From 07b26a95d75e3d23e8849c78cf0136c82e3d474e Mon Sep 17 00:00:00 2001 From: g2vinay Date: Tue, 14 Jul 2020 19:11:47 -0700 Subject: [PATCH 1/8] Identity API updates July 2020 --- .../azure/identity/AuthenticationRecord.java | 4 +-- .../AuthorizationCodeCredentialBuilder.java | 25 +++++++++---------- .../identity/ChainedTokenCredential.java | 10 -------- .../ClientCertificateCredentialBuilder.java | 19 +++++++++++--- .../ClientSecretCredentialBuilder.java | 19 +++++++++++--- .../identity/DefaultAzureCredential.java | 12 --------- .../identity/DeviceCodeCredentialBuilder.java | 22 ++++++++-------- .../InteractiveBrowserCredentialBuilder.java | 22 ++++++++-------- .../SharedTokenCacheCredentialBuilder.java | 12 ++++----- .../UsernamePasswordCredentialBuilder.java | 22 ++++++++-------- .../implementation/IdentityClientOptions.java | 23 ++++++++--------- 11 files changed, 89 insertions(+), 101 deletions(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java index eea996212a2f..e4d1415fb5fa 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java @@ -82,14 +82,14 @@ public String getUsername() { * @param outputStream The {@link OutputStream} to which the serialized record will be written to. * @return A {@link Mono} containing {@link Void} */ - public Mono serialize(OutputStream outputStream) { + public Mono serialize(OutputStream outputStream) { return Mono.defer(() -> { try { OBJECT_MAPPER.writeValue(outputStream, this); } catch (IOException e) { return Mono.error(e); } - return Mono.empty(); + return Mono.just(outputStream); }); } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java index c92e63932c07..1d0f9857edbd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java @@ -47,28 +47,27 @@ public AuthorizationCodeCredentialBuilder redirectUrl(String redirectUrl) { return this; } + /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. - * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public AuthorizationCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public AuthorizationCodeCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * - * @return An updated instance of this builder with if the shared token cache enabled specified. + * @return An updated instance of this builder. */ - public AuthorizationCodeCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public AuthorizationCodeCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java index ac36c7c6ac1a..4b2f8b65c4dd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java @@ -68,14 +68,4 @@ public Mono getToken(TokenRequestContext request) { return Mono.error(last); })); } - - - /** - * Get the read-only list of credentials sequentially used to attempt authentication. - * - * @return The list of {@link TokenCredential}. - */ - public List getCredentials() { - return credentials; - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java index d606909a3690..fde02f002537 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java @@ -41,14 +41,25 @@ public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath, } /** - * Sets whether to enable using the shared token cache. This is disabled by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param enabled indicates whether to enable using the shared token cache. + * @return An updated instance of this builder. + */ + public ClientCertificateCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); + return this; + } + + /** + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder. */ - public ClientCertificateCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public ClientCertificateCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java index a5382f140665..c16677b61bcd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java @@ -26,14 +26,25 @@ public ClientSecretCredentialBuilder clientSecret(String clientSecret) { } /** - * Sets whether to enable using the shared token cache. This is disabled by default. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * - * @param enabled indicates whether to enable using the shared token cache. + * @return An updated instance of this builder. + */ + public ClientSecretCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); + return this; + } + + /** + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * * @return An updated instance of this builder. */ - public ClientSecretCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public ClientSecretCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java index 54ede1c8522d..1b35dad0dd53 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java @@ -36,16 +36,4 @@ public final class DefaultAzureCredential extends ChainedTokenCredential { DefaultAzureCredential(List tokenCredentials) { super(tokenCredentials); } - - - /** - * {@inheritDoc} - * The credentials in the returned list and their order may change in future versions of Identity. - * This API is not intended to be used in production ready code and should only be used for development