Skip to content

Commit

Permalink
Identity updating APIs from consistency review feedback (Azure#13649)
Browse files Browse the repository at this point in the history
* Identity updating APIs from consistency review feedback

* Update sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs

Co-authored-by: Charles Lowell <[email protected]>

* fixing missed renames for azure hosts

Co-authored-by: Charles Lowell <[email protected]>
  • Loading branch information
schaabs and chlowell authored Jul 22, 2020
1 parent 3e26cd7 commit eebae13
Show file tree
Hide file tree
Showing 14 changed files with 82 additions and 55 deletions.
15 changes: 8 additions & 7 deletions sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ public partial class AuthenticationRecord
{
internal AuthenticationRecord() { }
public string Authority { get { throw null; } }
public string ClientId { get { throw null; } }
public string HomeAccountId { get { throw null; } }
public string TenantId { get { throw null; } }
public string Username { get { throw null; } }
Expand All @@ -31,6 +32,13 @@ public AuthorizationCodeCredential(string tenantId, string clientId, string clie
public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public override System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
}
public static partial class AzureAuthorityHosts
{
public static System.Uri AzureChina { get { throw null; } }
public static System.Uri AzureGermany { get { throw null; } }
public static System.Uri AzureGovernment { get { throw null; } }
public static System.Uri AzurePublicCloud { get { throw null; } }
}
public partial class AzureCliCredential : Azure.Core.TokenCredential
{
public AzureCliCredential() { }
Expand Down Expand Up @@ -171,13 +179,6 @@ public InteractiveBrowserCredentialOptions() { }
public bool EnablePersistentCache { get { throw null; } set { } }
public string TenantId { get { throw null; } set { } }
}
public static partial class KnownAuthorityHosts
{
public static System.Uri AzureChinaCloud { get { throw null; } }
public static System.Uri AzureCloud { get { throw null; } }
public static System.Uri AzureGermanCloud { get { throw null; } }
public static System.Uri AzureUSGovernment { get { throw null; } }
}
public partial class ManagedIdentityCredential : Azure.Core.TokenCredential
{
protected ManagedIdentityCredential() { }
Expand Down
18 changes: 16 additions & 2 deletions sdk/identity/Azure.Identity/src/AuthenticationRecord.cs
Original file line number Diff line number Diff line change
Expand Up @@ -21,32 +21,36 @@ public class AuthenticationRecord
private const string AuthorityPropertyName = "authority";
private const string HomeAccountIdPropertyName = "homeAccountId";
private const string TenantIdPropertyName = "tenantId";
private const string ClientIdPropertyName = "clientId";

private static readonly JsonEncodedText s_usernamePropertyNameBytes = JsonEncodedText.Encode(UsernamePropertyName);
private static readonly JsonEncodedText s_authorityPropertyNameBytes = JsonEncodedText.Encode(AuthorityPropertyName);
private static readonly JsonEncodedText s_homeAccountIdPropertyNameBytes = JsonEncodedText.Encode(HomeAccountIdPropertyName);
private static readonly JsonEncodedText s_tenantIdPropertyNameBytes = JsonEncodedText.Encode(TenantIdPropertyName);
private static readonly JsonEncodedText s_clientIdPropertyNameBytes = JsonEncodedText.Encode(ClientIdPropertyName);

internal AuthenticationRecord()
{

}

internal AuthenticationRecord(AuthenticationResult authResult)
internal AuthenticationRecord(AuthenticationResult authResult, string clientId)
{
Username = authResult.Account.Username;
Authority = authResult.Account.Environment;
AccountId = authResult.Account.HomeAccountId;
TenantId = authResult.TenantId;
ClientId = clientId;
}

internal AuthenticationRecord(string username, string authority, string homeAccountId, string tenantId)
internal AuthenticationRecord(string username, string authority, string homeAccountId, string tenantId, string clientId)
{

Username = username;
Authority = authority;
AccountId = new AccountId(homeAccountId);
TenantId = tenantId;
ClientId = clientId;
}

/// <summary>
Expand All @@ -69,6 +73,11 @@ internal AuthenticationRecord(string username, string authority, string homeAcco
/// </summary>
public string TenantId { get; private set; }

/// <summary>
/// The client id of the application which performed the original authentication
/// </summary>
public string ClientId { get; private set; }

internal AccountId AccountId { get; private set; }

/// <summary>
Expand Down Expand Up @@ -135,6 +144,8 @@ private async Task SerializeAsync(Stream stream, bool async, CancellationToken c

json.WriteString(s_tenantIdPropertyNameBytes, TenantId);

json.WriteString(s_clientIdPropertyNameBytes, ClientId);

json.WriteEndObject();

if (async)
Expand Down Expand Up @@ -170,6 +181,9 @@ private static async Task<AuthenticationRecord> DeserializeAsync(Stream stream,
case TenantIdPropertyName:
authProfile.TenantId = prop.Value.GetString();
break;
case ClientIdPropertyName:
authProfile.ClientId = prop.Value.GetString();
break;
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ public class AuthorizationCodeCredential : TokenCredential
private readonly IConfidentialClientApplication _confidentialClient;
private readonly ClientDiagnostics _clientDiagnostics;
private readonly string _authCode;
private readonly string _clientId;
private readonly CredentialPipeline _pipeline;
private AuthenticationRecord _record;

