From 7e29a8b4e5e5c26943c5972611372bf73c5c202c Mon Sep 17 00:00:00 2001 From: trwalke Date: Tue, 20 May 2025 21:58:58 -0700 Subject: [PATCH 01/12] Adding WithServiceFabricFmi() --- .../AppConfig/ApplicationConfiguration.cs | 1 + .../ManagedIdentityApplicationBuilder.cs | 12 ++++++++ .../ManagedIdentity/EnvironmentVariables.cs | 1 + .../ServiceFabricManagedIdentitySource.cs | 29 ++++++++++++++++++- .../PublicApi/net462/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 + .../net8.0-android/PublicAPI.Unshipped.txt | 1 + .../net8.0-ios/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 + .../netstandard2.0/PublicAPI.Unshipped.txt | 1 + .../Core/Helpers/ManagedIdentityTestUtil.cs | 3 +- .../ServiceFabricTests.cs | 23 +++++++++++++++ 12 files changed, 73 insertions(+), 2 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs b/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs index 2c9fe7e587..4dbf18291c 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs @@ -123,6 +123,7 @@ public string ClientVersion public string CertificateIdToAssociateWithToken { get; set; } public Func> AppTokenProvider; + public bool IsFmiServiceFabric { get; set; } #region ClientCredentials diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs index 434d2764ce..373e6561a2 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs @@ -102,6 +102,18 @@ public ManagedIdentityApplicationBuilder WithClientCapabilities(IEnumerable + /// Configures the application to use the FMI service fabric managed identity endpoint. + /// + /// + /// This is used only for Service Fabric applications that are using the FMI managed identity endpoint. + /// + public ManagedIdentityApplicationBuilder WithServiceFabricFmi() + { + Config.IsFmiServiceFabric = true; + return this; + } + /// /// Builds an instance of /// from the parameters set in the . diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs index aed4821dae..de91db8c79 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs @@ -8,6 +8,7 @@ namespace Microsoft.Identity.Client.ManagedIdentity internal class EnvironmentVariables { public static string IdentityEndpoint => Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT"); + public static string FmiServiceFabricEndpoint => Environment.GetEnvironmentVariable("APP_IDENTITY_ENDPOINT"); public static string IdentityHeader => Environment.GetEnvironmentVariable("IDENTITY_HEADER"); public static string PodIdentityEndpoint => Environment.GetEnvironmentVariable("AZURE_POD_IDENTITY_AUTHORITY_HOST"); public static string ImdsEndpoint => Environment.GetEnvironmentVariable("IMDS_ENDPOINT"); diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs index a35ce1b1bf..eb621f9cdb 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs @@ -21,11 +21,33 @@ internal class ServiceFabricManagedIdentitySource : AbstractManagedIdentity public static AbstractManagedIdentity Create(RequestContext requestContext) { + Uri endpointUri; string identityEndpoint = EnvironmentVariables.IdentityEndpoint; requestContext.Logger.Info(() => "[Managed Identity] Service fabric managed identity is available."); - if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out Uri endpointUri)) + if (requestContext.ServiceBundle.Config.IsFmiServiceFabric) + { + identityEndpoint = EnvironmentVariables.FmiServiceFabricEndpoint; + requestContext.Logger.Info(() => "[Managed Identity] Using FMI Service fabric endpoint."); + + if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) + { + string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, + "APP_IDENTITY_ENDPOINT", identityEndpoint, "FMI Service Fabric"); + + // Use the factory to create and throw the exception + var exception = MsalServiceExceptionFactory.CreateManagedIdentityException( + MsalError.InvalidManagedIdentityEndpoint, + errorMessage, + null, + ManagedIdentitySource.ServiceFabric, + null); + + throw exception; + } + } + else if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) { string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, "IDENTITY_ENDPOINT", identityEndpoint, "Service Fabric"); @@ -103,5 +125,10 @@ protected override ManagedIdentityRequest CreateRequest(string resource) return request; } + + internal string GetEndpointForTesting() + { + return _endpoint.ToString(); + } } } diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index e69de29bb2..c8622d27a2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index e69de29bb2..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index e69de29bb2..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index e69de29bb2..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index e69de29bb2..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index e69de29bb2..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -0,0 +1 @@ +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs index c6e0627d0c..53bb9d6ee3 100644 --- a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs +++ b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs @@ -32,7 +32,7 @@ public enum MsiAzureResource ServiceFabric } - public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentitySource, string endpoint, string secret = "secret", string thumbprint = "thumbprint") + public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentitySource, string endpoint, string secret = "secret", string thumbprint = "thumbprint", string fmiEndpoint = "") { switch (managedIdentitySource) { @@ -56,6 +56,7 @@ public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentity case ManagedIdentitySource.ServiceFabric: Environment.SetEnvironmentVariable("IDENTITY_ENDPOINT", endpoint); + Environment.SetEnvironmentVariable("APP_IDENTITY_ENDPOINT", fmiEndpoint); Environment.SetEnvironmentVariable("IDENTITY_HEADER", secret); Environment.SetEnvironmentVariable("IDENTITY_SERVER_THUMBPRINT", thumbprint); break; diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs index 8dc79d1e99..e2fb36207a 100644 --- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs @@ -91,6 +91,29 @@ public void ValidateServerCertificateCallback_ServerCertificateValidationCallbac } } + [TestMethod] + public void ValidateThatFmiEndpointIsUsed() + { + using (new EnvVariableContext()) + using (var httpManager = new MockHttpManager()) + { + SetEnvironmentVariables(ManagedIdentitySource.ServiceFabric, "http://localhost:40342/metadata/identity/oauth2/token", fmiEndpoint: "http://localhost:40343/metadata/identity/oauth2/token"); + + var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) + .WithServiceFabricFmi() + .WithHttpManager(httpManager); + + var mi = miBuilder.BuildConcrete(); + + RequestContext requestContext = new RequestContext(mi.ServiceBundle, Guid.NewGuid(), null); + + ServiceFabricManagedIdentitySource sf = ServiceFabricManagedIdentitySource.Create(requestContext) as ServiceFabricManagedIdentitySource; + + Assert.IsInstanceOfType(sf, typeof(ServiceFabricManagedIdentitySource)); + Assert.AreEqual("http://localhost:40343/metadata/identity/oauth2/token", sf.GetEndpointForTesting()); + } + } + [TestMethod] public async Task SFThrowsWhenGetHttpClientWithValidationIsNotImplementedAsync() { From 44e34c5773ae59693defa57ee6bd7d8c896b0fad Mon Sep 17 00:00:00 2001 From: trwalke Date: Wed, 21 May 2025 23:04:31 -0700 Subject: [PATCH 02/12] Moving OnBeforeTokenRequestHandler up one level --- ...nfidentialClientAcquireTokenParameterBuilderExtension.cs | 6 +++--- .../PublicApi/net462/PublicAPI.Unshipped.txt | 3 ++- .