From 07c99fb4d84b89b2d5764bdc0b66afdfc94c6409 Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Thu, 24 Jun 2021 16:42:02 -0700
Subject: [PATCH 1/4] Bump msal4j version & add regional sts support

---
 eng/versioning/external_dependencies.txt      |  2 +-
 sdk/boms/azure-sdk-bom/pom.xml                |  2 +-
 sdk/boms/azure-spring-boot-bom/pom.xml        |  2 +-
 .../microsoft-azure-eventhubs/pom.xml         |  2 +-
 sdk/identity/azure-identity/CHANGELOG.md      |  6 ++
 sdk/identity/azure-identity/pom.xml           |  4 +-
 .../ClientCertificateCredentialBuilder.java   | 13 ++++
 .../ClientSecretCredentialBuilder.java        | 14 ++++
 .../com/azure/identity/RegionalAuthority.java | 74 +++++++++++++++++++
 .../implementation/IdentityClient.java        |  8 ++
 .../implementation/IdentityClientOptions.java | 23 ++++++
 .../pom.xml                                   |  4 +-
 sdk/spring/azure-spring-boot/pom.xml          |  4 +-
 13 files changed, 148 insertions(+), 10 deletions(-)
 create mode 100644 sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java

diff --git a/eng/versioning/external_dependencies.txt b/eng/versioning/external_dependencies.txt
index 66ab24f03efd7..03a96a8afb695 100644
--- a/eng/versioning/external_dependencies.txt
+++ b/eng/versioning/external_dependencies.txt
@@ -168,7 +168,7 @@ com.microsoft.azure:azure-mgmt-resources;1.3.0
 com.microsoft.azure:azure-mgmt-search;1.24.1
 com.microsoft.azure:azure-mgmt-storage;1.3.0
 com.microsoft.azure:azure-storage;8.0.0
-com.microsoft.azure:msal4j;1.10.0
+com.microsoft.azure:msal4j;1.10.1
 com.microsoft.azure:msal4j-persistence-extension;1.1.0
 com.sun.activation:jakarta.activation;1.2.2
 io.opentelemetry:opentelemetry-api;1.0.0
diff --git a/sdk/boms/azure-sdk-bom/pom.xml b/sdk/boms/azure-sdk-bom/pom.xml
index 461cec9f12808..572629d044d5f 100644
--- a/sdk/boms/azure-sdk-bom/pom.xml
+++ b/sdk/boms/azure-sdk-bom/pom.xml
@@ -278,7 +278,7 @@
       <dependency>
         <groupId>com.microsoft.azure</groupId>
         <artifactId>msal4j</artifactId>
-        <version>1.10.0</version>
+        <version>1.10.1</version>
       </dependency>
 
       <dependency>
diff --git a/sdk/boms/azure-spring-boot-bom/pom.xml b/sdk/boms/azure-spring-boot-bom/pom.xml
index 3b7aeaa41bb40..3d39196eea4a0 100644
--- a/sdk/boms/azure-spring-boot-bom/pom.xml
+++ b/sdk/boms/azure-spring-boot-bom/pom.xml
@@ -42,7 +42,7 @@
     <azure.core.version>1.17.0</azure.core.version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
     <azure.identity.version>1.3.1</azure.identity.version> <!-- {x-version-update;com.azure:azure-identity;dependency} -->
     <azure.keyvault.secret.version>4.3.0</azure.keyvault.secret.version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
-    <azure.msal.version>1.9.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+    <azure.msal.version>1.10.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     <azure.servicebus.jms.version>0.0.7</azure.servicebus.jms.version> <!-- {x-version-update;com.microsoft.azure:azure-servicebus-jms;external_dependency} -->
     <azure.spring.data.cosmos.version>3.8.0</azure.spring.data.cosmos.version> <!-- {x-version-update;com.azure:azure-spring-data-cosmos;dependency} -->
     <azure.storage.blob.version>12.12.0</azure.storage.blob.version> <!-- {x-version-update;com.azure:azure-storage-blob;dependency} -->
diff --git a/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml b/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
index 016a625a8fda5..432a6d5e1440f 100644
--- a/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
+++ b/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
@@ -77,7 +77,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index 8aef2a1c3c9e8..19ab1d59afe67 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -1,7 +1,13 @@
 # Release History
 
