Azure
diff --git a/‎src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs
Lines changed: 178 additions & 0 deletions b/‎src/Accounts/Accounts.Test/AccessTokenCmdletTest.cs
Lines changed: 178 additions & 0 deletions
diff --git a/‎src/Accounts/Accounts/ChangeLog.md
Lines changed: 1 addition & 0 deletions b/‎src/Accounts/Accounts/ChangeLog.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Accounts/Accounts/Models/PSSecureAccessToken.cs
Lines changed: 47 additions & 0 deletions b/‎src/Accounts/Accounts/Models/PSSecureAccessToken.cs
Lines changed: 47 additions & 0 deletions
diff --git a/‎src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs
Lines changed: 18 additions & 8 deletions b/‎src/Accounts/Accounts/Token/GetAzureRmAccessToken.cs
Lines changed: 18 additions & 8 deletions
diff --git a/‎src/Accounts/Accounts/help/Add-AzEnvironment.md
Lines changed: 2 additions & 0 deletions b/‎src/Accounts/Accounts/help/Add-AzEnvironment.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Accounts/Accounts/help/Az.Accounts.md
Lines changed: 1 addition & 0 deletions b/‎src/Accounts/Accounts/help/Az.Accounts.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Accounts/Accounts/help/Disable-AzContextAutosave.md
Lines changed: 2 additions & 0 deletions b/‎src/Accounts/Accounts/help/Disable-AzContextAutosave.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Accounts/Accounts/help/Enable-AzContextAutosave.md
Lines changed: 2 additions & 0 deletions b/‎src/Accounts/Accounts/help/Enable-AzContextAutosave.md
Lines changed: 2 additions & 0 deletions
@@ -0,0 +1,178 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Common.Authentication;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.Common.Authentication.Models;
+using Microsoft.Azure.Commands.Profile;
+using Microsoft.Azure.Commands.Profile.Models;
+using Microsoft.Azure.Commands.ScenarioTest;
+using Microsoft.Azure.Commands.TestFx.Mocks;
+using Microsoft.Azure.ServiceManagement.Common.Models;
+using Microsoft.WindowsAzure.Commands.Common;
+using Microsoft.WindowsAzure.Commands.Common.Test.Mocks;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+using Moq;
+
+using System;
+using System.Linq;
+using System.Security;
+
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Microsoft.Azure.Commands.ResourceManager.Common.Test
+{
+    public class AccessTokenCmdletTests
+    {
+        private GetAzureRmAccessTokenCommand cmdlet;
+        private Mock<IAuthenticationFactory> factoryMock = new Mock<IAuthenticationFactory>();
+        private MockCommandRuntime mockedCommandRuntime;
+        private IAuthenticationFactory previousFactory = null;
+
+        private string tenantId = Guid.NewGuid().ToString();
+
+        public AccessTokenCmdletTests(ITestOutputHelper output)
+        {
+            TestExecutionHelpers.SetUpSessionAndProfile();
+            XunitTracingInterceptor.AddToContext(new XunitTracingInterceptor(output));
+
+            var defaultContext = new AzureContext(
+                new AzureSubscription()
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    Name = "Test subscription"
+                },
+                new AzureAccount()
+                {
+                    Id = "admin@contoso.com",
+                    Type = AzureAccount.AccountType.User
+                },
+                AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud],
+                new AzureTenant()
+                {
+                    Id = tenantId
+                });
+
+            mockedCommandRuntime = new MockCommandRuntime();
+            cmdlet = new GetAzureRmAccessTokenCommand()
+            {
+                CommandRuntime = mockedCommandRuntime,
+                DefaultProfile = new AzureRmProfile()
+            };
+            cmdlet.DefaultProfile.DefaultContext = defaultContext;
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestGetAccessTokenAsPlainText()
+        {
+            // Setup
+            cmdlet.TenantId = tenantId;
+            var fakeToken = "eyfaketoken.eyfaketoken";
+
+            var expected = new PSAccessToken { 