Expand Down Expand Up @@ -56,9 +57,10 @@ public AuthorizationCodeCredential(string tenantId, string clientId, string clie
public AuthorizationCodeCredential(string tenantId, string clientId, string clientSecret, string authorizationCode, TokenCredentialOptions options)
{
if (tenantId is null) throw new ArgumentNullException(nameof(tenantId));
if (clientId is null) throw new ArgumentNullException(nameof(clientId));
if (clientSecret is null) throw new ArgumentNullException(nameof(clientSecret));

_clientId = clientId ?? throw new ArgumentNullException(nameof(clientId));

_authCode = authorizationCode ?? throw new ArgumentNullException(nameof(authorizationCode));

options ??= new TokenCredentialOptions();
Expand Down Expand Up @@ -104,7 +106,7 @@ private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestC
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);

_record = new AuthenticationRecord(result);
_record = new AuthenticationRecord(result, _clientId);

token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,48 +8,48 @@ namespace Azure.Identity
/// <summary>
/// Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds.
/// </summary>
public static class KnownAuthorityHosts
public static class AzureAuthorityHosts
{
private const string AzureCloudHostUrl = "https://login.microsoftonline.com/";
private const string AzureChinaCloudHostUrl = "https://login.chinacloudapi.cn/";
private const string AzureGermanCloudHostUrl = "https://login.microsoftonline.de/";
private const string AzureUSGovernmentHostUrl = "https://login.microsoftonline.us/";
private const string AzurePublicCloudHostUrl = "https://login.microsoftonline.com/";
private const string AzureChinaHostUrl = "https://login.chinacloudapi.cn/";
private const string AzureGermanyHostUrl = "https://login.microsoftonline.de/";
private const string AzureGovernmentHostUrl = "https://login.microsoftonline.us/";
/// <summary>
/// The host of the Azure Active Directory authority for tenants in the Azure Public Cloud.
/// </summary>
public static Uri AzureCloud { get; } = new Uri(AzureCloudHostUrl);
public static Uri AzurePublicCloud { get; } = new Uri(AzurePublicCloudHostUrl);

/// <summary>
/// The host of the Azure Active Directory authority for tenants in the Azure China Cloud.
/// </summary>
public static Uri AzureChinaCloud { get; } = new Uri(AzureChinaCloudHostUrl);
public static Uri AzureChina { get; } = new Uri(AzureChinaHostUrl);

/// <summary>
/// The host of the Azure Active Directory authority for tenants in the Azure German Cloud.
/// </summary>
public static Uri AzureGermanCloud { get; } = new Uri(AzureGermanCloudHostUrl);
public static Uri AzureGermany { get; } = new Uri(AzureGermanyHostUrl);

/// <summary>
/// The host of the Azure Active Directory authority for tenants in the Azure US Government Cloud.
/// </summary>
public static Uri AzureUSGovernment { get; } = new Uri(AzureUSGovernmentHostUrl);
public static Uri AzureGovernment { get; } = new Uri(AzureGovernmentHostUrl);

internal static Uri GetDefault()
{
return EnvironmentVariables.AuthorityHost != null ? new Uri(EnvironmentVariables.AuthorityHost) : KnownAuthorityHosts.AzureCloud;
return EnvironmentVariables.AuthorityHost != null ? new Uri(EnvironmentVariables.AuthorityHost) : AzureAuthorityHosts.AzurePublicCloud;
}

internal static string GetDefaultScope(Uri authorityHost)
{
switch (authorityHost.ToString())
{
case AzureCloudHostUrl:
case AzurePublicCloudHostUrl:
return "https://management.core.windows.net//.default";
case AzureChinaCloudHostUrl:
case AzureChinaHostUrl:
return "https://management.core.chinacloudapi.cn//.default";
case AzureGermanCloudHostUrl:
case AzureGermanyHostUrl:
return "https://management.core.cloudapi.de//.default";
case AzureUSGovernmentHostUrl:
case AzureGovernmentHostUrl:
return "https://management.core.usgovcloudapi.net//.default";
default:
return null;
Expand Down
8 changes: 4 additions & 4 deletions sdk/identity/Azure.Identity/src/DeviceCodeCredential.cs
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ internal DeviceCodeCredential(Func<DeviceCodeInfo, CancellationToken, Task> devi

_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);

