Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Identity] Fixes after manual tests #18011

Merged
merged 2 commits into from
Oct 4, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions sdk/identity/identity/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@

### Bugs Fixed

- Fixed a bug that caused `AzureCliCredential` to fail when a custom tenant ID was provided.

### Other Changes

## 2.0.0-beta.6 (2021-09-09)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,17 @@ const logger = credentialLogger("ApplicationCredential");
* Provides a default {@link ChainedTokenCredential} configuration for
* applications that will be deployed to Azure.
*
* Only available in NodeJS.
* Only available in Node.js
*/
export class ApplicationCredential extends ChainedTokenCredential {
/**
* Creates an instance of the ApplicationCredential class.
*
* The ApplicationCredential provides a default {@link ChainedTokenCredential} configuration for
* applications that will be deployed to Azure.
*
* Only available in Node.js
*
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(_tokenCredentialOptions?: TokenCredentialOptions) {
Expand Down
20 changes: 11 additions & 9 deletions sdk/identity/identity/src/credentials/applicationCredential.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,22 @@ export const ApplicationCredentials: ApplicationCredentialConstructor[] = [

/**
* Provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK. The following credential
* types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}

*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
* work for most applications that use the Azure SDK.
*/
export class ApplicationCredential extends ChainedTokenCredential {
/**
* Creates an instance of the ApplicationCredential class.
*
* The ApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK. The following credential
* types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}
*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
*
* @param options - Optional parameters. See {@link ApplicationCredentialOptions}.
*/
constructor(options?: ApplicationCredentialOptions) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ const BrowserNotSupportedError = new Error(
const logger = credentialLogger("AuthorizationCodeCredential");

export class AuthorizationCodeCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor(
tenantId: string | "common",
clientId: string,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,14 @@ import { credentialLogger, formatError } from "../util/logging";
const BrowserNotSupportedError = new Error("AzureCliCredential is not supported in the browser.");
const logger = credentialLogger("AzureCliCredential");

/**
* This credential will use the currently logged-in user login information
* via the Azure CLI ('az') commandline tool.
*/
export class AzureCliCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
11 changes: 6 additions & 5 deletions sdk/identity/identity/src/credentials/azureCliCredential.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import { createSpan } from "../util/tracing";
import { CredentialUnavailableError } from "../client/errors";
import { SpanStatusCode } from "@azure/core-tracing";
import { credentialLogger, formatSuccess, formatError } from "../util/logging";
import * as child_process from "child_process";
import child_process from "child_process";
import { ensureValidScope, getScopeResource } from "../util/scopeUtils";
import { AzureCliCredentialOptions } from "./azureCliCredentialOptions";
import { processMultiTenantRequest } from "../util/validateMultiTenant";
Expand Down Expand Up @@ -55,8 +55,8 @@ export const cliCredentialInternals = {
"--output",
"json",
"--resource",
...tenantSection,
resource
resource,
...tenantSection
],
{ cwd: cliCredentialInternals.getSafeWorkingDir() },
(error, stdout, stderr) => {
Expand All @@ -77,15 +77,16 @@ const logger = credentialLogger("AzureCliCredential");
* via the Azure CLI ('az') commandline tool.
* To do so, it will read the user access token and expire time
* with Azure CLI command "az account get-access-token".
* To be able to use this credential, ensure that you have already logged
* in via the 'az' tool using the command "az login" from the commandline.
*/
export class AzureCliCredential implements TokenCredential {
private tenantId?: string;

/**
* Creates an instance of the {@link AzureCliCredential}.
*
* To use this credential, ensure that you have already logged
* in via the 'az' tool using the command "az login" from the commandline.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options?: AzureCliCredentialOptions) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@ const logger = credentialLogger("AzurePowerShellCredential");

/**
* This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.
* This credential is not supported in browsers.
*/
export class AzurePowerShellCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,19 +87,19 @@ if (isWindows) {
* This credential will use the currently logged-in user information from the
* Azure PowerShell module. To do so, it will read the user access token and
* expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
*
* To be able to use this credential:
* - Install the Azure Az PowerShell module with:
* `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
* - You have already logged in to Azure PowerShell using the command
* `Connect-AzAccount` from the command line.
*/
export class AzurePowerShellCredential implements TokenCredential {
private tenantId?: string;

/**
* Creates an instance of the {@link AzurePowershellCredential}.
*
* To use this credential:
* - Install the Azure Az PowerShell module with:
* `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
* - You have already logged in to Azure PowerShell using the command
* `Connect-AzAccount` from the command line.
*
* @param options - Options, to optionally allow multi-tenant requests.
*/
constructor(options?: AzurePowerShellCredentialOptions) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,14 @@ const BrowserNotSupportedError = new Error(
);
const logger = credentialLogger("ClientCertificateCredential");

/**
* Enables authentication to Azure Active Directory using a PEM-encoded
* certificate that is assigned to an App Registration.
*/
export class ClientCertificateCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
26 changes: 15 additions & 11 deletions sdk/identity/identity/src/credentials/defaultAzureCredential.ts
Original file line number Diff line number Diff line change
Expand Up @@ -67,22 +67,26 @@ export const defaultCredentials: DefaultCredentialConstructor[] = [