 ## 1.4.0-beta.1 (Unreleased)
+### Features Added
 
+- Added regional STS support to client credential types.
+    - Added the `RegionalAuthority` type, that allows specifying Azure regions.
+    - Added `regionalAuthority()` setter to `ClientSecretCredentialBuilder` and `ClientCertificateCredentialBuilder`.
+    - If instead of a region, `RegionalAuthority.AutoDiscoverRegion` is specified as the value for `regionalAuthority`, MSAL will be used to attempt to discover the region.
+    - A region can also be specified through the `AZURE_REGIONAL_AUTHORITY_NAME` environment variable.
 
 ## 1.3.1 (2021-06-08)
 
diff --git a/sdk/identity/azure-identity/pom.xml b/sdk/identity/azure-identity/pom.xml
index c8ac8141a68d1..fabdffe1fd851 100644
--- a/sdk/identity/azure-identity/pom.xml
+++ b/sdk/identity/azure-identity/pom.xml
@@ -37,7 +37,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
@@ -105,7 +105,7 @@
           <rules>
             <bannedDependencies>
               <includes>
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.microsoft.azure:msal4j-persistence-extension:[1.1.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j-persistence-extension;external_dependency} -->
                 <include>net.java.dev.jna:jna-platform:[5.6.0]</include> <!-- {x-include-update;net.java.dev.jna:jna-platform;external_dependency} -->
                 <include>org.linguafranca.pwdb:KeePassJava2:[2.1.4]</include> <!-- {x-include-update;org.linguafranca.pwdb:KeePassJava2;external_dependency} -->
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
index 8117f44593677..fea46dbacfb22 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
@@ -120,6 +120,19 @@ public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCerti
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientCertificateCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
index 727aefe5d413c..5ba2315979386 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
@@ -3,6 +3,7 @@
 
 package com.azure.identity;
 
+import com.azure.identity.implementation.IdentityClientOptions;
 import com.azure.identity.implementation.util.ValidationUtil;
 
