From b8aaf67f09bd6f35990d7b419e699f7dc7e035d1 Mon Sep 17 00:00:00 2001 From: Vinay Gera Date: Mon, 14 Feb 2022 10:59:56 -0800 Subject: [PATCH] Add Client Assertion Credential (#26900) --- .../identity/AksExchangeTokenCredential.java | 38 ++++++++++ .../identity/ClientAssertionCredential.java | 38 ++++++---- .../ClientAssertionCredentialBuilder.java | 75 +++++++++++++++++++ .../identity/ManagedIdentityCredential.java | 2 +- .../implementation/IdentityClient.java | 9 ++- .../implementation/IdentityClientBuilder.java | 18 ++++- .../AzureApplicationCredentialTest.java | 2 +- .../ClientCertificateCredentialTest.java | 18 ++--- .../identity/ClientSecretCredentialTest.java | 4 +- .../identity/DefaultAzureCredentialTest.java | 2 +- .../IdentityClientIntegrationTests.java | 10 +-- 11 files changed, 180 insertions(+), 36 deletions(-) create mode 100644 sdk/identity/azure-identity/src/main/java/com/azure/identity/AksExchangeTokenCredential.java create mode 100644 sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AksExchangeTokenCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AksExchangeTokenCredential.java new file mode 100644 index 0000000000000..06f83b2243001 --- /dev/null +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AksExchangeTokenCredential.java @@ -0,0 +1,38 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.identity; + +import com.azure.core.credential.AccessToken; +import com.azure.core.credential.TokenRequestContext; +import com.azure.core.util.logging.ClientLogger; +import com.azure.identity.implementation.IdentityClient; + +import reactor.core.publisher.Mono; + +/** + * Authenticates a service principal with AAD using a client assertion. + */ +class AksExchangeTokenCredential extends ManagedIdentityServiceCredential { + private final ClientLogger logger = new ClientLogger(AksExchangeTokenCredential.class); + + /** + * Creates an instance of AksExchangeTokenCredential. + * + * @param clientId the client id of user assigned or system assigned identity. + * @param identityClient the identity client to acquire a token with. + */ + AksExchangeTokenCredential(String clientId, IdentityClient identityClient) { + super(clientId, identityClient, "AZURE AKS TOKEN EXCHANGE"); + } + + @Override + public Mono authenticate(TokenRequestContext request) { + if (this.getClientId() == null) { + return Mono.error(logger.logExceptionAsError(new IllegalStateException("The client id is not configured via" + + " 'AZURE_CLIENT_ID' environment variable or through the credential builder." + + " Please ensure client id is provided to authenticate via token exchange in AKS environment."))); + } + return identityClient.authenticatewithExchangeToken(request); + } +} diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java index 4f34450c4f302..c2bb77589e0ea 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java @@ -4,35 +4,47 @@ package com.azure.identity; import com.azure.core.credential.AccessToken; +import com.azure.core.credential.TokenCredential; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; - +import com.azure.identity.implementation.IdentityClientBuilder; +import com.azure.identity.implementation.IdentityClientOptions; +import com.azure.identity.implementation.util.LoggingUtil; import reactor.core.publisher.Mono; +import java.util.function.Supplier; + /** * Authenticates a service principal with AAD using a client assertion. */ -class ClientAssertionCredential extends ManagedIdentityServiceCredential { +public class ClientAssertionCredential implements TokenCredential { private final ClientLogger logger = new ClientLogger(ClientAssertionCredential.class); - + private final IdentityClient identityClient; /** * Creates an instance of ClientAssertionCredential. * * @param clientId the client id of user assigned or system assigned identity. - * @param identityClient the identity client to acquire a token with. + * @param tenantId the tenant ID of the application + * @param clientId the client ID of the application + * @param identityClientOptions the options to configure the identity client */ - ClientAssertionCredential(String clientId, IdentityClient identityClient) { - super(clientId, identityClient, "AZURE AKS TOKEN EXCHANGE"); + ClientAssertionCredential(String clientId, String tenantId, Supplier clientAssertion, + IdentityClientOptions identityClientOptions) { + identityClient = new IdentityClientBuilder() + .tenantId(tenantId) + .clientId(clientId) + .clientAssertionSupplier(clientAssertion) + .identityClientOptions(identityClientOptions) + .build(); } @Override - public Mono