PR.

[g2vinay]

Hi @g2vinay, @rujche - I’m not sure why this PR was auto-closed even though there was recent activity. Could you please take a look and continue/reopen it? We’ve been waiting for this feature to be available.

Thanks for following up on this feature.
We will get this PR merged sometime early to mid next week.

From there on @rujche will release this as part of next scheduled release I believe.

[rujche]

Hi, @g2vinay , could you please resolve the conflicts in this PR?

[rujche]

Have you test it? If you have tested it, could you please share the screenshot to improve that it worked?

[g2vinay]

End to end testing, requires resources setup, that is what I am currently working on.

[rujche]

Again, please add the auth type of access token. And sort them by priority.