 import java.util.HashMap;
@@ -62,6 +63,19 @@ public ClientSecretCredentialBuilder tokenCachePersistenceOptions(TokenCachePers
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientSecretCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
new file mode 100644
index 0000000000000..208b57692d73e
--- /dev/null
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
@@ -0,0 +1,74 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.identity;
+
+import com.azure.core.util.ExpandableStringEnum;
+
+/**
+ * Defines currently available regional authorities, or "AutoDiscoverRegion" to auto-detect the region.
+ */
+public class RegionalAuthority extends ExpandableStringEnum<RegionalAuthority> {
+    public static final RegionalAuthority AUTO_DISCOVER_REGION = fromString("AutoDiscoverRegion");
+    public static final RegionalAuthority US_WEST = fromString("westus");
+    public static final RegionalAuthority US_WEST2 = fromString("westus2");
+    public static final RegionalAuthority US_CENTRAL = fromString("centralus");
+    public static final RegionalAuthority US_EAST = fromString("eastus");
+    public static final RegionalAuthority US_EAST2 = fromString("eastus2");
+    public static final RegionalAuthority US_NORTH_CENTRAL = fromString("northcentralus");
+    public static final RegionalAuthority US_SOUTH_CENTRAL = fromString("southcentralus");
+    public static final RegionalAuthority US_WEST_CENTRAL = fromString("westcentralus");
+    public static final RegionalAuthority CANADA_CENTRAL = fromString("canadacentral");
+    public static final RegionalAuthority CANADA_EAST = fromString("canadaeast");
+    public static final RegionalAuthority BRAZIL_SOUTH = fromString("brazilsouth");
+    public static final RegionalAuthority EUROPE_NORTH = fromString("northeurope");
+    public static final RegionalAuthority EUROPE_WEST = fromString("westeurope");
+    public static final RegionalAuthority UK_SOUTH = fromString("uksouth");
+    public static final RegionalAuthority UK_WEST = fromString("ukwest");
+    public static final RegionalAuthority FRANCE_CENTRAL = fromString("francecentral");
+    public static final RegionalAuthority FRANCE_SOUTH = fromString("francesouth");
+    public static final RegionalAuthority SWITZERLAND_NORTH = fromString("switzerlandnorth");
+    public static final RegionalAuthority SWITZERLAND_WEST = fromString("switzerlandwest");
+    public static final RegionalAuthority GERMANY_NORTH = fromString("germanynorth");
+    public static final RegionalAuthority GERMANY_WEST_CENTRAL = fromString("germanywestcentral");
+    public static final RegionalAuthority NORWAY_WEST = fromString("norwaywest");
+    public static final RegionalAuthority NORWAY_EAST = fromString("norwayeast");
+    public static final RegionalAuthority ASIA_EAST = fromString("eastasia");
+    public static final RegionalAuthority ASIA_SOUTH_EAST = fromString("southeastasia");
+    public static final RegionalAuthority JAPAN_EAST = fromString("japaneast");
+    public static final RegionalAuthority JAPAN_WEST = fromString("japanwest");
+    public static final RegionalAuthority AUSTRALIA_EAST = fromString("australiaeast");
+    public static final RegionalAuthority AUSTRALIA_SOUTH_EAST = fromString("australiasoutheast");
+    public static final RegionalAuthority AUSTRALIA_CENTRAL = fromString("australiacentral");
+    public static final RegionalAuthority AUSTRALIA_CENTRAL2 = fromString("australiacentral2");
+    public static final RegionalAuthority INDIA_CENTRAL = fromString("centralindia");
+    public static final RegionalAuthority INDIA_SOUTH = fromString("southindia");
+    public static final RegionalAuthority INDIA_WEST = fromString("westindia");
+    public static final RegionalAuthority KOREA_SOUTH = fromString("koreasouth");
+    public static final RegionalAuthority KOREA_CENTRAL = fromString("koreacentral");
+    public static final RegionalAuthority UAE_CENTRAL = fromString("uaecentral");
+    public static final RegionalAuthority UAE_NORTH = fromString("uaenorth");
+    public static final RegionalAuthority SOUTH_AFRICA_NORTH = fromString("southafricanorth");
+    public static final RegionalAuthority SOUTH_AFRICA_WEST = fromString("southafricawest");
+    public static final RegionalAuthority CHINA_NORTH = fromString("chinanorth");
+    public static final RegionalAuthority CHINA_EAST = fromString("chinaeast");
+    public static final RegionalAuthority CHINA_NORTH2 = fromString("chinanorth2");
+    public static final RegionalAuthority CHINA_EAST2 = fromString("chinaeast2");
+    public static final RegionalAuthority GERMANY_CENTRAL = fromString("germanycentral");
+    public static final RegionalAuthority GERMANY_NORTH_EAST = fromString("germanynortheast");
+    public static final RegionalAuthority GOVERNMENT_US_VIRGINIA = fromString("usgovvirginia");
+    public static final RegionalAuthority GOVERNMENT_US_IOWA = fromString("usgoviowa");
+    public static final RegionalAuthority GOVERNMENT_US_ARIZONA = fromString("usgovarizona");
+    public static final RegionalAuthority GOVERNMENT_US_TEXAS = fromString("usgovtexas");
+    public static final RegionalAuthority GOVERNMENT_US_DOD_EAST = fromString("usdodeast");
+    public static final RegionalAuthority GOVERNMENT_US_DOD_CENTRAL = fromString("usdodcentral");
+
+    /**
+     * Returns the {@link RegionalAuthority} associated with the name.
+     * @param name The name of the regional authority.
+     * @return The {@link RegionalAuthority} associated with this name.
+     */
+    public static RegionalAuthority fromString(String name) {
+        return fromString(name, RegionalAuthority.class);
+    }
+}
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
index 7421f24b9eb36..c6b866cc58bf2 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
@@ -22,6 +22,7 @@
 import com.azure.core.util.serializer.SerializerEncoding;
 import com.azure.identity.CredentialUnavailableException;
 import com.azure.identity.DeviceCodeInfo;
+import com.azure.identity.RegionalAuthority;
 import com.azure.identity.TokenCachePersistenceOptions;
 import com.azure.identity.implementation.util.CertificateUtil;
 import com.azure.identity.implementation.util.IdentitySslUtil;
@@ -239,6 +240,13 @@ private Mono<ConfidentialClientApplication> getConfidentialClientApplication() {
                         "Shared token cache is unavailable in this environment.", null, t)));
                 }
             }
+            if (options.getRegionalAuthority() != null) {
+                if (options.getRegionalAuthority() == RegionalAuthority.AUTO_DISCOVER_REGION) {
+                    applicationBuilder.autoDetectRegion(true);
+                } else {
+                    applicationBuilder.azureRegion(options.getRegionalAuthority().toString());
+                }
+            }
             ConfidentialClientApplication confidentialClientApplication = applicationBuilder.build();
             return tokenCache != null ? tokenCache.registerCache()
                 .map(ignored -> confidentialClientApplication) : Mono.just(confidentialClientApplication);
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
index c5013f802514c..33c173528684a 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
@@ -9,6 +9,7 @@
 import com.azure.core.util.Configuration;
 import com.azure.identity.AuthenticationRecord;
 import com.azure.identity.AzureAuthorityHosts;
+import com.azure.identity.RegionalAuthority;
 import com.azure.identity.TokenCachePersistenceOptions;
 import com.azure.identity.implementation.util.ValidationUtil;
 
