Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hotfix Azure.Identity 1.12.1 #46315

13 changes: 6 additions & 7 deletions eng/Packages.Data.props
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,9 @@
<!-- Other approved packages -->
<PackageReference Update="Microsoft.Azure.Amqp" Version="2.6.7" />
<PackageReference Update="Microsoft.Azure.WebPubSub.Common" Version="1.2.0" />
<PackageReference Update="Microsoft.Identity.Client" Version="4.61.3" />
<PackageReference Update="Microsoft.Identity.Client.Extensions.Msal" Version="4.61.3" />
<!--
TODO: This package needs to be released as GA and arch-board approved before taking a dependency in any stable SDK library.
Currently, it is referencd by Azure.Identity.Broker which is still in beta
-->
<PackageReference Update="Microsoft.Identity.Client.Broker" Version="4.61.3" />
<PackageReference Update="Microsoft.Identity.Client" Version="4.65.0" />
<PackageReference Update="Microsoft.Identity.Client.Extensions.Msal" Version="4.65.0" />
<PackageReference Update="Microsoft.Identity.Client.Broker" Version="4.65.0" />

<!-- TODO: Make sure this package is arch-board approved -->
<PackageReference Update="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.35.0" />
Expand All @@ -177,6 +173,9 @@
<PackageReference Update="Microsoft.AspNetCore.Http.Features" Version="[2.1.1,6.0)" />
</ItemGroup>

<ItemGroup Condition="$(MSBuildProjectName.StartsWith('Azure.AI.OpenAI'))">
<PackageReference Update="OpenAI" Version="2.0.0-beta.5" />
christothes marked this conversation as resolved.
Show resolved Hide resolved
</ItemGroup>
<!--
Dependency versions for Track 2, Microsoft.* libraries.
These are dependencies for Track 2 integration packages
Expand Down
2 changes: 1 addition & 1 deletion eng/pipelines/templates/jobs/ci.mgmt.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
OSVmImage: windows-2022
MacOs:
Pool: Azure Pipelines
OSVmImage: "macos-11"
OSVmImage: "macos-latest"
pool:
name: $(Pool)
vmImage: $(OSVmImage)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ stages:
Image: 'MMSUbuntu20.04'
Mac:
Pool: 'Azure Pipelines'
Image: 'macos-11'
Image: 'macos-latest'

pool:
name: $(Pool)
Expand Down
4 changes: 2 additions & 2 deletions eng/pipelines/templates/stages/platform-matrix.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@
"Pool": "env:WINDOWSPOOL",
"TestTargetFramework": "net7.0"
},
"MacOS-11_NET6.0": {
"MacOS_NET6.0": {
"OSVmImage": "env:MACVMIMAGE",
"Pool": "env:MACPOOL",
"TestTargetFramework": "net6.0"
},
"MacOS-11_NET7.0": {
"MacOS_NET7.0": {
"OSVmImage": "env:MACVMIMAGE",
"Pool": "env:MACPOOL",
"TestTargetFramework": "net7.0"
Expand Down
2 changes: 1 addition & 1 deletion eng/pipelines/templates/variables/image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ variables:
- name: WINDOWSVMIMAGE
value: azsdk-pool-mms-win-2022-1espt
- name: MACVMIMAGE
value: macos-11
value: macos-latest

# Values required for pool.os field in 1es pipeline templates
- name: LINUXOS
Expand Down
6 changes: 6 additions & 0 deletions sdk/identity/Azure.Identity/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Release History

## 1.12.1 (2024-09-26)

### Bugs Fixed

- Updated to version 4.65.0 of Microsoft.Identity.Client to address a bug preventing the use of alternate authority types such as dStS ([4927](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4927)) .

## 1.12.0 (2024-06-17)

### Features Added
Expand Down
4 changes: 2 additions & 2 deletions sdk/identity/Azure.Identity/src/Azure.Identity.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
<PropertyGroup>
<Description>This is the implementation of the Azure SDK Client Library for Azure Identity</Description>
<AssemblyTitle>Microsoft Azure.Identity Component</AssemblyTitle>
<Version>1.12.0</Version>
<Version>1.12.1</Version>
<!--The ApiCompatVersion is managed automatically and should not generally be modified manually.-->
<ApiCompatVersion>1.11.2</ApiCompatVersion>
<ApiCompatVersion>1.12.0</ApiCompatVersion>
<PackageTags>Microsoft Azure Identity;$(PackageCommonTags)</PackageTags>
<TargetFrameworks>$(RequiredTargetFrameworks)</TargetFrameworks>
<NoWarn>$(NoWarn);3021;AZC0011</NoWarn>
Expand Down
15 changes: 15 additions & 0 deletions sdk/identity/Azure.Identity/src/MsalClientBase.cs
Original file line number Diff line number Diff line change
Expand Up @@ -108,5 +108,20 @@ await _clientWithCaeAsyncLock.GetLockOrValueAsync(true, default).ConfigureAwait(

return asyncLock.HasValue ? asyncLock.Value.Cache : null;
}

public UriBuilder BuildTenantIdWithAuthorityHost(string tenantId)
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost);
if (uriBuilder.Path.EndsWith("/"))
{
uriBuilder.Path = uriBuilder.Path + tenantId;
}
else
{
uriBuilder.Path = uriBuilder.Path + "/" + tenantId;
}

return uriBuilder;
}
}
}
25 changes: 9 additions & 16 deletions sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -169,12 +169,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenForClientCoreAs

