[Identity] Fix InteractiveBrowserCredential.GetToken deadlock with embedded browser

[schaabs]

I tested these changes manually with a WinForms application, I'm not sure how we could automate the testing of it. I was able to reproduce the deadlock, and verify that this does fix the deadlock, Possibly there's a better approach than using Task.Run and I'm open to suggestion.

Fixes #18418

[heaths]

If it works it works. I can't really think of any good reason not to, though maybe @pakrym does. It's not like this would happen enough to worry about exhausting pool threads.

[heaths]

Works, but I'm curious why the EnsureCompleted extension method can't be used here to avoid the warning.

[pakrym]

We still end up blocking the UI thread even when offloading the call to the thread pool. I'd like us to understand why that fixes things.

[christothes]

Is there a reasonable way to test this switch behavior?

[schaabs]

I was planning on adding a test for the IdentityCompatSwitches directly to verify we're reading the value properly. I could also add a test hook of some sort to allow us to verify we honor it here. If you have thoughts on a reasonable approach I'd welcome ideas.

[heaths]

In the past I wrote an IDisposable that saved current and set a new environment variable, then on Dispose reset it. Unless the process crashes, it has generally worked well.

[heaths]

Nit: needs to be tabbed one more to align with proper scope.

[check-enforcer]

This pull request is protected by Check Enforcer.

What is Check Enforcer?

Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass.

Why am I getting this message?

You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged.

What should I do now?

If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows:
/check-enforcer evaluate
Typically evaulation only takes a few seconds. If you know that your pull request is not covered by a pipeline and this is expected you can override Check Enforcer using the following command:
/check-enforcer override
Note that using the override command triggers alerts so that follow-up investigations can occur (PRs still need to be approved as normal).

What if I am onboarding a new service?

Often, new services do not have validation pipelines associated with them. In order to bootstrap pipelines for a new service, please perform following steps:

For data-plane/track 2 SDKs Issue the following command as a pull request comment:

/azp run prepare-pipelines
This will run a pipeline that analyzes the source tree and creates the pipelines necessary to build and validate your pull request. Once the pipeline has been created you can trigger the pipeline using the following comment:
/azp run net - [service] - ci

For track 1 management-plane SDKs

Please open a separate PR and to your service SDK path in this file. Once that PR has been merged, you can re-run the pipeline to trigger the verification.

[christothes]

don't we need to set DisableInteractiveThreadpoolExecutionEnvVar also?

[schaabs]

I tried setting both. The problem is once the AppContext switch is set there is no unsetting it, you can set it to false but then AppContext.TryGetSwitch still successfully reads the switch as false so we don't fall through to using the environment variable. I could write a long test which sequentially tests nothing set, then the environment variable, then the AppContext switch if you think it's warranted.