Azure · jianghaolu · Jun 25, 2021 · Jun 24, 2021 · Jun 24, 2021 · Jun 25, 2021
@@ -168,7 +168,7 @@ com.microsoft.azure:azure-mgmt-resources;1.3.0
 com.microsoft.azure:azure-mgmt-search;1.24.1
 com.microsoft.azure:azure-mgmt-storage;1.3.0
 com.microsoft.azure:azure-storage;8.0.0
-com.microsoft.azure:msal4j;1.10.0
+com.microsoft.azure:msal4j;1.10.1
 com.microsoft.azure:msal4j-persistence-extension;1.1.0
 com.sun.activation:jakarta.activation;1.2.2
 io.opentelemetry:opentelemetry-api;1.0.0

@@ -278,7 +278,7 @@
       <dependency>
         <groupId>com.microsoft.azure</groupId>
         <artifactId>msal4j</artifactId>
-        <version>1.10.0</version>
+        <version>1.10.1</version>
       </dependency>
 
       <dependency>

@@ -42,7 +42,7 @@
     <azure.core.version>1.17.0</azure.core.version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
     <azure.identity.version>1.3.1</azure.identity.version> <!-- {x-version-update;com.azure:azure-identity;dependency} -->
     <azure.keyvault.secret.version>4.3.0</azure.keyvault.secret.version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
-    <azure.msal.version>1.9.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+    <azure.msal.version>1.10.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     <azure.servicebus.jms.version>0.0.7</azure.servicebus.jms.version> <!-- {x-version-update;com.microsoft.azure:azure-servicebus-jms;external_dependency} -->
     <azure.spring.data.cosmos.version>3.8.0</azure.spring.data.cosmos.version> <!-- {x-version-update;com.azure:azure-spring-data-cosmos;dependency} -->
     <azure.storage.blob.version>12.12.0</azure.storage.blob.version> <!-- {x-version-update;com.azure:azure-storage-blob;dependency} -->

@@ -77,7 +77,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>

@@ -1,7 +1,13 @@
 # Release History
 
 ## 1.4.0-beta.1 (Unreleased)
+### Features Added
 
+- Added regional STS support to client credential types.
+    - Added the `RegionalAuthority` type, that allows specifying Azure regions.
+    - Added `regionalAuthority()` setter to `ClientSecretCredentialBuilder` and `ClientCertificateCredentialBuilder`.
+    - If instead of a region, `RegionalAuthority.AutoDiscoverRegion` is specified as the value for `regionalAuthority`, MSAL will be used to attempt to discover the region.
+    - A region can also be specified through the `AZURE_REGIONAL_AUTHORITY_NAME` environment variable.
 
 ## 1.3.1 (2021-06-08)
 

@@ -37,7 +37,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
@@ -105,7 +105,7 @@
           <rules>
             <bannedDependencies>
               <includes>
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.microsoft.azure:msal4j-persistence-extension:[1.1.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j-persistence-extension;external_dependency} -->
                 <include>net.java.dev.jna:jna-platform:[5.6.0]</include> <!-- {x-include-update;net.java.dev.jna:jna-platform;external_dependency} -->
                 <include>org.linguafranca.pwdb:KeePassJava2:[2.1.4]</include> <!-- {x-include-update;org.linguafranca.pwdb:KeePassJava2;external_dependency} -->

@@ -120,6 +120,19 @@ public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCerti
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientCertificateCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *

@@ -3,6 +3,7 @@
 
 package com.azure.identity;
 
+import com.azure.identity.implementation.IdentityClientOptions;
 import com.azure.identity.implementation.util.ValidationUtil;
 
 import java.util.HashMap;
@@ -62,6 +63,19 @@ public ClientSecretCredentialBuilder tokenCachePersistenceOptions(TokenCachePers
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientSecretCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *

@@ -0,0 +1,74 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.identity;
+
+import com.azure.core.util.ExpandableStringEnum;
+
+/**
+ * Defines currently available regional authorities, or "AutoDiscoverRegion" to auto-detect the region.
+ */
+public class RegionalAuthority extends ExpandableStringEnum<RegionalAuthority> {
+    public static final RegionalAuthority AUTO_DISCOVER_REGION = fromString("AutoDiscoverRegion");
+    public static final RegionalAuthority US_WEST = fromString("westus");
+    public static final RegionalAuthority US_WEST2 = fromString("westus2");
+    public static final RegionalAuthority US_CENTRAL = fromString("centralus");
+    public static final RegionalAuthority US_EAST = fromString("eastus");
+    public static final RegionalAuthority US_EAST2 = fromString("eastus2");
+    public static final RegionalAuthority US_NORTH_CENTRAL = fromString("northcentralus");
+    public static final RegionalAuthority US_SOUTH_CENTRAL = fromString("southcentralus");
+    public static final RegionalAuthority US_WEST_CENTRAL = fromString("westcentralus");
+    public static final RegionalAuthority CANADA_CENTRAL = fromString("canadacentral");
+    public static final RegionalAuthority CANADA_EAST = fromString("canadaeast");
+    public static final RegionalAuthority BRAZIL_SOUTH = fromString("brazilsouth");
+    public static final RegionalAuthority EUROPE_NORTH = fromString("northeurope");
+    public static final RegionalAuthority EUROPE_WEST = fromString("westeurope");
+    public static final RegionalAuthority UK_SOUTH = fromString("uksouth");
+    public static final RegionalAuthority UK_WEST = fromString("ukwest");
+    public static final RegionalAuthority FRANCE_CENTRAL = fromString("francecentral");
+    public static final RegionalAuthority FRANCE_SOUTH = fromString("francesouth");
+    public static final RegionalAuthority SWITZERLAND_NORTH = fromString("switzerlandnorth");
+    public static final RegionalAuthority SWITZERLAND_WEST = fromString("switzerlandwest");
+    public static final RegionalAuthority GERMANY_NORTH = fromString("germanynorth");
+    public static final RegionalAuthority GERMANY_WEST_CENTRAL = fromString("germanywestcentral");
+    public static final RegionalAuthority NORWAY_WEST = fromString("norwaywest");
+    public static final RegionalAuthority NORWAY_EAST = fromString("norwayeast");
+    public static final RegionalAuthority ASIA_EAST = fromString("eastasia");
+    public static final RegionalAuthority ASIA_SOUTH_EAST = fromString("southeastasia");
+    public static final RegionalAuthority JAPAN_EAST = fromString("japaneast");
+    public static final RegionalAuthority JAPAN_WEST = fromString("japanwest");
+    public static final RegionalAuthority AUSTRALIA_EAST = fromString("australiaeast");
+    public static final RegionalAuthority AUSTRALIA_SOUTH_EAST = fromString("australiasoutheast");
+    public static final RegionalAuthority AUSTRALIA_CENTRAL = fromString("australiacentral");
+    public static final RegionalAuthority AUSTRALIA_CENTRAL2 = fromString("australiacentral2");
+    public static final RegionalAuthority INDIA_CENTRAL = fromString("centralindia");
+    public static final RegionalAuthority INDIA_SOUTH = fromString("southindia");
+    public static final RegionalAuthority INDIA_WEST = fromString("westindia");
+    public static final RegionalAuthority KOREA_SOUTH = fromString("koreasouth");
+    public static final RegionalAuthority KOREA_CENTRAL = fromString("koreacentral");
+    public static final RegionalAuthority UAE_CENTRAL = fromString("uaecentral");
+    public static final RegionalAuthority UAE_NORTH = fromString("uaenorth");
+    public static final RegionalAuthority SOUTH_AFRICA_NORTH = fromString("southafricanorth");
+    public static final RegionalAuthority SOUTH_AFRICA_WEST = fromString("southafricawest");
+    public static final RegionalAuthority CHINA_NORTH = fromString("chinanorth");
+    public static final RegionalAuthority CHINA_EAST = fromString("chinaeast");
+    public static final RegionalAuthority CHINA_NORTH2 = fromString("chinanorth2");
+    public static final RegionalAuthority CHINA_EAST2 = fromString("chinaeast2");
+    public static final RegionalAuthority GERMANY_CENTRAL = fromString("germanycentral");
+    public static final RegionalAuthority GERMANY_NORTH_EAST = fromString("germanynortheast");
+    public static final RegionalAuthority GOVERNMENT_US_VIRGINIA = fromString("usgovvirginia");
+    public static final RegionalAuthority GOVERNMENT_US_IOWA = fromString("usgoviowa");
+    public static final RegionalAuthority GOVERNMENT_US_ARIZONA = fromString("usgovarizona");
+    public static final RegionalAuthority GOVERNMENT_US_TEXAS = fromString("usgovtexas");
+    public static final RegionalAuthority GOVERNMENT_US_DOD_EAST = fromString("usdodeast");
+    public static final RegionalAuthority GOVERNMENT_US_DOD_CENTRAL = fromString("usdodcentral");
+
+    /**
+     * Returns the {@link RegionalAuthority} associated with the name.
+     * @param name The name of the regional authority.
+     * @return The {@link RegionalAuthority} associated with this name.
+     */
+    public static RegionalAuthority fromString(String name) {
+        return fromString(name, RegionalAuthority.class);
+    }
+}
@@ -22,6 +22,7 @@
 import com.azure.core.util.serializer.SerializerEncoding;
 import com.azure.identity.CredentialUnavailableException;
 import com.azure.identity.DeviceCodeInfo;
+import com.azure.identity.RegionalAuthority;
 import com.azure.identity.TokenCachePersistenceOptions;
 import com.azure.identity.implementation.util.CertificateUtil;
 import com.azure.identity.implementation.util.IdentitySslUtil;
@@ -239,6 +240,13 @@ private Mono<ConfidentialClientApplication> getConfidentialClientApplication() {
                         "Shared token cache is unavailable in this environment.", null, t)));
                 }
             }
+            if (options.getRegionalAuthority() != null) {
+                if (options.getRegionalAuthority() == RegionalAuthority.AUTO_DISCOVER_REGION) {
+                    applicationBuilder.autoDetectRegion(true);
+                } else {
+                    applicationBuilder.azureRegion(options.getRegionalAuthority().toString());
+                }
+            }
             ConfidentialClientApplication confidentialClientApplication = applicationBuilder.build();
             return tokenCache != null ? tokenCache.registerCache()
                 .map(ignored -> confidentialClientApplication) : Mono.just(confidentialClientApplication);

