diff --git a/sdk/core/azure-core/src/main/java/com/azure/core/credential/SimpleTokenCache.java b/sdk/core/azure-core/src/main/java/com/azure/core/credential/SimpleTokenCache.java index d7ef3fe19a34..cfba9ace91bc 100644 --- a/sdk/core/azure-core/src/main/java/com/azure/core/credential/SimpleTokenCache.java +++ b/sdk/core/azure-core/src/main/java/com/azure/core/credential/SimpleTokenCache.java @@ -17,7 +17,10 @@ * A token cache that supports caching a token and refreshing it. */ public class SimpleTokenCache { - private static final Duration REFRESH_TIMEOUT = Duration.ofSeconds(30); + // The delay after a refresh to attempt another token refresh + private static final Duration REFRESH_DELAY = Duration.ofSeconds(30); + // the offset before token expiry to attempt proactive token refresh + private static final Duration REFRESH_OFFSET = Duration.ofMinutes(5); private final AtomicReference> wip; private volatile AccessToken cache; private volatile OffsetDateTime nextTokenRefresh = OffsetDateTime.now(); @@ -31,20 +34,10 @@ public class SimpleTokenCache { * @param tokenSupplier a method to get a new token */ public SimpleTokenCache(Supplier> tokenSupplier) { - this(tokenSupplier, new TokenRefreshOptions()); - } - - /** - * Creates an instance of RefreshableTokenCredential with default scheme "Bearer". - * - * @param tokenSupplier a method to get a new token - * @param tokenRefreshOptions the options to configure the token refresh behavior - */ - public SimpleTokenCache(Supplier> tokenSupplier, TokenRefreshOptions tokenRefreshOptions) { this.wip = new AtomicReference<>(); this.tokenSupplier = tokenSupplier; - this.shouldRefresh = accessToken -> OffsetDateTime.now().isAfter(accessToken.getExpiresAt() - .minus(tokenRefreshOptions.getOffset())); + this.shouldRefresh = accessToken -> OffsetDateTime.now() + .isAfter(accessToken.getExpiresAt().minus(REFRESH_OFFSET)); } /** @@ -97,11 +90,11 @@ public Mono getToken() { cache = accessToken; monoProcessor.onNext(accessToken); monoProcessor.onComplete(); - nextTokenRefresh = OffsetDateTime.now().plus(REFRESH_TIMEOUT); + nextTokenRefresh = OffsetDateTime.now().plus(REFRESH_DELAY); return Mono.just(accessToken); } else if (signal.isOnError() && error != null) { // ERROR logger.error(refreshLog(cache, now, "Failed to acquire a new access token")); - nextTokenRefresh = OffsetDateTime.now().plus(REFRESH_TIMEOUT); + nextTokenRefresh = OffsetDateTime.now().plus(REFRESH_DELAY); return fallback.switchIfEmpty(Mono.error(error)); } else { // NO REFRESH monoProcessor.onComplete(); @@ -138,7 +131,7 @@ private String refreshLog(AccessToken cache, OffsetDateTime now, String log) { Duration tte = Duration.between(now, cache.getExpiresAt()); info.append(" at ").append(tte.abs().getSeconds()).append(" seconds ") .append(tte.isNegative() ? "after" : "before").append(" expiry. ") - .append("Retry may be attempted after ").append(REFRESH_TIMEOUT.getSeconds()).append(" seconds."); + .append("Retry may be attempted after ").append(REFRESH_DELAY.getSeconds()).append(" seconds."); if (!tte.isNegative()) { info.append(" The token currently cached will be used."); } diff --git a/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenCredential.java b/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenCredential.java index 0408548dec65..79c29d6e0416 100644 --- a/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenCredential.java +++ b/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenCredential.java @@ -16,13 +16,4 @@ public interface TokenCredential { * @return a Publisher that emits a single access token */ Mono getToken(TokenRequestContext request); - - /** - * The options to configure the token refresh behavior. - * - * @return the current offset for token refresh - */ - default TokenRefreshOptions getTokenRefreshOptions() { - return new TokenRefreshOptions(); - } } diff --git a/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenRefreshOptions.java b/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenRefreshOptions.java deleted file mode 100644 index 1aaf326d3064..000000000000 --- a/sdk/core/azure-core/src/main/java/com/azure/core/credential/TokenRefreshOptions.java +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.core.credential; - -import java.time.Duration; - -/** - * The options to configure the token refresh behavior. - */ -public class TokenRefreshOptions { - private static final Duration DEFAULT_OFFSET = Duration.ofMinutes(2); - - /** - * Returns a Duration value representing the amount of time to subtract from the token expiry time, whereupon - * attempts will be made to refresh the token. By default this will occur two minutes prior to the expiry of the - * token. - * - * This is used in {@link SimpleTokenCache} and {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy} - * to proactively retrieve a more up-to-date token before the cached token gets too close to its expiry. You can - * configure this from the {@code .tokenRefreshOffset(Duration)} method from any credential builder in the - * azure-identity library. - * - * Extending this offset is recommended if it takes > 2 minutes to reach the service (application is running on - * high load), or you would like