Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
ab170e6
Use MSAL token cache for confidential client credentials
jianghaolu May 21, 2020
5939411
Checkstyle: log exception
jianghaolu May 21, 2020
9a75ef9
improve cert parse error
jianghaolu May 21, 2020
4d99147
Check token refresh offset after read from cache
jianghaolu May 26, 2020
37f8d75
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jun 3, 2020
354bc07
Revert changes in azure-core for backward compatibility
jianghaolu Jun 3, 2020
0f53d6d
Add getTokenRefreshOffset() to TokenCredential
jianghaolu Jun 4, 2020
ca8b3a1
add a test for custom expiry
jianghaolu Jun 4, 2020
b61e2f4
Fix javadoc
jianghaolu Jun 4, 2020
48083bc
Fix amqp test
jianghaolu Jun 4, 2020
2e57b82
Use predicate over function
jianghaolu Jun 4, 2020
ef0869a
Fix new test
jianghaolu Jun 4, 2020
a4d383e
Allow equals 2000 in new test
jianghaolu Jun 4, 2020
616d4b9
make test safer
jianghaolu Jun 4, 2020
a9f4089
Fix 2 minute offset in MSITests
jianghaolu Jun 4, 2020
268de3b
Checkstyle
jianghaolu Jun 4, 2020
fb8809d
Use unreleased_ prefix for azure core dependencies
jianghaolu Jun 4, 2020
badd929
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jun 4, 2020
8632a8a
Use new logic for proactive token refresh
jianghaolu Jun 11, 2020
11b84f6
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jun 17, 2020
54033d1
Use unreleased azure-core versions in identity
jianghaolu Jun 17, 2020
ec48f39
Use TokenRefreshOptions for TokenCredential
jianghaolu Jun 18, 2020
e58d485
Use token refresh options in simple token cache
jianghaolu Jun 18, 2020
8ebb829
Make tests run faster with configurable refresh timeout
jianghaolu Jun 19, 2020
f9d64bd
Fix build issues in IdentityClient
jianghaolu Jun 19, 2020
3013a21
Fix token cache test
jianghaolu Jun 19, 2020
3741805
Refname tokenRefreshTimeout to tokenRefreshRetryTimeout
jianghaolu Jun 19, 2020
c877d9c
Increase test stability
jianghaolu Jun 19, 2020
b896554
Remove println in token cache
jianghaolu Jun 20, 2020
4e0b6e8
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jun 22, 2020
9f8f8f8
Merge branch 'tokenrefreshoffset' of github.com:jianghaolu/azure-sdk-…
jianghaolu Jun 22, 2020
49628e3
Simplify fallback logic
jianghaolu Jun 22, 2020
8ebadeb
Help spotbugs understand the code
jianghaolu Jun 22, 2020
649593f
Add token refresh options to simple token cache
jianghaolu Jun 22, 2020
8fc5508
Fix amqp test
jianghaolu Jun 22, 2020
7d4c095
Improve token refresh
jianghaolu Jun 24, 2020
4eff3c1
Address Alan & CI's feedback
jianghaolu Jun 24, 2020
400396b
migrate more from identity
jianghaolu Jun 24, 2020
75987f7
Merge branch 'master' into simpletokencache
jianghaolu Jun 25, 2020
886cac3
Checkstyle
jianghaolu Jun 25, 2020
f234570
Merge branch 'simpletokencache' of github.com:jianghaolu/azure-sdk-fo…
jianghaolu Jun 25, 2020
89084c5
Merge branch 'master' into tokenrefreshoffset
jianghaolu Jun 25, 2020
4b6eec0
Fit and finish
jianghaolu Jun 26, 2020
cbb4438
Simply properties in TokenRefreshOptions
jianghaolu Jun 29, 2020
fcbb2f4
Merge branch 'simpletokencache' of github.com:jianghaolu/azure-sdk-fo…
jianghaolu Jun 30, 2020
24ff0a5
Fix according to new azure-core changes
jianghaolu Jun 30, 2020
16a2922
Merge branch 'tokenrefreshoffset' of github.com:jianghaolu/azure-sdk-…
jianghaolu Jun 30, 2020
cbe6259
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jun 30, 2020
b810bc5
Add IdentityTokenRefreshOptions
jianghaolu Jul 2, 2020
392e5e7
Fix javadocs
jianghaolu Jul 2, 2020
0d24ded
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jul 6, 2020
ca3df3d
Checkstyle - license header
jianghaolu Jul 6, 2020
587c3cc
checkstyle - final
jianghaolu Jul 6, 2020
f2c7ca2
Use released azure-core 1.7.0-beta.1
jianghaolu Jul 9, 2020
0dbf7f4
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jul 9, 2020
b99c60c
Reset changes in core
jianghaolu Jul 9, 2020
b87cbcf
Merge branch 'master' of github.com:Azure/azure-sdk-for-java into tok…
jianghaolu Jul 9, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions eng/versioning/version_client.txt
Original file line number Diff line number Diff line change
Expand Up @@ -68,12 +68,11 @@ com.microsoft.azure:spring-data-cosmosdb;3.0.0-beta.1;3.0.0-beta.1
# unreleased_<groupId>:<artifactId>;dependency-version
# note: The unreleased dependencies will not be manipulated with the automatic PR creation code.