authenticate(TokenRequestContext request) { - if (this.getClientId() == null) { - return Mono.error(logger.logExceptionAsError(new IllegalStateException("The client id is not configured via" - + " 'AZURE_CLIENT_ID' environment variable or through the credential builder." - + " Please ensure client id is provided to authenticate via token exchange in AKS environment."))); - } - return identityClient.authenticatewithExchangeToken(request); + public Mono getToken(TokenRequestContext request) { + return identityClient.authenticateWithConfidentialClientCache(request) + .onErrorResume(t -> Mono.empty()) + .switchIfEmpty(Mono.defer(() -> identityClient.authenticateWithConfidentialClient(request))) + .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) + .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java new file mode 100644 index 0000000000000..223e2bac9bcab --- /dev/null +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java @@ -0,0 +1,75 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.identity; + +import com.azure.core.util.logging.ClientLogger; +import com.azure.identity.implementation.RegionalAuthority; +import com.azure.identity.implementation.util.ValidationUtil; + +import java.util.HashMap; +import java.util.function.Supplier; + +/** + * Fluent credential builder for instantiating a {@link ClientAssertionCredential}. + * + * @see ClientAssertionCredential + */ +public class ClientAssertionCredentialBuilder extends AadCredentialBuilderBase { + private Supplier clientAssertionSupplier; + private final ClientLogger logger = new ClientLogger(ClientAssertionCredentialBuilder.class); + + /** + * Sets the supplier containing the logic to supply the client assertion when invoked. + * + * @param clientAssertionSupplier the supplier supplying client assertion. + * @return An updated instance of this builder. + */ + public ClientAssertionCredentialBuilder clientAssertion(Supplier clientAssertionSupplier) { + this.clientAssertionSupplier = clientAssertionSupplier; + return this; + } + + /** + * Configures the persistent shared token cache options and enables the persistent token cache which is disabled + * by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to + * the current user, which can be shared by other credentials and processes. + * + * @param tokenCachePersistenceOptions the token cache configuration options + * @return An updated instance of this builder with the token cache options configured. + */ + public ClientAssertionCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions + tokenCachePersistenceOptions) { + this.identityClientOptions.setTokenCacheOptions(tokenCachePersistenceOptions); + return this; + } + + /** + * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to + * attempt to auto-detect the region. If unset, a non-regional authority will be used. This argument should be used + * only by applications deployed to Azure VMs. + * + * @param regionalAuthority the regional authority + * @return An updated instance of this builder with the regional authority configured. + */ + ClientAssertionCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) { + this.identityClientOptions.setRegionalAuthority(regionalAuthority); + return this; + } + + /** + * Creates a new {@link ClientAssertionCredential} with the current configurations. + * + * @return a {@link ClientAssertionCredential} with the current configurations. + * @throws IllegalArgumentException if either of clientId, tenantId or clientAssertion is not present. + */ + public ClientAssertionCredential build() { + ValidationUtil.validate(getClass().getSimpleName(), new HashMap() {{ + put("clientId", clientId); + put("tenantId", tenantId); + put("clientAssertion", clientAssertionSupplier); + }}); + + return new ClientAssertionCredential(clientId, tenantId, clientAssertionSupplier, identityClientOptions); + } +} diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java index 7ab1e1f76f76f..3de6dfb3dc179 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java @@ -65,7 +65,7 @@ public final class ManagedIdentityCredential implements TokenCredential { clientBuilder.tenantId(configuration.get(Configuration.PROPERTY_AZURE_TENANT_ID)); clientBuilder.clientAssertionPath(configuration.get(AZURE_FEDERATED_TOKEN_FILE)); clientBuilder.clientAssertionTimeout(Duration.ofMinutes(5)); - managedIdentityServiceCredential = new ClientAssertionCredential(clientIdentifier, clientBuilder.build()); + managedIdentityServiceCredential = new AksExchangeTokenCredential(clientIdentifier, clientBuilder.build()); } else { managedIdentityServiceCredential = new VirtualMachineMsiCredential(clientId, clientBuilder.build()); } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java index 982fb817930bd..f3cbc49e3bde2 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java @@ -91,6 +91,7 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; import java.util.function.Consumer; +import java.util.function.Supplier; /** * The identity client that contains APIs to retrieve access tokens @@ -125,6 +126,7 @@ public class IdentityClient { private final String clientAssertionFilePath; private final InputStream certificate; private final String certificatePath; + private final Supplier clientAssertionSupplier; private final String certificatePassword; private HttpPipelineAdapter httpPipelineAdapter; private final SynchronizedAccessor publicClientApplicationAccessor; @@ -147,8 +149,8 @@ public class IdentityClient { * @param options the options configuring the client. */ IdentityClient(String tenantId, String clientId, String clientSecret, String certificatePath, - String clientAssertionFilePath, InputStream certificate, String certificatePassword, - boolean isSharedTokenCacheCredential, Duration clientAssertionTimeout, + String clientAssertionFilePath, Supplier clientAssertionSupplier, InputStream certificate, + String certificatePassword, boolean isSharedTokenCacheCredential, Duration clientAssertionTimeout, IdentityClientOptions options) { if (tenantId == null) { tenantId = "organizations"; @@ -163,6 +165,7 @@ public class IdentityClient { this.certificatePath = certificatePath; this.certificate = certificate; this.certificatePassword = certificatePassword; + this.clientAssertionSupplier = clientAssertionSupplier; this.options = options; this.publicClientApplicationAccessor = new SynchronizedAccessor<>(() -> @@ -215,6 +218,8 @@ private Mono getConfidentialClientApplication() { return Mono.error(logger.logExceptionAsError(new RuntimeException( "Failed to parse the certificate for the credential: " + e.getMessage(), e))); } + } else if (clientAssertionSupplier != null) { + credential = ClientCredentialFactory.createFromClientAssertion(clientAssertionSupplier.get()); } else { return Mono.error(logger.logExceptionAsError( new IllegalArgumentException("Must provide client secret or client certificate path." diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBuilder.java index a816d3d782863..b178ee9c90b57 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBuilder.java @@ -7,6 +7,7 @@ import java.io.InputStream; import java.time.Duration; +import java.util.function.Supplier; /** * Fluent client builder for instantiating an {@link IdentityClient}. @@ -24,6 +25,7 @@ public final class IdentityClientBuilder { private String certificatePassword; private boolean sharedTokenCacheCred; private Duration clientAssertionTimeout; + private Supplier clientAssertionSupplier; /** * Sets the tenant ID for the client. @@ -66,6 +68,17 @@ public IdentityClientBuilder certificatePath(String certificatePath) { return this; } + /** + * Sets the supplier for client assertion. + * + * @param clientAssertionSupplier the supplier of client assertion. + * @return the IdentityClientBuilder itself + */ + public IdentityClientBuilder clientAssertionSupplier(Supplier clientAssertionSupplier) { + this.clientAssertionSupplier = clientAssertionSupplier; + return this; + } + /** * Sets the client certificate for the client. * @@ -136,7 +149,8 @@ public IdentityClientBuilder clientAssertionTimeout(Duration clientAssertionTime * @return a {@link IdentityClient} with the current configurations. */ public IdentityClient build() { - return new IdentityClient(tenantId, clientId, clientSecret, certificatePath, clientAssertionPath, certificate, - certificatePassword, sharedTokenCacheCred, clientAssertionTimeout, identityClientOptions); + return new IdentityClient(tenantId, clientId, clientSecret, certificatePath, clientAssertionPath, + clientAssertionSupplier, certificate, certificatePassword, sharedTokenCacheCred, clientAssertionTimeout, + identityClientOptions); } } diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/AzureApplicationCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/AzureApplicationCredentialTest.java index 73b391f9c3945..a0d0e719f4273 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/AzureApplicationCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/AzureApplicationCredentialTest.java @@ -50,7 +50,7 @@ public void testUseEnvironmentCredential() throws Exception { IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); when(identityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(identityClient.authenticateWithConfidentialClient(request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresOn)); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); // test AzureApplicationCredential credential = new AzureApplicationCredentialBuilder().build(); diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientCertificateCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientCertificateCredentialTest.java index 4b181c11677ca..e4d1f3f983650 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientCertificateCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientCertificateCredentialTest.java @@ -57,8 +57,8 @@ public void testValidCertificatePaths() throws Exception { when(pfxIdentityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(pemIdentityClient.authenticateWithConfidentialClient(request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresAt)); when(pfxIdentityClient.authenticateWithConfidentialClient(request2)).thenReturn(TestUtils.getMockAccessToken(token2, expiresAt)); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pfxPath), isNull(), isNull(), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pfxPath), isNull(), isNull(), isNull(), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); // test ClientCertificateCredential credential = @@ -95,8 +95,8 @@ public void testValidCertificates() throws Exception { when(pfxIdentityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(pemIdentityClient.authenticateWithConfidentialClient(request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresAt)); when(pfxIdentityClient.authenticateWithConfidentialClient(request2)).thenReturn(TestUtils.getMockAccessToken(token2, expiresAt)); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), eq(pemCert), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), eq(pfxCert), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), isNull(), eq(pemCert), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), isNull(), eq(pfxCert), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); // test ClientCertificateCredential credential = @@ -129,8 +129,8 @@ public void testInvalidCertificatePaths() throws Exception { when(pfxIdentityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(pemIdentityClient.authenticateWithConfidentialClient(request1)).thenReturn(Mono.error(new MsalServiceException("bad pem", "BadPem"))); when(pfxIdentityClient.authenticateWithConfidentialClient(request2)).thenReturn(Mono.error(new MsalServiceException("bad pfx", "BadPfx"))); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pfxPath), isNull(), isNull(), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pfxPath), isNull(), isNull(), isNull(), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); // test ClientCertificateCredential credential = @@ -162,8 +162,8 @@ public void testInvalidCertificates() throws Exception { when(pfxIdentityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(pemIdentityClient.authenticateWithConfidentialClient(request1)).thenReturn(Mono.error(new MsalServiceException("bad pem", "BadPem"))); when(pfxIdentityClient.authenticateWithConfidentialClient(request2)).thenReturn(Mono.error(new MsalServiceException("bad pfx", "BadPfx"))); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), eq(pemCert), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), eq(pfxCert), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), isNull(), eq(pemCert), isNull(), eq(false), isNull(), any()).thenReturn(pemIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), isNull(), isNull(), isNull(), eq(pfxCert), eq(pfxPassword), eq(false), isNull(), any()).thenReturn(pfxIdentityClient); // test ClientCertificateCredential credential = @@ -191,7 +191,7 @@ public void testInvalidParameters() throws Exception { IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); when(identityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(identityClient.authenticateWithConfidentialClient(request)).thenReturn(TestUtils.getMockAccessToken(token1, expiresOn)); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), isNull(), eq(pemPath), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); // test try { diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java index 256b54ee1eef8..9ec0a0d384fe8 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java @@ -82,8 +82,8 @@ public void testInvalidSecrets() throws Exception { when(badIdentityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(identityClient.authenticateWithConfidentialClient(request)).thenReturn(TestUtils.getMockAccessToken(token1, expiresOn)); when(badIdentityClient.authenticateWithConfidentialClient(request)).thenReturn(Mono.error(new