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net8.0-android/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net8.0-ios/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 + .../PublicApi/netstandard2.0/PublicAPI.Unshipped.txt | 1 + 7 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs b/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs index edf7ac6737..8617173185 100644 --- a/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs +++ b/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs @@ -23,10 +23,10 @@ public static class AbstractConfidentialClientAcquireTokenParameterBuilderExtens /// The builder to chain options to /// An async delegate which gets invoked just before MSAL makes a token request /// The builder to chain other options to. - public static AbstractAcquireTokenParameterBuilder OnBeforeTokenRequest( - this AbstractAcquireTokenParameterBuilder builder, + public static BaseAbstractAcquireTokenParameterBuilder OnBeforeTokenRequest( + this BaseAbstractAcquireTokenParameterBuilder builder, Func onBeforeTokenRequestHandler) - where T : AbstractAcquireTokenParameterBuilder + where T : BaseAbstractAcquireTokenParameterBuilder { if (builder.CommonParameters.OnBeforeTokenRequestHandler != null && onBeforeTokenRequestHandler != null) { diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index c8622d27a2..272eceb482 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder \ No newline at end of file +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index 8043436281..cf1fcd47ea 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index 8043436281..cf1fcd47ea 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index 8043436281..cf1fcd47ea 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index 8043436281..cf1fcd47ea 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index 8043436281..cf1fcd47ea 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder From d1c9a99a68cf301908f2c9c6cc9581a154be52b4 Mon Sep 17 00:00:00 2001 From: trwalke Date: Wed, 21 May 2025 23:36:57 -0700 Subject: [PATCH 03/12] updating api --- .../PublicApi/net462/PublicAPI.Shipped.txt | 1 - .../PublicApi/net472/PublicAPI.Shipped.txt | 1 - .../PublicApi/net8.0-android/PublicAPI.Shipped.txt | 1 - .../PublicApi/net8.0-ios/PublicAPI.Shipped.txt | 1 - .../PublicApi/net8.0/PublicAPI.Shipped.txt | 1 - .../PublicApi/netstandard2.0/PublicAPI.Shipped.txt | 1 - 6 files changed, 6 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt index d919a7414a..15f7712214 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt @@ -955,7 +955,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt index d919a7414a..15f7712214 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt @@ -955,7 +955,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt index 274fe4d1a5..34059b6ead 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt @@ -928,7 +928,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt index 5dbad7ab4f..12d5cd067e 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt @@ -930,7 +930,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt index 6325496253..a7881e5368 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt @@ -921,7 +921,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt index 0447ee85ce..bd42e700ab 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt @@ -921,7 +921,6 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder From 615e5d4893324dd128727fff8b894502746e78bb Mon Sep 17 00:00:00 2001 From: trwalke Date: Wed, 21 May 2025 23:54:56 -0700 Subject: [PATCH 04/12] Updating expiremental features --- .../AppConfig/ManagedIdentityApplicationBuilder.cs | 1 + .../ManagedIdentityTests/ServiceFabricTests.cs | 1 + 2 files changed, 2 insertions(+) diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs index 373e6561a2..59515d81c9 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs @@ -111,6 +111,7 @@ public ManagedIdentityApplicationBuilder WithClientCapabilities(IEnumerable Date: Fri, 30 May 2025 02:15:07 -0700 Subject: [PATCH 05/12] Adding more logic to MSAL for FMI Credential --- .../ManagedIdentity/EnvironmentVariables.cs | 1 + .../ManagedIdentity/ManagedIdentityClient.cs | 5 + .../ManagedIdentity/ManagedIdentitySource.cs | 7 +- ...iceFabricFederatedManagedIdentitySource.cs | 122 ++++++++++++++++++ .../MsalErrorMessage.cs | 1 + .../PublicApi/net462/PublicAPI.Unshipped.txt | 1 + 6 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs index de91db8c79..108814e95f 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/EnvironmentVariables.cs @@ -9,6 +9,7 @@ internal class EnvironmentVariables { public static string IdentityEndpoint => Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT"); public static string FmiServiceFabricEndpoint => Environment.GetEnvironmentVariable("APP_IDENTITY_ENDPOINT"); + public static string FmiServiceFabricApiVersion => Environment.GetEnvironmentVariable("IDENTITY_API_VERSION"); public static string IdentityHeader => Environment.GetEnvironmentVariable("IDENTITY_HEADER"); public static string PodIdentityEndpoint => Environment.GetEnvironmentVariable("AZURE_POD_IDENTITY_AUTHORITY_HOST"); public static string ImdsEndpoint => Environment.GetEnvironmentVariable("IMDS_ENDPOINT"); diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs index 80a45bb0da..a2824c2321 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs @@ -37,6 +37,11 @@ internal Task SendTokenRequestForManagedIdentityAsync(A // This method tries to create managed identity source for different sources, if none is created then defaults to IMDS. private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContext requestContext) { + if (requestContext.ServiceBundle.Config.IsFmiServiceFabric) + { + return ServiceFabricManagedIdentitySource.Create(requestContext); + } + return GetManagedIdentitySource(requestContext.Logger) switch { ManagedIdentitySource.ServiceFabric => ServiceFabricManagedIdentitySource.Create(requestContext), diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs index 69e3471bdf..a1c4765200 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs @@ -53,6 +53,11 @@ public enum ManagedIdentitySource /// /// The source to acquire token for managed identity is Machine Learning Service. /// - MachineLearning + MachineLearning, + + /// + /// The source to acquire token for managed identity is Service Fabric Federated. + /// + ServiceFabricFederated } } diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs new file mode 100644 index 0000000000..cee4beff63 --- /dev/null +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs @@ -0,0 +1,122 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using System.Globalization; +using System.Net.Http; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; +using Microsoft.Identity.Client.Core; +using Microsoft.Identity.Client.Internal; + +namespace Microsoft.Identity.Client.ManagedIdentity +{ + internal class ServiceFabricFederatedManagedIdentitySource : AbstractManagedIdentity + { + private string _serviceFabricMsiApiVersion = EnvironmentVariables.FmiServiceFabricApiVersion; + private readonly Uri _endpoint; + private readonly string _identityHeaderValue; + private static string _mitsEndpointFmiPath => "/metadata/identity/oauth2/fmi/credential"; + + internal static Lazy _httpClientLazy; + + public static AbstractManagedIdentity Create(RequestContext requestContext) + { + VerifyEnvVariablesAreAvailable(); + + Uri endpointUri; + string identityEndpoint = EnvironmentVariables.IdentityEndpoint; + + requestContext.Logger.Info(() => "[Managed Identity] Service fabric federated managed identity is available."); + identityEndpoint = EnvironmentVariables.FmiServiceFabricEndpoint; + requestContext.Logger.Info(() => "[Managed Identity] Using FMI Service fabric endpoint."); + + if (!Uri.TryCreate(identityEndpoint + _mitsEndpointFmiPath, UriKind.Absolute, out endpointUri)) + { + string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, + "APP_IDENTITY_ENDPOINT", identityEndpoint, "FMI Service Fabric"); + + // Use the factory to create and throw the exception + var exception = MsalServiceExceptionFactory.CreateManagedIdentityException( + MsalError.InvalidManagedIdentityEndpoint, + errorMessage, + null, + ManagedIdentitySource.ServiceFabricFederated, + null); + + throw exception; + } + + requestContext.Logger.Verbose(() => "[Managed Identity] Creating Service Fabric federated managed identity. Endpoint URI: " + identityEndpoint); + + return new ServiceFabricFederatedManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader); + } + + private static void VerifyEnvVariablesAreAvailable() + { + if (string.IsNullOrEmpty(EnvironmentVariables.IdentityServerThumbprint)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_SERVER_THUMBPRINT")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricEndpoint)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "APP_IDENTITY_ENDPOINT")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.IdentityHeader)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_HEADER")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricApiVersion)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_API_VERSION")); + } + } + + internal override Func GetValidationCallback() + { + return ValidateServerCertificateCallback; + } + + private bool ValidateServerCertificateCallback(HttpRequestMessage message, X509Certificate2 certificate, + X509Chain chain, SslPolicyErrors sslPolicyErrors) + { + if (sslPolicyErrors == SslPolicyErrors.None) + { + return true; + } + + return string.Equals(certificate.GetCertHashString(), EnvironmentVariables.IdentityServerThumbprint, StringComparison.OrdinalIgnoreCase); + } + + private ServiceFabricFederatedManagedIdentitySource(RequestContext requestContext, Uri endpoint, string identityHeaderValue) : + base(requestContext, ManagedIdentitySource.ServiceFabric) + { + _endpoint = endpoint; + _identityHeaderValue = identityHeaderValue; + + if (requestContext.ServiceBundle.Config.ManagedIdentityId.IsUserAssigned) + { + requestContext.Logger.Warning(MsalErrorMessage.ManagedIdentityUserAssignedNotConfigurableAtRuntime); + } + } + + protected override ManagedIdentityRequest CreateRequest(string resource) + { + ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint); + + request.Headers["secret"] = _identityHeaderValue; + _requestContext.Logger.Info("[Managed Identity] Request is for FMI, no ids or resource will be added to the request."); + request.QueryParameters["api-version"] = _serviceFabricMsiApiVersion; + return request; + } + + internal string GetEndpointForTesting() + { + return _endpoint.ToString(); + } + } +} diff --git a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs index b1895118aa..30245ff65a 100644 --- a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs +++ b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs @@ -421,6 +421,7 @@ public static string InvalidTokenProviderResponseValue(string invalidValueName) public const string ManagedIdentityUnexpectedErrorResponse = "[Managed Identity] The error response was either empty or could not be parsed."; public const string ManagedIdentityEndpointInvalidUriError = "[Managed Identity] The environment variable {0} contains an invalid Uri {1} in {2} managed identity source."; + public const string ManagedIdentityFmiInvalidEnvVariableError = "[Managed Identity] The environment variable {0} is null or empty in {2} managed identity source."; public const string ManagedIdentityNoChallengeError = "[Managed Identity] Did not receive expected WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint."; public const string ManagedIdentityInvalidChallenge = "[Managed Identity] The WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint did not match the expected format."; public const string ManagedIdentityInvalidFile = "[Managed Identity] The file on the file path in the WWW-Authenticate header is not secure."; diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index 272eceb482..4b4adc7e2e 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1,2 +1,3 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder \ No newline at end of file From 784d438c9a5a9544435e1d0595f203cca4d4e5a1 Mon Sep 17 00:00:00 2001 From: trwalke Date: Fri, 30 May 2025 02:18:09 -0700 Subject: [PATCH 06/12] Revert "Moving OnBeforeTokenRequestHandler up one level" This reverts commit 44e34c5773ae59693defa57ee6bd7d8c896b0fad. --- ...nfidentialClientAcquireTokenParameterBuilderExtension.cs | 6 +++--- .../PublicApi/net462/PublicAPI.Unshipped.txt | 3 +-- .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0-android/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0-ios/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 - .../PublicApi/netstandard2.0/PublicAPI.Unshipped.txt | 1 - 7 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs b/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs index 8617173185..edf7ac6737 100644 --- a/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs +++ b/src/client/Microsoft.Identity.Client/Extensibility/AbstractConfidentialClientAcquireTokenParameterBuilderExtension.cs @@ -23,10 +23,10 @@ public static class AbstractConfidentialClientAcquireTokenParameterBuilderExtens /// The builder to chain options to /// An async delegate which gets invoked just before MSAL makes a token request /// The builder to chain other options to. - public static BaseAbstractAcquireTokenParameterBuilder OnBeforeTokenRequest( - this BaseAbstractAcquireTokenParameterBuilder builder, + public static AbstractAcquireTokenParameterBuilder OnBeforeTokenRequest( + this AbstractAcquireTokenParameterBuilder builder, Func onBeforeTokenRequestHandler) - where T : BaseAbstractAcquireTokenParameterBuilder + where T : AbstractAcquireTokenParameterBuilder { if (builder.CommonParameters.OnBeforeTokenRequestHandler != null && onBeforeTokenRequestHandler != null) { diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index 4b4adc7e2e..23230dc779 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1,3 +1,2 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder \ No newline at end of file +Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index cf1fcd47ea..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index cf1fcd47ea..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index cf1fcd47ea..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index cf1fcd47ea..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index cf1fcd47ea..8043436281 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder -static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder From d60e2365a230d433e56ade5c4abcc31b8bd2ada1 Mon Sep 17 00:00:00 2001 From: trwalke Date: Fri, 30 May 2025 02:18:27 -0700 Subject: [PATCH 07/12] Revert "updating api" This reverts commit d1c9a99a68cf301908f2c9c6cc9581a154be52b4. --- .../PublicApi/net462/PublicAPI.Shipped.txt | 1 + .../PublicApi/net472/PublicAPI.Shipped.txt | 1 + .../PublicApi/net8.0-android/PublicAPI.Shipped.txt | 1 + .../PublicApi/net8.0-ios/PublicAPI.Shipped.txt | 1 + .../PublicApi/net8.0/PublicAPI.Shipped.txt | 1 + .../PublicApi/netstandard2.0/PublicAPI.Shipped.txt | 1 + 6 files changed, 6 insertions(+) diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt index 15f7712214..d919a7414a 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt @@ -955,6 +955,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt index 15f7712214..d919a7414a 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt @@ -955,6 +955,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt index 34059b6ead..274fe4d1a5 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt @@ -928,6 +928,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt index 12d5cd067e..5dbad7ab4f 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt @@ -930,6 +930,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt index a7881e5368..6325496253 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt @@ -921,6 +921,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt index bd42e700ab..0447ee85ce 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt @@ -921,6 +921,7 @@ static Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponse static Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions.get -> Microsoft.Identity.Client.CacheOptions static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(string clientId) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions options) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder +static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Func onBeforeTokenRequestHandler) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, System.Collections.Generic.IEnumerable cacheParameters) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAuthenticationExtension(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, Microsoft.Identity.Client.Extensibility.MsalAuthenticationExtension authenticationExtension) -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder static Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId(this Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder builder, string keyId, string expectedTokenTypeFromAad = "Bearer") -> Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder From 2b3c614f97b3b855a389a3dee2012a071e3b1ffc Mon Sep 17 00:00:00 2001 From: trwalke Date: Thu, 5 Jun 2025 13:05:46 -0700 Subject: [PATCH 08/12] Updating implementation --- .../ManagedIdentity/ManagedIdentityClient.cs | 2 +- ...iceFabricFederatedManagedIdentitySource.cs | 2 +- .../ServiceFabricManagedIdentitySource.cs | 25 +------------ .../MsalErrorMessage.cs | 2 +- .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 + .../net8.0-android/PublicAPI.Unshipped.txt | 1 + .../net8.0-ios/PublicAPI.Unshipped.txt | 1 + .