public void Write(Microsoft.Azure.Management.AppService.Fluent.IWebApp webApp)
{
webApp
.Update()
.WithAppSetting("Aggregator_VstsTokenType", VstsTokenType.ToString())
.WithAppSetting("Aggregator_VstsToken", VstsToken)
.Apply();
}
public async Task <string> CreateSessionTokenAsync(VstsTokenType tokenType, DateTime validTo, CancellationToken cancellationToken)
{
var spsEndpoint = await authUtil.GetAuthorizationEndpoint(vstsUri, cancellationToken);
if (spsEndpoint == null)
{
return(null);
}
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", bearerToken);
foreach (var userAgent in Program.UserAgent)
{
httpClient.DefaultRequestHeaders.UserAgent.Add(userAgent);
}
var content = new StringContent(
JsonConvert.SerializeObject(
new VstsSessionToken()
{
DisplayName = "Azure DevOps Artifacts Credential Provider",
Scope = TokenScope,
ValidTo = validTo
}),
Encoding.UTF8,
"application/json");
var uriBuilder = new UriBuilder(spsEndpoint)
{
Query = $"tokenType={tokenType}&api-version=5.0-preview.1"
};
uriBuilder.Path = uriBuilder.Path.TrimEnd('/') + "/_apis/Token/SessionTokens";
using (var response = await httpClient.PostAsync(uriBuilder.Uri, content, cancellationToken))
{
response.EnsureSuccessStatusCode();
var serializedResponse = await response.Content.ReadAsStringAsync();
var responseToken = JsonConvert.DeserializeObject <VstsSessionToken>(serializedResponse);
return(responseToken.Token);
}
}
}
public async Task <string> GetAzureDevOpsSessionTokenFromBearerToken(
GetAuthenticationCredentialsRequest request,
string bearerToken,
bool bearerTokenObtainedInteractively,
CancellationToken cancellationToken)
{
// Allow the user to choose their token type
// If they don't and interactive auth was required, then prefer a PAT so we can safely default to a much longer validity period
VstsTokenType tokenType = EnvUtil.GetVstsTokenType() ??
(bearerTokenObtainedInteractively
? VstsTokenType.Compact
: VstsTokenType.SelfDescribing);
// Allow the user to override the validity period
TimeSpan?preferredTokenTime = EnvUtil.GetSessionTimeFromEnvironment(logger);
TimeSpan sessionTimeSpan;
if (tokenType == VstsTokenType.Compact)
{
// Allow Personal Access Tokens to be as long as SPS will grant, since they're easily revokable
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultPersonalAccessTimeHours);
}
else
{
// But limit self-describing session tokens to a strict 24 hours, since they're harder to revoke
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultSessionTimeHours);
if (sessionTimeSpan >= TimeSpan.FromHours(24))
{
sessionTimeSpan = TimeSpan.FromHours(24);
}
}
DateTime endTime = DateTime.UtcNow + sessionTimeSpan;
logger.Verbose(string.Format(Resources.VSTSSessionTokenValidity, tokenType.ToString(), sessionTimeSpan.ToString(), endTime.ToUniversalTime().ToString()));
VstsSessionTokenClient sessionTokenClient = new VstsSessionTokenClient(request.Uri, bearerToken, authUtil);
return(await sessionTokenClient.CreateSessionTokenAsync(tokenType, endTime, cancellationToken));
}
public override async Task <GetAuthenticationCredentialsResponse> HandleRequestAsync(GetAuthenticationCredentialsRequest request, CancellationToken cancellationToken)
{
// If this is a retry, let's try without sending a retry request to the underlying bearerTokenProvider
if (request.IsRetry)
{
var responseWithNoRetry = await HandleRequestAsync(GetNonRetryRequest(request), cancellationToken);
if (responseWithNoRetry?.ResponseCode == MessageResponseCode.Success)
{
return(responseWithNoRetry);
}
}
try
{
BearerTokenResult bearerTokenResult = await bearerTokenProvider.GetAsync(request.Uri, isRetry : false, request.IsNonInteractive, request.CanShowDialog, cancellationToken);
if (bearerTokenResult == null || string.IsNullOrWhiteSpace(bearerTokenResult.Token))
{
return(new GetAuthenticationCredentialsResponse(
username: null,
password: null,
message: Resources.BearerTokenFailed,
authenticationTypes: null,
responseCode: MessageResponseCode.Error));
}
// Allow the user to choose their token type
// If they don't and interactive auth was required, then prefer a PAT so we can safely default to a much longer validity period
VstsTokenType tokenType = EnvUtil.GetVstsTokenType() ??
(bearerTokenResult.ObtainedInteractively
? VstsTokenType.Compact
: VstsTokenType.SelfDescribing);
// Allow the user to override the validity period
TimeSpan?preferredTokenTime = EnvUtil.GetSessionTimeFromEnvironment(Logger);
TimeSpan sessionTimeSpan;
if (tokenType == VstsTokenType.Compact)
{
// Allow Personal Access Tokens to be as long as SPS will grant, since they're easily revokable
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultPersonalAccessTimeHours);
}
else
{
// But limit self-describing session tokens to a strict 24 hours, since they're harder to revoke
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultSessionTimeHours);
if (sessionTimeSpan >= TimeSpan.FromHours(24))
{
sessionTimeSpan = TimeSpan.FromHours(24);
}
}
DateTime endTime = DateTime.UtcNow + sessionTimeSpan;
Verbose(string.Format(Resources.VSTSSessionTokenValidity, tokenType.ToString(), sessionTimeSpan.ToString(), endTime.ToUniversalTime().ToString()));
var sessionTokenClient = new VstsSessionTokenClient(request.Uri, bearerTokenResult.Token, authUtil);
var sessionToken = await sessionTokenClient.CreateSessionTokenAsync(tokenType, endTime, cancellationToken);
if (!string.IsNullOrWhiteSpace(sessionToken))
{
Verbose(string.Format(Resources.VSTSSessionTokenCreated, request.Uri.ToString()));
return(new GetAuthenticationCredentialsResponse(
Username,
sessionToken,
message: null,
authenticationTypes: new List <string>()
{
"Basic"
},
responseCode: MessageResponseCode.Success));
}
}
catch (Exception e)
{
Verbose(string.Format(Resources.VSTSCreateSessionException, request.Uri, e.Message, e.StackTrace));
}
Verbose(string.Format(Resources.VSTSCredentialsNotFound, request.Uri.ToString()));
return(null);
}