@@ -22,6 +23,7 @@
  */
 public final class IdentityClientOptions {
     private static final int MAX_RETRY_DEFAULT_LIMIT = 3;
+    private static final String AZURE_REGIONAL_AUTHORITY_NAME = "AZURE_REGIONAL_AUTHORITY_NAME";
 
     private String authorityHost;
     private int maxRetry;
@@ -37,6 +39,7 @@ public final class IdentityClientOptions {
     private AuthenticationRecord authenticationRecord;
     private TokenCachePersistenceOptions tokenCachePersistenceOptions;
     private boolean cp1Disabled;
+    private RegionalAuthority regionalAuthority;
 
     /**
      * Creates an instance of IdentityClientOptions with default settings.
@@ -49,6 +52,7 @@ public IdentityClientOptions() {
         ValidationUtil.validateAuthHost(getClass().getSimpleName(), authorityHost);
         maxRetry = MAX_RETRY_DEFAULT_LIMIT;
         retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1));
+        regionalAuthority = RegionalAuthority.fromString(configuration.get(AZURE_REGIONAL_AUTHORITY_NAME));
     }
 
     /**
@@ -305,4 +309,23 @@ public TokenCachePersistenceOptions getTokenCacheOptions() {
     public boolean isCp1Disabled() {
         return this.cp1Disabled;
     }
+
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to attempt to auto-detect the region.
+     *
+     * @param regionalAuthority the regional authority
+     * @return the updated identity client options
+     */
+    public IdentityClientOptions setRegionalAuthority(RegionalAuthority regionalAuthority) {
+        this.regionalAuthority = regionalAuthority;
+        return this;
+    }
+
+    /**
+     * Gets the regional authority, or null if regional authority should not be used.
+     * @return the regional authority value if specified
+     */
+    public RegionalAuthority getRegionalAuthority() {
+        return regionalAuthority;
+    }
 }
diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml b/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
index 45229c9df77ec..262df536c8759 100644
--- a/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
+++ b/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
@@ -63,7 +63,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.nimbusds</groupId>
@@ -93,7 +93,7 @@
             <bannedDependencies>
               <includes>
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.12.3]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[9.8.1]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->
                 <include>io.projectreactor.netty:reactor-netty:[1.0.7]</include> <!-- {x-include-update;io.projectreactor.netty:reactor-netty;external_dependency} -->
                 <include>org.springframework.boot:spring-boot-starter-validation:[2.5.0]</include> <!-- {x-include-update;org.springframework.boot:spring-boot-starter-validation;external_dependency} -->
diff --git a/sdk/spring/azure-spring-boot/pom.xml b/sdk/spring/azure-spring-boot/pom.xml
index 9773e263b3be8..e4ff78d0e37eb 100644
--- a/sdk/spring/azure-spring-boot/pom.xml
+++ b/sdk/spring/azure-spring-boot/pom.xml
@@ -150,7 +150,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <optional>true</optional>
     </dependency>
 
