From eebae1303cd702a052b6d946ef825029c2cf5c87 Mon Sep 17 00:00:00 2001 From: Scott Schaab Date: Wed, 22 Jul 2020 15:00:34 -0700 Subject: [PATCH] Identity updating APIs from consistency review feedback (#13649) * Identity updating APIs from consistency review feedback * Update sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs Co-authored-by: Charles Lowell * fixing missed renames for azure hosts Co-authored-by: Charles Lowell --- .../api/Azure.Identity.netstandard2.0.cs | 15 +++++----- .../src/AuthenticationRecord.cs | 18 ++++++++++-- .../src/AuthorizationCodeCredential.cs | 6 ++-- ...thorityHosts.cs => AzureAuthorityHosts.cs} | 28 +++++++++---------- .../src/DeviceCodeCredential.cs | 8 +++--- .../src/InteractiveBrowserCredential.cs | 9 +++--- .../src/TokenCredentialOptions.cs | 4 +-- .../src/UsernamePasswordCredential.cs | 11 ++++++-- .../tests/AuthenticationRecordTests.cs | 12 ++++---- .../ClientCertificateCredentialLiveTests.cs | 6 ++-- .../tests/ClientSecretCredentialLiveTests.cs | 4 +-- .../tests/SharedTokenCacheCredentialTests.cs | 4 +-- .../tests/TokenCredentialOptionsTests.cs | 8 +++--- .../tests/UsernamePasswordCredentialTests.cs | 4 ++- 14 files changed, 82 insertions(+), 55 deletions(-) rename sdk/identity/Azure.Identity/src/{KnownAuthorityHosts.cs => AzureAuthorityHosts.cs} (63%) diff --git a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs index 72ad44a6c90db..5f2bbd791aab2 100644 --- a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs +++ b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs @@ -9,6 +9,7 @@ public partial class AuthenticationRecord { internal AuthenticationRecord() { } public string Authority { get { throw null; } } + public string ClientId { get { throw null; } } public string HomeAccountId { get { throw null; } } public string TenantId { get { throw null; } } public string Username { get { throw null; } } @@ -31,6 +32,13 @@ public AuthorizationCodeCredential(string tenantId, string clientId, string clie public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public override System.Threading.Tasks.ValueTask GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } } + public static partial class AzureAuthorityHosts + { + public static System.Uri AzureChina { get { throw null; } } + public static System.Uri AzureGermany { get { throw null; } } + public static System.Uri AzureGovernment { get { throw null; } } + public static System.Uri AzurePublicCloud { get { throw null; } } + } public partial class AzureCliCredential : Azure.Core.TokenCredential { public AzureCliCredential() { } @@ -171,13 +179,6 @@ public InteractiveBrowserCredentialOptions() { } public bool EnablePersistentCache { get { throw null; } set { } } public string TenantId { get { throw null; } set { } } } - public static partial class KnownAuthorityHosts - { - public static System.Uri AzureChinaCloud { get { throw null; } } - public static System.Uri AzureCloud { get { throw null; } } - public static System.Uri AzureGermanCloud { get { throw null; } } - public static System.Uri AzureUSGovernment { get { throw null; } } - } public partial class ManagedIdentityCredential : Azure.Core.TokenCredential { protected ManagedIdentityCredential() { } diff --git a/sdk/identity/Azure.Identity/src/AuthenticationRecord.cs b/sdk/identity/Azure.Identity/src/AuthenticationRecord.cs index 10546b4a24829..0b125a7421033 100644 --- a/sdk/identity/Azure.Identity/src/AuthenticationRecord.cs +++ b/sdk/identity/Azure.Identity/src/AuthenticationRecord.cs @@ -21,32 +21,36 @@ public class AuthenticationRecord private const string AuthorityPropertyName = "authority"; private const string HomeAccountIdPropertyName = "homeAccountId"; private const string TenantIdPropertyName = "tenantId"; + private const string ClientIdPropertyName = "clientId"; private static readonly JsonEncodedText s_usernamePropertyNameBytes = JsonEncodedText.Encode(UsernamePropertyName); private static readonly JsonEncodedText s_authorityPropertyNameBytes = JsonEncodedText.Encode(AuthorityPropertyName); private static readonly JsonEncodedText s_homeAccountIdPropertyNameBytes = JsonEncodedText.Encode(HomeAccountIdPropertyName); private static readonly JsonEncodedText s_tenantIdPropertyNameBytes = JsonEncodedText.Encode(TenantIdPropertyName); + private static readonly JsonEncodedText s_clientIdPropertyNameBytes = JsonEncodedText.Encode(ClientIdPropertyName); internal AuthenticationRecord() { } - internal AuthenticationRecord(AuthenticationResult authResult) + internal AuthenticationRecord(AuthenticationResult authResult, string clientId) { Username = authResult.Account.Username; Authority = authResult.Account.Environment; AccountId = authResult.Account.HomeAccountId; TenantId = authResult.TenantId; + ClientId = clientId; } - internal AuthenticationRecord(string username, string authority, string homeAccountId, string tenantId) + internal AuthenticationRecord(string username, string authority, string homeAccountId, string tenantId, string clientId) { Username = username; Authority = authority; AccountId = new AccountId(homeAccountId); TenantId = tenantId; + ClientId = clientId; } /// @@ -69,6 +73,11 @@ internal AuthenticationRecord(string username, string authority, string homeAcco /// public string TenantId { get; private set; } + /// + /// The client id of the application which performed the original authentication + /// + public string ClientId { get; private set; } + internal AccountId AccountId { get; private set; } /// @@ -135,6 +144,8 @@ private async Task SerializeAsync(Stream stream, bool async, CancellationToken c json.WriteString(s_tenantIdPropertyNameBytes, TenantId); + json.WriteString(s_clientIdPropertyNameBytes, ClientId); + json.WriteEndObject(); if (async) @@ -170,6 +181,9 @@ private static async Task DeserializeAsync(Stream stream, case TenantIdPropertyName: authProfile.TenantId = prop.Value.GetString(); break; + case ClientIdPropertyName: + authProfile.ClientId = prop.Value.GetString(); + break; } } diff --git a/sdk/identity/Azure.Identity/src/AuthorizationCodeCredential.cs b/sdk/identity/Azure.Identity/src/AuthorizationCodeCredential.cs index 33a1daf15f490..f486aa923f8e0 100644 --- a/sdk/identity/Azure.Identity/src/AuthorizationCodeCredential.cs +++ b/sdk/identity/Azure.Identity/src/AuthorizationCodeCredential.cs @@ -21,6 +21,7 @@ public class AuthorizationCodeCredential : TokenCredential private readonly IConfidentialClientApplication _confidentialClient; private readonly ClientDiagnostics _clientDiagnostics; private readonly string _authCode; + private readonly string _clientId; private readonly CredentialPipeline _pipeline; private AuthenticationRecord _record; @@ -56,9 +57,10 @@ public AuthorizationCodeCredential(string tenantId, string clientId, string clie public AuthorizationCodeCredential(string tenantId, string clientId, string clientSecret, string authorizationCode, TokenCredentialOptions options) { if (tenantId is null) throw new ArgumentNullException(nameof(tenantId)); - if (clientId is null) throw new ArgumentNullException(nameof(clientId)); if (clientSecret is null) throw new ArgumentNullException(nameof(clientSecret)); + _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); + _authCode = authorizationCode ?? throw new ArgumentNullException(nameof(authorizationCode)); options ??= new TokenCredentialOptions(); @@ -104,7 +106,7 @@ private async ValueTask GetTokenImplAsync(bool async, TokenRequestC { AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false); - _record = new AuthenticationRecord(result); + _record = new AuthenticationRecord(result, _clientId); token = new AccessToken(result.AccessToken, result.ExpiresOn); } diff --git a/sdk/identity/Azure.Identity/src/KnownAuthorityHosts.cs b/sdk/identity/Azure.Identity/src/AzureAuthorityHosts.cs similarity index 63% rename from sdk/identity/Azure.Identity/src/KnownAuthorityHosts.cs rename to sdk/identity/Azure.Identity/src/AzureAuthorityHosts.cs index 28b930c0e9675..394fca8df56f0 100644 --- a/sdk/identity/Azure.Identity/src/KnownAuthorityHosts.cs +++ b/sdk/identity/Azure.Identity/src/AzureAuthorityHosts.cs @@ -8,48 +8,48 @@ namespace Azure.Identity /// /// Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds. /// - public static class KnownAuthorityHosts + public static class AzureAuthorityHosts { - private const string AzureCloudHostUrl = "https://login.microsoftonline.com/"; - private const string AzureChinaCloudHostUrl = "https://login.chinacloudapi.cn/"; - private const string AzureGermanCloudHostUrl = "https://login.microsoftonline.de/"; - private const string AzureUSGovernmentHostUrl = "https://login.microsoftonline.us/"; + private const string AzurePublicCloudHostUrl = "https://login.microsoftonline.com/"; + private const string AzureChinaHostUrl = "https://login.chinacloudapi.cn/"; + private const string AzureGermanyHostUrl = "https://login.microsoftonline.de/"; + private const string AzureGovernmentHostUrl = "https://login.microsoftonline.us/"; /// /// The host of the Azure Active Directory authority for tenants in the Azure Public Cloud. /// - public static Uri AzureCloud { get; } = new Uri(AzureCloudHostUrl); + public static Uri AzurePublicCloud { get; } = new Uri(AzurePublicCloudHostUrl); /// /// The host of the Azure Active Directory authority for tenants in the Azure China Cloud. /// - public static Uri AzureChinaCloud { get; } = new Uri(AzureChinaCloudHostUrl); + public static Uri AzureChina { get; } = new Uri(AzureChinaHostUrl); /// /// The host of the Azure Active Directory authority for tenants in the Azure German Cloud. /// - public static Uri AzureGermanCloud { get; } = new Uri(AzureGermanCloudHostUrl); + public static Uri AzureGermany { get; } = new Uri(AzureGermanyHostUrl); /// /// The host of the Azure Active Directory authority for tenants in the Azure US Government Cloud. /// - public static Uri AzureUSGovernment { get; } = new Uri(AzureUSGovernmentHostUrl); + public static Uri AzureGovernment { get; } = new Uri(AzureGovernmentHostUrl); internal static Uri GetDefault() { - return EnvironmentVariables.AuthorityHost != null ? new Uri(EnvironmentVariables.AuthorityHost) : KnownAuthorityHosts.AzureCloud; + return EnvironmentVariables.AuthorityHost != null ? new Uri(EnvironmentVariables.AuthorityHost) : AzureAuthorityHosts.AzurePublicCloud; } internal static string GetDefaultScope(Uri authorityHost) { switch (authorityHost.ToString()) { - case AzureCloudHostUrl: + case AzurePublicCloudHostUrl: return "https://management.core.windows.net//.default"; - case AzureChinaCloudHostUrl: + case AzureChinaHostUrl: return "https://management.core.chinacloudapi.cn//.default"; - case AzureGermanCloudHostUrl: + case AzureGermanyHostUrl: return "https://management.core.cloudapi.de//.default"; - case AzureUSGovernmentHostUrl: + case AzureGovernmentHostUrl: return "https://management.core.usgovcloudapi.net//.default"; default: return null; diff --git a/sdk/identity/Azure.Identity/src/DeviceCodeCredential.cs b/sdk/identity/Azure.Identity/src/DeviceCodeCredential.cs index 42351868689af..3fe9ef5adebbd 100644 --- a/sdk/identity/Azure.Identity/src/DeviceCodeCredential.cs +++ b/sdk/identity/Azure.Identity/src/DeviceCodeCredential.cs @@ -82,7 +82,7 @@ internal DeviceCodeCredential(Func devi _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); - _client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, KnownAuthorityHosts.GetDeviceCodeRedirectUri(_pipeline.AuthorityHost).ToString(), options as ITokenCacheOptions); + _client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, AzureAuthorityHosts.GetDeviceCodeRedirectUri(_pipeline.AuthorityHost).ToString(), options as ITokenCacheOptions); } /// @@ -93,7 +93,7 @@ internal DeviceCodeCredential(Func devi public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken); } @@ -106,7 +106,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT public virtual async Task AuthenticateAsync(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false); } @@ -212,7 +212,7 @@ private async Task GetTokenViaDeviceCodeAsync(string[] scopes, bool { AuthenticationResult result = await _client.AcquireTokenWithDeviceCodeAsync(scopes, code => DeviceCodeCallback(code, cancellationToken), async, cancellationToken).ConfigureAwait(false); - _record = new AuthenticationRecord(result); + _record = new AuthenticationRecord(result, _clientId); return new AccessToken(result.AccessToken, result.ExpiresOn); } diff --git a/sdk/identity/Azure.Identity/src/InteractiveBrowserCredential.cs b/sdk/identity/Azure.Identity/src/InteractiveBrowserCredential.cs index bf52577e58b13..c05499dcca5d3 100644 --- a/sdk/identity/Azure.Identity/src/InteractiveBrowserCredential.cs +++ b/sdk/identity/Azure.Identity/src/InteractiveBrowserCredential.cs @@ -16,6 +16,7 @@ namespace