diff --git a/eng/Packages.Data.props b/eng/Packages.Data.props index 88b34e60674f6..d123e62af7725 100644 --- a/eng/Packages.Data.props +++ b/eng/Packages.Data.props @@ -152,13 +152,9 @@ - - - - + + + @@ -177,6 +173,9 @@ + + + - 1.11.2 + 1.12.0 Microsoft Azure Identity;$(PackageCommonTags) $(RequiredTargetFrameworks) $(NoWarn);3021;AZC0011 diff --git a/sdk/identity/Azure.Identity/src/MsalClientBase.cs b/sdk/identity/Azure.Identity/src/MsalClientBase.cs index bc1cf064c7e53..b35a2be5b511a 100644 --- a/sdk/identity/Azure.Identity/src/MsalClientBase.cs +++ b/sdk/identity/Azure.Identity/src/MsalClientBase.cs @@ -108,5 +108,20 @@ await _clientWithCaeAsyncLock.GetLockOrValueAsync(true, default).ConfigureAwait( return asyncLock.HasValue ? asyncLock.Value.Cache : null; } + + public UriBuilder BuildTenantIdWithAuthorityHost(string tenantId) + { + UriBuilder uriBuilder = new UriBuilder(AuthorityHost); + if (uriBuilder.Path.EndsWith("/")) + { + uriBuilder.Path = uriBuilder.Path + tenantId; + } + else + { + uriBuilder.Path = uriBuilder.Path + "/" + tenantId; + } + + return uriBuilder; + } } } diff --git a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs index e9d5318f653d4..991c54a26112f 100644 --- a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs +++ b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs @@ -169,12 +169,10 @@ public virtual async ValueTask AcquireTokenForClientCoreAs if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } + if (!string.IsNullOrEmpty(claims)) { builder.WithClaims(claims); @@ -212,14 +210,13 @@ public virtual async ValueTask AcquireTokenSilentCoreAsync IConfidentialClientApplication client = await GetClientAsync(enableCae, async, cancellationToken).ConfigureAwait(false); var builder = client.AcquireTokenSilent(scopes, account); + if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } + if (!string.IsNullOrEmpty(claims)) { builder.WithClaims(claims); @@ -260,12 +257,10 @@ public virtual async ValueTask AcquireTokenByAuthorization if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } + if (!string.IsNullOrEmpty(claims)) { builder.WithClaims(claims); @@ -306,12 +301,10 @@ public virtual async ValueTask AcquireTokenOnBehalfOfCoreA if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } + if (!string.IsNullOrEmpty(claims)) { builder.WithClaims(claims); diff --git a/sdk/identity/Azure.Identity/src/MsalPublicClient.cs b/sdk/identity/Azure.Identity/src/MsalPublicClient.cs index 37df7f88673f1..3fc04e01baae4 100644 --- a/sdk/identity/Azure.Identity/src/MsalPublicClient.cs +++ b/sdk/identity/Azure.Identity/src/MsalPublicClient.cs @@ -128,12 +128,10 @@ protected virtual async ValueTask AcquireTokenSilentCoreAs { builder.WithClaims(claims); } - if (tenantId != null) + + if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = TenantId ?? tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } @@ -195,12 +193,9 @@ protected virtual async ValueTask AcquireTokenSilentCoreAs // user authenticated to originally. var builder = client.AcquireTokenSilent(scopes, (AuthenticationAccount)record); - if (tenantId != null || record.TenantId != null) + if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId ?? record.TenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } @@ -310,14 +305,13 @@ protected virtual async ValueTask AcquireTokenInteractiveC { builder.WithLoginHint(loginHint); } - if (tenantId != null) + + if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } + if (browserOptions != null) { if (browserOptions.UseEmbeddedWebView.HasValue) @@ -359,10 +353,7 @@ protected virtual async ValueTask AcquireTokenByUsernamePa } if (!string.IsNullOrEmpty(tenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenantId - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } return await builder.ExecuteAsync(async, cancellationToken) @@ -409,10 +400,7 @@ protected virtual async ValueTask AcquireTokenByRefreshTok if (!string.IsNullOrEmpty(TenantId)) { - UriBuilder uriBuilder = new UriBuilder(AuthorityHost) - { - Path = tenant - }; + UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(TenantId); builder.WithTenantIdFromAuthority(uriBuilder.Uri); } diff --git a/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs index 85c8912ee6eab..e24f1622cd4e6 100644 --- a/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/AuthorizationCodeCredentialTests.cs @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, RedirectUri = config.RedirectUri, + AuthorityHost = config.AuthorityHost }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs index 2117aa7d69f23..d3e76e23b516f 100644 --- a/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/AzureCliCredentialTests.cs @@ -35,6 +35,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, TenantId = config.TenantId, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost }; var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli(); var testProcess = new TestProcess { Output = processOutput }; diff --git a/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs index d15b6e1ce3559..b7bf800e0d0c0 100644 --- a/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/AzureDeveloperCliCredentialTests.cs @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, TenantId = config.TenantId, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost }; var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureDeveloperCli(); var testProcess = new TestProcess { Output = processOutput }; diff --git a/sdk/identity/Azure.Identity/tests/AzurePipelinesCredentialTests.cs b/sdk/identity/Azure.Identity/tests/AzurePipelinesCredentialTests.cs index 3dfe626c7ac90..e7ad3edde4838 100644 --- a/sdk/identity/Azure.Identity/tests/AzurePipelinesCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/AzurePipelinesCredentialTests.cs @@ -44,6 +44,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, MsalClient = config.MockConfidentialMsalClient, OidcRequestUri = "https://dev.azure.com/myorg/myproject/_apis/serviceendpoint/endpoints?api-version=2.2.2", + AuthorityHost = config.AuthorityHost }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs b/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs index 33905e0883af3..eb417519d4f5f 100644 --- a/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs +++ b/sdk/identity/Azure.Identity/tests/AzurePowerShellCredentialsTests.cs @@ -42,6 +42,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, TenantId = config.TenantId, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost }; var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30)); var testProcess = new TestProcess { Output = processOutput }; diff --git a/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs index 9600f39f6ff48..a16e9e296f16c 100644 --- a/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/ClientAssertionCredentialTests.cs @@ -37,6 +37,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, MsalClient = config.MockConfidentialMsalClient, + AuthorityHost = config.AuthorityHost }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs index e675f9a71d537..1461575474fec 100644 --- a/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/ClientCertificateCredentialTests.cs @@ -41,6 +41,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs index f3ef3e41171ed..9154fa6918cb0 100644 --- a/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/ClientSecretCredentialTests.cs @@ -30,6 +30,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs b/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs index 10ab25adb30cc..64c4d6e15b881 100644 --- a/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs +++ b/sdk/identity/Azure.Identity/tests/CredentialTestBase.cs @@ -422,6 +422,52 @@ public async Task CachingOptionsAreRespected() Assert.AreEqual(actualToken1.Token, actualToken2.Token); } + [Test] + public async Task AuthorityHostConfigSupportsdStS() + { + // Configure the transport + var token = Guid.NewGuid().ToString(); + TransportConfig transportConfig = new() + { + TokenFactory = req => token, + RequestValidator = req => + { + if (req.Content != null) + { + var stream = new MemoryStream(); + req.Content.WriteTo(stream, default); + var