| | | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 2 | | // Licensed under the MIT License. |
| | | 3 | | |
| | | 4 | | using Azure.Core; |
| | | 5 | | using System; |
| | | 6 | | using System.Text; |
| | | 7 | | using System.Threading; |
| | | 8 | | using System.Threading.Tasks; |
| | | 9 | | using Azure.Core.Pipeline; |
| | | 10 | | |
| | | 11 | | namespace Azure.Identity |
| | | 12 | | { |
| | | 13 | | /// <summary> |
| | | 14 | | /// Enables authentication to Azure Active Directory using client secret, or username and password, |
| | | 15 | | /// details configured in the following environment variables: |
| | | 16 | | /// <list type="table"> |
| | | 17 | | /// <listheader><term>Variable</term><description>Description</description></listheader> |
| | | 18 | | /// <item><term>AZURE_TENANT_ID</term><description>The Azure Active Directory tenant(directory) ID.</description></i |
| | | 19 | | /// <item><term>AZURE_CLIENT_ID</term><description>The client(application) ID of an App Registration in the tenant.< |
| | | 20 | | /// <item><term>AZURE_CLIENT_SECRET</term><description>A client secret that was generated for the App Registration.< |
| | | 21 | | /// <item><term>AZURE_CLIENT_CERTIFICATE_LOCATION</term><description>A path to the certificate that was generate for |
| | | 22 | | /// <item><term>AZURE_USERNAME</term><description>The username, also known as upn, of an Azure Active Directory user |
| | | 23 | | /// <item><term>AZURE_PASSWORD</term><description>The password of the Azure Active Directory user account. Note this |
| | | 24 | | /// </list> |
| | | 25 | | /// This credential ultimately uses a <see cref="ClientSecretCredential"/> or <see cref="UsernamePasswordCredential" |
| | | 26 | | /// perform the authentication using these details. Please consult the |
| | | 27 | | /// documentation of that class for more details. |
| | | 28 | | /// </summary> |
| | | 29 | | public class EnvironmentCredential : TokenCredential |
| | | 30 | | { |
| | | 31 | | private const string UnavailbleErrorMessage = "EnvironmentCredential authentication unavailable. Environment var |
| | | 32 | | private readonly CredentialPipeline _pipeline; |
| | | 33 | | |
| | 20 | 34 | | internal TokenCredential Credential { get; } |
| | | 35 | | |
| | | 36 | | /// <summary> |
| | | 37 | | /// Creates an instance of the EnvironmentCredential class and reads client secret details from environment vari |
| | | 38 | | /// If the expected environment variables are not found at this time, the GetToken method will return the defaul |
| | | 39 | | /// </summary> |
| | | 40 | | public EnvironmentCredential() |
| | 16 | 41 | | : this(CredentialPipeline.GetInstance(null)) |
| | | 42 | | { |
| | 16 | 43 | | } |
| | | 44 | | |
| | | 45 | | /// <summary> |
| | | 46 | | /// Creates an instance of the EnvironmentCredential class and reads client secret details from environment vari |
| | | 47 | | /// If the expected environment variables are not found at this time, the GetToken method will return the defaul |
| | | 48 | | /// </summary> |
| | | 49 | | /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Activ |
| | | 50 | | public EnvironmentCredential(TokenCredentialOptions options) |
| | 0 | 51 | | : this(CredentialPipeline.GetInstance(options)) |
| | | 52 | | { |
| | 0 | 53 | | } |
| | | 54 | | |
| | | 55 | | |
| | 22 | 56 | | internal EnvironmentCredential(CredentialPipeline pipeline) |
| | | 57 | | { |
| | 22 | 58 | | _pipeline = pipeline; |
| | | 59 | | |
| | 22 | 60 | | string tenantId = EnvironmentVariables.TenantId; |
| | 22 | 61 | | string clientId = EnvironmentVariables.ClientId; |
| | 22 | 62 | | string clientSecret = EnvironmentVariables.ClientSecret; |
| | 22 | 63 | | string clientCertificatePath = EnvironmentVariables.ClientCertificatePath; |
| | 22 | 64 | | string username = EnvironmentVariables.Username; |
| | 22 | 65 | | string password = EnvironmentVariables.Password; |