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -212,14 +210,13 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAsync
IConfidentialClientApplication client = await GetClientAsync(enableCae, async, cancellationToken).ConfigureAwait(false);

var builder = client.AcquireTokenSilent(scopes, account);

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -260,12 +257,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenByAuthorization

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down Expand Up @@ -306,12 +301,10 @@ public virtual async ValueTask<AuthenticationResult> AcquireTokenOnBehalfOfCoreA

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (!string.IsNullOrEmpty(claims))
{
builder.WithClaims(claims);
Expand Down
34 changes: 11 additions & 23 deletions sdk/identity/Azure.Identity/src/MsalPublicClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,10 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAs
{
builder.WithClaims(claims);
}
if (tenantId != null)

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = TenantId ?? tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down Expand Up @@ -195,12 +193,9 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenSilentCoreAs
// user authenticated to originally.
var builder = client.AcquireTokenSilent(scopes, (AuthenticationAccount)record);

if (tenantId != null || record.TenantId != null)
if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId ?? record.TenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down Expand Up @@ -310,14 +305,13 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenInteractiveC
{
builder.WithLoginHint(loginHint);
}
if (tenantId != null)

if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

if (browserOptions != null)
{
if (browserOptions.UseEmbeddedWebView.HasValue)
Expand Down Expand Up @@ -359,10 +353,7 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenByUsernamePa
}
if (!string.IsNullOrEmpty(tenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenantId
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(tenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}
return await builder.ExecuteAsync(async, cancellationToken)
Expand Down Expand Up @@ -409,10 +400,7 @@ protected virtual async ValueTask<AuthenticationResult> AcquireTokenByRefreshTok

if (!string.IsNullOrEmpty(TenantId))
{
UriBuilder uriBuilder = new UriBuilder(AuthorityHost)
{
Path = tenant
};
UriBuilder uriBuilder = BuildTenantIdWithAuthorityHost(TenantId);
builder.WithTenantIdFromAuthority(uriBuilder.Uri);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
RedirectUri = config.RedirectUri,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzureDeveloperCli();
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
MsalClient = config.MockConfidentialMsalClient,
OidcRequestUri = "https://dev.azure.com/myorg/myproject/_apis/serviceendpoint/endpoints?api-version=2.2.2",
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
TenantId = config.TenantId,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
var (_, _, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30));
var testProcess = new TestProcess { Output = processOutput };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
MsalClient = config.MockConfidentialMsalClient,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public override TokenCredential GetTokenCredential(CommonCredentialTestConfig co
DisableInstanceDiscovery = config.DisableInstanceDiscovery,
AdditionallyAllowedTenants = config.AdditionallyAllowedTenants,
IsUnsafeSupportLoggingEnabled = config.IsUnsafeSupportLoggingEnabled,
AuthorityHost = config.AuthorityHost
};
if (config.Transport != null)
{
Expand Down
46 changes: 46 additions & 0 deletions sdk/identity/Azure.Identity/tests/CredentialTestBase.cs
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,52 @@ public async Task CachingOptionsAreRespected()
Assert.AreEqual(actualToken1.Token, actualToken2.Token);
}

[Test]
public async Task AuthorityHostConfigSupportsdStS()
{
// Configure the transport
var token = Guid.NewGuid().ToString();
TransportConfig transportConfig = new()
{
TokenFactory = req => token,
RequestValidator = req =>
{
if (req.Content != null)
{
var stream = new MemoryStream();
req.Content.WriteTo(stream, default);
var content = new BinaryData(stream.ToArray()).ToString();
var queryString = Uri.UnescapeDataString(content)
.Split('&')
.Select(q => q.Split('='))
.ToDictionary(kvp => kvp[0], kvp => kvp[1]);
}
}
};
var factory = MockTokenTransportFactory(transportConfig);
var mockTransport = new MockTransport(factory);

var config = new CommonCredentialTestConfig()
{
TransportConfig = transportConfig,
Transport = mockTransport,
TenantId = TenantId,
AuthorityHost = new("https://usnorth-passive-dsts.dsts.core.windows.net/dstsv2"),
RedirectUri = new Uri("http://localhost:8400/")
};
var credential = GetTokenCredential(config);
if (!CredentialTestHelpers.IsMsalCredential(credential))
{
Assert.Ignore("EnableCAE tests do not apply to the non-MSAL credentials.");
}
transportConfig.IsPubClient = CredentialTestHelpers.IsCredentialTypePubClient(credential);

// First call to populate the account record for confidential client creds
await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), default);
var actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Alternate), default);
Assert.AreEqual(token, actualToken.Token);
}

public class MemoryTokenCache : UnsafeTokenCacheOptions
{
public ReadOnlyMemory<byte> Data { get; set; } = new ReadOnlyMemory<byte>();
Expand Down
Loading