Azure · AlexGhiondea · May 20, 2020 · May 16, 2020 · May 16, 2020 · May 15, 2020
diff --git a/...ppAuthentication/Azure.Services.AppAuthentication.IntegrationTests/Helpers/GraphHelper.cs b/...ppAuthentication/Azure.Services.AppAuthentication.IntegrationTests/Helpers/GraphHelper.cs
@@ -41,7 +41,7 @@ public async Task<Application> CreateApplicationAsync(string secret)
             Application newApp = new Application
             {
                 DisplayName = $"Microsoft.Azure.Services.AppAuthentication.Test{guid}",
-                IdentifierUris = new List<string> { $"https://Microsoft.Azure.Services.AppAuthentication/{guid}"},
+                IdentifierUris = new List<string> { $"https://Microsoft.Azure.Services.AppAuthentication/{guid}" },
                 ReplyUrls = new List<string> { "https://Microsoft.Azure.Services.AppAuthentication/" },
                 OdataType = "Microsoft.DirectoryServices.Application",
                 AppRolesODataType = "Collection(Microsoft.DirectoryServices.AppRole)",
@@ -57,7 +57,7 @@ public async Task<Application> CreateApplicationAsync(string secret)
                 EndDate = DateTime.Now.AddDays(2)
             };
 
-            newApp.PasswordCredentials = new List<PasswordCredential> {keyCredential};
+            newApp.PasswordCredentials = new List<PasswordCredential> { keyCredential };
 
             return await CreateApplication(newApp).ConfigureAwait(false);
 
@@ -75,7 +75,7 @@ public async Task<Application> CreateApplicationAsync(X509Certificate2 cert)
             Application newApp = new Application
             {
                 DisplayName = $"Microsoft.Azure.Services.AppAuthentication.Test{guid}",
-                IdentifierUris = new List<string> { $"https://localhost/demo/{guid}"},
+                IdentifierUris = new List<string> { $"https://localhost/demo/{guid}" },
                 ReplyUrls = new List<string> { "https://localhost/demo" },
                 OdataType = "Microsoft.DirectoryServices.Application",
                 AppRolesODataType = "Collection(Microsoft.DirectoryServices.AppRole)",
@@ -157,7 +157,6 @@ await SendHttpRequest(HttpMethod.Delete,
 
             await SendHttpRequest(HttpMethod.Delete,
                     $"{Constants.GraphResourceId}{_directory}/applications/{app.ObjectId}?api-version=1.6").ConfigureAwait(false);
-
         }
 
         /// <summary>

diff --git a/sdk/mgmtcommon/AppAuthentication/Azure.Services.AppAuthentication.TestCommon/Constants.cs b/sdk/mgmtcommon/AppAuthentication/Azure.Services.AppAuthentication.TestCommon/Constants.cs
@@ -88,8 +88,8 @@ public class Constants
         public static readonly string AppType = "App";
 
         // MSI related constants
-        public static readonly string MsiAppServiceEndpointEnv = "MSI_ENDPOINT";
-        public static readonly string MsiAppServiceSecretEnv = "MSI_SECRET";
+        public static readonly string MsiAppServiceEndpointEnv = "IDENTITY_ENDPOINT";
+        public static readonly string MsiAppServiceHeaderEnv = "IDENTITY_HEADER";
         public static readonly string MsiEndpoint = "http://localhost:3748/oauth2/token";
 
         // Unit test certificate

diff --git a/sdk/mgmtcommon/AppAuthentication/Azure.Services.AppAuthentication.TestCommon/Validator.cs b/sdk/mgmtcommon/AppAuthentication/Azure.Services.AppAuthentication.TestCommon/Validator.cs
@@ -78,9 +78,8 @@ private static DateTimeOffset GetTokenExpiration(string accessTokenString)
         /// <param name="appId"></param>
         /// <param name="thumbprint"></param>
         /// <param name="expiresOn"></param>
-        public static void ValidateToken(string token, Principal principalUsed, string type,
-            string tenantId, string appId = default(string), string thumbprint = default(string),
-            DateTimeOffset expiresOn = default(DateTimeOffset))
+        public static void ValidateToken(string token, Principal principalUsed, string type, string tenantId,
+            string appId = default, string thumbprint = default, DateTimeOffset expiresOn = default)
         {
             Assert.Equal("eyJ0eXAiOiJKV1Qi", token.Substring(0, "eyJ0eXAiOiJKV1Qi".Length));
             Assert.Contains(".", token);
@@ -113,7 +112,7 @@ public static void ValidateToken(string token, Principal principalUsed, string t
                 upnPart = $" UserPrincipalName:{principalUsed.UserPrincipalName}";
             }
 
