/// <summary>
/// Obtains a token for a user account, authenticating them through the device code authentication flow.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).GetAwaiter().GetResult();
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
else
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private ExtendedAccessToken GetTokenImpl(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.EnvironmentCredential.GetToken", requestContext);
if (_credential is null)
{
return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(_unavailbleErrorMessage))));
}
try
{
AccessToken token = _credential.GetToken(requestContext, cancellationToken);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ManagedIdentityCredential.GetToken", requestContext);
try
{
MsiType msiType = await _client.GetMsiTypeAsync(cancellationToken).ConfigureAwait(false);
// if msi is unavailable or we were unable to determine the type return a default access token
if (msiType == MsiType.Unavailable || msiType == MsiType.Unknown)
{
return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(MsiUnavailableError))));
}
AccessToken token = await _client.AuthenticateAsync(msiType, requestContext.Scopes, _clientId, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
ExtendedAccessToken result = await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
if (result.Exception != null)
{
scope.Failed(result.Exception);
}
else
{
scope.Succeeded(result.AccessToken);
}
return(result);
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientSecretCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(await _client.AuthenticateAsync(TenantId, ClientId, ClientSecret, requestContext.Scopes, cancellationToken).ConfigureAwait(false)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(UsernamePasswordCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenImplAsync(async, requestContext, cancellationToken).ConfigureAwait(false));
return(_record);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientSecretCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client.AcquireTokenForClientAsync(requestContext.Scopes, true, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzurePowerShellCredential.GetToken", requestContext);
try
{
AccessToken token = await RequestAzurePowerShellAccessTokenAsync(async, requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(token));
}
catch (Win32Exception ex) when(ex.NativeErrorCode == ERROR_FILE_NOT_FOUND && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
UseLegacyPowerShell = true;
try
{
AccessToken token = await RequestAzurePowerShellAccessTokenAsync(async, requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
else
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCodeCredential.GetToken", requestContext);
try
{
GetUserSettings(out var tenant, out var environmentName);
var tenantId = TenantIdResolver.Resolve(tenant, requestContext);
if (string.Equals(tenantId, Constants.AdfsTenantId, StringComparison.Ordinal))
{
throw new CredentialUnavailableException("VisualStudioCodeCredential authentication unavailable. ADFS tenant / authorities are not supported.");
}
var cloudInstance = GetAzureCloudInstance(environmentName);
string storedCredentials = GetStoredCredentials(environmentName);
var result = await Client
.AcquireTokenByRefreshTokenAsync(requestContext.Scopes, requestContext.Claims, storedCredentials, cloudInstance, tenantId, async, cancellationToken)
.ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException e)
{
throw scope.FailWrapAndThrow(
new CredentialUnavailableException(
$"{nameof(VisualStudioCodeCredential)} authentication unavailable. Token acquisition failed. Ensure that you have authenticated in VSCode Azure Account. " + Troubleshooting,
e));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e, Troubleshooting);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
AccessToken token = default;
if (_record is null)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
_record = new AuthenticationRecord(result);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
else
{
AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DefaultAcureCredential.GetToken", requestContext);
List <Exception> exceptions = new List <Exception>();
int i;
for (i = 0; i < _sources.Length && _sources[i] != null; i++)
{
ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken);
if (exToken.Exception is null)
{
return(scope.Succeeded(exToken.AccessToken));
}
if (exToken.Exception is CredentialUnavailableException)
{
exceptions.Add(exToken.Exception);
}
else
{
exceptions.Add(exToken.Exception);
throw scope.Failed(AuthenticationFailedException.CreateAggregateException($"{UnhandledExceptionMessage} {_sources[i].GetType().Name} failed with unhandled exception {exToken.Exception.Message}.", new ReadOnlyMemory <object>(_sources, 0, i + 1), exceptions));
}
}
throw scope.Failed(AuthenticationFailedException.CreateAggregateException(DefaultExceptionMessage, new ReadOnlyMemory <object>(_sources, 0, i), exceptions));
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(_tenantId, requestContext);
IAccount account = await GetAccountAsync(tenantId, async, cancellationToken).ConfigureAwait(false);
AuthenticationResult result = await Client.AcquireTokenSilentAsync(requestContext.Scopes, requestContext.Claims, account, tenantId, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException ex)
{
throw scope.FailWrapAndThrow(
new CredentialUnavailableException(
$"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on.",
ex));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = await _account.Value.ConfigureAwait(false);
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = async
? await _account.Value.ConfigureAwait(false)
#pragma warning disable AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
: _account.Value.GetAwaiter().GetResult();
#pragma warning restore AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