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 + .../netstandard2.0/PublicAPI.Unshipped.txt | 1 + .../Core/Helpers/ManagedIdentityTestUtil.cs | 14 ++++++- .../Core/Mocks/MockHelpers.cs | 9 +++++ .../Core/Mocks/MockHttpManagerExtensions.cs | 37 +++++++++++++++++++ .../ServiceFabricTests.cs | 28 +++++++++++++- 13 files changed, 95 insertions(+), 29 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs index a2824c2321..c673463650 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs @@ -39,7 +39,7 @@ private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContex { if (requestContext.ServiceBundle.Config.IsFmiServiceFabric) { - return ServiceFabricManagedIdentitySource.Create(requestContext); + return ServiceFabricFederatedManagedIdentitySource.Create(requestContext); } return GetManagedIdentitySource(requestContext.Logger) switch diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs index cee4beff63..8921a6e9c7 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs @@ -72,7 +72,7 @@ private static void VerifyEnvVariablesAreAvailable() if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricApiVersion)) { throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, - "IDENTITY_API_VERSION")); + "IDENTITY_API_VERSION", "FMI Service Fabric")); } } diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs index eb621f9cdb..9dc6b09723 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs @@ -25,29 +25,8 @@ public static AbstractManagedIdentity Create(RequestContext requestContext) string identityEndpoint = EnvironmentVariables.IdentityEndpoint; requestContext.Logger.Info(() => "[Managed Identity] Service fabric managed identity is available."); - - if (requestContext.ServiceBundle.Config.IsFmiServiceFabric) - { - identityEndpoint = EnvironmentVariables.FmiServiceFabricEndpoint; - requestContext.Logger.Info(() => "[Managed Identity] Using FMI Service fabric endpoint."); - - if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) - { - string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, - "APP_IDENTITY_ENDPOINT", identityEndpoint, "FMI Service Fabric"); - - // Use the factory to create and throw the exception - var exception = MsalServiceExceptionFactory.CreateManagedIdentityException( - MsalError.InvalidManagedIdentityEndpoint, - errorMessage, - null, - ManagedIdentitySource.ServiceFabric, - null); - - throw exception; - } - } - else if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) + + if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) { string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, "IDENTITY_ENDPOINT", identityEndpoint, "Service Fabric"); diff --git a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs index 30245ff65a..c93f6f5726 100644 --- a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs +++ b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs @@ -421,7 +421,7 @@ public static string InvalidTokenProviderResponseValue(string invalidValueName) public const string ManagedIdentityUnexpectedErrorResponse = "[Managed Identity] The error response was either empty or could not be parsed."; public const string ManagedIdentityEndpointInvalidUriError = "[Managed Identity] The environment variable {0} contains an invalid Uri {1} in {2} managed identity source."; - public const string ManagedIdentityFmiInvalidEnvVariableError = "[Managed Identity] The environment variable {0} is null or empty in {2} managed identity source."; + public const string ManagedIdentityFmiInvalidEnvVariableError = "[Managed Identity] The environment variable {0} is null or empty in {1} managed identity source."; public const string ManagedIdentityNoChallengeError = "[Managed Identity] Did not receive expected WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint."; public const string ManagedIdentityInvalidChallenge = "[Managed Identity] The WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint did not match the expected format."; public const string ManagedIdentityInvalidFile = "[Managed Identity] The file on the file path in the WWW-Authenticate header is not secure."; diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index 8043436281..8eff849917 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index 8043436281..8eff849917 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index 8043436281..8eff849917 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index 8043436281..8eff849917 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index 8043436281..8eff849917 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1 +1,2 @@ +Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs index 53bb9d6ee3..cfbaf954df 100644 --- a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs +++ b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs @@ -32,7 +32,12 @@ public enum MsiAzureResource ServiceFabric } - public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentitySource, string endpoint, string secret = "secret", string thumbprint = "thumbprint", string fmiEndpoint = "") + public static void SetEnvironmentVariables( + ManagedIdentitySource managedIdentitySource, + string endpoint, + string secret = "secret", + string thumbprint = "thumbprint", + string version = "version") { switch (managedIdentitySource) { @@ -56,10 +61,15 @@ public static void SetEnvironmentVariables(ManagedIdentitySource managedIdentity case ManagedIdentitySource.ServiceFabric: Environment.SetEnvironmentVariable("IDENTITY_ENDPOINT", endpoint); - Environment.SetEnvironmentVariable("APP_IDENTITY_ENDPOINT", fmiEndpoint); Environment.SetEnvironmentVariable("IDENTITY_HEADER", secret); Environment.SetEnvironmentVariable("IDENTITY_SERVER_THUMBPRINT", thumbprint); break; + case ManagedIdentitySource.ServiceFabricFederated: + Environment.SetEnvironmentVariable("APP_IDENTITY_ENDPOINT", endpoint); + Environment.SetEnvironmentVariable("IDENTITY_HEADER", secret); + Environment.SetEnvironmentVariable("IDENTITY_SERVER_THUMBPRINT", thumbprint); + Environment.SetEnvironmentVariable("IDENTITY_API_VERSION", version); + break; case ManagedIdentitySource.MachineLearning: Environment.SetEnvironmentVariable("MSI_ENDPOINT", endpoint); Environment.SetEnvironmentVariable("MSI_SECRET", secret); diff --git a/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHelpers.cs b/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHelpers.cs index 91e5c3d268..84cd0a1bd8 100644 --- a/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHelpers.cs +++ b/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHelpers.cs @@ -170,6 +170,15 @@ public static string GetMsiImdsErrorResponse() "\"correlation_id\":\"77145480-bc5a-4ebe-ae4d-e4a8b7d727cf\",\"error_uri\":\"https://westus2.login.microsoft.com/error?code=500011\"}"; } + public static HttpResponseMessage CreateSuccessTokenResponseMessageForMits( + string accessToken = "some-access-token", + string expiresOn = "1744887386") + { + var stringContent = $"{{\"token_type\":\"Bearer\",\"access_token\":\"{accessToken}\",\"expires_on\":{expiresOn},\"resource\":\"api://AzureFMITokenExchange/.default\"}}"; + + return CreateSuccessResponseMessage(stringContent); + } + public static string CreateClientInfo(string uid = TestConstants.Uid, string utid = TestConstants.Utid) { return Base64UrlHelpers.Encode("{\"uid\":\"" + uid + "\",\"utid\":\"" + utid + "\"}"); diff --git a/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpManagerExtensions.cs b/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpManagerExtensions.cs index 5a04bedf5b..d8152d244e 100644 --- a/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpManagerExtensions.cs +++ b/tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpManagerExtensions.cs @@ -486,6 +486,43 @@ public static void AddManagedIdentityWSTrustMockHandler( }); } + public static void CreateFmiCredentialForMitsHandler( + this MockHttpManager httpManager, + string secret = "secret", + string version = "version", + string requestUri = "SomeUri", + string accessToken = "header.payload.signature", + bool expiredResponse = false + ) + { + string expiresOn; + DateTimeOffset dto = DateTimeOffset.UtcNow; + + if (expiredResponse) + { + long unixTimeSeconds = dto.ToUnixTimeSeconds() - 3600; + expiresOn = unixTimeSeconds.ToString(); + } + else + { + long unixTimeSeconds = dto.ToUnixTimeSeconds() + 3600; + expiresOn = unixTimeSeconds.ToString(); + } + + var handler = new MockHttpMessageHandler() + { + ExpectedUrl = requestUri, + ExpectedMethod = HttpMethod.Get, + ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessageForMits(accessToken: accessToken, expiresOn: expiresOn), + ExpectedRequestHeaders = new Dictionary + { + { "Secret", secret }, + }, + }; + + httpManager.AddMockHandler(handler); + } + public static void AddRegionDiscoveryMockHandlerNotFound( this MockHttpManager httpManager) { diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs index c2b0a0f7f2..77e18c92aa 100644 --- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs @@ -97,7 +97,7 @@ public void ValidateThatFmiEndpointIsUsed() using (new EnvVariableContext()) using (var httpManager = new MockHttpManager()) { - SetEnvironmentVariables(ManagedIdentitySource.ServiceFabric, "http://localhost:40342/metadata/identity/oauth2/token", fmiEndpoint: "http://localhost:40343/metadata/identity/oauth2/token"); + SetEnvironmentVariables(ManagedIdentitySource.ServiceFabricFederated, "http://localhost:40342/metadata/identity/oauth2/token"); var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) .WithExperimentalFeatures() @@ -115,6 +115,32 @@ public void ValidateThatFmiEndpointIsUsed() } } + [TestMethod] + public async Task ValidateThatFmiCredentialCanBeAcquiredFromMits() + { + using (new EnvVariableContext()) + using (var httpManager = new MockHttpManager()) + { + SetEnvironmentVariables(managedIdentitySource: ManagedIdentitySource.ServiceFabricFederated, + endpoint: "http://localhost:40343"); + + httpManager.CreateFmiCredentialForMitsHandler(requestUri: "http://localhost:40343/metadata/identity/oauth2/fmi/credential"); + + var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) + .WithExperimentalFeatures() + .WithServiceFabricFmi() + .WithHttpManager(httpManager); + + var mi = miBuilder.BuildConcrete(); + + var result = await mi.AcquireTokenForManagedIdentity(TestConstants.MsiResource) + .ExecuteAsync() + .ConfigureAwait(false); + + Assert.IsNotNull(result); + } + } + [TestMethod] public async Task SFThrowsWhenGetHttpClientWithValidationIsNotImplementedAsync() { From d14ee0c97425c0591a5f6db35f8d7b21145af41e Mon Sep 17 00:00:00 2001 From: trwalke Date: Thu, 5 Jun 2025 13:22:59 -0700 Subject: [PATCH 09/12] Updating api for FMI Mits --- ...cquireTokenForManagedIdentityParameterBuilder.cs | 6 ++++++ .../AcquireTokenForManagedIdentityParameters.cs | 2 ++ .../AppConfig/ApplicationConfiguration.cs | 1 - .../AppConfig/ManagedIdentityApplicationBuilder.cs | 13 ------------- .../Internal/Requests/ManagedIdentityAuthRequest.cs | 2 +- .../ManagedIdentity/ManagedIdentityClient.cs | 8 ++++---- .../PublicApi/net462/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 - .../net8.0-android/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0-ios/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 - .../netstandard2.0/PublicAPI.Unshipped.txt | 1 - .../ManagedIdentityTests/ServiceFabricTests.cs | 8 +++----- 13 files changed, 16 insertions(+), 30 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs index 7cbf69f999..0bf77e207a 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs @@ -42,6 +42,12 @@ private AcquireTokenForManagedIdentityParameterBuilder WithResource(string resou { Parameters.Resource = ScopeHelper.RemoveDefaultSuffixIfPresent(resource); CommonParameters.Scopes = new string[] { Parameters.Resource }; + + if (resource.Equals("api://AzureFMITokenExchange/.default")) + { + Parameters.IsFmiServiceFabric = true; + } + return this; } diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs index 7c471fea59..b2ace0bd8e 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs @@ -16,6 +16,8 @@ internal class AcquireTokenForManagedIdentityParameters : IAcquireTokenParameter public string Resource { get; set; } + public bool IsFmiServiceFabric { get; set; } + public void LogParameters(ILoggerAdapter logger) { if (logger.IsLoggingEnabled(LogLevel.Info)) diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs b/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs index 4dbf18291c..2c9fe7e587 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ApplicationConfiguration.cs @@ -123,7 +123,6 @@ public string ClientVersion public string CertificateIdToAssociateWithToken { get; set; } public Func> AppTokenProvider; - public bool IsFmiServiceFabric { get; set; } #region ClientCredentials diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs index 59515d81c9..434d2764ce 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/ManagedIdentityApplicationBuilder.cs @@ -102,19 +102,6 @@ public ManagedIdentityApplicationBuilder WithClientCapabilities(IEnumerable - /// Configures the application to use the FMI service fabric managed identity endpoint. - /// - /// - /// This is used only for Service Fabric applications that are using the FMI managed identity endpoint. - /// - public ManagedIdentityApplicationBuilder WithServiceFabricFmi() - { - Config.IsFmiServiceFabric = true; - ValidateUseOfExperimentalFeature("WithServiceFabricFmi"); - return this; - } - /// /// Builds an instance of /// from the parameters set in the . diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs index cb441baa80..fe9cb2c264 100644 --- a/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs +++ b/src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs @@ -153,7 +153,7 @@ private async Task SendTokenRequestForManagedIdentityAsync await ResolveAuthorityAsync().ConfigureAwait(false); ManagedIdentityClient managedIdentityClient = - new ManagedIdentityClient(AuthenticationRequestParameters.RequestContext); + new ManagedIdentityClient(AuthenticationRequestParameters.RequestContext, _managedIdentityParameters); ManagedIdentityResponse managedIdentityResponse = await managedIdentityClient diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs index c673463650..690f1a4eae 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs @@ -21,11 +21,11 @@ internal class ManagedIdentityClient private const string LinuxHimdsFilePath = "/opt/azcmagent/bin/himds"; private readonly AbstractManagedIdentity _identitySource; - public ManagedIdentityClient(RequestContext requestContext) + public ManagedIdentityClient(RequestContext requestContext, AcquireTokenForManagedIdentityParameters acquireTokenForManagedIdentityParameters) { using (requestContext.Logger.LogMethodDuration()) { - _identitySource = SelectManagedIdentitySource(requestContext); + _identitySource = SelectManagedIdentitySource(requestContext, acquireTokenForManagedIdentityParameters); } } @@ -35,9 +35,9 @@ internal Task SendTokenRequestForManagedIdentityAsync(A } // This method tries to create managed identity source for different sources, if none is created then defaults to IMDS. - private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContext requestContext) + private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContext requestContext, AcquireTokenForManagedIdentityParameters acquireTokenForManagedIdentityParameters) { - if (requestContext.ServiceBundle.Config.IsFmiServiceFabric) + if (acquireTokenForManagedIdentityParameters.IsFmiServiceFabric) { return ServiceFabricFederatedManagedIdentitySource.Create(requestContext); } diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index 23230dc779..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index 8eff849917..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index 8eff849917..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index 8eff849917..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index 8eff849917..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index 8eff849917..df6c9bb271 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1,2 +1 @@ Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource -Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithServiceFabricFmi() -> Microsoft.Identity.Client.ManagedIdentityApplicationBuilder diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs index 77e18c92aa..1963e416fa 100644 --- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs @@ -101,16 +101,15 @@ public void ValidateThatFmiEndpointIsUsed() var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) .WithExperimentalFeatures() - .WithServiceFabricFmi() .WithHttpManager(httpManager); var mi = miBuilder.BuildConcrete(); RequestContext requestContext = new RequestContext(mi.ServiceBundle, Guid.NewGuid(), null); - ServiceFabricManagedIdentitySource sf = ServiceFabricManagedIdentitySource.Create(requestContext) as ServiceFabricManagedIdentitySource; + ServiceFabricFederatedManagedIdentitySource sf = ServiceFabricFederatedManagedIdentitySource.Create(requestContext) as ServiceFabricFederatedManagedIdentitySource; - Assert.IsInstanceOfType(sf, typeof(ServiceFabricManagedIdentitySource)); + Assert.IsInstanceOfType(sf, typeof(ServiceFabricFederatedManagedIdentitySource)); Assert.AreEqual("http://localhost:40343/metadata/identity/oauth2/token", sf.GetEndpointForTesting()); } } @@ -128,12 +127,11 @@ public async Task ValidateThatFmiCredentialCanBeAcquiredFromMits() var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) .WithExperimentalFeatures() - .WithServiceFabricFmi() .WithHttpManager(httpManager); var mi = miBuilder.BuildConcrete(); - var result = await mi.AcquireTokenForManagedIdentity(TestConstants.MsiResource) + var result = await mi.AcquireTokenForManagedIdentity("api://AzureFMITokenExchange/.default") .ExecuteAsync() .ConfigureAwait(false); From 2caf549bdb892cf62ea1badf3abb48ae803c218b Mon Sep 17 00:00:00 2001 From: trwalke Date: Wed, 11 Jun 2025 00:22:52 -0700 Subject: [PATCH 10/12] Updating tests Adding experimental feature requirement. --- ...TokenForManagedIdentityParameterBuilder.cs | 1 + .../ServiceFabricTests.cs | 30 +++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs index 0bf77e207a..052cfb39dc 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs @@ -46,6 +46,7 @@ private AcquireTokenForManagedIdentityParameterBuilder WithResource(string resou if (resource.Equals("api://AzureFMITokenExchange/.default")) { Parameters.IsFmiServiceFabric = true; + ValidateUseOfExperimentalFeature(); } return this; diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs index 1963e416fa..bfa6423406 100644 --- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs @@ -97,7 +97,7 @@ public void ValidateThatFmiEndpointIsUsed() using (new EnvVariableContext()) using (var httpManager = new MockHttpManager()) { - SetEnvironmentVariables(ManagedIdentitySource.ServiceFabricFederated, "http://localhost:40342/metadata/identity/oauth2/token"); + SetEnvironmentVariables(ManagedIdentitySource.ServiceFabricFederated, "http://localhost:40342"); var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) .WithExperimentalFeatures() @@ -110,7 +110,7 @@ public void ValidateThatFmiEndpointIsUsed() ServiceFabricFederatedManagedIdentitySource sf = ServiceFabricFederatedManagedIdentitySource.Create(requestContext) as ServiceFabricFederatedManagedIdentitySource; Assert.IsInstanceOfType(sf, typeof(ServiceFabricFederatedManagedIdentitySource)); - Assert.AreEqual("http://localhost:40343/metadata/identity/oauth2/token", sf.GetEndpointForTesting()); + Assert.AreEqual("http://localhost:40342/metadata/identity/oauth2/fmi/credential", sf.GetEndpointForTesting()); } } @@ -131,14 +131,40 @@ public async Task ValidateThatFmiCredentialCanBeAcquiredFromMits() var mi = miBuilder.BuildConcrete(); + //Ensure token is acquired from MITS var result = await mi.AcquireTokenForManagedIdentity("api://AzureFMITokenExchange/.default") .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(result); + Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); + Assert.AreEqual("header.payload.signature", result.AccessToken); + + //Ensure token is acquired from cache + result = await mi.AcquireTokenForManagedIdentity("api://AzureFMITokenExchange/.default") + .ExecuteAsync() + .ConfigureAwait(false); + + Assert.IsNotNull(result); + Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource); + Assert.AreEqual("header.payload.signature", result.AccessToken); } } + [TestMethod] + public async Task ValidateThatFmiCredentialIsExpiremental() + { + var miApp = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) + .Build(); + + var ex = await AssertException.TaskThrowsAsync( + () => miApp.AcquireTokenForManagedIdentity("api://AzureFMITokenExchange/.default") + .ExecuteAsync()).ConfigureAwait(false); + + Assert.IsNotNull(ex); + Assert.IsTrue(ex.Message.Contains("The API WithResource is marked as experimental")); + } + [TestMethod] public async Task SFThrowsWhenGetHttpClientWithValidationIsNotImplementedAsync() { From d3318fcb4c34c5e732e9941a48fb125f1ab0b4cd Mon Sep 17 00:00:00 2001 From: trwalke Date: Mon, 23 Jun 2025 22:38:55 -0700 Subject: [PATCH 11/12] Refactoring Clean up --- ...TokenForManagedIdentityParameterBuilder.cs | 4 +- ...cquireTokenForManagedIdentityParameters.cs | 2 +- .../ManagedIdentity/ManagedIdentityClient.cs | 6 +- .../ManagedIdentity/ManagedIdentitySource.cs | 7 +- ...iceFabricFederatedManagedIdentitySource.cs | 122 ---------------- .../ServiceFabricManagedIdentitySource.cs | 136 ++++++++++++------ .../PublicApi/net462/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net472/PublicAPI.Unshipped.txt | 1 - .../net8.0-android/PublicAPI.Unshipped.txt | 1 - .../net8.0-ios/PublicAPI.Unshipped.txt | 1 - .../PublicApi/net8.0/PublicAPI.Unshipped.txt | 1 - .../netstandard2.0/PublicAPI.Unshipped.txt | 1 - .../Core/Helpers/ManagedIdentityTestUtil.cs | 4 - .../ServiceFabricTests.cs | 8 +- 14 files changed, 105 insertions(+), 190 deletions(-) delete mode 100644 src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs index 052cfb39dc..1e8d567fb1 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs @@ -43,9 +43,9 @@ private AcquireTokenForManagedIdentityParameterBuilder WithResource(string resou Parameters.Resource = ScopeHelper.RemoveDefaultSuffixIfPresent(resource); CommonParameters.Scopes = new string[] { Parameters.Resource }; - if (resource.Equals("api://AzureFMITokenExchange/.default")) + if (resource.Equals("api://AzureFMITokenExchange/.default", StringComparison.OrdinalIgnoreCase)) { - Parameters.IsFmiServiceFabric = true; + Parameters.IsFmiCredential = true; ValidateUseOfExperimentalFeature(); } diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs index b2ace0bd8e..317ad55f89 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs @@ -16,7 +16,7 @@ internal class AcquireTokenForManagedIdentityParameters : IAcquireTokenParameter public string Resource { get; set; } - public bool IsFmiServiceFabric { get; set; } + public bool IsFmiCredential { get; set; } public void LogParameters(ILoggerAdapter logger) { diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs index 690f1a4eae..0167a0a181 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs @@ -37,14 +37,14 @@ internal Task SendTokenRequestForManagedIdentityAsync(A // This method tries to create managed identity source for different sources, if none is created then defaults to IMDS. private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContext requestContext, AcquireTokenForManagedIdentityParameters acquireTokenForManagedIdentityParameters) { - if (acquireTokenForManagedIdentityParameters.IsFmiServiceFabric) + if (acquireTokenForManagedIdentityParameters.IsFmiCredential) { - return ServiceFabricFederatedManagedIdentitySource.Create(requestContext); + return ServiceFabricManagedIdentitySource.Create(requestContext, true); } return GetManagedIdentitySource(requestContext.Logger) switch { - ManagedIdentitySource.ServiceFabric => ServiceFabricManagedIdentitySource.Create(requestContext), + ManagedIdentitySource.ServiceFabric => ServiceFabricManagedIdentitySource.Create(requestContext, false), ManagedIdentitySource.AppService => AppServiceManagedIdentitySource.Create(requestContext), ManagedIdentitySource.MachineLearning => MachineLearningManagedIdentitySource.Create(requestContext), ManagedIdentitySource.CloudShell => CloudShellManagedIdentitySource.Create(requestContext), diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs index a1c4765200..69e3471bdf 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentitySource.cs @@ -53,11 +53,6 @@ public enum ManagedIdentitySource /// /// The source to acquire token for managed identity is Machine Learning Service. /// - MachineLearning, - - /// - /// The source to acquire token for managed identity is Service Fabric Federated. - /// - ServiceFabricFederated + MachineLearning } } diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs deleted file mode 100644 index 8921a6e9c7..0000000000 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricFederatedManagedIdentitySource.cs +++ /dev/null @@ -1,122 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -using System; -using System.Globalization; -using System.Net.Http; -using System.Net.Security; -using System.Security.Cryptography.X509Certificates; -using Microsoft.Identity.Client.Core; -using Microsoft.Identity.Client.Internal; - -namespace Microsoft.Identity.Client.ManagedIdentity -{ - internal class ServiceFabricFederatedManagedIdentitySource : AbstractManagedIdentity - { - private string _serviceFabricMsiApiVersion = EnvironmentVariables.FmiServiceFabricApiVersion; - private readonly Uri _endpoint; - private readonly string _identityHeaderValue; - private static string _mitsEndpointFmiPath => "/metadata/identity/oauth2/fmi/credential"; - - internal static Lazy _httpClientLazy; - - public static AbstractManagedIdentity Create(RequestContext requestContext) - { - VerifyEnvVariablesAreAvailable(); - - Uri endpointUri; - string identityEndpoint = EnvironmentVariables.IdentityEndpoint; - - requestContext.Logger.Info(() => "[Managed Identity] Service fabric federated managed identity is available."); - identityEndpoint = EnvironmentVariables.FmiServiceFabricEndpoint; - requestContext.Logger.Info(() => "[Managed Identity] Using FMI Service fabric endpoint."); - - if (!Uri.TryCreate(identityEndpoint + _mitsEndpointFmiPath, UriKind.Absolute, out endpointUri)) - { - string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, - "APP_IDENTITY_ENDPOINT", identityEndpoint, "FMI Service Fabric"); - - // Use the factory to create and throw the exception - var exception = MsalServiceExceptionFactory.CreateManagedIdentityException( - MsalError.InvalidManagedIdentityEndpoint, - errorMessage, - null, - ManagedIdentitySource.ServiceFabricFederated, - null); - - throw exception; - } - - requestContext.Logger.Verbose(() => "[Managed Identity] Creating Service Fabric federated managed identity. Endpoint URI: " + identityEndpoint); - - return new ServiceFabricFederatedManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader); - } - - private