merging origin

AzureAD · Jan 22, 2025 · 53f9899 · 53f9899
2 parents c2bba6a + d2d5ce0
commit 53f9899
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 20 deletions.
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>
     <PropertyGroup>
         <!-- This should be passed from the VSTS build -->
-        <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">7.2.0</MicrosoftIdentityAbstractionsVersion>
+        <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">7.3.0</MicrosoftIdentityAbstractionsVersion>
         <!-- This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion -->
         <Version>$(MicrosoftIdentityAbstractionsVersion)</Version>
         <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)\build\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>

diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,8 @@
+7.2.1
+========
+## Bug fix:
+- `Id` property in `CredentialDescription` was derived from secret values, primarily affecting logging (information level) of credential attempts in `Microsoft.Identity.Web`, it doesn't affect higher log levels because if the failure occurs, it indicates that a credential description has both a credential source that can fail (e.g., certificate) and the `ClientSecret` property set, which is not a typical scenario. See issue [#147](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/pull/147) for details.
+
 7.2.0
 ========
 ## New features:

diff --git a/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialDescription.cs b/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialDescription.cs
@@ -352,7 +352,7 @@ public string? ReferenceOrValue
                     CredentialSource.StoreWithDistinguishedName => CertificateDistinguishedName,
                     CredentialSource.Certificate or CredentialSource.Base64Encoded => Base64EncodedValue,
                     CredentialSource.SignedAssertionFromManagedIdentity => ManagedIdentityClientId,
-                    CredentialSource.ClientSecret => ClientSecret,
+                    CredentialSource.ClientSecret => "***",
                     CredentialSource.CustomSignedAssertion => null,
                     _ => null,
                 };

diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Shipped.txt
@@ -248,3 +248,5 @@ virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.get
 virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.set -> void
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.get -> System.Collections.Generic.IDictionary<string!, object!>?
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.set -> void
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Unshipped.txt
@@ -3,6 +3,4 @@ Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProvi
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
-Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Shipped.txt
@@ -276,4 +276,7 @@ virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.get
 virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.set -> void
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.get -> System.Collections.Generic.IDictionary<string!, object!>?
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.set -> void
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
+
 
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Unshipped.txt
@@ -3,6 +3,4 @@ Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProvi
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
-Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
@@ -248,3 +248,5 @@ virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.get
 virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.set -> void
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.get -> System.Collections.Generic.IDictionary<string!, object!>?
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.set -> void
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
@@ -3,6 +3,4 @@ Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProvi
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
-Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Shipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Shipped.txt
@@ -252,3 +252,5 @@ virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.get
 virtual Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority.set -> void
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.get -> System.Collections.Generic.IDictionary<string!, object!>?
 Microsoft.Identity.Abstractions.AcquireTokenOptions.ExtraParameters.set -> void
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
+Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Unshipped.txt
@@ -3,6 +3,4 @@ Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProvi
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
 Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
-Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
-Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
diff --git a/test/Microsoft.Identity.Abstractions.Tests/CredentialDescriptionTest.cs b/test/Microsoft.Identity.Abstractions.Tests/CredentialDescriptionTest.cs
@@ -197,7 +197,7 @@ public void Secret()
 
             Assert.Equal(CredentialType.Secret, credentialDescription.CredentialType);
             Assert.Null(credentialDescription.Container);
-            Assert.Equal(credentialDescription.ClientSecret, credentialDescription.ReferenceOrValue);
+            Assert.Equal("***", credentialDescription.ReferenceOrValue);
         }
 
         [Fact]
@@ -456,16 +456,25 @@ public void TestContainer(CredentialSource credentialSource)
         }
 
         // Ref/Value only
-        [Theory]
-        [InlineData(CredentialSource.ClientSecret)]
-        [InlineData(CredentialSource.SignedAssertionFromManagedIdentity)]
-        public void TestValueOrReference(CredentialSource credentialSource)
+        [Fact]
+        public void TestValueOrReferenceForSignedAssertionManagedIdentity()
         {
-            CredentialDescription credentialDescription = new CredentialDescription { SourceType = credentialSource };
+            CredentialDescription credentialDescription = new CredentialDescription 
+            { SourceType = CredentialSource.SignedAssertionFromManagedIdentity };
             credentialDescription.ReferenceOrValue = "referenceOrValue";
             Assert.Equal("referenceOrValue", credentialDescription.ReferenceOrValue);
         }
 
+        // Ref/Value only
+        [Fact]
+        public void TestValueOrReferenceForClientSecret()
+        {
+            CredentialDescription credentialDescription = new CredentialDescription
+            { SourceType = CredentialSource.ClientSecret };
+            credentialDescription.ReferenceOrValue = "referenceOrValue";
+            Assert.Equal("***", credentialDescription.ReferenceOrValue);
+        }
+
         [Theory]
         [InlineData(CredentialSource.KeyVault, "KeyVaultUrl", "CertificateName")]
         [InlineData(CredentialSource.KeyVault, null, "CertificateName")]