private bool ProcessRequest(TokenRequest request)
{
IBWControllable bc = request.initialBC;
while (bc != null)
{
BWContext context = _contextMap[bc] as BWContext;
if (context == null)
{
RollbackRequest(request);
return false;
}
lock (context)
{
if (context.bwConfig != null)
{
bool result;
if (request.type == TokenRequestType.BLOCKING)
{
result = ProcessBlockingRequest(request, context);
}
else if (request.type == TokenRequestType.NONBLOCKING)
{
result = ProcessNonblockingRequest(request, context);
}
else
{
result = ProcessBestEffortRequest(request, context);
}
if (!result)
{
// for non-blocking mode, the callback is
// recorded and will be rolled back when being reset,
// so we don't need to do rollback here.
if (request.type != TokenRequestType.NONBLOCKING)
{
RollbackRequest(request);
}
return false;
}
}
TokenRequestContext requestContext = new TokenRequestContext();
requestContext.acquiredToken = request.requestToken;
requestContext.bc = bc;
request.acquiredStack.Push(requestContext);
}
bc = bc.GetParentBWControllable();
}
// for best effort request, we need to rollback over-charged tokens
if (request.type == TokenRequestType.BEST_EFFORT)
{
RollbackRequest(request);
}
return true;
}
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return(new AccessToken("TEST TOKEN " + string.Join(" ", requestContext.Scopes), DateTimeOffset.MaxValue));
}
/// <summary>
/// Interactively authenticates a user via the default browser.
/// </summary>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <param name="requestContext">The details of the authentication request.</param>
/// <returns>The <see cref="AuthenticationRecord"/> of the authenticated account.</returns>
public virtual async Task <AuthenticationRecord> AuthenticateAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(await AuthenticateImplAsync(true, requestContext, cancellationToken).ConfigureAwait(false));
}
/// <summary>
/// Obtains an <see cref="AccessToken"/> token for a user account silently if the user has already authenticated, otherwise the default browser is launched to authenticate the user. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(GetTokenImplAsync(requestContext, cancellationToken).GetAwaiter().GetResult());
}
/// <inheritdoc/>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
AuthenticationResult result = await _tokenAcquisition.GetAuthenticationResultForAppAsync(requestContext.Scopes.First()).ConfigureAwait(false);
return(new AccessToken(result.AccessToken, result.ExpiresOn));
}
/// <inheritdoc /> public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) => await GetTokenImplAsync(requestContext, true, cancellationToken).ConfigureAwait(false);
public override ValueTask <AccessToken> AuthenticateAsync(bool async, TokenRequestContext context, CancellationToken cancellationToken) => TokenFactory != null ? new ValueTask <AccessToken>(TokenFactory()) : base.AuthenticateAsync(async, context, cancellationToken);
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
var groupScopeHandler = new ScopeGroupHandler(default);
internal override async Task <IAccessToken> GetAccessTokenAsync(string callerClassName, string parametersLog, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken, string tenantId = null, string userId = null, string homeAccountId = "")
{
TokenCredential = tokenCredential;
TokenRequestContext = requestContext;
return(await Task.FromResult(AccessTokenFactoryMethod(tokenCredential, requestContext)));
}
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return(_token);
}
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenForClient(requestContext.Scopes).ExecuteAsync();
return(new AccessToken(result.AccessToken, result.ExpiresOn));
}
public CredentialDiagnosticScope StartGetTokenScopeGroup(string fullyQualifiedMethod, TokenRequestContext context)
{
var scopeHandler = new ScopeGroupHandler(fullyQualifiedMethod);
CredentialDiagnosticScope scope = new CredentialDiagnosticScope(Diagnostics, fullyQualifiedMethod, context, scopeHandler);
scope.Start();
return(scope);
}
public CredentialDiagnosticScope StartGetTokenScope(string fullyQualifiedMethod, TokenRequestContext context)
{
IScopeHandler scopeHandler = ScopeGroupHandler.Current ?? _defaultScopeHandler;
CredentialDiagnosticScope scope = new CredentialDiagnosticScope(Diagnostics, fullyQualifiedMethod, context, scopeHandler);
scope.Start();
return(scope);
}
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return(this.GetAccessToken(requestContext, cancellationToken));
}
/// <summary>
/// Obtains an <see cref="AccessToken"/> from the Managed Identity service if available.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls, or a default <see cref="AccessToken"/> if no managed identity is available.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(_client.Authenticate(requestContext.Scopes, _clientId, cancellationToken));
}
internal override async Task <IAccessToken> GetAccessTokenAsync(Task <AuthenticationRecord> authTask, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
TokenCredential = tokenCredential;
TokenRequestContext = requestContext;
return(await Task.FromResult(AccessTokenFactoryMethod(tokenCredential, requestContext)));
}
/// <summary>
/// Gets an Azure.Core.AccessToken for the specified set of scopes.
