Preview implementation for proof of possession token support (#41015)

Azure · Jan 10, 2024 · ff6ce56 · ff6ce56
1 parent 8a199b8
commit ff6ce56
Show file tree

Hide file tree

Showing 32 changed files with 707 additions and 32 deletions.
diff --git a/sdk/core/Azure.Core.Experimental/CHANGELOG.md b/sdk/core/Azure.Core.Experimental/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- Added types `PopTokenRequestContext`, `PopTokenAuthenticationPolicy`, and `ISupportsProofOfPossession` to support Proof of Possession tokens.
+
 ### Breaking Changes
 
 ### Bugs Fixed

diff --git a/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.net461.cs b/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.net461.cs
@@ -127,6 +127,11 @@ public readonly partial struct Variant
 }
 namespace Azure.Core
 {
+    public partial interface ISupportsProofOfPossession
+    {
+        Azure.Core.AccessToken GetToken(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+        System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+    }
     public partial class LruCache<TKey, TValue> : System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey, TValue>>, System.Collections.IEnumerable where TKey : notnull
     {
         public LruCache(int capacity) { }
@@ -137,6 +142,24 @@ public void AddOrUpdate(TKey key, TValue? val, int length) { }
         System.Collections.IEnumerator System.Collections.IEnumerable.GetEnumerator() { throw null; }
         public bool TryGet(TKey key, out TValue? value) { throw null; }
     }
+    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
+    public readonly partial struct PopTokenRequestContext
+    {
+        private readonly object _dummy;
+        private readonly int _dummyPrimitive;
+        public PopTokenRequestContext(string[] scopes, string? parentRequestId = null, string? claims = null, string? tenantId = null, bool isCaeEnabled = false, string? proofOfPossessionNonce = null, Azure.Core.Request? request = null) { throw null; }
+        public string? Claims { get { throw null; } }
+        public System.Net.Http.HttpMethod? HttpMethod { get { throw null; } }
+        public bool IsCaeEnabled { get { throw null; } }
+        public string? ParentRequestId { get { throw null; } }
+        public string? ProofOfPossessionNonce { get { throw null; } }
+        public string[] Scopes { get { throw null; } }
+        public string? TenantId { get { throw null; } }
+        public System.Uri? Uri { get { throw null; } }
+        public static Azure.Core.PopTokenRequestContext FromTokenRequestContext(Azure.Core.TokenRequestContext context, Azure.Core.Request? request = null) { throw null; }
+        public static implicit operator Azure.Core.TokenRequestContext (Azure.Core.PopTokenRequestContext context) { throw null; }
+        public Azure.Core.TokenRequestContext ToTokenRequestContext() { throw null; }
+    }
     [System.AttributeUsageAttribute(System.AttributeTargets.Assembly | System.AttributeTargets.Class, Inherited=false, AllowMultiple=true)]
     public partial class ProvisionableTemplateAttribute : System.Attribute
     {
@@ -151,3 +174,18 @@ protected SchemaValidator() { }
         public virtual void Validate(object data, System.Type dataType, string schemaDefinition) { }
     }
 }
+namespace Azure.Core.Pipeline
+{
+    public partial class PopTokenAuthenticationPolicy : Azure.Core.Pipeline.HttpPipelinePolicy
+    {
+        public PopTokenAuthenticationPolicy(Azure.Core.ISupportsProofOfPossession credential, string scope) { }
+        protected void AuthenticateAndAuthorizeRequest(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { }
+        protected System.Threading.Tasks.ValueTask AuthenticateAndAuthorizeRequestAsync(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { throw null; }
+        protected void AuthorizeRequest(Azure.Core.HttpMessage message) { }
+        protected virtual System.Threading.Tasks.ValueTask AuthorizeRequestAsync(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual bool AuthorizeRequestOnChallenge(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual System.Threading.Tasks.ValueTask<bool> AuthorizeRequestOnChallengeAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void Process(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { }
+        public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { throw null; }
+    }
+}
diff --git a/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.net6.0.cs b/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.net6.0.cs
@@ -127,6 +127,11 @@ public readonly partial struct Variant
 }
 namespace Azure.Core
 {
+    public partial interface ISupportsProofOfPossession
+    {
+        Azure.Core.AccessToken GetToken(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+        System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+    }
     public partial class LruCache<TKey, TValue> : System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey, TValue>>, System.Collections.IEnumerable where TKey : notnull
     {
         public LruCache(int capacity) { }
@@ -137,6 +142,24 @@ public void AddOrUpdate(TKey key, TValue? val, int length) { }
         System.Collections.IEnumerator System.Collections.IEnumerable.GetEnumerator() { throw null; }
         public bool TryGet(TKey key, out TValue? value) { throw null; }
     }
+    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
+    public readonly partial struct PopTokenRequestContext
+    {
+        private readonly object _dummy;
+        private readonly int _dummyPrimitive;
+        public PopTokenRequestContext(string[] scopes, string? parentRequestId = null, string? claims = null, string? tenantId = null, bool isCaeEnabled = false, string? proofOfPossessionNonce = null, Azure.Core.Request? request = null) { throw null; }
+        public string? Claims { get { throw null; } }
+        public System.Net.Http.HttpMethod? HttpMethod { get { throw null; } }
+        public bool IsCaeEnabled { get { throw null; } }
+        public string? ParentRequestId { get { throw null; } }
+        public string? ProofOfPossessionNonce { get { throw null; } }
+        public string[] Scopes { get { throw null; } }
