Skip to content

Commit 081988c

Browse files
authored
Merge branch 'main' into bogavril/sjt
2 parents 181e87b + c761075 commit 081988c

File tree

14 files changed

+168
-25
lines changed

14 files changed

+168
-25
lines changed

build/template-python-config.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
# Installs and updates PIP and ensures MSAL.Python PIP is properly installed on build machine.
33

44
steps:
5-
- task: stevedower.python.PythonScript.PythonScript@1
5+
- task: stevedower.python.PythonScript.PythonScript@0
66
displayName: 'Update PIP'
77
condition: and(succeeded(), eq(variables['RunTests'], 'true'))
88
inputs:
99
arguments: '-m pip install --upgrade pip'
1010

11-
- task: stevedower.python.PythonScript.PythonScript@1
11+
- task: stevedower.python.PythonScript.PythonScript@0
1212
displayName: 'Install MSAL.Python PIP'
1313
condition: and(succeeded(), eq(variables['RunTests'], 'true'))
1414
inputs:

src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,8 @@ protected override void Validate()
135135
{
136136
string authorityUri = ServiceBundle.Config.Authority.AuthorityInfo.CanonicalAuthority.AbsoluteUri;
137137

138-
if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType != AuthorityType.Aad)
138+
if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType != AuthorityType.Aad &&
139+
ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType != AuthorityType.Dsts)
139140
{
140141
throw new MsalClientException(
141142
MsalError.InvalidAuthorityType,
@@ -149,7 +150,9 @@ protected override void Validate()
149150
MsalErrorMessage.MtlsNonTenantedAuthorityNotAllowedMessage);
150151
}
151152

152-
if (string.IsNullOrEmpty(ServiceBundle.Config.AzureRegion))
153+
// Check for Azure region only if the authority is AAD
154+
if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType == AuthorityType.Aad &&
155+
string.IsNullOrEmpty(ServiceBundle.Config.AzureRegion))
153156
{
154157
throw new MsalClientException(
155158
MsalError.MtlsPopWithoutRegion,

src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs

Lines changed: 40 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,11 @@
1212
using System.Net;
1313
using Microsoft.Identity.Client.ApiConfig.Parameters;
1414
using System.Text;
15+
#if SUPPORTS_SYSTEM_TEXT_JSON
16+
using System.Text.Json;
17+
#else
18+
using Microsoft.Identity.Json;
19+
#endif
1520

1621
namespace Microsoft.Identity.Client.ManagedIdentity
1722
{
@@ -29,7 +34,7 @@ protected AbstractManagedIdentity(RequestContext requestContext, ManagedIdentity
2934
}
3035

3136
public virtual async Task<ManagedIdentityResponse> AuthenticateAsync(
32-
AcquireTokenForManagedIdentityParameters parameters,
37+
AcquireTokenForManagedIdentityParameters parameters,
3338
CancellationToken cancellationToken)
3439
{
3540
if (cancellationToken.IsCancellationRequested)
@@ -107,7 +112,7 @@ protected virtual Task<ManagedIdentityResponse> HandleResponseAsync(
107112
}
108113

109114
string message = GetMessageFromErrorResponse(response);
110-
115+
111116
_requestContext.Logger.Error($"[Managed Identity] request failed, HttpStatusCode: {response.StatusCode} Error message: {message}");
112117

113118
MsalException exception = MsalServiceExceptionFactory.CreateManagedIdentityException(
@@ -124,20 +129,39 @@ protected virtual Task<ManagedIdentityResponse> HandleResponseAsync(
124129

125130
protected ManagedIdentityResponse GetSuccessfulResponse(HttpResponse response)
126131
{
127-
ManagedIdentityResponse managedIdentityResponse = JsonHelper.DeserializeFromJson<ManagedIdentityResponse>(response.Body);
132+
ManagedIdentityResponse managedIdentityResponse;
133+
try
134+
{
135+
managedIdentityResponse = JsonHelper.DeserializeFromJson<ManagedIdentityResponse>(response.Body);
136+
}
137+
catch (JsonException ex)
138+
{
139+
_requestContext.Logger.Error("[Managed Identity] MSI json response failed to parse. " + ex);
128140

129-
if (managedIdentityResponse == null || managedIdentityResponse.AccessToken.IsNullOrEmpty() || managedIdentityResponse.ExpiresOn.IsNullOrEmpty())
141+
var exception = MsalServiceExceptionFactory.CreateManagedIdentityException(
142+
MsalError.ManagedIdentityResponseParseFailure,
143+
MsalErrorMessage.ManagedIdentityJsonParseFailure,
144+
ex,
145+
_sourceType,
146+
(int)HttpStatusCode.OK);
147+
148+
throw exception;
149+
}
150+
151+
if (managedIdentityResponse == null ||
152+
managedIdentityResponse.AccessToken.IsNullOrEmpty() ||
153+
managedIdentityResponse.ExpiresOn.IsNullOrEmpty())
130154
{
131155
_requestContext.Logger.Error("[Managed Identity] Response is either null or insufficient for authentication.");
132156

133157
var exception = MsalServiceExceptionFactory.CreateManagedIdentityException(
134158
MsalError.ManagedIdentityRequestFailed,
135159
MsalErrorMessage.ManagedIdentityInvalidResponse,
136-
null,
137-
_sourceType,
138-
null);
160+
null,
161+
_sourceType,
162+
(int)HttpStatusCode.OK);
139163

