public override async Task <RegeneratedSecret> Rekey(TimeSpan requestedValidPeriod)
{
// TODO: If we use admin-approved, we need to bubble scopes up to the original token request
// ..... or re-request the Bearer token on approval, which might be ugly.
// TODO: How to refresh this?
// NOTE: requestedValidPeriod is ignored here, AAD sets token expiry!
_logger.LogInformation("Requesting Access Token with scopes '{RequestedScopes}'", Configuration.Scopes);
var token = await Credential.CreateTokenCredential()
.GetTokenAsync(new Azure.Core.TokenRequestContext(Configuration.Scopes), System.Threading.CancellationToken.None);
_logger.LogInformation("Access Token successfully granted! Expires on {TokenExpiresOn}", token.ExpiresOn);
return(new RegeneratedSecret()
{
UserHint = Configuration.UserHint,
NewSecretValue = token.Token,
Expiry = token.ExpiresOn
});
}
private KeyClient GetKeyClient() =>
new KeyClient(new Uri($"https://{Configuration.VaultName}.vault.azure.net/"),
Credential.CreateTokenCredential());