@@ -301,7 +301,7 @@
                 <include>com.microsoft.azure:azure-servicebus-jms:[0.0.7]</include> <!-- {x-include-update;com.microsoft.azure:azure-servicebus-jms;external_dependency} -->
                 <include>com.github.spotbugs:spotbugs-annotations:[4.2.0]</include> <!-- {x-include-update;com.github.spotbugs:spotbugs-annotations;external_dependency} -->
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.12.3]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[9.8.1]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->
                 <include>javax.servlet:javax.servlet-api:[4.0.1]</include> <!-- {x-include-update;javax.servlet:javax.servlet-api;external_dependency} -->
                 <include>javax.annotation:javax.annotation-api:[1.3.2]</include> <!-- {x-include-update;javax.annotation:javax.annotation-api;external_dependency} -->

From dde08fe414b585995ee865868cf4e7062cde377e Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Thu, 24 Jun 2021 16:57:41 -0700
Subject: [PATCH 2/4] Checkstyle - unused import

---
 .../com/azure/identity/ClientSecretCredentialBuilder.java     | 1 -
 .../com/azure/identity/implementation/IdentityClient.java     | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
index 5ba2315979386..90cd98c4034c9 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
@@ -3,7 +3,6 @@
 
 package com.azure.identity;
 
-import com.azure.identity.implementation.IdentityClientOptions;
 import com.azure.identity.implementation.util.ValidationUtil;
 
 import java.util.HashMap;
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
index c6b866cc58bf2..99abee5caf41c 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
@@ -38,8 +38,8 @@
 import com.microsoft.aad.msal4j.IAuthenticationResult;
 import com.microsoft.aad.msal4j.IClientCredential;
 import com.microsoft.aad.msal4j.InteractiveRequestParameters;
-import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.microsoft.aad.msal4j.Prompt;
+import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.microsoft.aad.msal4j.RefreshTokenParameters;
 import com.microsoft.aad.msal4j.SilentParameters;
 import com.microsoft.aad.msal4j.UserNamePasswordParameters;
@@ -75,8 +75,8 @@
 import java.time.ZoneId;
 import java.time.ZoneOffset;
 import java.time.format.DateTimeFormatter;
-import java.util.Arrays;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;

From 66e95df991582c280d168b80b043143bae1bbbc8 Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Thu, 24 Jun 2021 17:09:03 -0700
Subject: [PATCH 3/4] Move environment variable to azure-core Configuration

---
 .../src/main/java/com/azure/core/util/Configuration.java     | 5 +++++
 sdk/identity/azure-identity/pom.xml                          | 2 +-
 .../src/main/java/com/azure/identity/RegionalAuthority.java  | 2 +-
 .../azure/identity/implementation/IdentityClientOptions.java | 4 ++--
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/sdk/core/azure-core/src/main/java/com/azure/core/util/Configuration.java b/sdk/core/azure-core/src/main/java/com/azure/core/util/Configuration.java
index cf986606c8c5d..31570f069ec57 100644
--- a/sdk/core/azure-core/src/main/java/com/azure/core/util/Configuration.java
+++ b/sdk/core/azure-core/src/main/java/com/azure/core/util/Configuration.java
@@ -88,6 +88,11 @@ public class Configuration implements Cloneable {
      */
     public static final String PROPERTY_AZURE_IDENTITY_DISABLE_CP1 = "AZURE_IDENTITY_DISABLE_CP1";
 