/// </summary>
/// <param name="requestContext">The Azure.Core.TokenRequestContext with authentication information.</param>
/// <param name="cancellationToken">The System.Threading.CancellationToken to use.</param>
/// <returns> A valid Azure token <see cref="AccessToken"/>.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return(GetSasTokenAsync(cancellationToken));
}
public override ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) => _getTokenAsyncHandler(requestContext, cancellationToken);
/// <inheritdoc /> public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken) => GetTokenImplAsync(requestContext, false, cancellationToken).EnsureCompleted();
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken) => _getTokenHandler(requestContext, cancellationToken);
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken) =>
new AccessToken("invalid", DateTimeOffset.Now.AddHours(1));
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
var accessToken = _tokenProvider.GetAccessToken(requestContext.Scopes);
return(new AccessToken(accessToken.Token, accessToken.Expiry));
}
/// <summary>
/// Obtains a access token from Azure PowerShell, using the access token to authenticate. This method id called by Azure SDK clients.
/// </summary>
/// <param name="requestContext"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(await GetTokenImplAsync(true, requestContext, cancellationToken).ConfigureAwait(false));
}
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
var accessToken = await _tokenProvider.GetAccessTokenAsync(requestContext.Scopes);
return(new AccessToken(accessToken.Token, accessToken.Expiry));
}
public override ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return(new ValueTask <AccessToken>(GetToken(requestContext, cancellationToken)));
}
public async ValueTask <string> GetHeaderValueAsync(HttpMessage message, TokenRequestContext context, bool async)
{
bool getTokenFromCredential;
TaskCompletionSource <HeaderValueInfo> headerValueTcs;
TaskCompletionSource <HeaderValueInfo>?backgroundUpdateTcs;
(headerValueTcs, backgroundUpdateTcs, getTokenFromCredential) = GetTaskCompletionSources(context);
HeaderValueInfo info;
if (getTokenFromCredential)
{
if (backgroundUpdateTcs != null)
{
if (async)
{
info = await headerValueTcs.Task.ConfigureAwait(false);
}
else
{
#pragma warning disable AZC0104 // Use EnsureCompleted() directly on asynchronous method return value.
info = headerValueTcs.Task.EnsureCompleted();
#pragma warning restore AZC0104 // Use EnsureCompleted() directly on asynchronous method return value.
}
_ = Task.Run(() => GetHeaderValueFromCredentialInBackgroundAsync(backgroundUpdateTcs, info, context, async));
return(info.HeaderValue);
}
try
{
info = await GetHeaderValueFromCredentialAsync(context, async, message.CancellationToken).ConfigureAwait(false);
headerValueTcs.SetResult(info);
}
catch (OperationCanceledException)
{
headerValueTcs.SetCanceled();
throw;
}
catch (Exception exception)
{
headerValueTcs.SetException(exception);
throw;
}
}
var headerValueTask = headerValueTcs.Task;
if (!headerValueTask.IsCompleted)
{
if (async)
{
await headerValueTask.AwaitWithCancellation(message.CancellationToken);
}
else
{
try
{
headerValueTask.Wait(message.CancellationToken);
}
catch (AggregateException) { } // ignore exception here to rethrow it with EnsureCompleted
}
}
if (async)
{
info = await headerValueTcs.Task.ConfigureAwait(false);
}
else
{
#pragma warning disable AZC0104 // Use EnsureCompleted() directly on asynchronous method return value.
info = headerValueTcs.Task.EnsureCompleted();
#pragma warning restore AZC0104 // Use EnsureCompleted() directly on asynchronous method return value.
