private async ValueTask <AccessToken> RequestAzurePowerShellAccessTokenAsync(bool async, TokenRequestContext context, CancellationToken cancellationToken)
{
string resource = ScopeUtilities.ScopesToResource(context.Scopes);
ScopeUtilities.ValidateScope(resource);
var tenantId = TenantIdResolver.Resolve(_tenantId, context);
GetFileNameAndArguments(resource, tenantId, out string fileName, out string argument);
ProcessStartInfo processStartInfo = GetAzurePowerShellProcessStartInfo(fileName, argument);
using var processRunner = new ProcessRunner(
_processService.Create(processStartInfo),
TimeSpan.FromMilliseconds(PowerShellProcessTimeoutMs),
_logPII,
cancellationToken);
string output;
try
{
output = async ? await processRunner.RunAsync().ConfigureAwait(false) : processRunner.Run();
CheckForErrors(output);
ValidateResult(output);
}
catch (OperationCanceledException) when(!cancellationToken.IsCancellationRequested)
{
throw new AuthenticationFailedException(AzurePowerShellTimeoutError);
}
catch (InvalidOperationException exception)
{
CheckForErrors(exception.Message);
throw new AuthenticationFailedException($"{AzurePowerShellFailedError} {exception.Message}");
}
return(DeserializeOutput(output));
}
private async ValueTask <AccessToken> RequestCliAccessTokenAsync(bool async, TokenRequestContext context, CancellationToken cancellationToken)
{
string resource = ScopeUtilities.ScopesToResource(context.Scopes);
string tenantId = TenantIdResolver.Resolve(_tenantId, context);
ScopeUtilities.ValidateScope(resource);
GetFileNameAndArguments(resource, tenantId, out string fileName, out string argument);
ProcessStartInfo processStartInfo = GetAzureCliProcessStartInfo(fileName, argument);
using var processRunner = new ProcessRunner(_processService.Create(processStartInfo), TimeSpan.FromMilliseconds(CliProcessTimeoutMs), _logPII, cancellationToken);
string output;
try
{
output = async ? await processRunner.RunAsync().ConfigureAwait(false) : processRunner.Run();
}
catch (OperationCanceledException) when(!cancellationToken.IsCancellationRequested)
{
throw new AuthenticationFailedException(AzureCliTimeoutError);
}
catch (InvalidOperationException exception)
{
bool isWinError = exception.Message.StartsWith(WinAzureCLIError, StringComparison.CurrentCultureIgnoreCase);
bool isOtherOsError = AzNotFoundPattern.IsMatch(exception.Message);
if (isWinError || isOtherOsError)
{
throw new CredentialUnavailableException(AzureCLINotInstalled);
}
bool isLoginError = exception.Message.IndexOf("az login", StringComparison.OrdinalIgnoreCase) != -1 ||
exception.Message.IndexOf("az account set", StringComparison.OrdinalIgnoreCase) != -1;
if (isLoginError)
{
throw new CredentialUnavailableException(AzNotLogIn);
}
bool isRefreshTokenFailedError = exception.Message.IndexOf(AzureCliFailedError, StringComparison.OrdinalIgnoreCase) != -1 &&
exception.Message.IndexOf(RefreshTokeExpired, StringComparison.OrdinalIgnoreCase) != -1 ||
exception.Message.IndexOf("CLIInternalError", StringComparison.OrdinalIgnoreCase) != -1;
if (isRefreshTokenFailedError)
{
throw new CredentialUnavailableException(InteractiveLoginRequired);
}
throw new AuthenticationFailedException($"{AzureCliFailedError} {Troubleshoot} {exception.Message}");
}
AccessToken token = DeserializeOutput(output);
if (_logAccountDetails)
{
var accountDetails = TokenHelper.ParseAccountInfoFromToken(token.Token);
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(accountDetails.ClientId, accountDetails.TenantId ?? _tenantId, accountDetails.Upn, accountDetails.ObjectId);
}
return(token);
}
