Azure · billwert · Jul 28, 2023 · Jul 26, 2023 · Jul 27, 2023 · Jul 27, 2023
@@ -4,6 +4,7 @@
 
 ### Features Added
 - Added CAE Authentication support for Service principal authentication.
+- Added the ability to log PII from MSAL using new `enableSupportLogging` API.
 
 ### Other Changes
 

@@ -126,4 +126,15 @@ public T disableInstanceDiscovery() {
         this.identityClientOptions.disableInstanceDiscovery();
         return (T) this;
     }
+
+    /**
+     * Enables additional support logging for public and confidential client applications. This enables
+     * PII logging in MSAL4J as described <a href="https://learn.microsoft.com/azure/active-directory/develop/msal-logging-java#personal-and-organization-information">here.</a>
+     * @return An updated instance of this builder with additional support logging enabled.
+     */
+    @SuppressWarnings("unchecked")
+    public T enableSupportLogging() {
+        this.identityClientOptions.enableSupportLogging();
+        return (T) this;
+    }
 }
@@ -20,7 +20,7 @@
 
 /**
  * <p>Authorization Code authentication in Azure is a type of authentication mechanism that allows users to
- * authenticate with <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active
+ * authenticate with <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active
  * Directory (Azure AD)</a> and obtain an authorization code that can be used to request an access token to access
  * Azure resources. It is a widely used authentication mechanism and is supported by a wide range of Azure services
  * and applications. It provides a secure and scalable way to authenticate users and grant them access to Azure

@@ -13,7 +13,7 @@
  * <p>Fluent credential builder for instantiating a {@link AuthorizationCodeCredential}.</p>
  *
  * <p>Authorization Code authentication in Azure is a type of authentication mechanism that allows users to
- * authenticate with <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active
+ * authenticate with <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active
  * Directory (Azure AD)</a> and obtain an authorization code that can be used to request an access token to access
  * Azure resources. It is a widely used authentication mechanism and is supported by a wide range of Azure services
  * and applications. It provides a secure and scalable way to authenticate users and grant them access to Azure

@@ -18,9 +18,9 @@
 /**
  * <p>The Azure CLI is a command-line tool that allows users to manage Azure resources from their local machine or
  * terminal. It allows users to
- * <a href="https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli">authenticate interactively</a> as a
+ * <a href="https://learn.microsoft.com/cli/azure/authenticate-azure-cli">authenticate interactively</a> as a
  * user and/or a service principal against
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The AzureCliCredential authenticates in a development environment and acquires a token on behalf of the
  * logged-in user or service principal in Azure CLI. It acts as the Azure CLI logged in user or service principal
  * and executes an Azure CLI command underneath to authenticate the application against Azure Active Directory.</p>

@@ -17,9 +17,9 @@
  *
  * <p>The Azure CLI is a command-line tool that allows users to manage Azure resources from their local machine or
  * terminal. It allows users to
- * <a href="https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli">authenticate interactively</a> as a
+ * <a href="https://learn.microsoft.com/cli/azure/authenticate-azure-cli">authenticate interactively</a> as a
  * user and/or a service principal against
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The AzureCliCredential authenticates in a development environment and acquires a token on behalf of the
  * logged-in user or service principal in Azure CLI. It acts as the Azure CLI logged in user or service principal
  * and executes an Azure CLI command underneath to authenticate the application against Azure Active Directory.</p>

@@ -19,7 +19,7 @@
  * <p>Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
  * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
  * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
  * the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
  * service principal and executes an Azure CLI command underneath to authenticate the application against

@@ -18,7 +18,7 @@
  * <p>Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
  * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
  * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
  * the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
  * service principal and executes an Azure CLI command underneath to authenticate the application against

@@ -17,7 +17,7 @@
 /**
  * <p>The Azure Powershell is a command-line tool that allows users to manage Azure resources from their local machine
  * or terminal. It allows users to
- * <a href="https://learn.microsoft.com/en-us/powershell/azure/authenticate-azureps">authenticate interactively</a>
+ * <a href="https://learn.microsoft.com/powershell/azure/authenticate-azureps">authenticate interactively</a>
  * as a user and/or a service principal against
  * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The AzurePowershellCredential authenticates in a development environment and acquires a token on behalf of the

@@ -15,7 +15,7 @@
  *
  * <p>The Azure Powershell is a command-line tool that allows users to manage Azure resources from their local machine
  * or terminal. It allows users to
- * <a href="https://learn.microsoft.com/en-us/powershell/azure/authenticate-azureps">authenticate interactively</a>
+ * <a href="https://learn.microsoft.com/powershell/azure/authenticate-azureps">authenticate interactively</a>
  * as a user and/or a service principal against
  * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>. The {@link AzurePowerShellCredential} authenticates in a development environment and acquires a token on

@@ -25,7 +25,7 @@
  * In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about
  * the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then
  * sends this token to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> as proof of its identity. Azure AD verifies the token signature and checks that the service principal has
  * the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is
  * authorized, Azure AD issues an access token that the client application can use to access the requested resource.

@@ -18,7 +18,7 @@
  * In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about
  * the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then
  * sends this token to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> as proof of its identity. Azure AD verifies the token signature and checks that the service principal has
  * the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is
  * authorized, Azure AD issues an access token that the client application can use to access the requested resource.

@@ -21,12 +21,12 @@
 /**
  * <p>The ClientCertificateCredential acquires a token via service principal authentication. It is a type of
  * authentication in Azure that enables a non-interactive login to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>, allowing an application or service to authenticate itself with Azure resources.
  * A Service Principal is essentially an identity created for an application in Azure AD that can be used to
  * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides
  * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials.
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory
  * (Azure AD)</a> allows users to register service principals which can be used as an identity for authentication.
  * A client certificate associated with the registered service principal is used as the password when authenticating
  * the service principal.

