diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java index eea996212a2f..27b85edc8f37 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java @@ -30,14 +30,18 @@ public class AuthenticationRecord { @JsonProperty("username") private String username; + @JsonProperty("clientId") + private String clientId; + AuthenticationRecord() { } - AuthenticationRecord(IAuthenticationResult authenticationResult, String tenantId) { + AuthenticationRecord(IAuthenticationResult authenticationResult, String tenantId, String clientId) { authority = authenticationResult.account().environment(); homeAccountId = authenticationResult.account().homeAccountId(); username = authenticationResult.account().username(); this.tenantId = tenantId; + this.clientId = clientId; } /** @@ -67,6 +71,15 @@ public String getTenantId() { return tenantId; } + /** + * Get the client id of the application used for authentication. + * + * @return the client id. + */ + public String getClientId() { + return clientId; + } + /** * Get the user principal name of the account. * @@ -82,14 +95,14 @@ public String getUsername() { * @param outputStream The {@link OutputStream} to which the serialized record will be written to. * @return A {@link Mono} containing {@link Void} */ - public Mono serialize(OutputStream outputStream) { + public Mono serialize(OutputStream outputStream) { return Mono.defer(() -> { try { OBJECT_MAPPER.writeValue(outputStream, this); } catch (IOException e) { return Mono.error(e); } - return Mono.empty(); + return Mono.just(outputStream); }); } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java index 1f42ff2c97e6..aa2a7ff47401 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java @@ -67,7 +67,7 @@ public Mono getToken(TokenRequestContext request) { .map(msalToken -> { cachedToken.set(new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return (AccessToken) msalToken; }) .doOnNext(token -> LoggingUtil.logTokenSuccess(logger, request)) diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java index f4a6c32f82bd..a1350685a298 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java @@ -48,42 +48,18 @@ public AuthorizationCodeCredentialBuilder redirectUrl(String redirectUrl) { return this; } - /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. - * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. - */ - public AuthorizationCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); - return this; - } - /** * Sets the client secret for the authentication. This is required for AAD web apps. Do not set this for AAD native * apps. + * * @param clientSecret the secret value of the AAD application. - * @return the AuthorizationCodeCredentialBuilder itself + * @return An updated instance of this builder. */ public AuthorizationCodeCredentialBuilder clientSecret(String clientSecret) { this.clientSecret = clientSecret; return this; } - /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. - * - * @return An updated instance of this builder with if the shared token cache enabled specified. - */ - public AuthorizationCodeCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); - return this; - } - /** * Creates a new {@link AuthorizationCodeCredential} with the current configurations. * diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java similarity index 67% rename from sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java rename to sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java index deafcbc486b9..42085d71fdd9 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/KnownAuthorityHosts.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureAuthorityHosts.java @@ -6,40 +6,40 @@ /** * Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds. */ -public final class KnownAuthorityHosts { +public final class AzureAuthorityHosts { - private KnownAuthorityHosts() { } + private AzureAuthorityHosts() { } /** * The host of the Azure Active Directory authority for tenants in the Azure Public Cloud. */ - public static final String AZURE_CLOUD = "https://login.microsoftonline.com/"; + public static final String AZURE_PUBLIC_CLOUD = "https://login.microsoftonline.com/"; /** * The host of the Azure Active Directory authority for tenants in the Azure China Cloud. */ - public static final String AZURE_CHINA_CLOUD = "https://login.chinacloudapi.cn/"; + public static final String AZURE_CHINA = "https://login.chinacloudapi.cn/"; /** * The host of the Azure Active Directory authority for tenants in the Azure German Cloud. */ - public static final String AZURE_GERMAN_CLOUD = "https://login.microsoftonline.de/"; + public static final String AZURE_GERMANY = "https://login.microsoftonline.de/"; /** * The host of the Azure Active Directory authority for tenants in the Azure US Government Cloud. */ - public static final String AZURE_US_GOVERNMENT = "https://login.microsoftonline.us/"; + public static final String AZURE_GOVERNMENT = "https://login.microsoftonline.us/"; static String getDefaultScope(String authorityHost) { switch (authorityHost) { - case AZURE_CLOUD: + case AZURE_PUBLIC_CLOUD: return "https://management.core.windows.net//.default"; - case