static void VerifyEnvVariablesAreAvailable() - { - if (string.IsNullOrEmpty(EnvironmentVariables.IdentityServerThumbprint)) - { - throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, - "IDENTITY_SERVER_THUMBPRINT")); - } - if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricEndpoint)) - { - throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, - "APP_IDENTITY_ENDPOINT")); - } - if (string.IsNullOrEmpty(EnvironmentVariables.IdentityHeader)) - { - throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, - "IDENTITY_HEADER")); - } - if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricApiVersion)) - { - throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, - "IDENTITY_API_VERSION", "FMI Service Fabric")); - } - } - - internal override Func GetValidationCallback() - { - return ValidateServerCertificateCallback; - } - - private bool ValidateServerCertificateCallback(HttpRequestMessage message, X509Certificate2 certificate, - X509Chain chain, SslPolicyErrors sslPolicyErrors) - { - if (sslPolicyErrors == SslPolicyErrors.None) - { - return true; - } - - return string.Equals(certificate.GetCertHashString(), EnvironmentVariables.IdentityServerThumbprint, StringComparison.OrdinalIgnoreCase); - } - - private ServiceFabricFederatedManagedIdentitySource(RequestContext requestContext, Uri endpoint, string identityHeaderValue) : - base(requestContext, ManagedIdentitySource.ServiceFabric) - { - _endpoint = endpoint; - _identityHeaderValue = identityHeaderValue; - - if (requestContext.ServiceBundle.Config.ManagedIdentityId.IsUserAssigned) - { - requestContext.Logger.Warning(MsalErrorMessage.ManagedIdentityUserAssignedNotConfigurableAtRuntime); - } - } - - protected override ManagedIdentityRequest CreateRequest(string resource) - { - ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint); - - request.Headers["secret"] = _identityHeaderValue; - _requestContext.Logger.Info("[Managed Identity] Request is for FMI, no ids or resource will be added to the request."); - request.QueryParameters["api-version"] = _serviceFabricMsiApiVersion; - return request; - } - - internal string GetEndpointForTesting() - { - return _endpoint.ToString(); - } - } -} diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs index 9dc6b09723..f3490a8d7b 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs @@ -16,35 +16,79 @@ internal class ServiceFabricManagedIdentitySource : AbstractManagedIdentity private const string ServiceFabricMsiApiVersion = "2019-07-01-preview"; private readonly Uri _endpoint; private readonly string _identityHeaderValue; + private readonly bool _isFederated; + private static string _mitsEndpointFmiPath => "/metadata/identity/oauth2/fmi/credential"; - internal static Lazy _httpClientLazy; - - public static AbstractManagedIdentity Create(RequestContext requestContext) + public static AbstractManagedIdentity Create(RequestContext requestContext, bool isFmiServiceFabric = false) { Uri endpointUri; string identityEndpoint = EnvironmentVariables.IdentityEndpoint; - requestContext.Logger.Info(() => "[Managed Identity] Service fabric managed identity is available."); - - if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) + if (isFmiServiceFabric) + { + VerifyFederatedEnvVariablesAreAvailable(); + requestContext.Logger.Info(() => "[Managed Identity] Service fabric federated managed identity is available."); + identityEndpoint = EnvironmentVariables.FmiServiceFabricEndpoint; + requestContext.Logger.Info(() => "[Managed Identity] Using FMI Service fabric endpoint."); + + if (!Uri.TryCreate(identityEndpoint + _mitsEndpointFmiPath, UriKind.Absolute, out endpointUri)) + { + string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, + "APP_IDENTITY_ENDPOINT", identityEndpoint, "FMI Service Fabric"); + + throw MsalServiceExceptionFactory.CreateManagedIdentityException( + MsalError.InvalidManagedIdentityEndpoint, + errorMessage, + null, + ManagedIdentitySource.ServiceFabric, + null); + } + } + else { - string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, - "IDENTITY_ENDPOINT", identityEndpoint, "Service Fabric"); - - // Use the factory to create and throw the exception - var exception = MsalServiceExceptionFactory.CreateManagedIdentityException( - MsalError.InvalidManagedIdentityEndpoint, - errorMessage, - null, - ManagedIdentitySource.ServiceFabric, - null); - - throw exception; + requestContext.Logger.Info(() => "[Managed Identity] Service fabric managed identity is available."); + + if (!Uri.TryCreate(identityEndpoint, UriKind.Absolute, out endpointUri)) + { + string errorMessage = string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityEndpointInvalidUriError, + "IDENTITY_ENDPOINT", identityEndpoint, "Service Fabric"); + + throw MsalServiceExceptionFactory.CreateManagedIdentityException( + MsalError.InvalidManagedIdentityEndpoint, + errorMessage, + null, + ManagedIdentitySource.ServiceFabric, + null); + } } - requestContext.Logger.Verbose(() => "[Managed Identity] Creating Service Fabric managed identity. Endpoint URI: " + identityEndpoint); - - return new ServiceFabricManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader); + requestContext.Logger.Verbose(() => $"[Managed Identity] Creating Service Fabric {(isFmiServiceFabric ? "federated" : "")} managed identity. Endpoint URI: {identityEndpoint}"); + + return new ServiceFabricManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader, isFmiServiceFabric); + } + + private static void VerifyFederatedEnvVariablesAreAvailable() + { + if (string.IsNullOrEmpty(EnvironmentVariables.IdentityServerThumbprint)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_SERVER_THUMBPRINT")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricEndpoint)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "APP_IDENTITY_ENDPOINT")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.IdentityHeader)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_HEADER")); + } + if (string.IsNullOrEmpty(EnvironmentVariables.FmiServiceFabricApiVersion)) + { + throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.ManagedIdentityFmiInvalidEnvVariableError, + "IDENTITY_API_VERSION", "FMI Service Fabric")); + } } internal override Func GetValidationCallback() @@ -63,11 +107,12 @@ private bool ValidateServerCertificateCallback(HttpRequestMessage message, X509C return string.Equals(certificate.GetCertHashString(), EnvironmentVariables.IdentityServerThumbprint, StringComparison.OrdinalIgnoreCase); } - private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri endpoint, string identityHeaderValue) : - base(requestContext, ManagedIdentitySource.ServiceFabric) + private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri endpoint, string identityHeaderValue, bool isFmi) : + base(requestContext, ManagedIdentitySource.ServiceFabric) { _endpoint = endpoint; _identityHeaderValue = identityHeaderValue; + _isFederated = isFmi; if (requestContext.ServiceBundle.Config.ManagedIdentityId.IsUserAssigned) { @@ -78,28 +123,35 @@ private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri en protected override ManagedIdentityRequest CreateRequest(string resource) { ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint); - request.Headers["secret"] = _identityHeaderValue; - request.QueryParameters["api-version"] = ServiceFabricMsiApiVersion; - request.QueryParameters["resource"] = resource; - - switch (_requestContext.ServiceBundle.Config.ManagedIdentityId.IdType) + if (_isFederated) + { + _requestContext.Logger.Info("[Managed Identity] Request is for FMI, no ids or resource will be added to the request."); + request.QueryParameters["api-version"] = EnvironmentVariables.FmiServiceFabricApiVersion; + } + else { - case AppConfig.ManagedIdentityIdType.ClientId: - _requestContext.Logger.Info("[Managed Identity] Adding user assigned client id to the request."); - request.QueryParameters[Constants.ManagedIdentityClientId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; - break; - - case AppConfig.ManagedIdentityIdType.ResourceId: - _requestContext.Logger.Info("[Managed Identity] Adding user assigned resource id to the request."); - request.QueryParameters[Constants.ManagedIdentityResourceId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; - break; - - case AppConfig.ManagedIdentityIdType.ObjectId: - _requestContext.Logger.Info("[Managed Identity] Adding user assigned object id to the request."); - request.QueryParameters[Constants.ManagedIdentityObjectId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; - break; + request.QueryParameters["api-version"] = ServiceFabricMsiApiVersion; + request.QueryParameters["resource"] = resource; + + switch (_requestContext.ServiceBundle.Config.ManagedIdentityId.IdType) + { + case