+    /**
+     * Name of Azure AAD regional authority.
+     */
+    public static final String PROPERTY_AZURE_REGIONAL_AUTHORITY_NAME = "AZURE_REGIONAL_AUTHORITY_NAME";
+
     /**
      * Name of the Azure resource group.
      */
diff --git a/sdk/identity/azure-identity/pom.xml b/sdk/identity/azure-identity/pom.xml
index fabdffe1fd851..7c01c21e4502f 100644
--- a/sdk/identity/azure-identity/pom.xml
+++ b/sdk/identity/azure-identity/pom.xml
@@ -27,7 +27,7 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-core</artifactId>
-      <version>1.17.0</version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
+      <version>1.18.0-beta.1</version> <!-- {x-version-update;com.azure:azure-core;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
index 208b57692d73e..4025b5ad141a6 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
@@ -8,7 +8,7 @@
 /**
  * Defines currently available regional authorities, or "AutoDiscoverRegion" to auto-detect the region.
  */
-public class RegionalAuthority extends ExpandableStringEnum<RegionalAuthority> {
+public final class RegionalAuthority extends ExpandableStringEnum<RegionalAuthority> {
     public static final RegionalAuthority AUTO_DISCOVER_REGION = fromString("AutoDiscoverRegion");
     public static final RegionalAuthority US_WEST = fromString("westus");
     public static final RegionalAuthority US_WEST2 = fromString("westus2");
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
index 33c173528684a..97a1ac2cbe7be 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
@@ -23,7 +23,6 @@
  */
 public final class IdentityClientOptions {
     private static final int MAX_RETRY_DEFAULT_LIMIT = 3;
-    private static final String AZURE_REGIONAL_AUTHORITY_NAME = "AZURE_REGIONAL_AUTHORITY_NAME";
 
     private String authorityHost;
     private int maxRetry;
@@ -52,7 +51,8 @@ public IdentityClientOptions() {
         ValidationUtil.validateAuthHost(getClass().getSimpleName(), authorityHost);
         maxRetry = MAX_RETRY_DEFAULT_LIMIT;
         retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1));
-        regionalAuthority = RegionalAuthority.fromString(configuration.get(AZURE_REGIONAL_AUTHORITY_NAME));
+        regionalAuthority = RegionalAuthority.fromString(
+            configuration.get(Configuration.PROPERTY_AZURE_REGIONAL_AUTHORITY_NAME));
     }
 
     /**

From 2737dcc98b2d0260c17ad71ae0442cd166cd3eb1 Mon Sep 17 00:00:00 2001
From: Jianghao Lu <jianghaolu@users.noreply.github.com>
Date: Fri, 25 Jun 2021 10:45:11 -0700
Subject: [PATCH 4/4] Add javadocs for regional authority values

---
 .../ClientCertificateCredentialBuilder.java   |   2 +-
 .../ClientSecretCredentialBuilder.java        |   2 +-
 .../com/azure/identity/RegionalAuthority.java | 214 ++++++++++++++++++
 3 files changed, 216 insertions(+), 2 deletions(-)

diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
index fea46dbacfb22..c264067dc2dc5 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
@@ -122,7 +122,7 @@ public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCerti
 
     /**
      * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
-     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * attempt to auto-detect the region. If unset, a non-regional authority will be used. This argument should be used
      * only by applications deployed to Azure VMs.
      *
      * @param regionalAuthority the regional authority
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
index 90cd98c4034c9..21cfab1a59c25 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java
@@ -64,7 +64,7 @@ public ClientSecretCredentialBuilder tokenCachePersistenceOptions(TokenCachePers
 
