diff --git a/.github/workflows/main_dixueweb0913.yml b/.github/workflows/main_dixueweb0913.yml
new file mode 100644
index 000000000000..5a3afbe919c5
--- /dev/null
+++ b/.github/workflows/main_dixueweb0913.yml
@@ -0,0 +1,56 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Node.js app to Azure Web App - dixueweb0913
+
+on:
+ push:
+ branches:
+ - main
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Set up Node.js version
+ uses: actions/setup-node@v1
+ with:
+ node-version: '16.x'
+
+ - name: npm install, build, and test
+ run: |
+ npm install
+ npm run build --if-present
+ npm run test --if-present
+
+ - name: Upload artifact for deployment job
+ uses: actions/upload-artifact@v2
+ with:
+ name: node-app
+ path: .
+
+ deploy:
+ runs-on: ubuntu-latest
+ needs: build
+ environment:
+ name: 'Production'
+ url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+
+ steps:
+ - name: Download artifact from build job
+ uses: actions/download-artifact@v2
+ with:
+ name: node-app
+
+ - name: 'Deploy to Azure Web App'
+ id: deploy-to-webapp
+ uses: azure/webapps-deploy@v2
+ with:
+ app-name: 'dixueweb0913'
+ slot-name: 'Production'
+ publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_7C582EB722D940F78A0850CF913C7D4D }}
+ package: .
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
index a284b04ef7a2..28202fe2da18 100644
--- a/src/Accounts/Accounts/ChangeLog.md
+++ b/src/Accounts/Accounts/ChangeLog.md
@@ -52,6 +52,7 @@
- `DisplayBreakingChangeWarning`: Controls if warning messages for breaking changes are displayed or suppressed.
- `EnableDataCollection`: When enabled, Azure PowerShell cmdlets send telemetry data to Microsoft to improve the customer experience.
* Upgraded System.Reflection.DispatchProxy on Windows PowerShell [#17856]
+* Supported specifying scope in `-ResourceUrl` of `Get-AzAccessToken` [#14085]
* Upgraded Azure.Identity to 1.6.0 and Azure.Core to 1.24.0
## Version 2.7.6
diff --git a/src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs b/src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs
index d9e476f70f50..83fc41bed0aa 100644
--- a/src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs
+++ b/src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs
@@ -12,12 +12,6 @@
// limitations under the License.
// ----------------------------------------------------------------------------------
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Management.Automation;
-using System.Text.Json;
-
using Microsoft.Azure.Commands.Common.Authentication;
using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
using Microsoft.Azure.Commands.Profile.Models;
@@ -25,6 +19,10 @@
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
using Microsoft.Azure.PowerShell.Authenticators;
using Microsoft.WindowsAzure.Commands.Utilities.Common;
+using System;
+using System.Linq;
+using System.Management.Automation;
+using System.Text.Json;
namespace Microsoft.Azure.Commands.Profile
{
@@ -38,7 +36,7 @@ public class GetAzureRmAccessTokenCommand : AzureRMCmdlet
[Parameter(ParameterSetName = ResourceUrlParameterSet,
Mandatory = true,
- HelpMessage = "Resource url for that you're requesting token, e.g. 'http://graph.windows.net/'.")]
+ HelpMessage = "Resource url for that you're requesting token, e.g. 'http://graph.windows.net/'. Permission can be appended.")]
[ValidateNotNullOrEmpty]
[Alias("Resource", "ResourceUri")]
public string ResourceUrl { get; set; }
diff --git a/src/Accounts/Accounts/help/Get-AzAccessToken.md b/src/Accounts/Accounts/help/Get-AzAccessToken.md
index ff3e53f5bd51..0b9d6a6777e1 100644
--- a/src/Accounts/Accounts/help/Get-AzAccessToken.md
+++ b/src/Accounts/Accounts/help/Get-AzAccessToken.md
@@ -8,7 +8,10 @@ schema: 2.0.0
# Get-AzAccessToken
## SYNOPSIS
-Get raw access token. When using -ResourceUrl, please make sure the value does match current Azure environment. You may refer to the value of `(Get-AzContext).Environment`.
+Get raw access token. The format of `-ResourceUrl` concatenates a desired resource identifier with an
+optional desired OAuth2 permission for that resource. Please make sure resource identifier matches current
+Azure environment. You may refer to the value of `(Get-AzContext).Environment`. If permission is not
+provided, `/.default` is appended automatically for all app-level permission.
## SYNTAX
@@ -83,7 +86,7 @@ Accept wildcard characters: False
```
### -ResourceUrl
-Resource url for that you're requesting token, e.g. 'https://graph.microsoft.com/'.
+Resource url for that you're requesting token, e.g. 'https://graph.microsoft.com/'. Permission can be appended.
```yaml
Type: String
diff --git a/src/Accounts/Authenticators/AuthenticationHelpers.cs b/src/Accounts/Authenticators/AuthenticationHelpers.cs
index b5671be93264..96d3e51b06bc 100644
--- a/src/Accounts/Authenticators/AuthenticationHelpers.cs
+++ b/src/Accounts/Authenticators/AuthenticationHelpers.cs
@@ -12,55 +12,33 @@
using Microsoft.Azure.Commands.Common.Authentication;
using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
using Microsoft.Identity.Client;
+using System;
namespace Microsoft.Azure.PowerShell.Authenticators
{
internal static class AuthenticationHelpers
{
internal const string PowerShellClientId = "1950a258-227b-4e31-a9cf-717495945fc2",
- EnableEbdMagicCookie = "site_id=501358&display=popup",
- UserImpersonationScope = "{0}/user_impersonation",
DefaultScope = "{0}/.default",
AdfsScope = "{0}/openid";
///
- /// Get the authority string given a tenant and environment
- ///
- /// The Azure environment
- /// The tenant Id
- /// The authrotity string, from the AAD endpoint and tenant ID
- internal static string GetAuthority(IAzureEnvironment environment, string tenant)
- {
- var tenantString = tenant ?? environment?.AdTenant ?? "organizations";
- return $"{environment.ActiveDirectoryAuthority}{tenantString}";
- }
-
- ///
- ///
- ///
- ///
- ///
- internal static Prompt GetPromptBehavior(string showDialog)
- {
- switch (showDialog)
- {
- case ShowDialog.Always:
- return Prompt.ForceLogin;
- case ShowDialog.Never:
- return Prompt.NoPrompt;
- default:
- return Prompt.SelectAccount;
- }
- }
-
- ///
- /// Get the scopes array for a given resource
+ /// Get the scopes array for a given resource. If resource URI doesn't contain permission, .default should be appended for all app-level permissions.
///
/// determines which scope to use
/// which resource will be requested
///
internal static string[] GetScope(bool onPremise, string resource)
{
+
+ if(!string.IsNullOrEmpty(resource))
+ {
+ Uri uri = new Uri(resource);
+ if(!string.IsNullOrWhiteSpace(uri.AbsolutePath) && !"/".Equals(uri.AbsolutePath))
+ {
+ return new string[] { resource };
+ }
+ }
var scopeTemplate = onPremise ? AdfsScope : DefaultScope;
return new string[] { string.Format(scopeTemplate, resource) };
}