content = new BinaryData(stream.ToArray()).ToString(); + var queryString = Uri.UnescapeDataString(content) + .Split('&') + .Select(q => q.Split('=')) + .ToDictionary(kvp => kvp[0], kvp => kvp[1]); + } + } + }; + var factory = MockTokenTransportFactory(transportConfig); + var mockTransport = new MockTransport(factory); + + var config = new CommonCredentialTestConfig() + { + TransportConfig = transportConfig, + Transport = mockTransport, + TenantId = TenantId, + AuthorityHost = new("https://usnorth-passive-dsts.dsts.core.windows.net/dstsv2"), + RedirectUri = new Uri("http://localhost:8400/") + }; + var credential = GetTokenCredential(config); + if (!CredentialTestHelpers.IsMsalCredential(credential)) + { + Assert.Ignore("EnableCAE tests do not apply to the non-MSAL credentials."); + } + transportConfig.IsPubClient = CredentialTestHelpers.IsCredentialTypePubClient(credential); + + // First call to populate the account record for confidential client creds + await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), default); + var actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Alternate), default); + Assert.AreEqual(token, actualToken.Token); + } + public class MemoryTokenCache : UnsafeTokenCacheOptions { public ReadOnlyMemory Data { get; set; } = new ReadOnlyMemory(); diff --git a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs index c39dec1c137c4..17d1e22cf0fdf 100644 --- a/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs +++ b/sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs @@ -404,15 +404,15 @@ public static bool RequestBodyHasUserAssertionWithHeader(Request req, string hea return new MockResponse(200); }); - public static byte[] GetMockCacheBytes(string objectId, string userName, string clientId, string tenantId, string token, string refreshToken) + public static byte[] GetMockCacheBytes(string objectId, string userName, string clientId, string tenantId, string token, string refreshToken, string authority = "login.microsoftonline.com") { var cacheString = @$"{{ ""AccessToken"": {{ - ""{objectId}.{tenantId}-login.microsoftonline.com-accesstoken-{clientId}-organizations-{MockScopes.Default}"": {{ + ""{objectId}.{tenantId}-{authority}-accesstoken-{clientId}-organizations-{MockScopes.Default}"": {{ ""credential_type"": ""AccessToken"", ""secret"": ""{token}"", ""home_account_id"": ""{objectId}.{tenantId}"", - ""environment"": ""login.microsoftonline.com"", + ""environment"": ""{authority}"", ""client_id"": ""{clientId}"", ""target"": ""{MockScopes.Default}"", ""realm"": ""organizations"", @@ -423,9 +423,9 @@ public static byte[] GetMockCacheBytes(string objectId, string userName, string }} }}, ""Account"": {{ - ""{objectId}.{tenantId}-login.microsoftonline.com-organizations"": {{ + ""{objectId}.{tenantId}-{authority}-organizations"": {{ ""home_account_id"": ""{objectId}.{tenantId}"", - ""environment"": ""login.microsoftonline.com"", + ""environment"": ""{authority}"", ""realm"": ""organizations"", ""local_account_id"": ""{objectId}"", ""username"": ""{userName}"", @@ -433,21 +433,21 @@ public static byte[] GetMockCacheBytes(string objectId, string userName, string }} }}, ""IdToken"": {{ - ""{objectId}.{tenantId}-login.microsoftonline.com-idtoken-{clientId}-organizations-"": {{ + ""{objectId}.{tenantId}-{authority}-idtoken-{clientId}-organizations-"": {{ ""credential_type"": ""IdToken"", ""secret"": ""{token}"", ""home_account_id"": ""{objectId}.{tenantId}"", - ""environment"": ""login.microsoftonline.com"", + ""environment"": ""{authority}"", ""realm"": ""organizations"", ""client_id"": ""{clientId}"" }}, }}, ""RefreshToken"": {{ - ""{objectId}.{tenantId}-login.microsoftonline.com-refreshtoken-{clientId}--{MockScopes.Default}"": {{ + ""{objectId}.{tenantId}-{authority}-refreshtoken-{clientId}--{MockScopes.Default}"": {{ ""credential_type"": ""RefreshToken"", ""secret"": ""{refreshToken}"", ""home_account_id"": ""{objectId}.