to simply keep a more up-to-date token in the cache (more robust against token - * refresh API down times). The user is responsible for specifying a valid offset. - * - * When a proactive token refresh fails but the previously cached token is still valid, - * {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy} will NOT fail but return the previous valid - * token. Another proactive refresh will be attempted in 30 seconds. - * - * @return the duration value representing the amount of time to subtract from the token expiry time - */ - public Duration getOffset() { - return DEFAULT_OFFSET; - } -} diff --git a/sdk/core/azure-core/src/main/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicy.java b/sdk/core/azure-core/src/main/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicy.java index ae9a4616c975..f643b4975664 100644 --- a/sdk/core/azure-core/src/main/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicy.java +++ b/sdk/core/azure-core/src/main/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicy.java @@ -37,8 +37,7 @@ public BearerTokenAuthenticationPolicy(TokenCredential credential, String... sco assert scopes.length > 0; this.credential = credential; this.scopes = scopes; - this.cache = new SimpleTokenCache(() -> credential.getToken(new TokenRequestContext().addScopes(scopes)), - credential.getTokenRefreshOptions()); + this.cache = new SimpleTokenCache(() -> credential.getToken(new TokenRequestContext().addScopes(scopes))); } @Override diff --git a/sdk/core/azure-core/src/test/java/com/azure/core/credential/TokenCacheTests.java b/sdk/core/azure-core/src/test/java/com/azure/core/credential/TokenCacheTests.java index 09d8efaa2deb..1aa0689b8d3c 100644 --- a/sdk/core/azure-core/src/test/java/com/azure/core/credential/TokenCacheTests.java +++ b/sdk/core/azure-core/src/test/java/com/azure/core/credential/TokenCacheTests.java @@ -49,7 +49,7 @@ public void testOnlyOneThreadRefreshesToken() throws Exception { } @Test - public void testMultipleThreadsWaitForTimeout() throws Exception { + public void testLongRunningWontOverflow() throws Exception { AtomicLong refreshes = new AtomicLong(0); // token expires on creation. Run this 100 times to simulate running the application a long time @@ -68,134 +68,15 @@ public void testMultipleThreadsWaitForTimeout() throws Exception { .flatMap(start -> cache.getToken() .map(t -> Duration.between(start, OffsetDateTime.now()).toMillis()) .doOnNext(millis -> { +// System.out.format("Thread: %s\tDuration: %smillis%n", +// Thread.currentThread().getName(), Duration.between(start, OffsetDateTime.now()).toMillis()); }))) .doOnComplete(latch::countDown) .subscribe(); latch.await(); - Assertions.assertEquals(2, refreshes.get()); - } - - @Test - public void testProactiveRefreshBeforeExpiry() throws Exception { - AtomicInteger latency = new AtomicInteger(1); - SimpleTokenCache cache = new SimpleTokenCache( - () -> remoteGetTokenThatExpiresSoonAsync(1000 * latency.getAndIncrement(), 60 * 1000), - new TestTokenRefreshOptions(Duration.ofSeconds(28))); // refresh at second 32, just past REFRESH_TIMEOUT - - CountDownLatch latch = new CountDownLatch(1); - AtomicLong maxMillis = new AtomicLong(0); - - Flux.interval(Duration.ofSeconds(2)) - .take(25) // 48 seconds after first token, making sure of a refresh - .flatMap(i -> { - OffsetDateTime start = OffsetDateTime.now(); - return cache.getToken() - .map(t -> Duration.between(start, OffsetDateTime.now()).toMillis()) - .doOnNext(millis -> { - if (millis > maxMillis.get()) { - maxMillis.set(millis); - } - }); - }).doOnComplete(latch::countDown) - .subscribe(); - - latch.await(); - Assertions.assertTrue(maxMillis.get() >= 2000); - Assertions.assertTrue(maxMillis.get() < 3000); // Big enough for any latency, small enough to make sure no get token is called twice - } - - @Test - public void testRefreshAfterExpiry() throws Exception { - AtomicInteger latency = new AtomicInteger(1); - SimpleTokenCache cache = new SimpleTokenCache( - () -> remoteGetTokenThatExpiresSoonAsync(1000 * latency.getAndIncrement(), 15 * 1000), - new TestTokenRefreshOptions(Duration.ZERO)); // refresh at second 30 because of REFRESH_TIMEOUT - - CountDownLatch latch = new CountDownLatch(1); - AtomicLong maxMillis = new AtomicLong(0); - - Flux.interval(Duration.ofSeconds(2)) - .take(10) // 38 seconds after first token, making sure of a refresh - .flatMap(i -> { - OffsetDateTime start = OffsetDateTime.now(); - return cache.getToken() - .map(t -> Duration.between(start, OffsetDateTime.now()).toMillis()) - .doOnNext(millis -> { - if (millis > maxMillis.get()) { - maxMillis.set(millis); - } - }); - }).doOnComplete(latch::countDown) - .subscribe(); - - latch.await(); - Assertions.assertTrue(maxMillis.get() >= 15000); - } - - @Test - public void testProactiveRefreshError() throws Exception { - AtomicInteger latency = new AtomicInteger(1); - AtomicInteger tryCount = new AtomicInteger(0); - SimpleTokenCache cache = new SimpleTokenCache( - () -> remoteGetTokenWithPersistentError(1000 * latency.getAndIncrement(), 60 * 1000, 2, tryCount), - new TestTokenRefreshOptions(Duration.ofSeconds(28))); // refresh at second 32, just past REFRESH_TIMEOUT - - CountDownLatch latch = new