-            if (expiresOn != default(DateTimeOffset))
+            if (expiresOn != default)
             {
                 DateTimeOffset tokenExpiration = GetTokenExpiration(token);
 

diff --git a/...hentication/Azure.Services.AppAuthentication.Unit.Tests/AzureServiceTokenProviderTests.cs b/...hentication/Azure.Services.AppAuthentication.Unit.Tests/AzureServiceTokenProviderTests.cs
@@ -3,7 +3,9 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net.Http;
+using System.Reflection;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Azure.Services.AppAuthentication.TestCommon;
@@ -25,7 +27,7 @@ public void Dispose()
             // Delete environment variables
             Environment.SetEnvironmentVariable(Constants.TestCertUrlEnv, null);
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, null);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, null);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, null);
         }
 
         /// <summary>
@@ -45,7 +47,7 @@ public async Task GetAppAuthResultCacheTest()
 
             // ManualResetEvent will enable testing of SemaphoreSlim used in AzureServiceTokenProvider.
             ManualResetEvent manualResetEvent = new ManualResetEvent(false);
-            
+
             // Use AzureServiceTokenProviders to get tokens in parallel.
             for (int i = 0; i < 5; i++)
             {
@@ -95,9 +97,9 @@ public async Task GetAppAuthResultCacheTest()
             // AppAuthResultCache should not return this, since it is about to expire. 
             var tokenResponse = TokenResponse.Parse(TokenHelper.GetUserTokenResponse(5 * 60 - 2));
             var authResult = AppAuthenticationResult.Create(tokenResponse);
-            AppAuthResultCache.AddOrUpdate("ConnectionString:;Authority:;Resource:https://vault.azure.net/", 
+            AppAuthResultCache.AddOrUpdate("ConnectionString:;Authority:;Resource:https://vault.azure.net/",
                 new Tuple<AppAuthenticationResult, Principal>(authResult, null));
-            
+
             // Get the token again. 
             for (int i = 0; i < 5; i++)
             {
@@ -144,8 +146,8 @@ public async Task GetTokenExceptionTest()
         [Fact]
         public void InvalidAzureAdInstanceTest()
         {
-            var exception = Assert.Throws<ArgumentException>(() =>  new AzureServiceTokenProvider(azureAdInstance:"http://aadinstance/"));
-            
+            var exception = Assert.Throws<ArgumentException>(() => new AzureServiceTokenProvider(azureAdInstance: "http://aadinstance/"));
+
             Assert.Contains(Constants.MustUseHttpsError, exception.ToString());
         }
 
@@ -194,7 +196,7 @@ public void UnspecifiedConnectionStringTest()
         {
             // Set environment variable AzureServicesAuthConnectionString
             Environment.SetEnvironmentVariable(Constants.ConnectionStringEnvironmentVariableName, Constants.AzureCliConnectionString);
-           
+
             var provider = new AzureServiceTokenProvider();
 
             Assert.NotNull(provider);
@@ -217,7 +219,7 @@ public async Task DiscoveryTestFirstSuccess()
 
             // set env vars so MsiAccessTokenProvider assumes App Service environment and not VM environment
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             // AzureServiceTokenProvider is being asked to use two providers, and return token from the first that succeeds.  
             var providers = new List<NonInteractiveAzureServiceTokenProviderBase> { azureCliAccessTokenProvider, msiAccessTokenProvider };
@@ -248,10 +250,10 @@ public async Task DiscoveryTestFirstFail()
 