+        public string? TenantId { get { throw null; } }
+        public System.Uri? Uri { get { throw null; } }
+        public static Azure.Core.PopTokenRequestContext FromTokenRequestContext(Azure.Core.TokenRequestContext context, Azure.Core.Request? request = null) { throw null; }
+        public static implicit operator Azure.Core.TokenRequestContext (Azure.Core.PopTokenRequestContext context) { throw null; }
+        public Azure.Core.TokenRequestContext ToTokenRequestContext() { throw null; }
+    }
     [System.AttributeUsageAttribute(System.AttributeTargets.Assembly | System.AttributeTargets.Class, Inherited=false, AllowMultiple=true)]
     public partial class ProvisionableTemplateAttribute : System.Attribute
     {
@@ -151,3 +174,18 @@ protected SchemaValidator() { }
         public virtual void Validate(object data, System.Type dataType, string schemaDefinition) { }
     }
 }
+namespace Azure.Core.Pipeline
+{
+    public partial class PopTokenAuthenticationPolicy : Azure.Core.Pipeline.HttpPipelinePolicy
+    {
+        public PopTokenAuthenticationPolicy(Azure.Core.ISupportsProofOfPossession credential, string scope) { }
+        protected void AuthenticateAndAuthorizeRequest(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { }
+        protected System.Threading.Tasks.ValueTask AuthenticateAndAuthorizeRequestAsync(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { throw null; }
+        protected void AuthorizeRequest(Azure.Core.HttpMessage message) { }
+        protected virtual System.Threading.Tasks.ValueTask AuthorizeRequestAsync(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual bool AuthorizeRequestOnChallenge(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual System.Threading.Tasks.ValueTask<bool> AuthorizeRequestOnChallengeAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void Process(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { }
+        public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { throw null; }
+    }
+}
diff --git a/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.netstandard2.0.cs b/sdk/core/Azure.Core.Experimental/api/Azure.Core.Experimental.netstandard2.0.cs
@@ -127,6 +127,11 @@ public readonly partial struct Variant
 }
 namespace Azure.Core
 {
+    public partial interface ISupportsProofOfPossession
+    {
+        Azure.Core.AccessToken GetToken(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+        System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.PopTokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);
+    }
     public partial class LruCache<TKey, TValue> : System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey, TValue>>, System.Collections.IEnumerable where TKey : notnull
     {
         public LruCache(int capacity) { }
@@ -137,6 +142,24 @@ public void AddOrUpdate(TKey key, TValue? val, int length) { }
         System.Collections.IEnumerator System.Collections.IEnumerable.GetEnumerator() { throw null; }
         public bool TryGet(TKey key, out TValue? value) { throw null; }
     }
+    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
+    public readonly partial struct PopTokenRequestContext
+    {
+        private readonly object _dummy;
+        private readonly int _dummyPrimitive;
+        public PopTokenRequestContext(string[] scopes, string? parentRequestId = null, string? claims = null, string? tenantId = null, bool isCaeEnabled = false, string? proofOfPossessionNonce = null, Azure.Core.Request? request = null) { throw null; }
+        public string? Claims { get { throw null; } }
+        public System.Net.Http.HttpMethod? HttpMethod { get { throw null; } }
+        public bool IsCaeEnabled { get { throw null; } }
+        public string? ParentRequestId { get { throw null; } }
+        public string? ProofOfPossessionNonce { get { throw null; } }
+        public string[] Scopes { get { throw null; } }
+        public string? TenantId { get { throw null; } }
+        public System.Uri? Uri { get { throw null; } }
+        public static Azure.Core.PopTokenRequestContext FromTokenRequestContext(Azure.Core.TokenRequestContext context, Azure.Core.Request? request = null) { throw null; }
+        public static implicit operator Azure.Core.TokenRequestContext (Azure.Core.PopTokenRequestContext context) { throw null; }
+        public Azure.Core.TokenRequestContext ToTokenRequestContext() { throw null; }
+    }
     [System.AttributeUsageAttribute(System.AttributeTargets.Assembly | System.AttributeTargets.Class, Inherited=false, AllowMultiple=true)]
     public partial class ProvisionableTemplateAttribute : System.Attribute
     {
@@ -151,3 +174,18 @@ protected SchemaValidator() { }
         public virtual void Validate(object data, System.Type dataType, string schemaDefinition) { }
     }
 }
+namespace Azure.Core.Pipeline
+{
+    public partial class PopTokenAuthenticationPolicy : Azure.Core.Pipeline.HttpPipelinePolicy
+    {
+        public PopTokenAuthenticationPolicy(Azure.Core.ISupportsProofOfPossession credential, string scope) { }
+        protected void AuthenticateAndAuthorizeRequest(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { }
+        protected System.Threading.Tasks.ValueTask AuthenticateAndAuthorizeRequestAsync(Azure.Core.HttpMessage message, Azure.Core.PopTokenRequestContext context) { throw null; }
+        protected void AuthorizeRequest(Azure.Core.HttpMessage message) { }
+        protected virtual System.Threading.Tasks.ValueTask AuthorizeRequestAsync(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual bool AuthorizeRequestOnChallenge(Azure.Core.HttpMessage message) { throw null; }
+        protected virtual System.Threading.Tasks.ValueTask<bool> AuthorizeRequestOnChallengeAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void Process(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { }
+        public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message, System.ReadOnlyMemory<Azure.Core.Pipeline.HttpPipelinePolicy> pipeline) { throw null; }
+    }
+}
diff --git a/sdk/core/Azure.Core.Experimental/src/Azure.Core.Experimental.csproj b/sdk/core/Azure.Core.Experimental/src/Azure.Core.Experimental.csproj
@@ -16,8 +16,9 @@
   </ItemGroup>
 