unreleased_com.azure:azure-messaging-servicebus;7.0.0-beta.4

# Released Beta dependencies: Copy the entry from above, prepend "beta_", remove the current
# version and set the version to the released beta. Released beta dependencies are only valid
# for dependency versions. These entries are specifically for when we've released a beta for
# a library but need to keep the dependency version at the latest released GA.
# Format;
# beta_<groupId>:<artifactId>;dependency-version
# note: Released beta versions will not be manipulated with the automatic PR creation code.
beta_com.azure:azure-core;1.7.0-beta.1
2 changes: 1 addition & 1 deletion sdk/identity/azure-identity/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-core</artifactId>
<version>1.6.0</version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
<version>1.7.0-beta.1</version> <!-- {x-version-update;beta_com.azure:azure-core;dependency} -->
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -27,6 +28,7 @@ public class AuthorizationCodeCredential implements TokenCredential {
private final String authCode;
private final URI redirectUri;
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final AtomicReference<MsalAuthenticationAccount> cachedToken;
private final ClientLogger logger = new ClientLogger(AuthorizationCodeCredential.class);

Expand All @@ -46,6 +48,7 @@ public class AuthorizationCodeCredential implements TokenCredential {
.clientId(clientId)
.identityClientOptions(identityClientOptions)
.build();
this.identityClientOptions = identityClientOptions;
this.cachedToken = new AtomicReference<>();
this.authCode = authCode;
this.redirectUri = redirectUri;
Expand All @@ -71,4 +74,9 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
.doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request))
.doOnError(error -> LoggingUtil.logTokenError(logger, request, error));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -21,6 +22,7 @@
@Immutable
public class AzureCliCredential implements TokenCredential {
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final ClientLogger logger = new ClientLogger(AzureCliCredential.class);

/**
Expand All @@ -29,6 +31,7 @@ public class AzureCliCredential implements TokenCredential {
*/
AzureCliCredential(IdentityClientOptions identityClientOptions) {
identityClient = new IdentityClientBuilder().identityClientOptions(identityClientOptions).build();
this.identityClientOptions = identityClientOptions;
}