             // set env vars so MsiAccessTokenProvider assumes App Service environment and not VM environment
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             // AzureServiceTokenProvider is being asked to use two providers, and return token from the first that succeeds.  
-            var providers = new List<NonInteractiveAzureServiceTokenProviderBase>{azureCliAccessTokenProvider, msiAccessTokenProvider};
+            var providers = new List<NonInteractiveAzureServiceTokenProviderBase> { azureCliAccessTokenProvider, msiAccessTokenProvider };
             AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(providers);
 
             var token = await azureServiceTokenProvider.GetAccessTokenAsync(Constants.GraphResourceId, Constants.TenantId);
@@ -280,10 +282,10 @@ public void DiscoveryTestBothFail()
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAppServicesFailure);
             HttpClient httpClient = new HttpClient(mockMsi);
             MsiAccessTokenProvider msiAccessTokenProvider = new MsiAccessTokenProvider(httpClient);
-        
+
             // set env vars so MsiAccessTokenProvider assumes App Service environment and not VM environment
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             // use test hook to expedite test
             MsiRetryHelper.WaitBeforeRetry = false;
@@ -302,8 +304,8 @@ public void DiscoveryTestBothFail()
             Assert.Equal(5, mockMsi.HitCount);
 
             // Clean up environment variables
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv,null);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, null);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, null);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, null);
         }
 
         /// <summary>
@@ -351,5 +353,40 @@ public async Task SideLoadHttpFactory()
 
             Assert.EndsWith(MockHttpClientFactory.ExceptionMessage, exception.Message);
         }
+
+        /// <summary>
+        /// Verify backwards compatibility with constructor and method signatures
+        /// </summary>
+        [Fact]
+        public void VerifyPublicSignatures()
+        {
+            var KnownPublicCtors = new List<string>()
+            {
+                "Void .ctor(System.String, System.String)",
+                "Void .ctor(System.String, System.String, Microsoft.IdentityModel.Clients.ActiveDirectory.IHttpClientFactory)"
+            };
+
+            var KnownPublicMethods = new List<string>()
+            {
+                "Microsoft.IdentityModel.Clients.ActiveDirectory.IHttpClientFactory get_HttpClientFactory()",
+                "Void set_HttpClientFactory(Microsoft.IdentityModel.Clients.ActiveDirectory.IHttpClientFactory)",
+                "TokenCallback get_KeyVaultTokenCallback()",
+                "Microsoft.Azure.Services.AppAuthentication.Principal get_PrincipalUsed()",
+                "System.Threading.Tasks.Task`1[System.String] GetAccessTokenAsync(System.String, System.String, System.Threading.CancellationToken)",
+                "System.Threading.Tasks.Task`1[System.String] GetAccessTokenAsync(System.String, System.String)",
+                "System.Threading.Tasks.Task`1[Microsoft.Azure.Services.AppAuthentication.AppAuthenticationResult] GetAuthenticationResultAsync(System.String, System.String, System.Threading.CancellationToken)",
+                "System.Threading.Tasks.Task`1[Microsoft.Azure.Services.AppAuthentication.AppAuthenticationResult] GetAuthenticationResultAsync(System.String, System.String)",
+                "Boolean Equals(System.Object)",
+                "Int32 GetHashCode()",
+                "System.Type GetType()",
+                "System.String ToString()"
+            };
+
+            var publicCtorSignatures = typeof(AzureServiceTokenProvider).GetConstructors().Select(o => o.ToString()).ToList();
+            var publicMethodSignatures = typeof(AzureServiceTokenProvider).GetMethods().Select(o => o.ToString()).ToList();
+
+            Assert.True(Enumerable.SequenceEqual(KnownPublicCtors.OrderBy(i => i), publicCtorSignatures.OrderBy(i => i)));
+            Assert.True(Enumerable.SequenceEqual(KnownPublicMethods.OrderBy(i => i), publicMethodSignatures.OrderBy(i => i)));
+        }
     }
 }
diff --git a/...mmon/AppAuthentication/Azure.Services.AppAuthentication.Unit.Tests/KeyVaultClientTests.cs b/...mmon/AppAuthentication/Azure.Services.AppAuthentication.Unit.Tests/KeyVaultClientTests.cs
@@ -43,17 +43,6 @@ public async Task SecretIdentifierInvalidSchemeTest()
             Assert.Contains(KeyVaultClient.SecretIdentifierInvalidSchemeError, exception.Message);
         }
 