{tenantId}"", - ""environment"": ""login.microsoftonline.com"", + ""environment"": ""{authority}"", ""client_id"": ""{clientId}"", ""target"": ""{MockScopes.Default}"", ""last_modification_time"": ""1674853645"", @@ -455,9 +455,9 @@ public static byte[] GetMockCacheBytes(string objectId, string userName, string }} }}, ""AppMetadata"": {{ - ""appmetadata-login.microsoftonline.com-{clientId}"": {{ + ""appmetadata-{authority}-{clientId}"": {{ ""client_id"": ""{clientId}"", - ""environment"": ""login.microsoftonline.com"", + ""environment"": ""{authority}"", ""family_id"": ""1"" }} }} @@ -489,10 +489,10 @@ public static string CreateMsalClientInfo(string objectId = null, string tenantI return MsalEncode($"{{\"uid\":\"{uid}\",\"utid\":\"{tid}\"}}"); } - public static string CreateMsalIdToken(string uniqueId, string displayableId, string tenantId) + public static string CreateMsalIdToken(string uniqueId, string displayableId, string tenantId, string authority = "login.microsoftonline.com") { string id = "{\"aud\": \"e854a4a7-6c34-449c-b237-fc7a28093d84\"," + - "\"iss\": \"https://login.microsoftonline.com/6c3d51dd-f0e5-4959-b4ea-a80c4e36fe5e/v2.0/\"," + + $"\"iss\": \"https://{authority}/6c3d51dd-f0e5-4959-b4ea-a80c4e36fe5e/v2.0/\"," + "\"iat\": 1455833828," + "\"nbf\": 1455833828," + "\"exp\": 1455837728," + diff --git a/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs b/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs index 5abcfbadec9c2..752d9953cf299 100644 --- a/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/DeviceCodeCredentialTests.cs @@ -65,6 +65,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs index cfbb5c58f4396..dda520c69aa6e 100644 --- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs +++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientCertificateTests.cs @@ -47,7 +47,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, MsalConfidentialClient = config.MockConfidentialMsalClient, - MsalPublicClient = config.MockPublicMsalClient + MsalPublicClient = config.MockPublicMsalClient, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs index d63437060558e..803f9bd161eea 100644 --- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs +++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_ClientSecretTests.cs @@ -47,7 +47,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, MsalConfidentialClient = config.MockConfidentialMsalClient, - MsalPublicClient = config.MockPublicMsalClient + MsalPublicClient = config.MockPublicMsalClient, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs index a25afc176014d..26d3038c2f798 100644 --- a/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs +++ b/sdk/identity/Azure.Identity/tests/EnvironmentCredential_UserNamePasswordTests.cs @@ -48,7 +48,8 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, MsalConfidentialClient = config.MockConfidentialMsalClient, - MsalPublicClient = config.MockPublicMsalClient + MsalPublicClient = config.MockPublicMsalClient, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/IdentityRecordedTestBase.cs b/sdk/identity/Azure.Identity/tests/IdentityRecordedTestBase.cs index 711800a04833e..548deaaee0923 100644 --- a/sdk/identity/Azure.Identity/tests/IdentityRecordedTestBase.cs +++ b/sdk/identity/Azure.Identity/tests/IdentityRecordedTestBase.cs @@ -26,6 +26,8 @@ private void InitializeRecordingSettings() LegacyExcludedHeaders.Add("x-client-SKU"); LegacyExcludedHeaders.Add("x-client-CPU"); LegacyExcludedHeaders.Add("x-client-Ver"); + LegacyExcludedHeaders.Add("x-app-name"); + LegacyExcludedHeaders.Add("x-app-ver"); // x-ms-PKeyAuth is only added on MAC and Linux so recordings made on windows will fail on these platforms and vice-versa // ignoring this header as CI must run on all platforms LegacyExcludedHeaders.Add("x-ms-PKeyAuth"); diff --git a/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs b/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs index b176e9cd1b117..90c0871c4376b 100644 --- a/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/InteractiveBrowserCredentialTests.cs @@ -25,7 +25,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co { // Configure mock cache