     /**
      * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
-     * attempt to auto-detect the region. If unset, a regional authority will not be used. This argument should be used
+     * attempt to auto-detect the region. If unset, a non-regional authority will be used. This argument should be used
      * only by applications deployed to Azure VMs.
      *
      * @param regionalAuthority the regional authority
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
index 4025b5ad141a6..46feb07dd0850 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/RegionalAuthority.java
@@ -9,58 +9,272 @@
  * Defines currently available regional authorities, or "AutoDiscoverRegion" to auto-detect the region.
  */
 public final class RegionalAuthority extends ExpandableStringEnum<RegionalAuthority> {
+    /**
+     * In cases where the region is not known ahead of time, attempts to automatically discover the appropriate
+     * regional authority. This works on some azure hosts, such as some VMs (through IDMS), and Azure Functions
+     * (using host populated environment variables). If the auto-detection fails, the non-regional authority is
+     * used.
+     */
     public static final RegionalAuthority AUTO_DISCOVER_REGION = fromString("AutoDiscoverRegion");
+
+    /**
+     * The regional authority for the Azure "westus" region.
+     */
     public static final RegionalAuthority US_WEST = fromString("westus");
+
+    /**
+     * The regional authority for the Azure "westus2" region.
+     */
     public static final RegionalAuthority US_WEST2 = fromString("westus2");
+
+    /**
+     * The regional authority for the Azure "centralus" region.
+     */
     public static final RegionalAuthority US_CENTRAL = fromString("centralus");
+
+    /**
+     * The regional authority for the Azure "eastus" region.
+     */
     public static final RegionalAuthority US_EAST = fromString("eastus");
+
+    /**
+     * The regional authority for the Azure "eastus2" region.
+     */
     public static final RegionalAuthority US_EAST2 = fromString("eastus2");
+
+    /**
+     * The regional authority for the Azure "northcentralus" region.
+     */
     public static final RegionalAuthority US_NORTH_CENTRAL = fromString("northcentralus");
+
+    /**
+     * The regional authority for the Azure "southcentralus" region.
+     */
     public static final RegionalAuthority US_SOUTH_CENTRAL = fromString("southcentralus");
+
+    /**
+     * The regional authority for the Azure "westcentralus" region.
+     */
     public static final RegionalAuthority US_WEST_CENTRAL = fromString("westcentralus");
+
+    /**
+     * The regional authority for the Azure "canadacentral" region.
+     */
     public static final RegionalAuthority CANADA_CENTRAL = fromString("canadacentral");
+
+    /**
+     * The regional authority for the Azure "canadaeast" region.
+     */
     public static final RegionalAuthority CANADA_EAST = fromString("canadaeast");
+
+    /**
+     * The regional authority for the Azure "brazilsouth" region.
+     */
     public static final RegionalAuthority BRAZIL_SOUTH = fromString("brazilsouth");
+
+    /**
+     * The regional authority for the Azure "northeurope" region.
+     */
     public static final RegionalAuthority EUROPE_NORTH = fromString("northeurope");
+
+    /**
+     * The regional authority for the Azure "westeurope" region.
+     */
     public static final RegionalAuthority EUROPE_WEST = fromString("westeurope");
+
+    /**
+     * The regional authority for the Azure "uksouth" region.
+     */
     public static final RegionalAuthority UK_SOUTH = fromString("uksouth");
+
+    /**
+     * The regional authority for the Azure "ukwest" region.
+     */
     public static final RegionalAuthority UK_WEST = fromString("ukwest");
+
+    /**
+     * The regional authority for the Azure "francecentral" region.
+     */
     public static final RegionalAuthority FRANCE_CENTRAL = fromString("francecentral");
+
+    /**
+     * The regional authority for the Azure "francesouth" region.
+     */
     public static final RegionalAuthority FRANCE_SOUTH = fromString("francesouth");
+
+    /**
+     * The regional authority for the Azure "switzerlandnorth" region.
+     */
     public static final RegionalAuthority SWITZERLAND_NORTH = fromString("switzerlandnorth");
+
+    /**
+     * The regional authority for the Azure "switzerlandwest" region.
+     */
     public static final RegionalAuthority SWITZERLAND_WEST = fromString("switzerlandwest");
+
+    /**
+     * The regional authority for the Azure "germanynorth" region.
+     */
     public static final RegionalAuthority GERMANY_NORTH = fromString("germanynorth");
+
+    /**
+     * The regional authority for the Azure "germanywestcentral" region.
+     */
     public static final RegionalAuthority GERMANY_WEST_CENTRAL = fromString("germanywestcentral");
+
+    /**
+     * The regional authority for the Azure "norwaywest" region.
+     */
     public static final RegionalAuthority NORWAY_WEST = fromString("norwaywest");
+
+    /**
+     * The regional authority for the Azure "norwayeast" region.