purposes. - * - * @return The list of {@link TokenCredential}. - */ - public List getCredentials() { - return super.getCredentials(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java index 3876940480b1..40a6fcc38842 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java @@ -31,27 +31,25 @@ public DeviceCodeCredentialBuilder challengeConsumer( } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public DeviceCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public DeviceCodeCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public DeviceCodeCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public DeviceCodeCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java index b81d98d3c8e7..3dcf1d653777 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java @@ -30,27 +30,25 @@ public InteractiveBrowserCredentialBuilder port(int port) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public InteractiveBrowserCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public InteractiveBrowserCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public InteractiveBrowserCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public InteractiveBrowserCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java index c12675635300..4317d21c7628 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java @@ -24,15 +24,13 @@ public SharedTokenCacheCredentialBuilder username(String username) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public SharedTokenCacheCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public SharedTokenCacheCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java index d1204b6bc8f4..03ff436cbb40 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java @@ -37,27 +37,25 @@ public UsernamePasswordCredentialBuilder password(String password) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public UsernamePasswordCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public UsernamePasswordCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public UsernamePasswordCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public UsernamePasswordCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index e32789a742f1..06c4ee944da3 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -61,8 +61,6 @@ public IdentityClientOptions() { authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, KnownAuthorityHosts.AZURE_CLOUD); maxRetry = MAX_RETRY_DEFAULT_LIMIT; retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1)); - allowUnencryptedCache = false; - sharedTokenCacheEnabled = false; } /** @@ -238,16 +236,15 @@ PersistenceSettings getConfidentialClientPersistenceSettings() { .build(); } + /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. - * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * * @return The updated identity client options. */ - public IdentityClientOptions allowUnencryptedCache(boolean allowUnencryptedCache) { - this.allowUnencryptedCache = allowUnencryptedCache; + public IdentityClientOptions allowUnencryptedCache() { + this.allowUnencryptedCache = true; return this; } @@ -270,14 +267,14 @@ public boolean isSharedTokenCacheEnabled() { } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enable using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the client will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return The updated identity client options. */ - public IdentityClientOptions enablePersistentCache(boolean enabled) { - this.sharedTokenCacheEnabled = enabled; + public IdentityClientOptions enablePersistentCache() { + this.sharedTokenCacheEnabled = true; return this; } From 4a6da7e21afa81d1e4d9535512940d695fe6fa40 Mon Sep 17 00:00:00 2001 From: g2vinay Date: Wed, 15 Jul 2020 11:29:37 -0700 Subject: [PATCH 2/8] update identity versions --- .../com/azure/identity/SharedTokenCacheCredentialBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java index 4317d21c7628..69ffa263a444 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java @@ -41,6 +41,6 @@ public SharedTokenCacheCredentialBuilder allowUnencryptedCache() { */ public SharedTokenCacheCredential build() { return new SharedTokenCacheCredential(username, clientId, tenantId, - identityClientOptions.enablePersistentCache(true)); + identityClientOptions.enablePersistentCache()); } } From faa0fecf27498020314671e449cf0665e8179a3e Mon Sep 17 00:00:00 2001 From: g2vinay Date: Wed, 15 Jul 2020 12:00:00 -0700 Subject: [PATCH 3/8] update docs --- .../main/java/com/azure/identity/DeviceCodeCredential.java | 4 ++-- .../java/com/azure/identity/InteractiveBrowserCredential.