AZURE_CHINA_CLOUD: + case AZURE_CHINA: return "https://management.core.chinacloudapi.cn//.default"; - case AZURE_GERMAN_CLOUD: + case AZURE_GERMANY: return "https://management.core.cloudapi.de//.default"; - case AZURE_US_GOVERNMENT: + case AZURE_GOVERNMENT: return "https://management.core.usgovcloudapi.net//.default"; default: return null; diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java index ac36c7c6ac1a..4b2f8b65c4dd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java @@ -68,14 +68,4 @@ public Mono getToken(TokenRequestContext request) { return Mono.error(last); })); } - - - /** - * Get the read-only list of credentials sequentially used to attempt authentication. - * - * @return The list of {@link TokenCredential}. - */ - public List getCredentials() { - return credentials; - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java index d606909a3690..fde02f002537 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java @@ -41,14 +41,25 @@ public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath, } /** - * Sets whether to enable using the shared token cache. This is disabled by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param enabled indicates whether to enable using the shared token cache. + * @return An updated instance of this builder. + */ + public ClientCertificateCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); + return this; + } + + /** + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder. */ - public ClientCertificateCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public ClientCertificateCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java index a5382f140665..c16677b61bcd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java @@ -26,14 +26,25 @@ public ClientSecretCredentialBuilder clientSecret(String clientSecret) { } /** - * Sets whether to enable using the shared token cache. This is disabled by default. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * - * @param enabled indicates whether to enable using the shared token cache. + * @return An updated instance of this builder. + */ + public ClientSecretCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); + return this; + } + + /** + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * * @return An updated instance of this builder. */ - public ClientSecretCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public ClientSecretCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java index 54ede1c8522d..1b35dad0dd53 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java @@ -36,16 +36,4 @@ public final class DefaultAzureCredential extends ChainedTokenCredential { DefaultAzureCredential(List tokenCredentials) { super(tokenCredentials); } - - - /** - * {@inheritDoc} - * The credentials in the returned list and their order may change in future versions of Identity. - * This API is not intended to be used in production ready code and should only be used for development purposes. - * - * @return The list of {@link TokenCredential}. - */ - public List getCredentials() { - return super.getCredentials(); - } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 28935a696231..c4c74719d965 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -91,7 +91,7 @@ public Mono getToken(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate(TokenRequestContext request) { return Mono.defer(() -> identityClient.authenticateWithDeviceCode(request, challengeConsumer)) @@ -108,10 +108,10 @@ public Mono authenticate(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); @@ -123,7 +123,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java index 3876940480b1..40a6fcc38842 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java @@ -31,27 +31,25 @@ public DeviceCodeCredentialBuilder challengeConsumer( } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public DeviceCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public DeviceCodeCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public DeviceCodeCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public DeviceCodeCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java index 6dd73969b029..15bd1807f9df 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java @@ -42,19 +42,17 @@ public class InteractiveBrowserCredential implements TokenCredential { * {@code http://localhost:{port}} must be registered as a valid reply URL on the application. * * @param clientId the client ID of the application - * @param clientSecret the client secret of the application * @param tenantId the tenant ID of the application * @param port the port on which the credential will listen for the browser authentication result * @param automaticAuthentication indicates whether automatic authentication should be attempted or not. * @param identityClientOptions the options for configuring the identity client */ InteractiveBrowserCredential(String clientId, String tenantId, int port, boolean automaticAuthentication, - String clientSecret, IdentityClientOptions identityClientOptions) { + IdentityClientOptions identityClientOptions) { this.port = port; identityClient = new IdentityClientBuilder() .tenantId(tenantId) .clientId(clientId) - .clientSecret(clientSecret) .identityClientOptions(identityClientOptions) .build(); cachedToken = new AtomicReference<>(); @@ -93,7 +91,7 @@ public Mono getToken(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate(TokenRequestContext request) { return Mono.defer(() -> identityClient.authenticateWithBrowserInteraction(request, port)) @@ -106,10 +104,10 @@ public Mono authenticate(TokenRequestContext request) { * * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account * on future execution if persistent caching was enabled via - * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated. + * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); @@ -121,7 +119,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java index 0c2a9175014f..87b7982a4664 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java @@ -16,7 +16,6 @@ public class InteractiveBrowserCredentialBuilder extends AadCredentialBuilderBase { private int port; private boolean automaticAuthentication = true; - private String clientSecret; /** * Sets the port for the local HTTP server, for which {@code http://localhost:{port}} must be @@ -31,27 +30,25 @@ public InteractiveBrowserCredentialBuilder port(int port) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public InteractiveBrowserCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public InteractiveBrowserCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public InteractiveBrowserCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public InteractiveBrowserCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } @@ -68,17 +65,6 @@ public InteractiveBrowserCredentialBuilder authenticationRecord(AuthenticationRe return this; } - /** - * Sets the client secret for the authentication. This is required for AAD web apps. Do not set this for AAD native - * apps. - * @param clientSecret the secret value of the AAD application. - * @return the InteractiveBrowserCredentialBuilder itself - */ - public InteractiveBrowserCredentialBuilder clientSecret(String clientSecret) { - this.clientSecret = clientSecret; - return this; - } - /** * Disables the automatic authentication and prevents the {@link InteractiveBrowserCredential} from automatically * prompting the user. If automatic authentication is disabled a {@link AuthenticationRequiredException} @@ -104,7 +90,7 @@ public InteractiveBrowserCredential build() { put("clientId", clientId); put("port", port); }}); - return new InteractiveBrowserCredential(clientId, tenantId, port, automaticAuthentication, clientSecret, - identityClientOptions); + return new InteractiveBrowserCredential(clientId, tenantId, port, automaticAuthentication, + identityClientOptions); } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java index c12675635300..69ffa263a444 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java @@ -24,15 +24,13 @@ public SharedTokenCacheCredentialBuilder username(String username) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public SharedTokenCacheCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public SharedTokenCacheCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } @@ -43,6 +41,6 @@ public SharedTokenCacheCredentialBuilder allowUnencryptedCache(boolean allowUnen */ public SharedTokenCacheCredential build() { return new SharedTokenCacheCredential(username, clientId, tenantId, - identityClientOptions.enablePersistentCache(true)); + identityClientOptions.enablePersistentCache()); } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java index 135cbef914f1..6c86dcc239dc 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java @@ -92,7 +92,7 @@ public Mono authenticate(TokenRequestContext request) { * @return The {@link AuthenticationRecord} of the authenticated account. */ public Mono authenticate() { - String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost); + String defaultScope = AzureAuthorityHosts.getDefaultScope(authorityHost); if (defaultScope == null) { return Mono.error(logger.logExceptionAsError(new CredentialUnavailableException("Authenticating in this " + "environment requires specifying a TokenRequestContext."))); @@ -104,7 +104,7 @@ private AccessToken updateCache(MsalToken msalToken) { cachedToken.set( new MsalAuthenticationAccount( new AuthenticationRecord(msalToken.getAuthenticationResult(), - identityClient.getTenantId()))); + identityClient.getTenantId(), identityClient.getClientId()))); return msalToken; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java index d1204b6bc8f4..03ff436cbb40 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java @@ -37,27 +37,25 @@ public UsernamePasswordCredentialBuilder password(String password) { } /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. - * - * @return An updated instance of this builder with the unprotected token cache setting set as specified. + * @return An updated instance of this builder. */ - public UsernamePasswordCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) { - this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache); + public