+     */
     public static final RegionalAuthority NORWAY_EAST = fromString("norwayeast");
+
+    /**
+     * The regional authority for the Azure "eastasia" region.
+     */
     public static final RegionalAuthority ASIA_EAST = fromString("eastasia");
+
+    /**
+     * The regional authority for the Azure "southeastasia" region.
+     */
     public static final RegionalAuthority ASIA_SOUTH_EAST = fromString("southeastasia");
+
+    /**
+     * The regional authority for the Azure "japaneast" region.
+     */
     public static final RegionalAuthority JAPAN_EAST = fromString("japaneast");
+
+    /**
+     * The regional authority for the Azure "japanwest" region.
+     */
     public static final RegionalAuthority JAPAN_WEST = fromString("japanwest");
+
+    /**
+     * The regional authority for the Azure "australiaeast" region.
+     */
     public static final RegionalAuthority AUSTRALIA_EAST = fromString("australiaeast");
+
+    /**
+     * The regional authority for the Azure "australiasoutheast" region.
+     */
     public static final RegionalAuthority AUSTRALIA_SOUTH_EAST = fromString("australiasoutheast");
+
+    /**
+     * The regional authority for the Azure "australiacentral" region.
+     */
     public static final RegionalAuthority AUSTRALIA_CENTRAL = fromString("australiacentral");
+
+    /**
+     * The regional authority for the Azure "australiacentral2" region.
+     */
     public static final RegionalAuthority AUSTRALIA_CENTRAL2 = fromString("australiacentral2");
+
+    /**
+     * The regional authority for the Azure "centralindia" region.
+     */
     public static final RegionalAuthority INDIA_CENTRAL = fromString("centralindia");
+
+    /**
+     * The regional authority for the Azure "southindia" region.
+     */
     public static final RegionalAuthority INDIA_SOUTH = fromString("southindia");
+
+    /**
+     * The regional authority for the Azure "westindia" region.
+     */
     public static final RegionalAuthority INDIA_WEST = fromString("westindia");
+
+    /**
+     * The regional authority for the Azure "koreasouth" region.
+     */
     public static final RegionalAuthority KOREA_SOUTH = fromString("koreasouth");
+
+    /**
+     * The regional authority for the Azure "koreacentral" region.
+     */
     public static final RegionalAuthority KOREA_CENTRAL = fromString("koreacentral");
+
+    /**
+     * The regional authority for the Azure "uaecentral" region.
+     */
     public static final RegionalAuthority UAE_CENTRAL = fromString("uaecentral");
+
+    /**
+     * The regional authority for the Azure "uaenorth" region.
+     */
     public static final RegionalAuthority UAE_NORTH = fromString("uaenorth");
+
+    /**
+     * The regional authority for the Azure "southafricanorth" region.
+     */
     public static final RegionalAuthority SOUTH_AFRICA_NORTH = fromString("southafricanorth");
+
+    /**
+     * The regional authority for the Azure "southafricawest" region.
+     */
     public static final RegionalAuthority SOUTH_AFRICA_WEST = fromString("southafricawest");
+
+    /**
+     * The regional authority for the Azure "chinanorth" region.
+     */
     public static final RegionalAuthority CHINA_NORTH = fromString("chinanorth");
+
+    /**
+     * The regional authority for the Azure "chinaeast" region.
+     */
     public static final RegionalAuthority CHINA_EAST = fromString("chinaeast");
+
+    /**
+     * The regional authority for the Azure "chinanorth2" region.
+     */
     public static final RegionalAuthority CHINA_NORTH2 = fromString("chinanorth2");
+
+    /**
+     * The regional authority for the Azure "chinaeast2" region.
+     */
     public static final RegionalAuthority CHINA_EAST2 = fromString("chinaeast2");
+
+    /**
+     * The regional authority for the Azure "germanycentral" region.
+     */
     public static final RegionalAuthority GERMANY_CENTRAL = fromString("germanycentral");
+
+    /**
+     * The regional authority for the Azure "germanynortheast" region.
+     */
     public static final RegionalAuthority GERMANY_NORTH_EAST = fromString("germanynortheast");
+
+    /**
+     * The regional authority for the Azure "usgovvirginia" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_VIRGINIA = fromString("usgovvirginia");
+
+    /**
+     * The regional authority for the Azure "usgoviowa" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_IOWA = fromString("usgoviowa");
+
+    /**
+     * The regional authority for the Azure "usgovarizona" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_ARIZONA = fromString("usgovarizona");
+
+    /**
+     * The regional authority for the Azure "usgovtexas" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_TEXAS = fromString("usgovtexas");
+
+    /**
+     * The regional authority for the Azure "usdodeast" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_DOD_EAST = fromString("usdodeast");
+
+    /**
+     * The regional authority for the Azure "usdodcentral" region.
+     */
     public static final RegionalAuthority GOVERNMENT_US_DOD_CENTRAL = fromString("usdodcentral");
 
     /**