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 28935a696231..304a35925f8f 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -91,7 +91,7 @@ public Mono getToken(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate(TokenRequestContext request) { return Mono.defer(() -> identityClient.authenticateWithDeviceCode(request, challengeConsumer)) @@ -108,7 +108,7 @@ public Mono authenticate(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java index 49b68c4bf1b2..4070f22756e9 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java @@ -91,7 +91,7 @@ public Mono getToken(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate(TokenRequestContext request) { return Mono.defer(() -> identityClient.authenticateWithBrowserInteraction(request, port)) @@ -104,7 +104,7 @@ public Mono authenticate(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); From aa15c3236a2a90959a8bc17c34030b0bbd57f59e Mon Sep 17 00:00:00 2001 From: g2vinay Date: Tue, 21 Jul 2020 18:19:40 -0700 Subject: [PATCH 4/8] update API after consistency review --- .../azure/identity/AuthenticationRecord.java | 14 ++++++++++- .../identity/AuthorizationCodeCredential.java | 2 +- .../AuthorizationCodeCredentialBuilder.java | 23 ------------------- ...ityHosts.java => AzureAuthorityHosts.java} | 20 ++++++++-------- .../azure/identity/DeviceCodeCredential.java | 2 +- .../InteractiveBrowserCredential.java | 8 +++---- .../InteractiveBrowserCredentialBuilder.java | 15 ++---------- .../identity/UsernamePasswordCredential.java | 4 ++-- .../implementation/IdentityClientOptions.java | 4 ++-- .../implementation/IntelliJCacheAccessor.java | 12 +++++----- .../VisualStudioCacheAccessor.java | 12 +++++----- 11 files changed, 46 insertions(+), 70 deletions(-) rename sdk/identity/azure-identity/src/main/java/com/azure/identity/{KnownAuthorityHosts.java => AzureAuthorityHosts.java} (67%) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java index e4d1415fb5fa..5098ddd399a0 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java @@ -30,10 +30,13 @@ public class AuthenticationRecord { @JsonProperty("username") private String username; + @JsonProperty("clientId") + private String clientId; + AuthenticationRecord() { } - AuthenticationRecord(IAuthenticationResult authenticationResult, String tenantId) { + AuthenticationRecord(IAuthenticationResult authenticationResult, String tenantId, String clientId) { authority = authenticationResult.account().environment(); homeAccountId = authenticationResult.account().homeAccountId(); username = authenticationResult.account().username(); @@ -67,6 +70,15 @@ public String getTenantId() { return tenantId; } + /** + * Get the client id, which the account authenticated for. + * + * @return the client id. + */ + public String getClientId() { + return clientId; + } + /** * Get the user principal name of the account. * diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java index 1f42ff2c97e6..aa2a7ff47401 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java @@ -67,7 +67,7 @@ public Mono getToken(TokenRequestContext request) { .map(msalToken -> { cachedToken.set(new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return (AccessToken) msalToken; }) .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java index e64ec93be90a..a1350685a298 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java @@ -48,29 +48,6 @@ public AuthorizationCodeCredentialBuilder redirectUrl(String redirectUrl) { return this; } - /** - * Allows to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is restricted by default. - * - * @return An updated instance of this builder. - */ - public AuthorizationCodeCredentialBuilder allowUnencryptedCache() { - this.identityClientOptions.allowUnencryptedCache(); - return this; - } - - /** - * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens - * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials - * and processes. - * - * @return An updated instance of this builder. - */ - public AuthorizationCodeCredentialBuilder enablePersistentCache() { - this.identityClientOptions.enablePersistentCache(); - return this; - } - /** * Sets the client secret for the authentication. This is required for AAD web apps. Do not set this for AAD native * apps. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java similarity index 67% rename from sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java rename to sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java index deafcbc486b9..42085d71fdd9 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java @@ -6,40 +6,40 @@ /** * Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds. */ -public final class KnownAuthorityHosts { +public final class AzureAuthorityHosts { - private KnownAuthorityHosts() { } + private AzureAuthorityHosts() { } /** * The host of the Azure Active Directory authority for tenants in the Azure Public Cloud. */ - public static final String AZURE_CLOUD = "https://login.microsoftonline.com/"; + public static final String AZURE_PUBLIC_CLOUD = "https://login.microsoftonline.com/"; /** * The host of the Azure Active Directory authority for tenants in the Azure China Cloud. */ - public static final String AZURE_CHINA_CLOUD = "https://login.chinacloudapi.cn/"; + public static final String AZURE_CHINA = "https://login.chinacloudapi.cn/"; /** * The host of the Azure Active Directory