@@ -9,6 +9,7 @@
 import com.azure.core.util.Configuration;
 import com.azure.identity.AuthenticationRecord;
 import com.azure.identity.AzureAuthorityHosts;
+import com.azure.identity.RegionalAuthority;
 import com.azure.identity.TokenCachePersistenceOptions;
 import com.azure.identity.implementation.util.ValidationUtil;
 
@@ -22,6 +23,7 @@
  */
 public final class IdentityClientOptions {
     private static final int MAX_RETRY_DEFAULT_LIMIT = 3;
+    private static final String AZURE_REGIONAL_AUTHORITY_NAME = "AZURE_REGIONAL_AUTHORITY_NAME";
 
     private String authorityHost;
     private int maxRetry;
@@ -37,6 +39,7 @@ public final class IdentityClientOptions {
     private AuthenticationRecord authenticationRecord;
     private TokenCachePersistenceOptions tokenCachePersistenceOptions;
     private boolean cp1Disabled;
+    private RegionalAuthority regionalAuthority;
 
     /**
      * Creates an instance of IdentityClientOptions with default settings.
@@ -49,6 +52,7 @@ public IdentityClientOptions() {
         ValidationUtil.validateAuthHost(getClass().getSimpleName(), authorityHost);
         maxRetry = MAX_RETRY_DEFAULT_LIMIT;
         retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1));
+        regionalAuthority = RegionalAuthority.fromString(configuration.get(AZURE_REGIONAL_AUTHORITY_NAME));
     }
 
     /**
@@ -305,4 +309,23 @@ public TokenCachePersistenceOptions getTokenCacheOptions() {
     public boolean isCp1Disabled() {
         return this.cp1Disabled;
     }
+
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to attempt to auto-detect the region.
+     *
+     * @param regionalAuthority the regional authority
+     * @return the updated identity client options
+     */
+    public IdentityClientOptions setRegionalAuthority(RegionalAuthority regionalAuthority) {
+        this.regionalAuthority = regionalAuthority;
+        return this;
+    }
+
+    /**
+     * Gets the regional authority, or null if regional authority should not be used.
+     * @return the regional authority value if specified
+     */
+    public RegionalAuthority getRegionalAuthority() {
+        return regionalAuthority;
+    }
 }
@@ -63,7 +63,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.nimbusds</groupId>
@@ -93,7 +93,7 @@
             <bannedDependencies>
               <includes>
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.12.3]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[9.8.1]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->
                 <include>io.projectreactor.netty:reactor-netty:[1.0.7]</include> <!-- {x-include-update;io.projectreactor.netty:reactor-netty;external_dependency} -->
                 <include>org.springframework.boot:spring-boot-starter-validation:[2.5.0]</include> <!-- {x-include-update;org.springframework.boot:spring-boot-starter-validation;external_dependency} -->

@@ -150,7 +150,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <optional>true</optional>
     </dependency>
 
@@ -301,7 +301,7 @@
                 <include>com.microsoft.azure:azure-servicebus-jms:[0.0.7]</include> <!-- {x-include-update;com.microsoft.azure:azure-servicebus-jms;external_dependency} -->
                 <include>com.github.spotbugs:spotbugs-annotations:[4.2.0]</include> <!-- {x-include-update;com.github.spotbugs:spotbugs-annotations;external_dependency} -->
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.12.3]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[9.8.1]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->
                 <include>javax.servlet:javax.servlet-api:[4.0.1]</include> <!-- {x-include-update;javax.servlet:javax.servlet-api;external_dependency} -->
                 <include>javax.annotation:javax.annotation-api:[1.3.2]</include> <!-- {x-include-update;javax.annotation:javax.annotation-api;external_dependency} -->