private ExtendedAccessToken GetTokenImpl(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.EnvironmentCredential.GetToken", requestContext);
if (_credential is null)
{
return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(_unavailbleErrorMessage))));
}
try
{
AccessToken token = _credential.GetToken(requestContext, cancellationToken);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = await _account.Value.ConfigureAwait(false);
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token for a user account, authenticating them through the device code authentication flow.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).GetAwaiter().GetResult();
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
else
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", requestContext);
if (_credential is null)
{
throw scope.Failed(new CredentialUnavailableException(UnavailbleErrorMessage));
}
try
{
AccessToken token = async
? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false)
: _credential.GetToken(requestContext, cancellationToken);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = async
? await _account.Value.ConfigureAwait(false)
#pragma warning disable AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
: _account.Value.GetAwaiter().GetResult();
#pragma warning restore AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
ExtendedAccessToken result = await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
if (result.Exception != null)
{
scope.Failed(result.Exception);
}
else
{
scope.Succeeded(result.AccessToken);
}
return(result);
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DefaultAcureCredential.GetToken", requestContext);
List <Exception> exceptions = new List <Exception>();
int i;
for (i = 0; i < _sources.Length && _sources[i] != null; i++)
{
ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken);
if (exToken.Exception is null)
{
return(scope.Succeeded(exToken.AccessToken));
}
if (exToken.Exception is CredentialUnavailableException)
{
exceptions.Add(exToken.Exception);
}
else
{
exceptions.Add(exToken.Exception);
throw scope.Failed(AuthenticationFailedException.CreateAggregateException($"{UnhandledExceptionMessage} {_sources[i].GetType().Name} failed with unhandled exception {exToken.Exception.Message}.", new ReadOnlyMemory <object>(_sources, 0, i + 1), exceptions));
}
}
throw scope.Failed(AuthenticationFailedException.CreateAggregateException(DefaultExceptionMessage, new ReadOnlyMemory <object>(_sources, 0, i), exceptions));
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ManagedIdentityCredential.GetToken", requestContext);
try
{
MsiType msiType = await _client.GetMsiTypeAsync(cancellationToken).ConfigureAwait(false);
// if msi is unavailable or we were unable to determine the type return a default access token
if (msiType == MsiType.Unavailable || msiType == MsiType.Unknown)
{
return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(MsiUnavailableError))));
}
AccessToken token = await _client.AuthenticateAsync(msiType, requestContext.Scopes, _clientId, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
else
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCredential.GetToken", requestContext);
try
{
var tokenProviderPath = GetTokenProviderPath();
var tokenProviders = GetTokenProviders(tokenProviderPath);
var resource = ScopeUtilities.ScopesToResource(requestContext.Scopes);
var processStartInfos = GetProcessStartInfos(tokenProviders, resource, cancellationToken);
if (processStartInfos.Count == 0)
{
throw new CredentialUnavailableException("No installed instance of Visual Studio was found");
}
return(await RunProcessesAsync(processStartInfos, async, cancellationToken).ConfigureAwait(false));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
try
{
AccessToken token;
if (_credential != null)
{
token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken);
}
else
{
token = await GetTokenFromSourcesAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e) when(!(e is CredentialUnavailableException))
{
throw scope.FailAndWrap(new AuthenticationFailedException(UnhandledExceptionMessage, e));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCodeCredential.GetToken", requestContext);
try
{
GetUserSettings(out var tenant, out var environmentName);
var cloudInstance = GetAzureCloudInstance(environmentName);
var storedCredentials = _vscAdapter.GetCredentials(CredentialsSection, environmentName);
if (!IsBase64UrlString(storedCredentials))
{
throw new CredentialUnavailableException("Need to re-authenticate user in VSCode Azure Account.");
}
var result = await _client.AcquireTokenByRefreshToken(requestContext.Scopes, storedCredentials, cloudInstance, tenant, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified X509 certificate to authenticate.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientCertificateCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(_client.Authenticate(TenantId, ClientId, ClientCertificate, requestContext.Scopes, cancellationToken)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientSecretCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(await _client.AuthenticateAsync(TenantId, ClientId, ClientSecret, requestContext.Scopes, cancellationToken).ConfigureAwait(false)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext);
try
{
AccessToken token = async ? await _client.RequestCliAccessTokenAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.RequestCliAccessToken(requestContext.Scopes, cancellationToken);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.InteractiveBrowserCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))));
}
catch (MsalUiRequiredException)
{
AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
}
else
{
AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
List <Exception> exceptions = new List <Exception>();
int i;
for (i = 0; i < _sources.Length && _sources[i] != null; i++)
{
ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken);
if (exToken.Exception is null)
{
return(scope.Succeeded(exToken.AccessToken));
}
if (exToken.Exception is CredentialUnavailableException)
{
exceptions.Add(exToken.Exception);
}
else
{
throw scope.Failed(new AuthenticationFailedException(UnhandledExceptionMessage, exToken.Exception));
}
}
StringBuilder errorMsg = new StringBuilder(DefaultExceptionMessage);
foreach (Exception ex in exceptions)
{
errorMsg.Append(Environment.NewLine).Append(ex.Message);
}
throw scope.Failed(new CredentialUnavailableException(errorMsg.ToString()));
}
/// <summary>
/// Obtains a token for a user account, authenticating them using the given username and password. Note: This will fail with
/// an <see cref="AuthenticationFailedException"/> if the specified user acound has MFA enabled.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false));
return(_record);
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = async ? await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.Authenticate(requestContext.Scopes, cancellationToken);
return(scope.Succeeded(result));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(GetToken)}", requestContext);
try
{
Exception inner = null;
if (_record != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, (AuthenticationAccount)_record, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException e)
{
inner = e;
}
}
if (_disableAutomaticAuthentication)
{
throw new AuthenticationRequiredException(AuthenticationRequiredMessage, requestContext, inner);
}
return(scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
AccessToken token = default;
if (_record is null)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
_record = new AuthenticationRecord(result);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
else
{
AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