authority for tenants in the Azure German Cloud. */ - public static final String AZURE_GERMAN_CLOUD = "https://login.microsoftonline.de/"; + public static final String AZURE_GERMANY = "https://login.microsoftonline.de/"; /** * The host of the Azure Active Directory authority for tenants in the Azure US Government Cloud. */ - public static final String AZURE_US_GOVERNMENT = "https://login.microsoftonline.us/"; + public static final String AZURE_GOVERNMENT = "https://login.microsoftonline.us/"; static String getDefaultScope(String authorityHost) { switch (authorityHost) { - case AZURE_CLOUD: + case AZURE_PUBLIC_CLOUD: return "https://management.core.windows.net//.default"; - case AZURE_CHINA_CLOUD: + case AZURE_CHINA: return "https://management.core.chinacloudapi.cn//.default"; - case AZURE_GERMAN_CLOUD: + case AZURE_GERMANY: return "https://management.core.cloudapi.de//.default"; - case AZURE_US_GOVERNMENT: + case AZURE_GOVERNMENT: return "https://management.core.usgovcloudapi.net//.default"; default: return null; diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 304a35925f8f..602432c4ca5c 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -111,7 +111,7 @@ public Mono authenticate(TokenRequestContext request) { * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java index 8e996873ccdb..15bd1807f9df 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java @@ -42,19 +42,17 @@ public class InteractiveBrowserCredential implements TokenCredential { * {@code http://localhost:{port}} must be registered as a valid reply URL on the application. * * @param clientId the client ID of the application - * @param clientSecret the client secret of the application * @param tenantId the tenant ID of the application * @param port the port on which the credential will listen for the browser authentication result * @param automaticAuthentication indicates whether automatic authentication should be attempted or not. * @param identityClientOptions the options for configuring the identity client */ InteractiveBrowserCredential(String clientId, String tenantId, int port, boolean automaticAuthentication, - String clientSecret, IdentityClientOptions identityClientOptions) { + IdentityClientOptions identityClientOptions) { this.port = port; identityClient = new IdentityClientBuilder() .tenantId(tenantId) .clientId(clientId) - .clientSecret(clientSecret) .identityClientOptions(identityClientOptions) .build(); cachedToken = new AtomicReference<>(); @@ -109,7 +107,7 @@ public Mono authenticate(TokenRequestContext request) { * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); @@ -121,7 +119,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java index a0ec860e4df1..cf90cf6fa19d 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java @@ -66,17 +66,6 @@ public InteractiveBrowserCredentialBuilder authenticationRecord(AuthenticationRe return this; } - /** - * Sets the client secret for the authentication. This is required for AAD web apps. Do not set this for AAD native - * apps. - * @param clientSecret the secret value of the AAD application. - * @return the InteractiveBrowserCredentialBuilder itself - */ - public InteractiveBrowserCredentialBuilder clientSecret(String clientSecret) { - this.clientSecret = clientSecret; - return this; - } - /** * Disables the automatic authentication and prevents the {@link InteractiveBrowserCredential} from automatically * prompting the user. If automatic authentication is disabled a {@link AuthenticationRequiredException} @@ -102,7 +91,7 @@ public InteractiveBrowserCredential build() { put("clientId", clientId); put("port", port); }}); - return new InteractiveBrowserCredential(clientId, tenantId, port, automaticAuthentication, clientSecret, - identityClientOptions); + return new InteractiveBrowserCredential(clientId, tenantId, port, automaticAuthentication, + identityClientOptions); } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java index 135cbef914f1..6c86dcc239dc 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java @@ -92,7 +92,7 @@ public Mono authenticate(TokenRequestContext request) { * @return The {@link AuthenticationRecord} of the authenticated account. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); @@ -104,7 +104,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index 06c4ee944da3..696732640d5c 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -8,7 +8,7 @@ import com.azure.core.http.ProxyOptions; import com.azure.core.util.Configuration; import com.azure.identity.AuthenticationRecord; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.microsoft.aad.msal4jextensions.PersistenceSettings; import com.sun.jna.Platform; @@ -58,7 +58,7 @@ public final class IdentityClientOptions { */ public IdentityClientOptions() { Configuration configuration = Configuration.getGlobalConfiguration(); - authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, KnownAuthorityHosts.AZURE_CLOUD); + authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, AzureAuthorityHosts.AZURE_PUBLIC_CLOUD); maxRetry = MAX_RETRY_DEFAULT_LIMIT; retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1)); } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java index 32c95c8971c3..5fb52a754c38 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java @@ -6,7 +6,7 @@ import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.CredentialUnavailableException; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.microsoft.aad.msal4jextensions.persistence.mac.KeyChainAccessor; @@ -217,15 +217,15 @@ public String getAzureAuthHost(String azureEnvironment) { switch (azureEnvironment) { case "GLOBAL": - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; case "CHINA": - return KnownAuthorityHosts.AZURE_CHINA_CLOUD; + return AzureAuthorityHosts.AZURE_CHINA; case "GERMAN": - return KnownAuthorityHosts.AZURE_GERMAN_CLOUD; + return AzureAuthorityHosts.AZURE_GERMANY; case "US_GOVERNMENT": - return KnownAuthorityHosts.AZURE_US_GOVERNMENT; + return AzureAuthorityHosts.AZURE_GOVERNMENT; default: - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java index 82ca15b48bbf..759e83a2e815 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java @@ -6,7 +6,7 @@ import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.CredentialUnavailableException; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.microsoft.aad.msal4jextensions.persistence.mac.KeyChainAccessor; @@ -161,15 +161,15 @@ public String getAzureAuthHost(String cloud) { switch (cloud) { case "Azure": - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; case "AzureChina": - return KnownAuthorityHosts.AZURE_CHINA_CLOUD; + return AzureAuthorityHosts.AZURE_CHINA; case "AzureGermanCloud": - return KnownAuthorityHosts.AZURE_GERMAN_CLOUD; + return AzureAuthorityHosts.AZURE_GERMANY; case "AzureUSGovernment": - return KnownAuthorityHosts.AZURE_US_GOVERNMENT; + return AzureAuthorityHosts.AZURE_GOVERNMENT; default: - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; } } From c18e0629aa1caedb8ca70c011e9bf7ed0df128de Mon Sep 17 00:00:00 2001 From: g2vinay Date: Tue, 21 Jul 2020 18:40:24 -0700 Subject: [PATCH 5/8] update code --- .../src/main/java/com/azure/identity/AuthenticationRecord.java | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java index 5098ddd399a0..28aea0e5d5ec 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java @@ -41,6 +41,7 @@ public class AuthenticationRecord { homeAccountId = authenticationResult.account().homeAccountId(); username = authenticationResult.account().username(); this.tenantId = tenantId; + this.clientId = clientId; } /** From e0fa3d7d0e2d9608885f432c00de3ae546dee902 Mon Sep 17 00:00:00 2001 From: g2vinay Date: Tue, 21 Jul 2020 19:01:29 -0700 Subject: [PATCH 6/8] update docs --- .../src/main/java/com/azure/identity/AuthenticationRecord.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java index 28aea0e5d5ec..27b85edc8f37 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java @@ -72,7 +72,7 @@ public String getTenantId() { } /** - * Get the client id, which the account authenticated for. + * Get the client id of the application used for authentication. * * @return the client id. */ From 1a09bec758f4ef01a05a38adfe4fa57407e7b835 Mon Sep 17 00:00:00 2001 From: g2vinay Date: Wed, 22 Jul 2020 09:43:03 -0700 Subject: [PATCH 7/8] update code --- .../src/main/java/com/azure/identity/DeviceCodeCredential.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 602432c4ca5c..c4c74719d965 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -123,7 +123,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } } From 5a8562bad7c30b357875863bc0d3d3bee71ce0b6 Mon Sep 17 00:00:00 2001 From: g2vinay Date: Wed, 22 Jul 2020 11:58:57 -0700 Subject: [PATCH 8/8] fix checkstyle --- .../azure/identity/InteractiveBrowserCredentialBuilder.java | 1 - .../azure/identity/implementation/IdentityClientOptions.java | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java index cf90cf6fa19d..87b7982a4664 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java @@ -16,7 +16,6 @@ public class InteractiveBrowserCredentialBuilder extends AadCredentialBuilderBase { private int port; private boolean automaticAuthentication = true; - private String clientSecret; /** * Sets the port for the local HTTP server, for which {@code http://localhost:{port}} must be diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index 696732640d5c..eccf9e9f11bf 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -58,7 +58,8 @@ public final class IdentityClientOptions { */ public IdentityClientOptions() { Configuration configuration = Configuration.getGlobalConfiguration(); - authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, AzureAuthorityHosts.AZURE_PUBLIC_CLOUD); + authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, + AzureAuthorityHosts.AZURE_PUBLIC_CLOUD); maxRetry = MAX_RETRY_DEFAULT_LIMIT; retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1)); }