Azure.Identity /// public class InteractiveBrowserCredential : TokenCredential { + private readonly string _clientId; private readonly MsalPublicClient _client; private readonly CredentialPipeline _pipeline; private AuthenticationRecord _record = null; @@ -72,7 +73,7 @@ internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCre internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { - if (clientId is null) throw new ArgumentNullException(nameof(clientId)); + _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); @@ -87,7 +88,7 @@ internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCre public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken); } @@ -100,7 +101,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT public virtual async Task AuthenticateAsync(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false); } @@ -204,7 +205,7 @@ private async Task GetTokenViaBrowserLoginAsync(string[] scopes, bo { AuthenticationResult result = await _client.AcquireTokenInteractiveAsync(scopes, Prompt.SelectAccount, async, cancellationToken).ConfigureAwait(false); - _record = new AuthenticationRecord(result); + _record = new AuthenticationRecord(result, _clientId); return new AccessToken(result.AccessToken, result.ExpiresOn); } diff --git a/sdk/identity/Azure.Identity/src/TokenCredentialOptions.cs b/sdk/identity/Azure.Identity/src/TokenCredentialOptions.cs index 893799671100b..d00ea91f3f9dc 100644 --- a/sdk/identity/Azure.Identity/src/TokenCredentialOptions.cs +++ b/sdk/identity/Azure.Identity/src/TokenCredentialOptions.cs @@ -13,11 +13,11 @@ public class TokenCredentialOptions : ClientOptions { private Uri _authorityHost; /// - /// The host of the Azure Active Directory authority. The default is https://login.microsoftonline.com/. For well known authority hosts for Azure cloud instances see . + /// The host of the Azure Active Directory authority. The default is https://login.microsoftonline.com/. For well known authority hosts for Azure cloud instances see . /// public Uri AuthorityHost { - get { return _authorityHost ?? KnownAuthorityHosts.GetDefault(); } + get { return _authorityHost ?? AzureAuthorityHosts.GetDefault(); } set { _authorityHost = value; } } } diff --git a/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs b/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs index fea322fd82e55..193db05c939f5 100644 --- a/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs +++ b/sdk/identity/Azure.Identity/src/UsernamePasswordCredential.cs @@ -20,6 +20,7 @@ public class UsernamePasswordCredential : TokenCredential { private const string NoDefaultScopeMessage = "Authenticating in this environment requires specifying a TokenRequestContext."; + private readonly string _clientId; private readonly MsalPublicClient _client; private readonly CredentialPipeline _pipeline; private readonly string _username; @@ -83,6 +84,10 @@ internal UsernamePasswordCredential(string username, string password, string ten _password = (password != null) ? password.ToSecureString() : throw new ArgumentNullException(nameof(password)); + _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); + + if (tenantId == null) throw new ArgumentNullException(nameof(tenantId)); + _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); _client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, null, options as ITokenCacheOptions); @@ -96,7 +101,7 @@ internal UsernamePasswordCredential(string username, string password, string ten public virtual AuthenticationRecord Authenticate(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return Authenticate(new TokenRequestContext(new string[] { defaultScope }), cancellationToken); } @@ -109,7 +114,7 @@ public virtual AuthenticationRecord Authenticate(CancellationToken cancellationT public virtual async Task AuthenticateAsync(CancellationToken cancellationToken = default) { // get the default scope for the authority, throw if no default scope exists - string defaultScope = KnownAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); + string defaultScope = AzureAuthorityHosts.GetDefaultScope(_pipeline.AuthorityHost) ?? throw new CredentialUnavailableException(NoDefaultScopeMessage); return await AuthenticateAsync(new TokenRequestContext(new