@Override
Expand All @@ -37,4 +40,9 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
.doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request))
.doOnError(error -> LoggingUtil.logTokenError(logger, request, error));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.util.logging.ClientLogger;
Expand All @@ -25,6 +26,7 @@
*/
@Immutable
public class ChainedTokenCredential implements TokenCredential {
private volatile TokenRefreshOptions tokenRefreshOptions;
private final ClientLogger logger = new ClientLogger(getClass());
private final List<TokenCredential> credentials;
private final String unavailableError = this.getClass().getSimpleName() + " authentication failed. ---> ";
Expand Down Expand Up @@ -55,7 +57,7 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
logger.info("Azure Identity => Attempted credential {} is unavailable.",
p.getClass().getSimpleName());
return Mono.empty();
}), 1)
}).doOnNext(t -> tokenRefreshOptions = p.getTokenRefreshOptions()), 1)
.next()
.switchIfEmpty(Mono.defer(() -> {
// Chain Exceptions.
Expand All @@ -69,6 +71,11 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
}));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return tokenRefreshOptions;
}


/**
* Get the read-only list of credentials sequentially used to attempt authentication.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -28,6 +29,7 @@
@Immutable
public class ClientCertificateCredential implements TokenCredential {
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final ClientLogger logger = new ClientLogger(ClientCertificateCredential.class);

/**
Expand All @@ -48,6 +50,7 @@ public class ClientCertificateCredential implements TokenCredential {
.certificatePassword(certificatePassword)
.identityClientOptions(identityClientOptions)
.build();
this.identityClientOptions = identityClientOptions;
}

@Override
Expand All @@ -58,4 +61,9 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
.doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request))
.doOnError(error -> LoggingUtil.logTokenError(logger, request, error));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -28,6 +29,7 @@
@Immutable
public class ClientSecretCredential implements TokenCredential {
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final ClientLogger logger = new ClientLogger(ClientSecretCredential.class);

/**
Expand All @@ -48,6 +50,7 @@ public class ClientSecretCredential implements TokenCredential {
.clientSecret(clientSecret)
.identityClientOptions(identityClientOptions)
.build();
this.identityClientOptions = identityClientOptions;
}

@Override
Expand All @@ -58,4 +61,9 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
.doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request))
.doOnError(error -> LoggingUtil.logTokenError(logger, request, error));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

package com.azure.identity;

import com.azure.core.credential.SimpleTokenCache;
import com.azure.core.http.HttpClient;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.ProxyOptions;
Expand Down Expand Up @@ -95,8 +96,16 @@ public T httpClient(HttpClient client) {
* token will be considered expired at and after the time of (actual
* expiry - token refresh offset). The default offset is 2 minutes.
*
* This is useful when network is congested and a request containing the
* token takes longer than normal to get to the server.
* This is used in {@link SimpleTokenCache} and {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy}
* to proactively retrieve a more up-to-date token before the cached token gets too close to its expiry.
*
* Extending this offset is recommended if it takes &gt; 2 minutes to reach the service (application is running on
* high load), or you would like to simply keep a more up-to-date token in the cache (more robust against token
* refresh API down times). The user is responsible for specifying a valid offset.
*
* When a proactive token refresh fails but the previously cached token is still valid,
* {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy} will NOT fail but return the previous valid
* token. Another proactive refresh will be attempted in 30 seconds.
*
* @param tokenRefreshOffset the duration before the actual expiry of a token to refresh it
* @return An updated instance of this builder with the token refresh offset set as specified.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

import com.azure.core.annotation.Immutable;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.identity.implementation.IdentityClientOptions;

import java.util.List;

Expand All @@ -22,6 +24,7 @@
*/
@Immutable
public final class DefaultAzureCredential extends ChainedTokenCredential {
private final IdentityClientOptions identityClientOptions;