UsernamePasswordCredentialBuilder allowUnencryptedCache() { + this.identityClientOptions.allowUnencryptedCache(); return this; } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enabled using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return An updated instance of this builder with if the shared token cache enabled specified. */ - public UsernamePasswordCredentialBuilder enablePersistentCache(boolean enabled) { - this.identityClientOptions.enablePersistentCache(enabled); + public UsernamePasswordCredentialBuilder enablePersistentCache() { + this.identityClientOptions.enablePersistentCache(); return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index e32789a742f1..eccf9e9f11bf 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -8,7 +8,7 @@ import com.azure.core.http.ProxyOptions; import com.azure.core.util.Configuration; import com.azure.identity.AuthenticationRecord; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.microsoft.aad.msal4jextensions.PersistenceSettings; import com.sun.jna.Platform; @@ -58,11 +58,10 @@ public final class IdentityClientOptions { */ public IdentityClientOptions() { Configuration configuration = Configuration.getGlobalConfiguration(); - authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, KnownAuthorityHosts.AZURE_CLOUD); + authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, + AzureAuthorityHosts.AZURE_PUBLIC_CLOUD); maxRetry = MAX_RETRY_DEFAULT_LIMIT; retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1)); - allowUnencryptedCache = false; - sharedTokenCacheEnabled = false; } /** @@ -238,16 +237,15 @@ PersistenceSettings getConfidentialClientPersistenceSettings() { .build(); } + /** - * Sets whether to use an unprotected file specified by cacheFileLocation() instead of - * Gnome keyring on Linux. This is false by default. - * - * @param allowUnencryptedCache whether to use an unprotected file for cache storage. + * Allows to use an unprotected file specified by cacheFileLocation() instead of + * Gnome keyring on Linux. This is restricted by default. * * @return The updated identity client options. */ - public IdentityClientOptions allowUnencryptedCache(boolean allowUnencryptedCache) { - this.allowUnencryptedCache = allowUnencryptedCache; + public IdentityClientOptions allowUnencryptedCache() { + this.allowUnencryptedCache = true; return this; } @@ -270,14 +268,14 @@ public boolean isSharedTokenCacheEnabled() { } /** - * Sets whether to enable using the shared token cache. This is disabled by default. - * - * @param enabled whether to enable using the shared token cache. + * Enables the shared token cache which is disabled by default. If enabled, the client will store tokens + * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials + * and processes. * * @return The updated identity client options. */ - public IdentityClientOptions enablePersistentCache(boolean enabled) { - this.sharedTokenCacheEnabled = enabled; + public IdentityClientOptions enablePersistentCache() { + this.sharedTokenCacheEnabled = true; return this; } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java index 32c95c8971c3..5fb52a754c38 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IntelliJCacheAccessor.java @@ -6,7 +6,7 @@ import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.CredentialUnavailableException; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.microsoft.aad.msal4jextensions.persistence.mac.KeyChainAccessor; @@ -217,15 +217,15 @@ public String getAzureAuthHost(String azureEnvironment) { switch (azureEnvironment) { case "GLOBAL": - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; case "CHINA": - return KnownAuthorityHosts.AZURE_CHINA_CLOUD; + return AzureAuthorityHosts.AZURE_CHINA; case "GERMAN": - return KnownAuthorityHosts.AZURE_GERMAN_CLOUD; + return AzureAuthorityHosts.AZURE_GERMANY; case "US_GOVERNMENT": - return KnownAuthorityHosts.AZURE_US_GOVERNMENT; + return AzureAuthorityHosts.AZURE_GOVERNMENT; default: - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java index 82ca15b48bbf..759e83a2e815 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/VisualStudioCacheAccessor.java @@ -6,7 +6,7 @@ import com.azure.core.util.CoreUtils; import com.azure.core.util.logging.ClientLogger; import com.azure.identity.CredentialUnavailableException; -import com.azure.identity.KnownAuthorityHosts; +import com.azure.identity.AzureAuthorityHosts; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.microsoft.aad.msal4jextensions.persistence.mac.KeyChainAccessor; @@ -161,15 +161,15 @@ public String getAzureAuthHost(String cloud) { switch (cloud) { case "Azure": - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; case "AzureChina": - return KnownAuthorityHosts.AZURE_CHINA_CLOUD; + return AzureAuthorityHosts.AZURE_CHINA; case "AzureGermanCloud": - return KnownAuthorityHosts.AZURE_GERMAN_CLOUD; + return AzureAuthorityHosts.AZURE_GERMANY; case "AzureUSGovernment": - return KnownAuthorityHosts.AZURE_US_GOVERNMENT; + return AzureAuthorityHosts.AZURE_GOVERNMENT; default: - return KnownAuthorityHosts.AZURE_CLOUD; + return AzureAuthorityHosts.AZURE_PUBLIC_CLOUD; } }