Skip to content

Commit

Permalink
Hotfix Azure.Identity 1.12.1 (#46315)
Browse files Browse the repository at this point in the history
  • Loading branch information
christothes authored Sep 26, 2024
1 parent 75fb76b commit d01e747
Show file tree
Hide file tree
Showing 32 changed files with 139 additions and 72 deletions.
13 changes: 6 additions & 7 deletions eng/Packages.Data.props
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,9 @@
<!-- Other approved packages -->
<PackageReference Update="Microsoft.Azure.Amqp" Version="2.6.7" />
<PackageReference Update="Microsoft.Azure.WebPubSub.Common" Version="1.2.0" />
<PackageReference Update="Microsoft.Identity.Client" Version="4.61.3" />
<PackageReference Update="Microsoft.Identity.Client.Extensions.Msal" Version="4.61.3" />
<!--
TODO: This package needs to be released as GA and arch-board approved before taking a dependency in any stable SDK library.
Currently, it is referencd by Azure.Identity.Broker which is still in beta
-->
<PackageReference Update="Microsoft.Identity.Client.Broker" Version="4.61.3" />
<PackageReference Update="Microsoft.Identity.Client" Version="4.65.0" />
<PackageReference Update="Microsoft.Identity.Client.Extensions.Msal" Version="4.65.0" />
<PackageReference Update="Microsoft.Identity.Client.Broker" Version="4.65.0" />

<!-- TODO: Make sure this package is arch-board approved -->
<PackageReference Update="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.35.0" />
Expand All @@ -177,6 +173,9 @@
<PackageReference Update="Microsoft.AspNetCore.Http.Features" Version="[2.1.1,6.0)" />
</ItemGroup>

<ItemGroup Condition="$(MSBuildProjectName.StartsWith('Azure.AI.OpenAI'))">
<PackageReference Update="OpenAI" Version="2.0.0-beta.5" />
</ItemGroup>
<!--
Dependency versions for Track 2, Microsoft.* libraries.
These are dependencies for Track 2 integration packages
Expand Down
2 changes: 1 addition & 1 deletion eng/pipelines/templates/jobs/ci.mgmt.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
OSVmImage: windows-2022
MacOs:
Pool: Azure Pipelines
OSVmImage: "macos-11"
OSVmImage: "macos-latest"
pool:
name: $(Pool)
vmImage: $(OSVmImage)
Expand Down
2 changes: 1 addition & 1 deletion eng/pipelines/templates/stages/archetype-sdk-tool-pwsh.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ stages:
Image: 'MMSUbuntu20.04'
Mac:
Pool: 'Azure Pipelines'
Image: 'macos-11'
Image: 'macos-latest'

pool:
name: $(Pool)
Expand Down
4 changes: 2 additions & 2 deletions eng/pipelines/templates/stages/platform-matrix.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@
"Pool": "env:WINDOWSPOOL",
"TestTargetFramework": "net7.0"
},
"MacOS-11_NET6.0": {
"MacOS_NET6.0": {
"OSVmImage": "env:MACVMIMAGE",
"Pool": "env:MACPOOL",
"TestTargetFramework": "net6.0"
},
"MacOS-11_NET7.0": {
"MacOS_NET7.0": {
"OSVmImage": "env:MACVMIMAGE",
"Pool": "env:MACPOOL",
"TestTargetFramework": "net7.0"
Expand Down
2 changes: 1 addition & 1 deletion eng/pipelines/templates/variables/image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ variables:
- name: WINDOWSVMIMAGE
value: azsdk-pool-mms-win-2022-1espt
- name: MACVMIMAGE
value: macos-11
value: macos-latest

# Values required for pool.os field in 1es pipeline templates
- name: LINUXOS
Expand Down
6 changes: 6 additions & 0 deletions sdk/identity/Azure.Identity/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Release History

## 1.12.1 (2024-09-26)

### Bugs Fixed

- Updated to version 4.65.0 of Microsoft.Identity.Client to address a bug preventing the use of alternate authority types such as dStS ([4927](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4927)) .

## 1.12.0 (2024-06-17)

### Features Added
Expand Down
4 changes: 2 additions & 2 deletions sdk/identity/Azure.Identity/src/Azure.Identity.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
<PropertyGroup>
<Description>This is the implementation of the Azure SDK Client Library for Azure Identity</Description>
<AssemblyTitle>Microsoft Azure.Identity Component</AssemblyTitle>
<Version>1.12.0</Version>
<Version>1.12.1</Version>
<!--The ApiCompatVersion is managed automatically and should not generally be modified manually.-->
<ApiCompatVersion>1.11.2</ApiCompatVersion>
<ApiCompatVersion>1.12.0</ApiCompatVersion>
<PackageTags>Microsoft Azure Identity;$(PackageCommonTags)</PackageTags>
<TargetFrameworks>$(RequiredTargetFrameworks)</TargetFrameworks>
<NoWarn>$(NoWarn);3021;AZC0011</NoWarn>
Expand Down
15 changes: 15 additions & 0 deletions sdk/identity/Azure.Identity/src/MsalClientBase.cs
Original file line number Diff line number Diff line change
Expand Up @@ -108,5 +108,20 @@ await _clientWithCaeAsyncLock.GetLockOrValueAsync(true, default).ConfigureAwait(