+                UserId = "faker@contoso.com",
+                TenantId = cmdlet.TenantId,
+                Token = fakeToken
+            };
+ 
+            factoryMock.Setup(t => t.Authenticate(
+                It.IsAny<IAzureAccount>(),
+                It.IsAny<IAzureEnvironment>(),
+                It.IsAny<string>(),
+                It.IsAny<SecureString>(),
+                It.IsAny<string>(),
+                It.IsAny<Action<string>>(),
+                It.IsAny<IAzureTokenCache>(),
+                It.IsAny<string>())).Returns(new MockAccessToken
+                {
+                    UserId = expected.UserId,
+                    LoginType = LoginType.OrgId,
+                    AccessToken = expected.Token,
+                    TenantId = expected.TenantId
+                });
+            previousFactory = AzureSession.Instance.AuthenticationFactory;
+            AzureSession.Instance.AuthenticationFactory = factoryMock.Object;
+
+            // Act
+            cmdlet.InvokeBeginProcessing();
+            cmdlet.ExecuteCmdlet();
+            cmdlet.InvokeEndProcessing();
+
+            //Verify
+            Assert.Single(mockedCommandRuntime.OutputPipeline);
+            var outputPipeline = mockedCommandRuntime.OutputPipeline;
+            Assert.Equal(expected.TenantId, ((PSAccessToken)outputPipeline.First()).TenantId);
+            Assert.Equal(expected.UserId, ((PSAccessToken)outputPipeline.First()).UserId);
+            Assert.Equal("Bearer", ((PSAccessToken)outputPipeline.First()).Type);
+            Assert.Equal(expected.Token, ((PSAccessToken)outputPipeline.First()).Token);
+
+            AzureSession.Instance.AuthenticationFactory = previousFactory;
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestGetAccessTokenAsSecureString()
+        {
+            // Setup
+            cmdlet.TenantId = tenantId;
+            cmdlet.AsSecureString = true;
+            var fakeToken = "eyfaketoken.eyfaketoken";
+
+            var expected = new PSSecureAccessToken();
+            expected.UserId = "faker@contoso.com";
+            expected.TenantId = cmdlet.TenantId;
+            expected.Token = fakeToken.ConvertToSecureString();
+
+
+            factoryMock.Setup(t => t.Authenticate(
+                It.IsAny<IAzureAccount>(),
+                It.IsAny<IAzureEnvironment>(),
+                It.IsAny<string>(),
+                It.IsAny<SecureString>(),
+                It.IsAny<string>(),
+                It.IsAny<Action<string>>(),
+                It.IsAny<IAzureTokenCache>(),
+                It.IsAny<string>())).Returns(new MockAccessToken
+                {
+                    UserId = expected.UserId,
+                    LoginType = LoginType.OrgId,
+                    AccessToken = fakeToken,
+                    TenantId = expected.TenantId
+                });
+            previousFactory = AzureSession.Instance.AuthenticationFactory;
+            AzureSession.Instance.AuthenticationFactory = factoryMock.Object;
+
+            // Act
+            cmdlet.InvokeBeginProcessing();
+            cmdlet.ExecuteCmdlet();
+            cmdlet.InvokeEndProcessing();
+
+            //Verify
+            Assert.Single(mockedCommandRuntime.OutputPipeline);
+            var outputPipeline = mockedCommandRuntime.OutputPipeline;
+            Assert.Equal(expected.TenantId, ((PSSecureAccessToken)outputPipeline.First()).TenantId);
+            Assert.Equal(expected.UserId, ((PSSecureAccessToken)outputPipeline.First()).UserId);
+            Assert.Equal("Bearer", ((PSSecureAccessToken)outputPipeline.First()).Type);
+            var expectedToken = expected.Token.ConvertToString();
+            var actualToken = ((PSSecureAccessToken)outputPipeline.First()).Token.ConvertToString();
+            Assert.Equal(expectedToken, actualToken);
+
+            AzureSession.Instance.AuthenticationFactory = previousFactory;
+        }
+    }
+}
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Added `AsSecureString` to `Get-AzAccessToken` to convert the returned token to SecureString [#24190].
 * Upgraded Azure.Core to 1.37.0.