try
{
AccessToken token;
if (_credential != null)
{
token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken);
}
else
{
token = await GetTokenFromSourcesAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e) when(!(e is CredentialUnavailableException))
{
throw scope.FailAndWrap(new AuthenticationFailedException(UnhandledExceptionMessage, e));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCodeCredential.GetToken", requestContext);
try
{
GetUserSettings(out var tenant, out var environmentName);
var cloudInstance = GetAzureCloudInstance(environmentName);
var storedCredentials = _vscAdapter.GetCredentials(CredentialsSection, environmentName);
if (!IsBase64UrlString(storedCredentials))
{
throw new CredentialUnavailableException("Need to re-authenticate user in VSCode Azure Account.");
}
var result = await _client.AcquireTokenByRefreshToken(requestContext.Scopes, storedCredentials, cloudInstance, tenant, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", requestContext);
if (_credential is null)
{
throw scope.Failed(new CredentialUnavailableException(UnavailbleErrorMessage));
}
try
{
AccessToken token = async
? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false)
: _credential.GetToken(requestContext, cancellationToken);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(DeviceCodeCredential)}.{nameof(Authenticate)}", requestContext);
try
{
AccessToken token = await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false);
scope.Succeeded(token);
return(_record);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified X509 certificate to authenticate.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientCertificateCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(_client.Authenticate(TenantId, ClientId, ClientCertificate, requestContext.Scopes, cancellationToken)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async Task <AuthenticationResult> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(UsernamePasswordCredential)}.{nameof(Authenticate)}", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(_tenantId, requestContext);
AuthenticationResult result = await Client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, requestContext.Claims, _username, _password, tenantId, async, cancellationToken)
.ConfigureAwait(false);
_record = new AuthenticationRecord(result, _clientId);
return(result);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e, Troubleshooting);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false));
return(_record);
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext);
try
{
AccessToken token = await RequestCliAccessTokenAsync(async, requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = await _client.AuthenticateAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(result));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
/// <summary>
/// Obtains a token for a user account, authenticating them using the given username and password. Note: This will fail with
/// an <see cref="AuthenticationFailedException"/> if the specified user acound has MFA enabled.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async Task <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, async, cancellationToken)
.ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = await _client.AuthenticateAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
if (_logAccountDetails)
{
var accountDetails = TokenHelper.ParseAccountInfoFromToken(result.Token);
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(accountDetails.ClientId ?? _clientId, accountDetails.TenantId, accountDetails.Upn, accountDetails.ObjectId);
}
return(scope.Succeeded(result));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e, Troubleshooting);
}
}
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.InteractiveBrowserCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))));
}
catch (MsalUiRequiredException)
{
AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
}
else
{
AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(new ExtendedAccessToken(scope.Succeeded(token)));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
return(new ExtendedAccessToken(scope.Failed(e)));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzurePowerShellCredential.GetToken", requestContext);
try
{
AccessToken token = await RequestAzurePowerShellAccessTokenAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
if (_logAccountDetails)
{
var accountDetails = TokenHelper.ParseAccountInfoFromToken(token.Token);
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(accountDetails.ClientId, accountDetails.TenantId ?? _tenantId, accountDetails.Upn, accountDetails.ObjectId);
}
return(scope.Succeeded(token));
}
catch (Win32Exception ex) when(ex.NativeErrorCode == ERROR_FILE_NOT_FOUND && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
UseLegacyPowerShell = true;
try
{
AccessToken token = await RequestAzurePowerShellAccessTokenAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
if (_logAccountDetails)
{
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(null, _tenantId, null, null);
}
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
List <Exception> exceptions = new List <Exception>();
int i;
for (i = 0; i < _sources.Length && _sources[i] != null; i++)
{
ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken);
if (exToken.Exception is null)
{
return(scope.Succeeded(exToken.AccessToken));
}
if (exToken.Exception is CredentialUnavailableException)
{
exceptions.Add(exToken.Exception);
}
else
{
throw scope.Failed(new AuthenticationFailedException(UnhandledExceptionMessage, exToken.Exception));
}
}
StringBuilder errorMsg = new StringBuilder(DefaultExceptionMessage);
foreach (Exception ex in exceptions)
{
errorMsg.Append(Environment.NewLine).Append(ex.Message);
}
throw scope.Failed(new CredentialUnavailableException(errorMsg.ToString()));
}