string[] { defaultScope }), cancellationToken).ConfigureAwait(false); } @@ -186,7 +191,7 @@ private async Task GetTokenImplAsync(bool async, TokenRequestContex .AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, async, cancellationToken) .ConfigureAwait(false); - _record = new AuthenticationRecord(result); + _record = new AuthenticationRecord(result, _clientId); return scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)); } diff --git a/sdk/identity/Azure.Identity/tests/AuthenticationRecordTests.cs b/sdk/identity/Azure.Identity/tests/AuthenticationRecordTests.cs index b738768e9e92f..283d9e38998dd 100644 --- a/sdk/identity/Azure.Identity/tests/AuthenticationRecordTests.cs +++ b/sdk/identity/Azure.Identity/tests/AuthenticationRecordTests.cs @@ -12,12 +12,12 @@ namespace Azure.Identity.Tests { public class AuthenticationRecordTests { - private const int TestBufferSize = 256; + private const int TestBufferSize = 512; [Test] public void SerializeDeserializeInputChecks() { - var record = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); + var record = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); Assert.Throws(() => record.Serialize(null)); Assert.ThrowsAsync(async () => await record.SerializeAsync(null)); @@ -28,7 +28,7 @@ public void SerializeDeserializeInputChecks() [Test] public async Task SerializeDeserializeAsync() { - var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); + var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); byte[] buff = new byte[TestBufferSize]; @@ -44,12 +44,13 @@ public async Task SerializeDeserializeAsync() Assert.AreEqual(expRecord.Authority, actRecord.Authority); Assert.AreEqual(expRecord.HomeAccountId, actRecord.HomeAccountId); Assert.AreEqual(expRecord.TenantId, actRecord.TenantId); + Assert.AreEqual(expRecord.ClientId, actRecord.ClientId); } [Test] public void SerializeDeserialize() { - var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); + var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); byte[] buff = new byte[TestBufferSize]; @@ -65,6 +66,7 @@ public void SerializeDeserialize() Assert.AreEqual(expRecord.Authority, actRecord.Authority); Assert.AreEqual(expRecord.HomeAccountId, actRecord.HomeAccountId); Assert.AreEqual(expRecord.TenantId, actRecord.TenantId); + Assert.AreEqual(expRecord.ClientId, actRecord.ClientId); } [Test] @@ -74,7 +76,7 @@ public void SerializeCancellationTokenCancelled() cts.Cancel(); - var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); + var expRecord = new AuthenticationRecord(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); var stream = new MemoryStream(TestBufferSize); diff --git a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialLiveTests.cs b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialLiveTests.cs index 458538f28f8cd..df61b67fb945c 100644 --- a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialLiveTests.cs +++ b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialLiveTests.cs @@ -42,7 +42,7 @@ public async Task FromCertificatePath(bool usePem) var credential = new ClientCertificateCredential(tenantId, clientId, certPath, options); - var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) }); + var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) }); // ensure we can initially acquire a token AccessToken token = await credential.GetTokenAsync(tokenRequestContext); @@ -77,7 +77,7 @@ public async Task FromX509Certificate2() var credential = new ClientCertificateCredential(tenantId, clientId, cert, options); - var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) }); + var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) }); // ensure we can initially acquire a token AccessToken token = await credential.GetTokenAsync(tokenRequestContext); @@ -112,7 +112,7 @@ public void IncorrectCertificate() var credential = new ClientCertificateCredential(tenantId, clientId, new X509Certificate2(certPath), options); - var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) }); + var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) }); // ensure the incorrect client claim is rejected, handled and wrapped in AuthenticationFailedException Assert.ThrowsAsync(async () => await credential.GetTokenAsync(tokenRequestContext)); diff --git a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialLiveTests.cs b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialLiveTests.cs index 93f6815f01864..9b3d2cc46d786 100644 --- a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialLiveTests.cs +++ b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialLiveTests.cs @@ -39,7 +39,7 @@ public async Task GetToken() var credential = new ClientSecretCredential(tenantId, clientId, secret, options); - var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) }); + var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) }); // ensure we can initially acquire a token AccessToken token = await credential.GetTokenAsync(tokenRequestContext); @@ -73,7 +73,7 @@ public void GetTokenIncorrectPassword() var credential = new ClientSecretCredential(tenantId, clientId, secret, options); - var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) }); + var tokenRequestContext = new TokenRequestContext(new[] { AzureAuthorityHosts.GetDefaultScope(AzureAuthorityHosts.AzurePublicCloud) }); // ensure we can initially acquire a token Assert.ThrowsAsync(async () => await credential.GetTokenAsync(tokenRequestContext)); diff --git a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs index ca4d280411868..6e960661ea462 100644 --- a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs @@ -24,13 +24,13 @@ public async Task VerifyAuthenticationRecordOption() var expectedHomeId = $"{Guid.NewGuid()}.{Guid.NewGuid()}"; - var expectedEnvironment = KnownAuthorityHosts.AzureCloud.ToString(); + var expectedEnvironment = AzureAuthorityHosts.AzurePublicCloud.ToString(); var acquireTokenSilentCalled = false; var options = new SharedTokenCacheCredentialOptions { - AuthenticationRecord = new AuthenticationRecord(expectedUsername, expectedEnvironment, expectedHomeId, Guid.NewGuid().ToString()) + AuthenticationRecord = new AuthenticationRecord(expectedUsername, expectedEnvironment, expectedHomeId, Guid.NewGuid().ToString(), Guid.NewGuid().ToString()) }; var mockMsalClient = new MockMsalPublicClient diff --git a/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs b/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs index 3c59877de2076..644f5da59874d 100644 --- a/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs +++ b/sdk/identity/Azure.Identity/tests/TokenCredentialOptionsTests.cs @@ -29,7 +29,7 @@ public void InvalidEnvAuthorityHost() [Test] public void EnvAuthorityHost() { - string envHostValue = KnownAuthorityHosts.AzureChinaCloud.ToString(); + string envHostValue = AzureAuthorityHosts.AzureChina.ToString(); using (new TestEnvVar("AZURE_AUTHORITY_HOST", envHostValue)) { @@ -44,11 +44,11 @@ public void EnvAuthorityHost() [Test] public void CustomAuthorityHost() { - string envHostValue = KnownAuthorityHosts.AzureGermanCloud.ToString(); + string envHostValue = AzureAuthorityHosts.AzureGermany.ToString(); using (new TestEnvVar("AZURE_AUTHORITY_HOST", envHostValue)) { - Uri customUri = KnownAuthorityHosts.AzureChinaCloud; + Uri customUri = AzureAuthorityHosts.AzureChina; TokenCredentialOptions option = new TokenCredentialOptions() { AuthorityHost = customUri }; Uri authHost = option.AuthorityHost; @@ -66,7 +66,7 @@ public void DefaultAuthorityHost() { TokenCredentialOptions option = new TokenCredentialOptions(); - Assert.AreEqual(option.AuthorityHost, KnownAuthorityHosts.AzureCloud); + Assert.AreEqual(option.AuthorityHost, AzureAuthorityHosts.AzurePublicCloud); } } } diff --git a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs index 3c84033bedcf9..bcdbd914693dd 100644 --- a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs @@ -26,8 +26,10 @@ public async Task VerifyMsalClientExceptionAsync() var username = Guid.NewGuid().ToString(); var password = Guid.NewGuid().ToString(); + var clientId = Guid.NewGuid().ToString(); + var tenantId = Guid.NewGuid().ToString(); - var credential = InstrumentClient(new UsernamePasswordCredential(username, password, default, default, default, default, mockMsalClient)); + var credential = InstrumentClient(new UsernamePasswordCredential(username, password, clientId, tenantId, default, default, mockMsalClient)); var ex = Assert.ThrowsAsync(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));