return asyncLock.HasValue ? asyncLock.Value.Cache : null;
}

public UriBuilder BuildTenantIdWithAuthorityHost(string tenantId)
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost);
if (uriBuilder.Path.EndsWith("/"))
{
uriBuilder.Path = uriBuilder.Path + tenantId;
}
else
{
uriBuilder.Path = uriBuilder.Path + "/" + tenantId;
}

return uriBuilder;
}
}
}
25 changes: 9 additions & 16 deletions sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -169,12 +169,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenForClientCoreAs

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -212,14 +210,13 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAsync
IConfidentialClientApplication client = await GetClientAsync(enableCae, async, cancellationToken).ConfigureAwait(false);

var builder = client.AcquireTokenSilent(scopes, account);

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -260,12 +257,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenByAuthorization

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -306,12 +301,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenOnBehalfOfCoreA

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down
34 changes: 11 additions & 23 deletions sdk/identity/Azure.Identity/src/MsalPublicClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,10 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAs
{
builder.WithClaims(claims);
}
if (tenantId != null)

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = TenantId ?? tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down Expand Up @@ -195,12 +193,9 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAs
// user authenticated to originally.
var builder = client.AcquireTokenSilent(scopes, (AuthenticationAccount)record);

if (tenantId != null || record.TenantId != null)
if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId ?? record.TenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down Expand Up @@ -310,14 +305,13 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenInteractiveC
{
builder.WithLoginHint(loginHint);
}
if (tenantId != null)

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (browserOptions != null)
{
if (browserOptions.UseEmbeddedWebView.HasValue)
Expand Down Expand Up @@ -359,10 +353,7 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenByUsernamePa
}
if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}
return await builder.ExecuteAsync(async, cancellationToken)
Expand Down Expand Up @@ -409,10 +400,7 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenByRefreshTok

if (!string.IsNullOrEmpty(TenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenant
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(TenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
RedirectUri = config.RedirectUri,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureDeveloperCli();
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
MsalClient = config.MockConfidentialMsalClient,
OidcRequestUri = "https://dev.azure.com/myorg/myproject/_apis/serviceendpoint/endpoints?api-version=2.2.2",
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30));
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
MsalClient = config.MockConfidentialMsalClient,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
46 changes: 46 additions & 0 deletions sdk/identity/Azure.Identity/tests/CredentialTestBase.cs
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,52 @@ public async Task CachingOptionsAreRespected()
Assert.AreEqual(actualToken1.Token, actualToken2.Token);
}

[Test]
public async Task AuthorityHostConfigSupportsdStS()
{
// Configure the transport
var token = Guid.NewGuid().ToString();
TransportConfig transportConfig = new()
{
TokenFactory = req => token,
RequestValidator = req =>
{
if (req.Content != null)
{
var stream = new MemoryStream();
req.Content.WriteTo(stream, default);
var content = new BinaryData(stream.ToArray()).ToString();
var queryString = Uri.UnescapeDataString(content)
.Split('&')
.Select(q => q.Split('='))
.ToDictionary(kvp => kvp[0], kvp => kvp[1]);
}
}
};
var factory = MockTokenTransportFactory(transportConfig);
var mockTransport = new MockTransport(factory);

var config = new CommonCredentialTestConfig()
{
TransportConfig = transportConfig,
Transport = mockTransport,
TenantId = TenantId,
AuthorityHost = new("https://usnorth-passive-dsts.dsts.core.windows.net/dstsv2"),
RedirectUri = new Uri("http://localhost:8400/")
};
var credential = GetTokenCredential(config);
if (!CredentialTestHelpers.IsMsalCredential(credential))
{
Assert.Ignore("EnableCAE tests do not apply to the non-MSAL credentials.");
}
transportConfig.IsPubClient = CredentialTestHelpers.IsCredentialTypePubClient(credential);

// First call to populate the account record for confidential client creds
await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), default);
var actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Alternate), default);
Assert.AreEqual(token, actualToken.Token);
}

public class MemoryTokenCache : UnsafeTokenCacheOptions
{
public ReadOnlyMemory<byte> Data { get; set; } = new ReadOnlyMemory<byte>();
Expand Down
Loading

0 comments on commit d01e747

Please sign in to comment.