CountDownLatch(1); - AtomicLong maxMillis = new AtomicLong(0); - AtomicInteger errorCount = new AtomicInteger(0); - - Flux.interval(Duration.ofSeconds(2)) - .take(32) // 64 seconds after first token, making sure of a refresh - .flatMap(i -> { - OffsetDateTime start = OffsetDateTime.now(); - return cache.getToken() - .map(t -> Duration.between(start, OffsetDateTime.now()).toMillis()) - .doOnNext(millis -> { - if (millis > maxMillis.get()) { - maxMillis.set(millis); - } - }) - .doOnError(t -> errorCount.incrementAndGet()); - }).doOnTerminate(latch::countDown) - .subscribe(); - - latch.await(); - Assertions.assertTrue(maxMillis.get() >= 1000); - Assertions.assertTrue(maxMillis.get() < 2000); // Big enough for any latency, small enough to make sure no get token is called twice - Assertions.assertEquals(1, errorCount.get()); // Only the error after expiresAt will be propagated - } - - @Test - public void testProactiveRefreshErrorTimeout() throws Exception { - AtomicInteger latency = new AtomicInteger(1); - AtomicInteger tryCount = new AtomicInteger(0); - SimpleTokenCache cache = new SimpleTokenCache( - () -> remoteGetTokenWithTemporaryError(1000 * latency.getAndIncrement(), 60 * 1000, 2, tryCount), - new TestTokenRefreshOptions(Duration.ofSeconds(28))); // refresh at second 32, just past REFRESH_TIMEOUT - - CountDownLatch latch = new CountDownLatch(1); - AtomicLong maxMillis = new AtomicLong(0); - AtomicInteger errorCount = new AtomicInteger(0); - - Flux.interval(Duration.ofSeconds(2)) - .take(32) // 64 seconds after first token, making sure of a refresh - .flatMap(i -> { - OffsetDateTime start = OffsetDateTime.now(); - return cache.getToken() - .map(t -> Duration.between(start, OffsetDateTime.now()).toMillis()) - .doOnNext(millis -> { - if (millis > maxMillis.get()) { - maxMillis.set(millis); - } - }) - .doOnError(t -> errorCount.incrementAndGet()); - }).doOnTerminate(latch::countDown) - .subscribe(); - - latch.await(); - Assertions.assertTrue(maxMillis.get() >= 3000); - Assertions.assertEquals(0, errorCount.get()); // Only the error after expiresAt will be propagated + // At most 10 requests should do actual token acquisition, use 11 for safe + Assertions.assertTrue(refreshes.get() <= 11); } private Mono remoteGetTokenAsync(long delayInMillis) { @@ -214,24 +95,6 @@ private Mono incrementalRemoteGetTokenAsync(AtomicInteger latency) .map(l -> new Token(Integer.toString(RANDOM.nextInt(100)))); } - private Mono remoteGetTokenWithTemporaryError(long delayInMillis, long validityInMillis, int errorAt, AtomicInteger tryCount) { - if (tryCount.incrementAndGet() == errorAt) { - return Mono.error(new RuntimeException("Expected error")); - } else { - return Mono.delay(Duration.ofMillis(delayInMillis)) - .map(l -> new Token(Integer.toString(RANDOM.nextInt(100)), validityInMillis)); - } - } - - private Mono remoteGetTokenWithPersistentError(long delayInMillis, long validityInMillis, int errorAfter, AtomicInteger tryCount) { - if (tryCount.incrementAndGet() >= errorAfter) { - return Mono.error(new RuntimeException("Expected error")); - } else { - return Mono.delay(Duration.ofMillis(delayInMillis)) - .map(l -> new Token(Integer.toString(RANDOM.nextInt(100)), validityInMillis)); - } - } - private static class Token extends AccessToken { private String token; private OffsetDateTime expiry; @@ -261,17 +124,4 @@ public boolean isExpired() { return OffsetDateTime.now().isAfter(expiry); } } - - private static final class TestTokenRefreshOptions extends TokenRefreshOptions { - private final Duration offset; - - private TestTokenRefreshOptions(Duration offset) { - this.offset = offset; - } - - @Override - public Duration getOffset() { - return offset; - } - } } diff --git a/sdk/identity/azure-identity-perf/src/main/java/com/azure/identity/perf/WriteCache.java b/sdk/identity/azure-identity-perf/src/main/java/com/azure/identity/perf/WriteCache.java index edee2684493f..3c7351218aae 100644 --- a/sdk/identity/azure-identity-perf/src/main/java/com/azure/identity/perf/WriteCache.java +++ b/sdk/identity/azure-identity-perf/src/main/java/com/azure/identity/perf/WriteCache.java @@ -9,8 +9,6 @@ import com.azure.perf.test.core.PerfStressOptions; import reactor.core.publisher.Mono; -import java.time.Duration; - public class WriteCache extends ServiceTest { private final SharedTokenCacheCredential credential; @@ -18,7 +16,6 @@ public WriteCache(PerfStressOptions options) { super(options); credential = new SharedTokenCacheCredentialBuilder() .clientId(CLI_CLIENT_ID) - .tokenRefreshOffset(Duration.ofMinutes(60)) .build(); } diff --git a/sdk/identity/azure-identity/pom.xml b/sdk/identity/azure-identity/pom.xml index a16b6ad1988e..6ac3d50a97ec 100644 --- a/sdk/identity/azure-identity/pom.xml +++ b/sdk/identity/azure-identity/pom.xml @@ -27,7 +27,7 @@ com.azure azure-core - 1.7.0-beta.1 + 1.7.0-beta.2 com.microsoft.azure diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java index 4dad6a703eb0..ded57921603c 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -28,7 +27,6 @@ public class AuthorizationCodeCredential implements TokenCredential { private final String authCode; private final URI redirectUri; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final