140-
throw exception;
164+
throw exception;
141165
}
142166

143167
return managedIdentityResponse;
@@ -158,7 +182,7 @@ internal string GetMessageFromErrorResponse(HttpResponse response)
158182
catch
159183
{
160184
return TryGetMessageFromNestedErrorResponse(response.Body);
161-
}
185+
}
162186
}
163187

164188
private string ExtractErrorMessageFromManagedIdentityErrorResponse(ManagedIdentityErrorResponse managedIdentityErrorResponse)
@@ -218,7 +242,8 @@ private string TryGetMessageFromNestedErrorResponse(string response)
218242
{
219243
return errorMessage.ToString();
220244
}
221-
} catch
245+
}
246+
catch
222247
{
223248
// Ignore any exceptions that occur during parsing and send the error message.
224249
}
@@ -227,8 +252,8 @@ private string TryGetMessageFromNestedErrorResponse(string response)
227252
return $"{MsalErrorMessage.ManagedIdentityUnexpectedErrorResponse}. Error response received from the server: {response}.";
228253
}
229254

230-
private void HandleException(Exception ex,
231-
ManagedIdentitySource managedIdentitySource = ManagedIdentitySource.None,
255+
private void HandleException(Exception ex,
256+
ManagedIdentitySource managedIdentitySource = ManagedIdentitySource.None,
232257
string additionalInfo = null)
233258
{
234259
ManagedIdentitySource source = managedIdentitySource != ManagedIdentitySource.None ? managedIdentitySource : _sourceType;
@@ -254,9 +279,9 @@ private void HandleException(Exception ex,
254279
}
255280
}
256281

257-
private static void CreateAndThrowException(string errorCode,
258-
string errorMessage,
259-
Exception innerException,
282+
private static void CreateAndThrowException(string errorCode,
283+
string errorMessage,
284+
Exception innerException,
260285
ManagedIdentitySource source)
261286
{
262287
MsalException exception = MsalServiceExceptionFactory.CreateManagedIdentityException(

src/client/Microsoft.Identity.Client/MsalError.cs

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1110,6 +1110,11 @@ public static class MsalError
11101110
/// </summary>
11111111
public const string ManagedIdentityRequestFailed = "managed_identity_request_failed";
11121112

1113+
/// <summary>
1114+
/// Managed Identity error response was received.
1115+
/// </summary>
1116+
public const string ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure";
1117+
11131118
/// <summary>
11141119
/// Managed Identity endpoint is not reachable.
11151120
/// </summary>

src/client/Microsoft.Identity.Client/MsalErrorMessage.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -414,6 +414,7 @@ public static string InvalidTokenProviderResponseValue(string invalidValueName)
414414

415415
public const string ManagedIdentityNoResponseReceived = "[Managed Identity] Authentication unavailable. No response received from the managed identity endpoint.";
416416
public const string ManagedIdentityInvalidResponse = "[Managed Identity] Invalid response, the authentication response received did not contain the expected fields.";
417+
public const string ManagedIdentityJsonParseFailure = "[Managed Identity] MSI returned 200 OK, but the response could not be parsed.";
417418
public const string ManagedIdentityUnexpectedResponse = "[Managed Identity] Unexpected exception occurred when parsing the response. See the inner exception for details.";
418419
public const string ManagedIdentityExactlyOneScopeExpected = "[Managed Identity] To acquire token for managed identity, exactly one scope must be passed.";
419420
public const string ManagedIdentityUnexpectedErrorResponse = "[Managed Identity] The error response was either empty or could not be parsed.";

src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
const Microsoft.Identity.Client.MsalError.ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure" -> string
12
Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<T>.WithSignedHttpRequestProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration) -> T
23
Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithMtlsProofOfPossession() -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
34
const Microsoft.Identity.Client.MsalError.MissingTenantedAuthority = "missing_tenanted_authority" -> string

src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
const Microsoft.Identity.Client.MsalError.ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure" -> string
12
Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<T>.WithSignedHttpRequestProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration) -> T
23
Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithMtlsProofOfPossession() -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
34
const Microsoft.Identity.Client.MsalError.MissingTenantedAuthority = "missing_tenanted_authority" -> string

src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
const Microsoft.Identity.Client.MsalError.ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure" -> string
12
Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<T>.WithSignedHttpRequestProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration) -> T
23
Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithMtlsProofOfPossession() -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
34
const Microsoft.Identity.Client.MsalError.MissingTenantedAuthority = "missing_tenanted_authority" -> string

src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
const Microsoft.Identity.Client.MsalError.ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure" -> string
12
Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<T>.WithSignedHttpRequestProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration) -> T
23
Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithMtlsProofOfPossession() -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
34
const Microsoft.Identity.Client.MsalError.MissingTenantedAuthority = "missing_tenanted_authority" -> string

src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
const Microsoft.Identity.Client.MsalError.ManagedIdentityResponseParseFailure = "managed_identity_response_parse_failure" -> string
12
Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<T>.WithSignedHttpRequestProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration) -> T
23
Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithMtlsProofOfPossession() -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
34
const Microsoft.Identity.Client.MsalError.MissingTenantedAuthority = "missing_tenanted_authority" -> string

0 commit comments

Comments
 (0)