}
return(info.HeaderValue);
}
/// <summary>
/// Interactively authenticates a user via the default browser.
/// </summary>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <param name="requestContext">The details of the authentication request.</param>
/// <returns>The <see cref="AuthenticationRecord"/> of the authenticated account.</returns>
public virtual AuthenticationRecord Authenticate(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(AuthenticateImplAsync(false, requestContext, cancellationToken).EnsureCompleted());
}
private (TaskCompletionSource <HeaderValueInfo>, TaskCompletionSource <HeaderValueInfo>?, bool) GetTaskCompletionSources(TokenRequestContext context)
{
lock (_syncObj)
{
// Initial state. GetTaskCompletionSources has been called for the first time
if (_infoTcs == null || RequestRequiresNewToken(context))
{
_currentContext = context;
_infoTcs = new TaskCompletionSource <HeaderValueInfo>(TaskCreationOptions.RunContinuationsAsynchronously);
_backgroundUpdateTcs = default;
return(_infoTcs, _backgroundUpdateTcs, true);
}
// Getting new access token is in progress, wait for it
if (!_infoTcs.Task.IsCompleted)
{
_backgroundUpdateTcs = default;
return(_infoTcs, _backgroundUpdateTcs, false);
}
DateTimeOffset now = DateTimeOffset.UtcNow;
// Access token has been successfully acquired in background and it is not expired yet, use it instead of current one
if (_backgroundUpdateTcs != null && _backgroundUpdateTcs.Task.Status == TaskStatus.RanToCompletion && _backgroundUpdateTcs.Task.Result.ExpiresOn > now)
{
_infoTcs = _backgroundUpdateTcs;
_backgroundUpdateTcs = default;
}
// Attempt to get access token has failed or it has already expired. Need to get a new one
if (_infoTcs.Task.Status != TaskStatus.RanToCompletion || now >= _infoTcs.Task.Result.ExpiresOn)
{
_infoTcs = new TaskCompletionSource <HeaderValueInfo>(TaskCreationOptions.RunContinuationsAsynchronously);
return(_infoTcs, default, true);
/// <summary>
/// Obtains an <see cref="AccessToken"/> token for a user account silently if the user has already authenticated, otherwise the default browser is launched to authenticate the user. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(GetTokenImplAsync(false, requestContext, cancellationToken).EnsureCompleted());
}
protected virtual Task AuthenticateRequestAsync(HttpMessage message, bool async)
{
var context = new TokenRequestContext(Scopes, message.Request.ClientRequestId);
return(SetAuthorizationHeader(message, context, async));
}
private void InvokeCallback(BWContext context)
{
// loop through all channels in a context
for (int i = 0; i < 3; i++)
{
IList pendingList = context.pendingRequestArray[i] as IList;
if (pendingList.Count > 0)
{
// loop through all pending requests in a channel
foreach (TokenRequest request in pendingList)
{
IBWControllable bc = context.GetBWControllable();
while (bc != null)
{
BWContext c = _contextMap[bc] as BWContext;
if (c == null)
{
// context has been unregistered, we should ignore
// this callback
break;
}
lock (c)
{
if (c.bwConfig != null && !ProcessNonblockingRequest(request, c))
{
break;
}
}
TokenRequestContext requestContext = new TokenRequestContext();
requestContext.acquiredToken = request.requestToken;
requestContext.bc = bc;
request.acquiredStack.Push(requestContext);
bc = bc.GetParentBWControllable();
}
if (bc == null)
{
// successfully got the required tokens
try
{
request.callback.Available(context.buckets[request.channel], (long)request.requestToken);
}
catch (Exception ex)
{
log.Error("Error calling request's callback", ex);
}
}
}
pendingList.Clear();
}
}
}
/// <summary>
/// Obtains an <see cref="AccessToken"/> from the Managed Identity service if available.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls, or a default <see cref="AccessToken"/> if no managed identity is available.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
return(await _client.AuthenticateAsync(requestContext.Scopes, _clientId, cancellationToken).ConfigureAwait(false));
}