_client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, KnownAuthorityHosts.GetDeviceCodeRedirectUri(_pipeline.AuthorityHost).ToString(), options as ITokenCacheOptions);
_client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, AzureAuthorityHosts.GetDeviceCodeRedirectUri(_pipeline.AuthorityHost).ToString(), options as ITokenCacheOptions);
}

/// <summary>
Expand All @@ -93,7 +93,7 @@ internal DeviceCodeCredential(Func<DeviceCodeInfo, CancellationToken, Task> devi
public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken);
}
Expand All @@ -106,7 +106,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT
public virtual async Task<AuthenticationRecord> AuthenticateAsync(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false);
}
Expand Down Expand Up @@ -212,7 +212,7 @@ private async Task<AccessToken> GetTokenViaDeviceCodeAsync(string[] scopes, bool
{
AuthenticationResult result = await _client.AcquireTokenWithDeviceCodeAsync(scopes, code => DeviceCodeCallback(code, cancellationToken), async, cancellationToken).ConfigureAwait(false);

_record = new AuthenticationRecord(result);
_record = new AuthenticationRecord(result, _clientId);

return new AccessToken(result.AccessToken, result.ExpiresOn);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ namespace Azure.Identity
/// </summary>
public class InteractiveBrowserCredential : TokenCredential
{
private readonly string _clientId;
private readonly MsalPublicClient _client;
private readonly CredentialPipeline _pipeline;
private AuthenticationRecord _record = null;
Expand Down Expand Up @@ -72,7 +73,7 @@ internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCre

internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client)
{
if (clientId is null) throw new ArgumentNullException(nameof(clientId));
_clientId = clientId ?? throw new ArgumentNullException(nameof(clientId));

_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);

Expand All @@ -87,7 +88,7 @@ internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCre
public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken);
}
Expand All @@ -100,7 +101,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT
public virtual async Task<AuthenticationRecord> AuthenticateAsync(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false);
}
Expand Down Expand Up @@ -204,7 +205,7 @@ private async Task<AccessToken> GetTokenViaBrowserLoginAsync(string[] scopes, bo
{
AuthenticationResult result = await _client.AcquireTokenInteractiveAsync(scopes, Prompt.SelectAccount, async, cancellationToken).ConfigureAwait(false);

_record = new AuthenticationRecord(result);
_record = new AuthenticationRecord(result, _clientId);

return new AccessToken(result.AccessToken, result.ExpiresOn);
}
Expand Down
4 changes: 2 additions & 2 deletions sdk/identity/Azure.Identity/src/TokenCredentialOptions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ public class TokenCredentialOptions : ClientOptions
{
private Uri _authorityHost;
/// <summary>
/// The host of the Azure Active Directory authority. The default is https://login.microsoftonline.com/. For well known authority hosts for Azure cloud instances see <see cref="KnownAuthorityHosts"/>.
/// The host of the Azure Active Directory authority. The default is https://login.microsoftonline.com/. For well known authority hosts for Azure cloud instances see <see cref="AzureAuthorityHosts"/>.
/// </summary>
public Uri AuthorityHost
{
get { return _authorityHost ?? KnownAuthorityHosts.GetDefault(); }
get { return _authorityHost ?? AzureAuthorityHosts.GetDefault(); }
set { _authorityHost = value; }
}
}
Expand Down
11 changes: 8 additions & 3 deletions sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public class UsernamePasswordCredential : TokenCredential
{
private const string NoDefaultScopeMessage = "Authenticating in this environment requires specifying a TokenRequestContext.";

private readonly string _clientId;
private readonly MsalPublicClient _client;
private readonly CredentialPipeline _pipeline;
private readonly string _username;
Expand Down Expand Up @@ -83,6 +84,10 @@ internal UsernamePasswordCredential(string username, string password, string ten

_password = (password != null) ? password.ToSecureString() : throw new ArgumentNullException(nameof(password));

_clientId = clientId ?? throw new ArgumentNullException(nameof(clientId));

if (tenantId == null) throw new ArgumentNullException(nameof(tenantId));

_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);

_client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, null, options as ITokenCacheOptions);
Expand All @@ -96,7 +101,7 @@ internal UsernamePasswordCredential(string username, string password, string ten
public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken);
}
Expand All @@ -109,7 +114,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT
public virtual async Task<AuthenticationRecord> AuthenticateAsync(CancellationToken cancellationToken = default)
{
// get the default scope for the authority, throw if no default scope exists
string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);
string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage);

return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false);
}
Expand Down Expand Up @@ -186,7 +191,7 @@ private async Task<AccessToken> GetTokenImplAsync(bool async, TokenRequestContex
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, async, cancellationToken)
.ConfigureAwait(false);

_record = new AuthenticationRecord(result);
_record = new AuthenticationRecord(result, _clientId);

return scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn));
}
Expand Down
Loading

0 comments on commit eebae13

Please sign in to comment.