AtomicReference cachedToken; private final ClientLogger logger = new ClientLogger(AuthorizationCodeCredential.class); @@ -48,7 +46,6 @@ public class AuthorizationCodeCredential implements TokenCredential { .clientId(clientId) .identityClientOptions(identityClientOptions) .build(); - this.identityClientOptions = identityClientOptions; this.cachedToken = new AtomicReference<>(); this.authCode = authCode; this.redirectUri = redirectUri; @@ -74,9 +71,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java index 9f4f685540cc..7f62a1eb8cd9 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -22,7 +21,6 @@ @Immutable public class AzureCliCredential implements TokenCredential { private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(AzureCliCredential.class); /** @@ -31,7 +29,6 @@ public class AzureCliCredential implements TokenCredential { */ AzureCliCredential(IdentityClientOptions identityClientOptions) { identityClient = new IdentityClientBuilder().identityClientOptions(identityClientOptions).build(); - this.identityClientOptions = identityClientOptions; } @Override @@ -40,9 +37,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java index 1dd11419f4a2..ac36c7c6ac1a 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.exception.ClientAuthenticationException; import com.azure.core.util.logging.ClientLogger; @@ -26,7 +25,6 @@ */ @Immutable public class ChainedTokenCredential implements TokenCredential { - private volatile TokenRefreshOptions tokenRefreshOptions; private final ClientLogger logger = new ClientLogger(getClass()); private final List credentials; private final String unavailableError = this.getClass().getSimpleName() + " authentication failed. ---> "; @@ -57,7 +55,7 @@ public Mono getToken(TokenRequestContext request) { logger.info("Azure Identity => Attempted credential {} is unavailable.", p.getClass().getSimpleName()); return Mono.empty(); - }).doOnNext(t -> tokenRefreshOptions = p.getTokenRefreshOptions()), 1) + }), 1) .next() .switchIfEmpty(Mono.defer(() -> { // Chain Exceptions. @@ -71,11 +69,6 @@ public Mono getToken(TokenRequestContext request) { })); } - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return tokenRefreshOptions; - } - /** * Get the read-only list of credentials sequentially used to attempt authentication. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java index cb4c46a1b995..1465c1a67d8b 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -29,7 +28,6 @@ @Immutable public class ClientCertificateCredential implements TokenCredential { private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(ClientCertificateCredential.class); /** @@ -50,7 +48,6 @@ public class ClientCertificateCredential implements TokenCredential { .certificatePassword(certificatePassword) .identityClientOptions(identityClientOptions) .build(); - this.identityClientOptions = identityClientOptions; } @Override @@ -61,9 +58,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java index 7b8e438f942a..ba48a5cb34a0 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -29,7 +28,6 @@ @Immutable public class ClientSecretCredential implements TokenCredential { private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(ClientSecretCredential.class); /** @@ -50,7 +48,6 @@ public class ClientSecretCredential implements TokenCredential { .clientSecret(clientSecret) .identityClientOptions(identityClientOptions) .build(); - this.identityClientOptions = identityClientOptions; } @Override @@ -61,9 +58,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/CredentialBuilderBase.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/CredentialBuilderBase.java index 5c2c73d9b019..73922c7a2fff 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/CredentialBuilderBase.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/CredentialBuilderBase.java @@ -3,7 +3,6 @@ package com.azure.identity; -import com.azure.core.credential.SimpleTokenCache; import com.azure.core.http.HttpClient; import com.azure.core.http.HttpPipeline; import com.azure.core.http.ProxyOptions; @@ -90,29 +89,4 @@ public T httpClient(HttpClient client) { this.identityClientOptions.setHttpClient(client); return (T) this; } - - /** - * Sets how long before the actual token expiry to refresh the token. The - * token will be considered expired at and after the time of (actual - * expiry - token refresh offset). The default offset is 2 minutes. - * - * This is used in {@link SimpleTokenCache} and {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy} - * to proactively retrieve a more up-to-date token before the cached token gets too close to its expiry. - * - * Extending this offset is recommended if it takes > 2 minutes to reach the service (application is running on - * high load), or you would like to simply keep a more up-to-date token in the cache (more robust against token - * refresh API down times). The user is responsible for specifying a valid offset. - * - * When a proactive token refresh fails but the previously cached token is still valid, - * {@link com.azure.core.http.policy.BearerTokenAuthenticationPolicy} will NOT fail but return the previous valid - * token. Another proactive refresh will be attempted in 30 