-        [Fact]
-        public async Task SecretIdentifierInvalidHostTest()
-        {
-            KeyVaultClient keyVaultClient = new KeyVaultClient();
-
-            string secretIdentifier = Constants.TestKeyVaultCertificateSecretIdentifier.Replace("vault.azure.net", "vault.baddudes.net");
-
-            var exception = await Assert.ThrowsAnyAsync<Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(secretIdentifier)));
-            Assert.Contains(KeyVaultClient.SecretIdentifierInvalidHostError, exception.Message);
-        }
-
         [Fact]
         public async Task SecretIdentifierInvalidTypeTest()
         {

diff --git a/...Authentication/Azure.Services.AppAuthentication.Unit.Tests/MsiAccessTokenProviderTests.cs b/...Authentication/Azure.Services.AppAuthentication.Unit.Tests/MsiAccessTokenProviderTests.cs
@@ -22,7 +22,7 @@ public void Dispose()
         {
             // Delete the environment variables
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, null);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, null);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, null);
         }
 
         [Theory]
@@ -105,7 +105,7 @@ public async Task GetTokenUsingManagedIdentityAppServices(bool specifyUserAssign
         {
             // Setup the environment variables that App Service MSI would setup. 
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             string expectedAppId;
             string managedIdentityArgument;
@@ -137,15 +137,15 @@ public async Task GetTokenUsingManagedIdentityAppServices(bool specifyUserAssign
         }
 
         /// <summary>
-        /// Test response when MSI_SECRET in AppServices MSI is invalid. 
+        /// Test response when IDENTITY_HEADER in AppServices MSI is invalid. 
         /// </summary>
         /// <returns></returns>
         [Fact]
         public async Task UnauthorizedTest()
         {
             // Setup the environment variables
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             // MockMsi is being asked to act like response from App Service MSI failed (unauthorized). 
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAppServicesUnauthorized);
@@ -167,7 +167,7 @@ public async Task IncorrectFormatTest()
         {
             // Setup the environment variables
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAppServicesIncorrectRequest);
             HttpClient httpClient = new HttpClient(mockMsi);
@@ -188,7 +188,7 @@ public async Task HttpResponseExceptionTest()
         {
             // Setup the environment variables
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAppServicesFailure);
             HttpClient httpClient = new HttpClient(mockMsi);
@@ -206,7 +206,7 @@ public async Task HttpResponseExceptionTest()
         public async Task AzureVmImdsTimeoutTest()
         {
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, null);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, null);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, null);
 
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAzureVmTimeout);
             HttpClient httpClient = new HttpClient(mockMsi);
@@ -226,7 +226,7 @@ internal async Task TransientErrorRetryTest(MockMsi.MsiTestType testType)
         {
             // To simplify tests, mock as MSI App Services to skip Azure VM IDMS probe request by 
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
             MockMsi mockMsi = new MockMsi(testType);
             HttpClient httpClient = new HttpClient(mockMsi);
@@ -259,9 +259,9 @@ private async Task MsiRetryTimeoutTest()
         {
             // To simplify tests, mock as MSI App Services to skip Azure VM IDMS probe request
             Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-            Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+            Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
-            int timeoutInSeconds = (new Random()).Next(1,4);
+            int timeoutInSeconds = (new Random()).Next(1, 4);
 
             MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiUnresponsive);
             HttpClient httpClient = new HttpClient(mockMsi);
@@ -293,7 +293,7 @@ private async Task AppServicesDifferentCultureTest()
 
                 // Setup the environment variables that App Service MSI would setup. 
                 Environment.SetEnvironmentVariable(Constants.MsiAppServiceEndpointEnv, Constants.MsiEndpoint);
-                Environment.SetEnvironmentVariable(Constants.MsiAppServiceSecretEnv, Constants.ClientSecret);
+                Environment.SetEnvironmentVariable(Constants.MsiAppServiceHeaderEnv, Constants.ClientSecret);
 
                 // MockMsi is being asked to act like response from App Service MSI suceeded. 
                 MockMsi mockMsi = new MockMsi(MockMsi.MsiTestType.MsiAppServicesSuccess);