 
 ## Version 2.16.0
 
@@ -0,0 +1,47 @@
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.WindowsAzure.Commands.Common;
+
+using System;
+using System.Security;
+
+namespace Microsoft.Azure.Commands.Profile.Models
+{
+    public class PSSecureAccessToken
+    {
+        public SecureString Token { get; set; }
+
+        public DateTimeOffset ExpiresOn { get; set; }
+
+        public string TenantId { get; set; }
+
+        public string UserId { get; set; }
+
+        public string Type { get; } = "Bearer";
+
+        public PSSecureAccessToken()
+        {
+
+        }
+
+        public PSSecureAccessToken(PSAccessToken accessToken)
+        {
+            Token = accessToken.Token.ConvertToSecureString();
+            ExpiresOn = accessToken.ExpiresOn;
+            TenantId = accessToken.TenantId;
+            UserId = accessToken.UserId;
+            Type = accessToken.Type;
+        }
+    }
+}
@@ -12,12 +12,6 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Management.Automation;
-using System.Text.Json;
-
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Profile.Models;
@@ -26,10 +20,16 @@
 using Microsoft.Azure.PowerShell.Authenticators;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 
+using System;
+using System.Linq;
+using System.Management.Automation;
+using System.Security;
+using System.Text.Json;
+
 namespace Microsoft.Azure.Commands.Profile
 {
     [Cmdlet(VerbsCommon.Get, AzureRMConstants.AzureRMPrefix + "AccessToken", DefaultParameterSetName = KnownResourceNameParameterSet)]
-    [OutputType(typeof(PSAccessToken))]
+    [OutputType(typeof(PSAccessToken), typeof(PSSecureAccessToken))]
     public class GetAzureRmAccessTokenCommand : AzureRMCmdlet
     {
         private const string ResourceUrlParameterSet = "ResourceUrl";
@@ -69,6 +69,9 @@ public class GetAzureRmAccessTokenCommand : AzureRMCmdlet
         [Parameter(Mandatory = false, HelpMessage = "Optional Tenant Id. Use tenant id of default context if not specified.")]
         public string TenantId { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Specify to convert output token as a secure string.")]
+        public SwitchParameter AsSecureString { get; set; }
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -134,7 +137,14 @@ public override void ExecuteCmdlet()
                 }
             }
 
-            WriteObject(result);
+            if (AsSecureString.IsPresent)
+            {
+                WriteObject(new PSSecureAccessToken(result));
+            }
+            else
+            {
+                WriteObject(result);
+            }
         }
     }
 }
@@ -59,6 +59,8 @@ The built-in environments AzureCloud and AzureChinaCloud target existing public
 
 ### Example 1: Creating and modifying a new environment
 <!-- Skip: Output cannot be splitted from code -->
+
+
 ```powershell
 Add-AzEnvironment -Name TestEnvironment `
         -ActiveDirectoryEndpoint TestADEndpoint `
 
@@ -77,6 +77,7 @@ Get the defaults set by the user in the current context.
 
 ### [Get-AzEnvironment](Get-AzEnvironment.md)
 Get endpoints and metadata for an instance of Azure services.
+`GalleryUrl` will be removed from ArmMetadata and so Azure PowerShell will no longer provide for its value in `PSAzureEnvironment`. Currently `GalleryUrl` is not used in Azure PowerShell products. Please do not reply on `GalleryUrl` anymore. 
 
 ### [Get-AzSubscription](Get-AzSubscription.md)
 Get subscriptions that the current account can access.
 
@@ -34,6 +34,8 @@ Disable autosave for the current user.
 Turn off autosaving Azure credentials in this powershell session. (autogenerated)
 
 <!-- Aladdin Generated Example -->
+
+
 ```powershell
 Disable-AzContextAutosave -Scope Process
 ```
 
@@ -47,6 +47,8 @@ Allow the Azure credential, account, and subscription information, to be saved a
 loaded when you open a PowerShell window in this PowerShell session. (autogenerated)
 
 <!-- Aladdin Generated Example -->
+
+
 ```powershell
 Enable-AzContextAutosave -Scope Process
 ```