MsalServiceException("bad secret", "BadSecret"))); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(badSecret), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(badIdentityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(badSecret), isNull(), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(badIdentityClient); // test ClientSecretCredential credential = diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/DefaultAzureCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/DefaultAzureCredentialTest.java index b5e0c2db20bea..39681b767d24f 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/DefaultAzureCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/DefaultAzureCredentialTest.java @@ -52,7 +52,7 @@ public void testUseEnvironmentCredential() throws Exception { IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); when(identityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); when(identityClient.authenticateWithConfidentialClient(request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresOn)); - PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); + PowerMockito.whenNew(IdentityClient.class).withArguments(eq(TENANT_ID), eq(CLIENT_ID), eq(secret), isNull(), isNull(), isNull(), isNull(), isNull(), eq(false), isNull(), any()).thenReturn(identityClient); IntelliJCredential intelliJCredential = PowerMockito.mock(IntelliJCredential.class); when(intelliJCredential.getToken(request1)) diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientIntegrationTests.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientIntegrationTests.java index 02aebbd052f03..2e0aa6c87bcc2 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientIntegrationTests.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientIntegrationTests.java @@ -23,7 +23,7 @@ public class IdentityClientIntegrationTests { @Ignore("Integration tests") public void clientSecretCanGetToken() { - IdentityClient client = new IdentityClient(System.getenv(AZURE_TENANT_ID), System.getenv(AZURE_CLIENT_ID), System.getenv(AZURE_CLIENT_SECRET), null, null, null, null, false, null, new IdentityClientOptions()); + IdentityClient client = new IdentityClient(System.getenv(AZURE_TENANT_ID), System.getenv(AZURE_CLIENT_ID), System.getenv(AZURE_CLIENT_SECRET), null, null, null, null, null, false, null, new IdentityClientOptions()); StepVerifier.create(client.authenticateWithConfidentialClient(request)) .expectNextMatches(token -> token.getToken() != null && token.getExpiresAt() != null @@ -38,7 +38,7 @@ public void clientSecretCanGetToken() { @Ignore("Integration tests") public void deviceCodeCanGetToken() { - IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); + IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); MsalToken token = client.authenticateWithDeviceCode(request, deviceCode -> { System.out.println(deviceCode.getMessage()); try { @@ -60,7 +60,7 @@ public void deviceCodeCanGetToken() { @Ignore("Integration tests") public void browserCanGetToken() { - IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); + IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); MsalToken token = client.authenticateWithBrowserInteraction(request, 8765, null, null).block(); Assert.assertNotNull(token); Assert.assertNotNull(token.getToken()); @@ -75,7 +75,7 @@ public void browserCanGetToken() { @Ignore("Integration tests") public void usernamePasswordCanGetToken() { - IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); + IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, null, false, null, new IdentityClientOptions().setProxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("localhost", 8888)))); MsalToken token = client.authenticateWithUsernamePassword(request, System.getenv("username"), System.getenv("password")).block(); Assert.assertNotNull(token); Assert.assertNotNull(token.getToken()); @@ -90,7 +90,7 @@ public void usernamePasswordCanGetToken() { @Ignore("Integration tests") public void authCodeCanGetToken() throws Exception { - IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, false, null, new IdentityClientOptions()); + IdentityClient client = new IdentityClient("common", System.getenv(AZURE_CLIENT_ID), null, null, null, null, null, null, false, null, new IdentityClientOptions()); MsalToken token = client.authenticateWithAuthorizationCode(request, System.getenv("AZURE_AUTH_CODE"), new URI("http://localhost:8000")).block(); Assert.assertNotNull(token); Assert.assertNotNull(token.getToken());