to return a token for the expected user string resolvedTenantId = config.RequestContext.TenantId ?? config.TenantId ?? TenantId; - var mockBytes = CredentialTestHelpers.GetMockCacheBytes(ObjectId, ExpectedUsername, ClientId, resolvedTenantId, "token", "refreshToken"); + var mockBytes = CredentialTestHelpers.GetMockCacheBytes(ObjectId, ExpectedUsername, ClientId, resolvedTenantId, "token", "refreshToken", config.AuthorityHost.Host); var tokenCacheOptions = new MockTokenCache( () => Task.FromResult>(mockBytes), args => Task.FromResult>(mockBytes)); @@ -37,6 +37,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, AuthenticationRecord = new AuthenticationRecord(ExpectedUsername, "login.windows.net", $"{ObjectId}.{resolvedTenantId}", resolvedTenantId, ClientId), IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs b/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs index 079c1615afbaa..bc45e6bab6e13 100644 --- a/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/OnBehalfOfCredentialTests.cs @@ -53,6 +53,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs index aa6f2c9fc0fcb..552935530c574 100644 --- a/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/SharedTokenCacheCredentialTests.cs @@ -25,7 +25,7 @@ public override TokenCredential GetTokenCredential(TokenCredentialOptions option public override TokenCredential GetTokenCredential(CommonCredentialTestConfig config) { // Configure mock cache to return a token for the expected user - var mockBytes = CredentialTestHelpers.GetMockCacheBytes(ObjectId, ExpectedUsername, ClientId, TenantId, "token", "refreshToken"); + var mockBytes = CredentialTestHelpers.GetMockCacheBytes(ObjectId, ExpectedUsername, ClientId, TenantId, "token", "refreshToken", config.AuthorityHost.Host); var tokenCacheOptions = new MockTokenCache( () => Task.FromResult>(mockBytes), args => Task.FromResult>(mockBytes)); @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co { DisableInstanceDiscovery = config.DisableInstanceDiscovery, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs index ddd4d1e7619fa..d9a354dcf1278 100644 --- a/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/UsernamePasswordCredentialTests.cs @@ -35,6 +35,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co DisableInstanceDiscovery = config.DisableInstanceDiscovery, AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; if (config.Transport != null) { diff --git a/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs b/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs index f1183a3f715dc..19ad6c81cd1eb 100644 --- a/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/VisualStudioCredentialTests.cs @@ -39,6 +39,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co { AdditionallyAllowedTenants = config.AdditionallyAllowedTenants, IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled, + AuthorityHost = config.AuthorityHost, }; return InstrumentClient(new VisualStudioCredential(config.TenantId, default, fileSystem, new TestProcessService(testProcess, true), vsOptions)); } diff --git a/sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs index fe0dd7b6d2f04..8236bcad25b17 100644 --- a/sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs +++ b/sdk/identity/Azure.Identity/tests/WorkloadIdentityCredentialTests.cs @@ -80,6 +80,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co workloadOptions.ClientId = ClientId; workloadOptions.TokenFilePath = _tempFiles.GetTempFilePath(); workloadOptions.MsalClient = config.MockConfidentialMsalClient; + workloadOptions.AuthorityHost = config.AuthorityHost; string assertion = CredentialTestHelpers.CreateClientAssertionJWT(workloadOptions.AuthorityHost, workloadOptions.ClientId, workloadOptions.TenantId, mockCert); diff --git a/sdk/openai/Azure.AI.OpenAI/src/Azure.AI.OpenAI.csproj b/sdk/openai/Azure.AI.OpenAI/src/Azure.AI.OpenAI.csproj index 97bed641ea9aa..2fc3e44a474aa 100644 --- a/sdk/openai/Azure.AI.OpenAI/src/Azure.AI.OpenAI.csproj +++ b/sdk/openai/Azure.AI.OpenAI/src/Azure.AI.OpenAI.csproj @@ -19,7 +19,7 @@ - +