AppConfig.ManagedIdentityIdType.ClientId: + _requestContext.Logger.Info("[Managed Identity] Adding user assigned client id to the request."); + request.QueryParameters[Constants.ManagedIdentityClientId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; + break; + + case AppConfig.ManagedIdentityIdType.ResourceId: + _requestContext.Logger.Info("[Managed Identity] Adding user assigned resource id to the request."); + request.QueryParameters[Constants.ManagedIdentityResourceId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; + break; + + case AppConfig.ManagedIdentityIdType.ObjectId: + _requestContext.Logger.Info("[Managed Identity] Adding user assigned object id to the request."); + request.QueryParameters[Constants.ManagedIdentityObjectId] = _requestContext.ServiceBundle.Config.ManagedIdentityId.UserAssignedId; + break; + } } return request; diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index df6c9bb271..e69de29bb2 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1 +0,0 @@ -Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabricFederated = 8 -> Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource diff --git a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs index cfbaf954df..3837ca285f 100644 --- a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs +++ b/tests/Microsoft.Identity.Test.Common/Core/Helpers/ManagedIdentityTestUtil.cs @@ -63,11 +63,7 @@ public static void SetEnvironmentVariables( Environment.SetEnvironmentVariable("IDENTITY_ENDPOINT", endpoint); Environment.SetEnvironmentVariable("IDENTITY_HEADER", secret); Environment.SetEnvironmentVariable("IDENTITY_SERVER_THUMBPRINT", thumbprint); - break; - case ManagedIdentitySource.ServiceFabricFederated: Environment.SetEnvironmentVariable("APP_IDENTITY_ENDPOINT", endpoint); - Environment.SetEnvironmentVariable("IDENTITY_HEADER", secret); - Environment.SetEnvironmentVariable("IDENTITY_SERVER_THUMBPRINT", thumbprint); Environment.SetEnvironmentVariable("IDENTITY_API_VERSION", version); break; case ManagedIdentitySource.MachineLearning: diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs index bfa6423406..301bf00cc0 100644 --- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ServiceFabricTests.cs @@ -97,7 +97,7 @@ public void ValidateThatFmiEndpointIsUsed() using (new EnvVariableContext()) using (var httpManager = new MockHttpManager()) { - SetEnvironmentVariables(ManagedIdentitySource.ServiceFabricFederated, "http://localhost:40342"); + SetEnvironmentVariables(ManagedIdentitySource.ServiceFabric, "http://localhost:40342"); var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned) .WithExperimentalFeatures() @@ -107,9 +107,9 @@ public void ValidateThatFmiEndpointIsUsed() RequestContext requestContext = new RequestContext(mi.ServiceBundle, Guid.NewGuid(), null); - ServiceFabricFederatedManagedIdentitySource sf = ServiceFabricFederatedManagedIdentitySource.Create(requestContext) as ServiceFabricFederatedManagedIdentitySource; + ServiceFabricManagedIdentitySource sf = ServiceFabricManagedIdentitySource.Create(requestContext, true) as ServiceFabricManagedIdentitySource; - Assert.IsInstanceOfType(sf, typeof(ServiceFabricFederatedManagedIdentitySource)); + Assert.IsInstanceOfType(sf, typeof(ServiceFabricManagedIdentitySource)); Assert.AreEqual("http://localhost:40342/metadata/identity/oauth2/fmi/credential", sf.GetEndpointForTesting()); } } @@ -120,7 +120,7 @@ public async Task ValidateThatFmiCredentialCanBeAcquiredFromMits() using (new EnvVariableContext()) using (var httpManager = new MockHttpManager()) { - SetEnvironmentVariables(managedIdentitySource: ManagedIdentitySource.ServiceFabricFederated, + SetEnvironmentVariables(managedIdentitySource: ManagedIdentitySource.ServiceFabric, endpoint: "http://localhost:40343"); httpManager.CreateFmiCredentialForMitsHandler(requestUri: "http://localhost:40343/metadata/identity/oauth2/fmi/credential"); From 5c1c4dde7f2103b9d06aa7d373d9216f1036931b Mon Sep 17 00:00:00 2001 From: trwalke Date: Wed, 2 Jul 2025 23:01:46 -0700 Subject: [PATCH 12/12] Renaming fields/properties --- ...quireTokenForManagedIdentityParameterBuilder.cs | 2 +- .../AcquireTokenForManagedIdentityParameters.cs | 2 +- .../ManagedIdentity/ManagedIdentityClient.cs | 2 +- .../ServiceFabricManagedIdentitySource.cs | 14 +++++++------- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs index 1e8d567fb1..f8d7b274e4 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForManagedIdentityParameterBuilder.cs @@ -45,7 +45,7 @@ private AcquireTokenForManagedIdentityParameterBuilder WithResource(string resou if (resource.Equals("api://AzureFMITokenExchange/.default", StringComparison.OrdinalIgnoreCase)) { - Parameters.IsFmiCredential = true; + Parameters.isFmiCredentialRequest = true; ValidateUseOfExperimentalFeature(); } diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs index 317ad55f89..efa739490c 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenForManagedIdentityParameters.cs @@ -16,7 +16,7 @@ internal class AcquireTokenForManagedIdentityParameters : IAcquireTokenParameter public string Resource { get; set; } - public bool IsFmiCredential { get; set; } + public bool isFmiCredentialRequest { get; set; } public void LogParameters(ILoggerAdapter logger) { diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs index 0167a0a181..ab50c28f6c 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs @@ -37,7 +37,7 @@ internal Task SendTokenRequestForManagedIdentityAsync(A // This method tries to create managed identity source for different sources, if none is created then defaults to IMDS. private static AbstractManagedIdentity SelectManagedIdentitySource(RequestContext requestContext, AcquireTokenForManagedIdentityParameters acquireTokenForManagedIdentityParameters) { - if (acquireTokenForManagedIdentityParameters.IsFmiCredential) + if (acquireTokenForManagedIdentityParameters.isFmiCredentialRequest) { return ServiceFabricManagedIdentitySource.Create(requestContext, true); } diff --git a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs index f3490a8d7b..5c887cc87b 100644 --- a/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs +++ b/src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs @@ -16,15 +16,15 @@ internal class ServiceFabricManagedIdentitySource : AbstractManagedIdentity private const string ServiceFabricMsiApiVersion = "2019-07-01-preview"; private readonly Uri _endpoint; private readonly string _identityHeaderValue; - private readonly bool _isFederated; + private readonly bool _isFmiCredentialRequest; private static string _mitsEndpointFmiPath => "/metadata/identity/oauth2/fmi/credential"; - public static AbstractManagedIdentity Create(RequestContext requestContext, bool isFmiServiceFabric = false) + public static AbstractManagedIdentity Create(RequestContext requestContext, bool isFmiCredentialRequest = false) { Uri endpointUri; string identityEndpoint = EnvironmentVariables.IdentityEndpoint; - if (isFmiServiceFabric) + if (isFmiCredentialRequest) { VerifyFederatedEnvVariablesAreAvailable(); requestContext.Logger.Info(() => "[Managed Identity] Service fabric federated managed identity is available."); @@ -62,9 +62,9 @@ public static AbstractManagedIdentity Create(RequestContext requestContext, bool } } - requestContext.Logger.Verbose(() => $"[Managed Identity] Creating Service Fabric {(isFmiServiceFabric ? "federated" : "")} managed identity. Endpoint URI: {identityEndpoint}"); + requestContext.Logger.Verbose(() => $"[Managed Identity] Creating Service Fabric {(isFmiCredentialRequest ? "federated" : "")} managed identity. Endpoint URI: {identityEndpoint}"); - return new ServiceFabricManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader, isFmiServiceFabric); + return new ServiceFabricManagedIdentitySource(requestContext, endpointUri, EnvironmentVariables.IdentityHeader, isFmiCredentialRequest); } private static void VerifyFederatedEnvVariablesAreAvailable() @@ -112,7 +112,7 @@ private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri en { _endpoint = endpoint; _identityHeaderValue = identityHeaderValue; - _isFederated = isFmi; + _isFmiCredentialRequest = isFmi; if (requestContext.ServiceBundle.Config.ManagedIdentityId.IsUserAssigned) { @@ -125,7 +125,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource) ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint); request.Headers["secret"] = _identityHeaderValue; - if (_isFederated) + if (_isFmiCredentialRequest) { _requestContext.Logger.Info("[Managed Identity] Request is for FMI, no ids or resource will be added to the request."); request.QueryParameters["api-version"] = EnvironmentVariables.FmiServiceFabricApiVersion;