seconds. - * - * @param tokenRefreshOffset the duration before the actual expiry of a token to refresh it - * @return An updated instance of this builder with the token refresh offset set as specified. - */ - @SuppressWarnings("unchecked") - public T tokenRefreshOffset(Duration tokenRefreshOffset) { - this.identityClientOptions.setTokenRefreshOffset(tokenRefreshOffset); - return (T) this; - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java index d977074ca828..b4693b16b088 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java @@ -5,8 +5,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; -import com.azure.identity.implementation.IdentityClientOptions; import java.util.List; @@ -24,8 +22,6 @@ */ @Immutable public final class DefaultAzureCredential extends ChainedTokenCredential { - private final IdentityClientOptions identityClientOptions; - /** * Creates default DefaultAzureCredential instance to use. This will use AZURE_CLIENT_ID, * AZURE_CLIENT_SECRET, and AZURE_TENANT_ID environment variables to create a @@ -35,19 +31,11 @@ public final class DefaultAzureCredential extends ChainedTokenCredential { * token cache. * * @param tokenCredentials the list of credentials to execute for authentication. - * @param identityClientOptions the options for configuring the identity client. */ - DefaultAzureCredential(List tokenCredentials, IdentityClientOptions identityClientOptions) { + DefaultAzureCredential(List tokenCredentials) { super(tokenCredentials); - this.identityClientOptions = identityClientOptions; - } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); } - /** * {@inheritDoc} * The credentials in the returned list and their order may change in future versions of Identity. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java index a36f7810b63a..fbe9992ced9b 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java @@ -95,7 +95,7 @@ public DefaultAzureCredentialBuilder executorService(ExecutorService executorSer * @return a {@link DefaultAzureCredential} with the current configurations. */ public DefaultAzureCredential build() { - return new DefaultAzureCredential(getCredentialsChain(), identityClientOptions); + return new DefaultAzureCredential(getCredentialsChain()); } private ArrayList getCredentialsChain() { diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 561e23661cac..28935a696231 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -27,7 +26,6 @@ public class DeviceCodeCredential implements TokenCredential { private final Consumer challengeConsumer; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final AtomicReference cachedToken; private final String authorityHost; private final boolean automaticAuthentication; @@ -52,7 +50,6 @@ public class DeviceCodeCredential implements TokenCredential { .identityClientOptions(identityClientOptions) .build(); this.cachedToken = new AtomicReference<>(); - this.identityClientOptions = identityClientOptions; this.authorityHost = identityClientOptions.getAuthorityHost(); this.automaticAuthentication = automaticAuthentication; if (identityClientOptions.getAuthenticationRecord() != null) { @@ -129,9 +126,4 @@ private AccessToken updateCache(MsalToken msalToken) { identityClient.getTenantId()))); return msalToken; } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/EnvironmentCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/EnvironmentCredential.java index e4fd809ace52..81f2caf6193a 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/EnvironmentCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/EnvironmentCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.Configuration; import com.azure.core.util.logging.ClientLogger; @@ -38,7 +37,6 @@ @Immutable public class EnvironmentCredential implements TokenCredential { private final Configuration configuration; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(EnvironmentCredential.class); private final TokenCredential tokenCredential; @@ -49,7 +47,6 @@ public class EnvironmentCredential implements TokenCredential { */ EnvironmentCredential(IdentityClientOptions identityClientOptions) { this.configuration = Configuration.getGlobalConfiguration().clone(); - this.identityClientOptions = identityClientOptions; TokenCredential targetCredential = null; String clientId = configuration.get(Configuration.PROPERTY_AZURE_CLIENT_ID); @@ -129,11 +126,6 @@ public Mono getToken(TokenRequestContext request) { } } - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } - private boolean verifyNotNull(String... configs) { for (String config: configs) { if (config == null) { diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java index e2bd9f305e47..0ca5a263fdd7 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; @@ -31,7 +30,6 @@ public class IntelliJCredential implements TokenCredential { private static final String AZURE_TOOLS_FOR_INTELLIJ_CLIENT_ID = "61d65f5a-6e3b-468b-af73-a033f5098c5c"; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final AtomicReference cachedToken; private final ClientLogger logger = new ClientLogger(IntelliJCredential.class); @@ -74,7 +72,6 @@ public class IntelliJCredential implements TokenCredential { .build(); this.cachedToken = new AtomicReference<>(); - this.identityClientOptions = identityClientOptions; } @Override @@ -95,9 +92,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java index f02fa9e1f685..bd6e8f9be7ba 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -32,7 +31,6 @@ public class InteractiveBrowserCredential implements TokenCredential { private final int port; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final AtomicReference cachedToken; private final boolean automaticAuthentication; private final String authorityHost; @@ -57,7 +55,6 @@ public class InteractiveBrowserCredential implements TokenCredential { .clientId(clientId) .identityClientOptions(identityClientOptions) .build(); - this.identityClientOptions = identityClientOptions; cachedToken = new AtomicReference<>(); this.authorityHost = identityClientOptions.getAuthorityHost(); this.automaticAuthentication = automaticAuthentication; @@ -118,11 +115,6 @@ public Mono authenticate() { return authenticate(new TokenRequestContext().addScopes(defaultScope)); } - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } - private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java index eb78d31d39b1..69cf15ee0425 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.Configuration; import com.azure.core.util.logging.ClientLogger; @@ -23,7 +22,6 @@ public final class ManagedIdentityCredential implements TokenCredential { private final AppServiceMsiCredential appServiceMSICredential; private final VirtualMachineMsiCredential virtualMachineMSICredential; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(ManagedIdentityCredential.class); /** @@ -44,7 +42,6 @@ public final class ManagedIdentityCredential implements TokenCredential { virtualMachineMSICredential = new VirtualMachineMsiCredential(clientId, identityClient); appServiceMSICredential = null; } - this.identityClientOptions = identityClientOptions; LoggingUtil.logAvailableEnvironmentVariables(logger, configuration); } @@ -72,9 +69,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredential.java index f7fab9afcfaf..41bc18e14360 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredential.java @@ -5,7 +5,6 @@ import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.Configuration; import com.azure.core.util.logging.ClientLogger; @@ -30,7 +29,6 @@ public class SharedTokenCacheCredential implements TokenCredential { private final AtomicReference cachedToken; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final ClientLogger logger = new ClientLogger(SharedTokenCacheCredential.class); /** @@ -67,7 +65,6 @@ public class SharedTokenCacheCredential implements TokenCredential { .identityClientOptions(identityClientOptions) .build(); this.cachedToken = new AtomicReference<>(); - this.identityClientOptions = identityClientOptions; LoggingUtil.logAvailableEnvironmentVariables(logger, configuration); } @@ -92,9 +89,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java index 4186aa8a0c11..135cbef914f1 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java @@ -6,7 +6,6 @@ import com.azure.core.annotation.Immutable; import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.implementation.IdentityClient; @@ -30,7 +29,6 @@ public class UsernamePasswordCredential implements TokenCredential { private final String username; private final String password; private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final String authorityHost; private final AtomicReference cachedToken; private final ClientLogger logger = new ClientLogger(UsernamePasswordCredential.class); @@ -57,7 +55,6 @@ public class UsernamePasswordCredential implements TokenCredential { .identityClientOptions(identityClientOptions) .build(); cachedToken = new AtomicReference<>(); - this.identityClientOptions = identityClientOptions; this.authorityHost = identityClientOptions.getAuthorityHost(); } @@ -110,9 +107,4 @@ private AccessToken updateCache(MsalToken msalToken) { identityClient.getTenantId()))); return msalToken; } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/VisualStudioCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/VisualStudioCodeCredential.java index 3c5799f7abe7..9e62610a6b87 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/VisualStudioCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/VisualStudioCodeCredential.java @@ -5,7 +5,6 @@ import com.azure.core.credential.AccessToken; import com.azure.core.credential.TokenCredential; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.credential.TokenRequestContext; import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; @@ -25,7 +24,6 @@ */ public class VisualStudioCodeCredential implements TokenCredential { private final IdentityClient identityClient; - private final IdentityClientOptions identityClientOptions; private final AtomicReference cachedToken; private final String cloudInstance; private final ClientLogger logger = new ClientLogger(VisualStudioCodeCredential.class); @@ -66,7 +64,6 @@ public class VisualStudioCodeCredential implements TokenCredential { .build(); this.cachedToken = new AtomicReference<>(); - this.identityClientOptions = identityClientOptions; } @Override @@ -87,9 +84,4 @@ public Mono getToken(TokenRequestContext request) { .