   <ItemGroup>
+    <Compile Include="$(AzureCoreSharedSources)AuthorizationChallengeParser.cs" />
     <Compile Include="$(AzureCoreSharedSources)HashCodeBuilder.cs" />
     <Compile Include="$(AzureCoreSharedSources)NullableAttributes.cs" />
   </ItemGroup>
-  
+
 </Project>
diff --git a/sdk/core/Azure.Core.Experimental/src/ISupportsProofOfPossession.cs b/sdk/core/Azure.Core.Experimental/src/ISupportsProofOfPossession.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace Azure.Core
+{
+    /// <summary>
+    /// An interface used to decorate a <see cref="TokenCredential"/> that supports <see href="https://learn.microsoft.com/entra/msal/dotnet/advanced/proof-of-possession-tokens">Proof of Possession tokens</see> for authenticating to Microsoft Entra ID.
+    /// </summary>
+    public interface ISupportsProofOfPossession
+    {
+        /// <summary>
+        /// Gets an <see cref="AccessToken"/> for the specified set of scopes.
+        /// </summary>
+        /// <param name="requestContext">The <see cref="PopTokenRequestContext"/> with authentication information.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> to use.</param>
+        /// <returns>A valid <see cref="AccessToken"/>.</returns>
+        /// <remarks>Caching and management of the lifespan for the <see cref="AccessToken"/> is considered the responsibility of the caller. Each call should request a fresh token.</remarks>
+        public ValueTask<AccessToken> GetTokenAsync(PopTokenRequestContext requestContext, CancellationToken cancellationToken);
+
+        /// <summary>
+        /// Gets an <see cref="AccessToken"/> for the specified set of scopes.
+        /// </summary>
+        /// <param name="requestContext">The <see cref="PopTokenRequestContext"/> with authentication information.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> to use.</param>
+        /// <returns>A valid <see cref="AccessToken"/>.</returns>
+        /// <remarks>Caching and management of the lifespan for the <see cref="AccessToken"/> is considered the responsibility of the caller. Each call should request a fresh token.</remarks>
+        public AccessToken GetToken(PopTokenRequestContext requestContext, CancellationToken cancellationToken);
+    }
+}