/**
* Creates default DefaultAzureCredential instance to use. This will use AZURE_CLIENT_ID,
Expand All @@ -32,9 +35,16 @@ public final class DefaultAzureCredential extends ChainedTokenCredential {
* token cache.
*
* @param tokenCredentials the list of credentials to execute for authentication.
* @param identityClientOptions the options for configuring the identity client.
*/
DefaultAzureCredential(List<TokenCredential> tokenCredentials) {
DefaultAzureCredential(List<TokenCredential> tokenCredentials, IdentityClientOptions identityClientOptions) {
super(tokenCredentials);
this.identityClientOptions = identityClientOptions;
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ public DefaultAzureCredentialBuilder executorService(ExecutorService executorSer
* @return a {@link DefaultAzureCredential} with the current configurations.
*/
public DefaultAzureCredential build() {
return new DefaultAzureCredential(getCredentialsChain());
return new DefaultAzureCredential(getCredentialsChain(), identityClientOptions);
}

private ArrayList<TokenCredential> getCredentialsChain() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -26,6 +27,7 @@
public class DeviceCodeCredential implements TokenCredential {
private final Consumer<DeviceCodeInfo> challengeConsumer;
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final AtomicReference<MsalAuthenticationAccount> cachedToken;
private final String authorityHost;
private final boolean automaticAuthentication;
Expand All @@ -50,6 +52,7 @@ public class DeviceCodeCredential implements TokenCredential {
.identityClientOptions(identityClientOptions)
.build();
this.cachedToken = new AtomicReference<>();
this.identityClientOptions = identityClientOptions;
this.authorityHost = identityClientOptions.getAuthorityHost();
this.automaticAuthentication = automaticAuthentication;
if (identityClientOptions.getAuthenticationRecord() != null) {
Expand Down Expand Up @@ -126,4 +129,9 @@ private AccessToken updateCache(MsalToken msalToken) {
identityClient.getTenantId())));
return msalToken;
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.Configuration;
import com.azure.core.util.logging.ClientLogger;
Expand Down Expand Up @@ -128,6 +129,11 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
}
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}

private boolean verifyNotNull(String... configs) {
for (String config: configs) {
if (config == null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
Expand All @@ -30,6 +31,7 @@
public class IntelliJCredential implements TokenCredential {
private static final String AZURE_TOOLS_FOR_INTELLIJ_CLIENT_ID = "61d65f5a-6e3b-468b-af73-a033f5098c5c";
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final AtomicReference<MsalToken> cachedToken;
private final ClientLogger logger = new ClientLogger(IntelliJCredential.class);

Expand Down Expand Up @@ -72,6 +74,7 @@ public class IntelliJCredential implements TokenCredential {
.build();

this.cachedToken = new AtomicReference<>();
this.identityClientOptions = identityClientOptions;
}

@Override
Expand All @@ -92,4 +95,9 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
.doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request))
.doOnError(error -> LoggingUtil.logTokenError(logger, request, error));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRefreshOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
Expand All @@ -31,6 +32,7 @@
public class InteractiveBrowserCredential implements TokenCredential {
private final int port;
private final IdentityClient identityClient;
private final IdentityClientOptions identityClientOptions;
private final AtomicReference<MsalAuthenticationAccount> cachedToken;
private final boolean automaticAuthentication;
private final String authorityHost;
Expand All @@ -55,6 +57,7 @@ public class InteractiveBrowserCredential implements TokenCredential {
.clientId(clientId)
.identityClientOptions(identityClientOptions)
.build();
this.identityClientOptions = identityClientOptions;
cachedToken = new AtomicReference<>();
this.authorityHost = identityClientOptions.getAuthorityHost();
this.automaticAuthentication = automaticAuthentication;
Expand Down Expand Up @@ -115,12 +118,16 @@ public Mono<AuthenticationRecord> authenticate() {
return authenticate(new TokenRequestContext().addScopes(defaultScope));
}

@Override
public TokenRefreshOptions getTokenRefreshOptions() {
return identityClientOptions.getTokenRefreshOptions();
}

private AccessToken updateCache(MsalToken msalToken) {
cachedToken.set(
new MsalAuthenticationAccount(
new AuthenticationRecord(msalToken.getAuthenticationResult(),
identityClient.getTenantId())));
return msalToken;
}

}
Loading