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) .doOnError(error -> LoggingUtil.logTokenError(logger, request, error)); } - - @Override - public TokenRefreshOptions getTokenRefreshOptions() { - return identityClientOptions.getTokenRefreshOptions(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java index 78d1656f740d..660c6ad0daec 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java @@ -92,6 +92,7 @@ public class IdentityClient { private static final String LINUX_MAC_PROCESS_ERROR_MESSAGE = "(.*)az:(.*)not found"; private static final String DEFAULT_WINDOWS_SYSTEM_ROOT = System.getenv("SystemRoot"); private static final String DEFAULT_MAC_LINUX_PATH = "/bin/"; + private static final Duration REFRESH_OFFSET = Duration.ofMinutes(5); private final ClientLogger logger = new ClientLogger(IdentityClient.class); private final IdentityClientOptions options; @@ -460,8 +461,7 @@ public Mono authenticateWithPublicClientCache(TokenRequestContext req return getFailedCompletableFuture(logger.logExceptionAsError(new RuntimeException(e))); } }).map(MsalToken::new) - .filter(t -> OffsetDateTime.now().isBefore(t.getExpiresAt().minus( - options.getTokenRefreshOptions().getOffset()))) + .filter(t -> OffsetDateTime.now().isBefore(t.getExpiresAt().minus(REFRESH_OFFSET))) .switchIfEmpty(Mono.fromFuture(() -> { SilentParameters.SilentParametersBuilder forceParametersBuilder = SilentParameters.builder( new HashSet<>(request.getScopes())).forceRefresh(true); @@ -493,8 +493,7 @@ public Mono authenticateWithConfidentialClientCache(TokenRequestCon return getFailedCompletableFuture(logger.logExceptionAsError(new RuntimeException(e))); } }).map(ar -> (AccessToken) new MsalToken(ar)) - .filter(t -> OffsetDateTime.now().isBefore(t.getExpiresAt().minus( - options.getTokenRefreshOptions().getOffset())))); + .filter(t -> OffsetDateTime.now().isBefore(t.getExpiresAt().minus(REFRESH_OFFSET)))); } /** diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index 885ba681372d..bb09787b4ae8 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -3,7 +3,6 @@ package com.azure.identity.implementation; -import com.azure.core.credential.TokenRefreshOptions; import com.azure.core.http.HttpClient; import com.azure.core.http.HttpPipeline; import com.azure.core.http.ProxyOptions; @@ -16,7 +15,6 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.time.Duration; -import java.util.Objects; import java.util.concurrent.ExecutorService; import java.util.concurrent.ForkJoinPool; import java.util.function.Function; @@ -47,7 +45,6 @@ public final class IdentityClientOptions { private ProxyOptions proxyOptions; private HttpPipeline httpPipeline; private ExecutorService executorService; - private IdentityTokenRefreshOptions tokenRefreshOptions = new IdentityTokenRefreshOptions(); private HttpClient httpClient; private boolean allowUnencryptedCache; private boolean sharedTokenCacheEnabled; @@ -186,31 +183,6 @@ public ExecutorService getExecutorService() { return executorService; } - /** - * @return the options to configure the token refresh behavior. - */ - public TokenRefreshOptions getTokenRefreshOptions() { - return tokenRefreshOptions; - } - - /** - * Sets how long before the actual token expiry to refresh the token. The - * token will be considered expired at and after the time of (actual - * expiry - token refresh offset). The default offset is 2 minutes. - * - * This is useful when network is congested and a request containing the - * token takes longer than normal to get to the server. - * - * @param tokenRefreshOffset the duration before the actual expiry of a token to refresh it - * @return IdentityClientOptions - * @throws NullPointerException If {@code tokenRefreshOffset} is null. - */ - public IdentityClientOptions setTokenRefreshOffset(Duration tokenRefreshOffset) { - Objects.requireNonNull(tokenRefreshOffset, "The token refresh offset cannot be null."); - this.tokenRefreshOptions.setOffset(tokenRefreshOffset); - return this; - } - /** * Specifies the HttpClient to send use for requests. * @param httpClient the http client to use for requests diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityTokenRefreshOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityTokenRefreshOptions.java deleted file mode 100644 index 50ca53818fc7..000000000000 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityTokenRefreshOptions.java +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.identity.implementation; - -import com.azure.core.credential.TokenRefreshOptions; - -import java.time.Duration; - -/** - * The options to configure the token refresh behavior for azure-identity credentials. - */ -public class IdentityTokenRefreshOptions extends TokenRefreshOptions { - private Duration offset = Duration.ofMinutes(2); - - @Override - public Duration getOffset() { - return offset; - } - - /** - * Sets the duration value representing the amount of time to subtract from the token expiry time. - * @param offset the duration value representing the amount of time to subtract from the token expiry time - */ - public void setOffset(Duration offset) { - this.offset = offset; - } -} diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java index 162248f16e76..ba71ce4ce2bf 