private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = Pipeline.StartGetTokenScope($"{nameof(DeviceCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
Exception inner = null;
if (Record != null)
{
try
{
var tenantId = TenantIdResolver.Resolve(_tenantId, requestContext, _allowMultiTenantAuthentication);
AuthenticationResult result = await Client
.AcquireTokenSilentAsync(requestContext.Scopes, requestContext.Claims, Record, tenantId, async, cancellationToken)
.ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException e)
{
inner = e;
}
}
if (DisableAutomaticAuthentication)
{
throw new AuthenticationRequiredException(AuthenticationRequiredMessage, requestContext, inner);
}
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext, async, cancellationToken).ConfigureAwait(false)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(UsernamePasswordCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenImplAsync(async, requestContext, cancellationToken).ConfigureAwait(false));
return(_record);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientSecretCredential.GetToken", requestContext);
try
{
AuthenticationResult result = _client.AcquireTokenForClientAsync(requestContext.Scopes, false, cancellationToken).EnsureCompleted();
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientSecretCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client.AcquireTokenForClientAsync(requestContext.Scopes, true, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext);
try
{
AccessToken token = await RequestCliAccessTokenAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = Pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext, async, cancellationToken).ConfigureAwait(false));
return(Record);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(DeviceCodeCredential)}.{nameof(Authenticate)}", requestContext);
try
{
AccessToken token = await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false);
scope.Succeeded(token);
return(_record);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
public async override ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = Client.Pipeline.StartGetTokenScope("ClientAssertionCredential.GetToken", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(TenantId, requestContext);
AuthenticationResult result = await Client.AcquireTokenForClientAsync(requestContext.Scopes, tenantId, true, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = Client.Pipeline.StartGetTokenScope("ClientAssertionCredential.GetToken", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(TenantId, requestContext, AllowMultiTenantAuthentication);
AuthenticationResult result = Client.AcquireTokenForClientAsync(requestContext.Scopes, tenantId, false, cancellationToken).EnsureCompleted();
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, async, cancellationToken)
.ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientSecretCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(await _client.AuthenticateAsync(TenantId, ClientId, ClientSecret, requestContext.Scopes, cancellationToken).ConfigureAwait(false)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified X509 certificate to authenticate.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientCertificateCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(_client.Authenticate(TenantId, ClientId, ClientCertificate, requestContext.Scopes, cancellationToken)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = await _client.AuthenticateAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
if (_logAccountDetails)
{
var accountDetails = TokenHelper.ParseAccountInfoFromToken(result.Token);
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(accountDetails.ClientId ?? _clientId, accountDetails.TenantId, accountDetails.Upn, accountDetails.ObjectId);
}
return(scope.Succeeded(result));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e, Troubleshooting);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext);
try
{
AccessToken token = async ? await _client.RequestCliAccessTokenAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.RequestCliAccessToken(requestContext.Scopes, cancellationToken);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.Failed(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = await GetAccountAsync(async, cancellationToken).ConfigureAwait(false);
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.FailWrapAndThrow(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = async ? await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.Authenticate(requestContext.Scopes, cancellationToken);
return(scope.Succeeded(result));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async Task <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("UsernamePasswordCredential.GetToken", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(_tenantId, requestContext, _allowMultiTenantAuthentication);
AuthenticationResult result = await _client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, requestContext.Claims, _username, _password, tenantId, async, cancellationToken)
.ConfigureAwait(false);
_record = new AuthenticationRecord(result, _clientId);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", requestContext);
if (Credential is null)
{
throw scope.FailWrapAndThrow(new CredentialUnavailableException(UnavailableErrorMessage));
}
try
{
AccessToken token = async
? await Credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false)
: Credential.GetToken(requestContext, cancellationToken);
return(scope.Succeeded(token));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCredential.GetToken", requestContext);
try
{
if (string.Equals(_tenantId, Constants.AdfsTenantId, StringComparison.Ordinal))
{
throw new CredentialUnavailableException("VisualStudioCredential authentication unavailable. ADFS tenant/authorities are not supported.");
}
var tokenProviderPath = GetTokenProviderPath();
var tokenProviders = GetTokenProviders(tokenProviderPath);
var resource = ScopeUtilities.ScopesToResource(requestContext.Scopes);
var processStartInfos = GetProcessStartInfos(tokenProviders, resource, requestContext, cancellationToken);
if (processStartInfos.Count == 0)
{
throw new CredentialUnavailableException("No installed instance of Visual Studio was found");
}
var accessToken = await RunProcessesAsync(processStartInfos, async, cancellationToken).ConfigureAwait(false);
if (_logAccountDetails)
{
var accountDetails = TokenHelper.ParseAccountInfoFromToken(accessToken.Token);
AzureIdentityEventSource.Singleton.AuthenticatedAccountDetails(accountDetails.ClientId, accountDetails.TenantId ?? _tenantId, accountDetails.Upn, accountDetails.ObjectId);
}
return(scope.Succeeded(accessToken));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
List <Exception> exceptions = new List <Exception>();
int i;
for (i = 0; i < _sources.Length && _sources[i] != null; i++)
{
ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken);
if (exToken.Exception is null)
{
return(scope.Succeeded(exToken.AccessToken));
}
if (exToken.Exception is CredentialUnavailableException)
{
exceptions.Add(exToken.Exception);
}
else
{
throw scope.Failed(new AuthenticationFailedException(UnhandledExceptionMessage, exToken.Exception));
}
}
StringBuilder errorMsg = new StringBuilder(DefaultExceptionMessage);
foreach (Exception ex in exceptions)
{
errorMsg.Append(Environment.NewLine).Append(ex.Message);
}
throw scope.Failed(new CredentialUnavailableException(errorMsg.ToString()));
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
try
{
AccessToken token;
if (_credential != null)
{
token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken);
}
else
{
token = await GetTokenFromSourcesAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
}
return(scope.Succeeded(token));
}
catch (Exception e) when(!(e is CredentialUnavailableException))
{
throw scope.FailWrapAndThrow(new AuthenticationFailedException(UnhandledExceptionMessage, e));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
AccessToken token = default;
if (_record is null)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
_record = new AuthenticationRecord(result);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
else
{
AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