/**
* Provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK. The following credential
* types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}
* - {@link VisualStudioCodeCredential}
* - {@link AzureCliCredential}
* - {@link AzurePowerShellCredential}
*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
* work for most applications that use the Azure SDK.
*/
export class DefaultAzureCredential extends ChainedTokenCredential {
/**
* Creates an instance of the DefaultAzureCredential class.
*
* This credential provides a default {@link ChainedTokenCredential} configuration that should
* work for most applications that use the Azure SDK.
*
* The following credential types will be tried, in order:
*
* - {@link EnvironmentCredential}
* - {@link ManagedIdentityCredential}
* - {@link VisualStudioCodeCredential}
* - {@link AzureCliCredential}
* - {@link AzurePowerShellCredential}
*
* Consult the documentation of these credential types for more information
* on how they attempt authentication.
*
* **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
* `@azure/identity-vscode`. If this package is not installed and registered
* using the plugin API (`useIdentityPlugin`), then authentication using
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,14 @@ import { credentialLogger, formatError } from "../util/logging";
const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supported in the browser.");
const logger = credentialLogger("DeviceCodeCredential");

/**
* Enables authentication to Azure Active Directory using a device code
* that the user can enter into https://microsoft.com/devicelogin.
*/
export class DeviceCodeCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
14 changes: 14 additions & 0 deletions sdk/identity/identity/src/credentials/deviceCodeCredential.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,20 @@ export class DeviceCodeCredential implements TokenCredential {
* Creates an instance of DeviceCodeCredential with the details needed
* to initiate the device code authorization flow with Azure Active Directory.
*
* A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
*
* Developers can configure how this message is shown by passing a custom `userPromptCallback`:
*
* ```js
* const credential = new DeviceCodeCredential({
* tenantId: env.AZURE_TENANT_ID,
* clientId: env.AZURE_CLIENT_ID,
* userPromptCallback: (info) => {
* console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
* }
* });
* ```
*
* @param options - Options for configuring the client which makes the authentication requests.
*/
constructor(options?: DeviceCodeCredentialOptions) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,14 @@ const BrowserNotSupportedError = new Error(
);
const logger = credentialLogger("EnvironmentCredential");

/**
* Enables authentication to Azure Active Directory using client secret
* details configured in environment variables
*/
export class EnvironmentCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
18 changes: 1 addition & 17 deletions sdk/identity/identity/src/credentials/environmentCredential.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,23 +41,7 @@ export interface EnvironmentCredentialOptions

/**
* Enables authentication to Azure Active Directory using client secret
* details configured in the following environment variables:
*
* Required environment variables:
* - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
* - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
*
* Environment variables used for client credential authentication:
* - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
* - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
*
* Alternatively, users can provide environment variables for username and password authentication:
* - `AZURE_USERNAME`: Username to authenticate with.
* - `AZURE_PASSWORD`: Password to authenticate with.
*
* This credential ultimately uses a {@link ClientSecretCredential} to
* perform the authentication using these details. Please consult the
* documentation of that class for more details.
* details configured in environment variables
*/
export class EnvironmentCredential implements TokenCredential {
private _credential?:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,6 @@ const logger = credentialLogger("InteractiveBrowserCredential");
/**
* Enables authentication to Azure Active Directory inside of the web browser
* using the interactive login flow.
*
* This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
* It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications.
* More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).
*/
export class InteractiveBrowserCredential implements TokenCredential {
private msalFlow: MsalFlow;
Expand All @@ -36,6 +29,13 @@ export class InteractiveBrowserCredential implements TokenCredential {
* details needed to authenticate against Azure Active Directory with
* a user identity.
*
* This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
* It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications.
* More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).
*
* @param options - Options for configuring the client which makes the authentication request.
*/
constructor(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,6 @@ const logger = credentialLogger("InteractiveBrowserCredential");
/**
* Enables authentication to Azure Active Directory inside of the web browser
* using the interactive login flow.
*
* This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
* For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
* Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
*/
export class InteractiveBrowserCredential implements TokenCredential {
private msalFlow: MsalFlow;
Expand All @@ -35,6 +28,13 @@ export class InteractiveBrowserCredential implements TokenCredential {
/**
* Creates an instance of InteractiveBrowserCredential with the details needed.
*
* This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
* On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
* On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
*
* For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
* Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
*
* @param options - Options for configuring the client which makes the authentication requests.
*/
constructor(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,13 @@ const credentialName = "OnBehalfOfCredential";
const BrowserNotSupportedError = new Error(`${credentialName}: Not supported in the browser.`);
const logger = credentialLogger(credentialName);

/**
* Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
*/
export class OnBehalfOfCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ const logger = credentialLogger("UsernamePasswordCredential");
* trust so you should only use it when other, more secure credential
* types can't be used.
*/
// We'll be using InteractiveCredential as the base of this class, which requires us to support authenticate(),
// to reduce the number of times we send the password over the network.
export class UsernamePasswordCredential implements TokenCredential {
private msalFlow: MsalFlow;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,13 @@ export const vsCodeCredentialControl = {
}
};

/**
* Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
*/
export class VisualStudioCodeCredential implements TokenCredential {
/**
* Only available in Node.js
*/
constructor() {
logger.info(formatError("", BrowserNotSupportedError));
throw BrowserNotSupportedError;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ export interface VisualStudioCodeCredentialOptions extends TokenCredentialOption
}

/**
* Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.
* Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
* Once the user has logged in via the extension, this credential can share the same refresh token
* that is cached by the extension.
*/
Expand Down
Loading