/// <summary> /// Opens an interactive logon prompt to acquire an authentication token from the Microsoft Live authentication and identity service. /// <para/> /// Returns a `<see cref="Credential"/>` for packing into a basic authentication header; otherwise `<see langword="null"/>`. /// </summary> /// <param name="targetUri"> /// The uniform resource indicator of the resource access tokens are being requested for. /// </param> /// <param name="options"></param> public async Task <Credential> InteractiveLogon(TargetUri targetUri, PersonalAccessTokenOptions options) { BaseSecureStore.ValidateTargetUri(targetUri); try { Token token; if ((token = await Authority.InteractiveAcquireToken( targetUri, ClientId, Resource, new Uri(RedirectUrl), queryParameters: null)) != null) { Trace.WriteLine($"token '{targetUri}' successfully acquired."); return(await GeneratePersonalAccessToken(targetUri, token, options)); } } catch (AuthenticationException exception) { Debug.Write(exception); } Trace.WriteLine($"failed to acquire token for '{targetUri}'."); return(null); }
/// <summary> /// Generates a "personal access token" or service specific, usage restricted access token. /// <para/> /// Returns a "personal access token" for the user if successful; otherwise `<see langword="null"/>`. /// </summary> /// <param name="targetUri">The target resource for which to acquire the personal access token for.</param> /// <param name="accessToken">Azure Directory access token with privileges to grant access to the target resource.</param> /// <param name="options">Set of options related to generation of personal access tokens.</param> protected async Task <Credential> GeneratePersonalAccessToken( TargetUri targetUri, Token accessToken, PersonalAccessTokenOptions options) { if (targetUri is null) { throw new ArgumentNullException(nameof(targetUri)); } if (accessToken is null) { throw new ArgumentNullException(nameof(accessToken)); } TokenScope requestedScope = TokenScope; if (options.TokenScope != null) { // Take the intersection of the authority scope and the requested scope requestedScope &= options.TokenScope; // If the result of the intersection is none, then fail if (string.IsNullOrWhiteSpace(requestedScope.Value)) { throw new InvalidOperationException("Invalid scope requested. Requested scope would result in no access privileges."); } } Credential credential = null; Token personalAccessToken; if ((personalAccessToken = await Authority.GeneratePersonalAccessToken(targetUri, accessToken, requestedScope, options.RequireCompactToken, options.TokenDuration)) != null) { credential = (Credential)personalAccessToken; Trace.WriteLine($"personal access token created for '{targetUri}'."); try { await PersonalAccessTokenStore.WriteCredentials(targetUri, credential); } catch (Exception exception) { System.Diagnostics.Debug.WriteLine(exception); Trace.WriteLine($"failed to write credentials to the secure store: {exception.GetType().Name}."); } } return(credential); }
/// <summary> /// Uses Active Directory Federation Services to authenticate with the Azure tenant non-interactively and acquire the necessary access tokens to exchange for an Azure DevOps personal access token. /// <para/> /// Tokens acquired are stored in the secure secret stores provided during initialization. /// <para/> /// Return a `<see cref="Credential"/>` for resource access if successful; otherwise `<see langword="null"/>`. /// </summary> /// <param name="targetUri">The URL of the Azure DevOps resource.</param> /// <param name="options">Options related to Azure DevOps personal access creation.</param> public async Task <Credential> NoninteractiveLogon(TargetUri targetUri, PersonalAccessTokenOptions options) { BaseSecureStore.ValidateTargetUri(targetUri); try { Token token; if ((token = await Authority.NoninteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl))) != null) { Trace.WriteLine($"token acquisition for '{targetUri}' succeeded"); return(await GeneratePersonalAccessToken(targetUri, token, options)); } } catch (AuthenticationException) { Trace.WriteLine($"failed to acquire for '{targetUri}' token from Azure DevOps Authority."); } Trace.WriteLine($"non-interactive logon for '{targetUri}' failed"); return(null); }