@@ -13,12 +13,12 @@
  *
  * <p>The ClientCertificateCredential acquires a token via service principal authentication. It is a type of
  * authentication in Azure that enables a non-interactive login to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>, allowing an application or service to authenticate itself with Azure resources.
  * A Service Principal is essentially an identity created for an application in Azure AD that can be used to
  * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides
  * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials.
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory
  * (Azure AD)</a> allows users to register service principals which can be used as an identity for authentication.
  * A client certificate associated with the registered service principal is used as the password when authenticating
  * the service principal.

@@ -21,12 +21,12 @@
 /**
  * <p>The ClientSecretCredential acquires a token via service principal authentication. It is a type of authentication
  * in Azure that enables a non-interactive login to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>, allowing an application or service to authenticate itself with Azure resources.
  * A Service Principal is essentially an identity created for an application in Azure AD that can be used to
  * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides
  * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials.
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory
  * (Azure AD)</a> allows users to register service principals which can be used as an identity for authentication.
  * A client secret associated with the registered service principal is used as the password when authenticating the
  * service principal.

@@ -11,12 +11,12 @@
  *
  * <p>The {@link ClientSecretCredential} acquires a token via service principal authentication. It is a type of
  * authentication in Azure that enables a non-interactive login to
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a>, allowing an application or service to authenticate itself with Azure resources.
  * A Service Principal is essentially an identity created for an application in Azure AD that can be used to
  * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides
  * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials.
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory
  * (Azure AD)</a> allows users to register service principals which can be used as an identity for authentication.
  * A client secret associated with the registered service principal is used as the password when authenticating the
  * service principal.

@@ -24,12 +24,12 @@
  * <li>{@link ManagedIdentityCredential} - If the application deploys to an Azure host with Managed Identity enabled,
  * the DefaultAzureCredential will authenticate with that account.</li>
  * <li>{@link IntelliJCredential} - If you've authenticated via
- * <a href="https://learn.microsoft.com/en-us/azure/developer/java/toolkit-for-intellij/">Azure Toolkit for
+ * <a href="https://learn.microsoft.com/azure/developer/java/toolkit-for-intellij/">Azure Toolkit for
  * IntelliJ</a>, the DefaultAzureCredential will authenticate with that account.</li>
  * <li>{@link AzureCliCredential} - If you've authenticated an account via the Azure CLI {@code az login} command, the
  * DefaultAzureCredential will authenticate with that account.</li>
  * <li>{@link AzurePowerShellCredential} - If you've authenticated an account via the
- * <a href="https://learn.microsoft.com/en-us/powershell/azure/?view=azps-9.4.0">Azure Power Shell</a> {@code Az Login}
+ * <a href="https://learn.microsoft.com/powershell/azure/?view=azps-9.4.0">Azure Power Shell</a> {@code Az Login}
  * command, the DefaultAzureCredential will authenticate with that account.</li>
  * <li>Fails if none of the credentials above could be created.</li>
  * </ol>
@@ -72,7 +72,7 @@
  * <p><strong>Sample: Construct DefaultAzureCredential with User Assigned Managed Identity </strong></p>
  *
  * <p>User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> that is associated with one or more Azure resources. This identity can then be used to authenticate and
  * authorize access to various Azure services and resources. The following code sample demonstrates the creation of
  * a DefaultAzureCredential to target a user assigned managed identity, using the

@@ -43,7 +43,7 @@
  * <p><strong>Sample: Construct DefaultAzureCredential with User Assigned Managed Identity </strong></p>
  *
  * <p>User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> that is associated with one or more Azure resources. This identity can then be used to authenticate and
  * authorize access to various Azure services and resources. The following code sample demonstrates the creation of
  * a {@link DefaultAzureCredential} to target a user assigned managed identity, using the DefaultAzureCredentialBuilder

@@ -22,7 +22,7 @@
 
 /**
  * <p>Device code authentication is a type of authentication flow offered by
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> that allows users to sign in to applications on devices that don't have a web browser or a keyboard.
  * This authentication method is particularly useful for devices such as smart TVs, gaming consoles, and
  * Internet of Things (IoT) devices that may not have the capability to enter a username and password.

@@ -15,7 +15,7 @@
  * Fluent credential builder for instantiating a {@link DeviceCodeCredential}.
  *
  * <p>Device code authentication is a type of authentication flow offered by
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> that allows users to sign in to applications on devices that don't have a web browser or a keyboard.
  * This authentication method is particularly useful for devices such as smart TVs, gaming consoles, and
  * Internet of Things (IoT) devices that may not have the capability to enter a username and password.

@@ -24,11 +24,11 @@
 /**
  * <p>IntelliJ IDEA is an integrated development environment (IDE) developed by JetBrains, which provides a variety of
  * features to support software development, such as code completion, debugging, and testing.
- * Azure offers <a href="https://learn.microsoft.com/en-us/azure/developer/java/toolkit-for-intellij/">Azure Toolkit
+ * Azure offers <a href="https://learn.microsoft.com/azure/developer/java/toolkit-for-intellij/">Azure Toolkit
  * for IntelliJ plugin</a> for the IntelliJ IDEA development environment. It
  * enables developers to create, test, and deploy Java applications to the Azure cloud platform. In order to
  * use the plugin authentication as a user or service principal against
- * <a href="https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
  * </a> is required.
  * The IntelliJCredential authenticates in a development environment and acquires a token on behalf of the
  * logged-in account in Azure Toolkit for IntelliJ. It uses the logged in user information on the IntelliJ IDE and uses