fix(service-client)- Add IoT hub token scope. (#1812)

Azure · Mar 22, 2021 · 5722399 · 5722399
1 parent cd75e0c
commit 5722399
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/common/src/service/CommonConstants.cs b/common/src/service/CommonConstants.cs
@@ -5,13 +5,14 @@ namespace Microsoft.Azure.Devices.Common
 {
     using System;
 
-    static class CommonConstants
+    internal static class CommonConstants
     {
         // Custom HTTP response contents
         internal const string ErrorCode = "errorCode";
 
         // TODO: move these to ConfigProvider
         public const string DeviceAudienceFormat = "{0}/devices/{1}";
+
         public const string MediaTypeForDeviceManagementApis = "application/json";
         public const string AmqpsScheme = "amqps";
         public const string AmqpScheme = "amqp";
@@ -23,11 +24,13 @@ static class CommonConstants
 
         // IotHub WindowsFabric Constants
         public const int WindowsFabricRetryLimit = 20;
+
         public const int WindowsFabricRetryWaitInMilliseconds = 3000;
         public const int WindowsFabricClientConnectionPort = 19000;
 
         // AzureStorage Constants
         public const int AzureStorageRetryLimit = 3;
+
         public const int AzureStorageRetryWaitInMilliseconds = 3000;
 
         public const string IotHubApplicationName = "fabric:/microsoft.azure.devices.container";
@@ -42,19 +45,23 @@ static class CommonConstants
 
         // EventHub
         public const int EventHubEndpointPortNumber = 5671;
+
         public const string EventHubConnectionStringTemplate = "{0};PartitionCount={1}";
 
         // Namespace paths
         public const string ResourceProviderNamespace = "Microsoft.Devices";
+
         public const string ResourceProviderServiceResourceType = ResourceProviderNamespace + "/IotHubs";
         public const string ResourceProviderBasePathTemplate = "/subscriptions/{0}/resourceGroups/{1}/providers/" + ResourceProviderServiceResourceType + "/{2}";
 
         // Runtime Retry Constants
         public const int RuntimeRetryLimit = 3;
+
         public const int RuntimeRetryWaitInMilliseconds = 5000;
 
         // Device URI Templates
         public const string DeviceEventPathTemplate = "/devices/{0}/messages/events";
+
         public const string DeviceBoundPathTemplate = "/devices/{0}/messages/deviceBound";
         public const string DeviceBoundPathCompleteTemplate = DeviceBoundPathTemplate + "/{1}";
         public const string DeviceBoundPathAbandonTemplate = DeviceBoundPathCompleteTemplate + "/abandon";
@@ -65,6 +72,7 @@ static class CommonConstants
 
         // IotHub provisioning terminal states (CSM/ARM)
         public const string ProvisioningStateSucceed = "Succeeded";
+
         public const string ProvisioningStateFailed = "Failed";
         public const string ProvisioningStateCanceled = "Canceled";
 
@@ -79,6 +87,7 @@ static class CommonConstants
 
         // Service configurable parameters
         public const string PartitionCount = "PartitionCount";
+
         public const string TargetReplicaSetSize = "TargetReplicaSetSize";
         public const string MinReplicaSetSize = "MinReplicaSetSize";
         public const string SkuMaxUnitOverride = "SkuMaxUnitOverride";
@@ -118,8 +127,11 @@ static class CommonConstants
 
         // Custom HTTP headers
         public const string IotHubErrorCode = "IotHubErrorCode";
+
         public const string HttpErrorCodeName = "iothub-errorcode";
 
+        public static readonly string[] IotHubAadTokenScopes = new string[] { "https://iothubs.azure.net/.default" };
+
         //Service Analytics related
         public static class ServiceAnalytics
         {

diff --git a/iothub/service/src/DigitalTwin/Authentication/DigitalTwinTokenCredential.cs b/iothub/service/src/DigitalTwin/Authentication/DigitalTwinTokenCredential.cs
@@ -35,7 +35,7 @@ public override string GetAuthorizationHeader()
                     || TokenHelper.IsCloseToExpiry(_cachedAccessToken.Value.ExpiresOn))
                 {
                     _cachedAccessToken = _credential.GetToken(
-                        new TokenRequestContext(),
+                        new TokenRequestContext(CommonConstants.IotHubAadTokenScopes),
                         new CancellationToken());
                 }
             }

diff --git a/iothub/service/src/IotHubTokenCredentialProperties.cs b/iothub/service/src/IotHubTokenCredentialProperties.cs
@@ -58,7 +58,7 @@ public override string GetAuthorizationHeader()
                     || TokenHelper.IsCloseToExpiry(_cachedAccessToken.Value.ExpiresOn))
                 {
                     _cachedAccessToken = _credential.GetToken(
-                        new TokenRequestContext(),
+                        new TokenRequestContext(CommonConstants.IotHubAadTokenScopes),
                         new CancellationToken());
                 }
             }
@@ -78,7 +78,9 @@ public async override Task<CbsToken> GetTokenAsync(Uri namespaceAddress, string
             throw new InvalidOperationException($"TokenCredential is not supported on NET451");
 
 #else
-            AccessToken token = await _credential.GetTokenAsync(new TokenRequestContext(), new CancellationToken()).ConfigureAwait(false);
+            AccessToken token = await _credential.GetTokenAsync(
+                new TokenRequestContext(CommonConstants.IotHubAadTokenScopes),
+                new CancellationToken()).ConfigureAwait(false);
             return new CbsToken(
                 token.Token,
                 _tokenType,