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ClientSecretCredentialTest.java @@ -17,7 +17,6 @@ import reactor.core.publisher.Mono; import reactor.test.StepVerifier; -import java.time.Duration; import java.time.OffsetDateTime; import java.time.ZoneOffset; import java.util.UUID; @@ -66,41 +65,6 @@ public void testValidSecrets() throws Exception { .verifyComplete(); } - @Test - public void testValidSecretsWithTokenRefreshOffset() throws Exception { - // setup - String secret = "secret"; - String token1 = "token1"; - String token2 = "token2"; - TokenRequestContext request1 = new TokenRequestContext().addScopes("https://management.azure.com"); - TokenRequestContext request2 = new TokenRequestContext().addScopes("https://vault.azure.net"); - OffsetDateTime expiresAt = OffsetDateTime.now(ZoneOffset.UTC).plusHours(1); - Duration offset = Duration.ofMinutes(10); - - // mock - IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); - when(identityClient.authenticateWithConfidentialClientCache(any())).thenReturn(Mono.empty()); - when(identityClient.authenticateWithConfidentialClient(request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresAt, offset)); - when(identityClient.authenticateWithConfidentialClient(request2)).thenReturn(TestUtils.getMockAccessToken(token2, expiresAt, offset)); - PowerMockito.whenNew(IdentityClient.class).withAnyArguments().thenReturn(identityClient); - - // test - ClientSecretCredential credential = new ClientSecretCredentialBuilder() - .tenantId(tenantId) - .clientId(clientId) - .clientSecret(secret) - .tokenRefreshOffset(offset) - .build(); - StepVerifier.create(credential.getToken(request1)) - .expectNextMatches(accessToken -> token1.equals(accessToken.getToken()) - && expiresAt.getSecond() == accessToken.getExpiresAt().getSecond()) - .verifyComplete(); - StepVerifier.create(credential.getToken(request2)) - .expectNextMatches(accessToken -> token2.equals(accessToken.getToken()) - && expiresAt.getSecond() == accessToken.getExpiresAt().getSecond()) - .verifyComplete(); - } - @Test public void testInvalidSecrets() throws Exception { // setup diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ManagedIdentityCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ManagedIdentityCredentialTest.java index ebaf988af222..92567a00f008 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/ManagedIdentityCredentialTest.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/ManagedIdentityCredentialTest.java @@ -16,7 +16,6 @@ import org.powermock.modules.junit4.PowerMockRunner; import reactor.test.StepVerifier; -import java.time.Duration; import java.time.OffsetDateTime; import java.time.ZoneOffset; import java.util.UUID; @@ -88,64 +87,4 @@ public void testIMDS() throws Exception { && expiresOn.getSecond() == token.getExpiresAt().getSecond()) .verifyComplete(); } - - @Test - public void testMSIEndpointWithTokenRefreshOffset() throws Exception { - Configuration configuration = Configuration.getGlobalConfiguration(); - - try { - // setup - String endpoint = "http://localhost"; - String secret = "secret"; - String token1 = "token1"; - TokenRequestContext request1 = new TokenRequestContext().addScopes("https://management.azure.com"); - OffsetDateTime expiresAt = OffsetDateTime.now(ZoneOffset.UTC).plusHours(1); - configuration.put("MSI_ENDPOINT", endpoint); - configuration.put("MSI_SECRET", secret); - Duration offset = Duration.ofMinutes(10); - - // mock - IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); - when(identityClient.authenticateToManagedIdentityEndpoint(endpoint, secret, request1)).thenReturn(TestUtils.getMockAccessToken(token1, expiresAt, offset)); - PowerMockito.whenNew(IdentityClient.class).withAnyArguments().thenReturn(identityClient); - - // test - ManagedIdentityCredential credential = new ManagedIdentityCredentialBuilder() - .clientId(clientId) - .tokenRefreshOffset(offset) - .build(); - StepVerifier.create(credential.getToken(request1)) - .expectNextMatches(token -> token1.equals(token.getToken()) - && expiresAt.getSecond() == token.getExpiresAt().getSecond()) - .verifyComplete(); - } finally { - // clean up - configuration.remove("MSI_ENDPOINT"); - configuration.remove("MSI_SECRET"); - } - } - - @Test - public void testIMDSWithTokenRefreshOffset() throws Exception { - // setup - String token1 = "token1"; - TokenRequestContext request = new TokenRequestContext().addScopes("https://management.azure.com"); - OffsetDateTime expiresOn = OffsetDateTime.now(ZoneOffset.UTC).plusHours(1); - Duration offset = Duration.ofMinutes(10); - - // mock - IdentityClient identityClient = PowerMockito.mock(IdentityClient.class); - when(identityClient.authenticateToIMDSEndpoint(request)).thenReturn(TestUtils.getMockAccessToken(token1, expiresOn, offset)); - PowerMockito.whenNew(IdentityClient.class).withAnyArguments().thenReturn(identityClient); - - // test - ManagedIdentityCredential credential = new ManagedIdentityCredentialBuilder() - .clientId(clientId) - .tokenRefreshOffset(offset) - .build(); - StepVerifier.create(credential.getToken(request)) - .expectNextMatches(token -> token1.equals(token.getToken()) - && expiresOn.getSecond() == token.getExpiresAt().getSecond()) - .verifyComplete(); - } }