| | | 66 | | |
| | 22 | 67 | | if (tenantId != null && clientId != null) |
| | | 68 | | { |
| | 8 | 69 | | if (clientSecret != null) |
| | | 70 | | { |
| | 4 | 71 | | Credential = new ClientSecretCredential(tenantId, clientId, clientSecret, null, _pipeline, null); |
| | | 72 | | } |
| | 4 | 73 | | else if (username != null && password != null) |
| | | 74 | | { |
| | 0 | 75 | | Credential = new UsernamePasswordCredential(username, password, tenantId, clientId, null, _pipeline, |
| | | 76 | | } |
| | 4 | 77 | | else if (clientCertificatePath != null) |
| | | 78 | | { |
| | 4 | 79 | | Credential = new ClientCertificateCredential(tenantId, clientId, clientCertificatePath, null, _pipel |
| | | 80 | | } |
| | | 81 | | } |
| | | 82 | | |
| | 18 | 83 | | } |
| | | 84 | | |
| | 8 | 85 | | internal EnvironmentCredential(CredentialPipeline pipeline, TokenCredential credential) |
| | | 86 | | { |
| | 8 | 87 | | _pipeline = pipeline; |
| | 8 | 88 | | Credential = credential; |
| | 8 | 89 | | } |
| | | 90 | | |
| | | 91 | | /// <summary> |
| | | 92 | | /// Obtains a token from the Azure Active Directory service, using the specified client details specified in the |
| | | 93 | | /// AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authentica |
| | | 94 | | /// This method is called by Azure SDK clients. It isn't intended for use in application code. |
| | | 95 | | /// </summary> |
| | | 96 | | /// <remarks> |
| | | 97 | | /// If the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET are not specified, th |
| | | 98 | | /// </remarks> |
| | | 99 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 100 | | /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> |
| | | 101 | | /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns> |
| | | 102 | | public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = d |
| | | 103 | | { |
| | 4 | 104 | | return GetTokenImplAsync(false, requestContext, cancellationToken).EnsureCompleted(); |
| | | 105 | | } |
| | | 106 | | |
| | | 107 | | /// <summary> |
| | | 108 | | /// Obtains a token from the Azure Active Directory service, using the specified client details specified in the |
| | | 109 | | /// AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authentica |
| | | 110 | | /// This method is called by Azure SDK clients. It isn't intended for use in application code. |
| | | 111 | | /// </summary> |
| | | 112 | | /// <remarks> |
| | | 113 | | /// If the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET are not specifeid, th |
| | | 114 | | /// </remarks> |
| | | 115 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 116 | | /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> |
| | | 117 | | /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls, or a default < |
| | | 118 | | public override async ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken |
| | | 119 | | { |
| | 4 | 120 | | return await GetTokenImplAsync(true, requestContext, cancellationToken).ConfigureAwait(false); |
| | 0 | 121 | | } |
| | | 122 | | |
| | | 123 | | private async ValueTask<AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, Cancellat |
| | | 124 | | { |
| | 8 | 125 | | using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", reque |
| | | 126 | | |
| | 8 | 127 | | if (Credential is null) |
| | | 128 | | { |
| | 4 | 129 | | throw scope.FailWrapAndThrow(new CredentialUnavailableException(UnavailbleErrorMessage)); |
| | | 130 | | } |
| | | 131 | | |
| | | 132 | | try |
| | | 133 | | { |
| | 4 | 134 | | AccessToken token = async |
| | 4 | 135 | | ? await Credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) |
| | 4 | 136 | | : Credential.GetToken(requestContext, cancellationToken); |
| | | 137 | | |
| | 0 | 138 | | return scope.Succeeded(token); |
| | | 139 | | } |
| | 4 | 140 | | catch (Exception e) |
| | | 141 | | { |
| | 4 | 142 | | throw scope.FailWrapAndThrow(e); |
| | | 143 | | } |
| | 0 | 144 | | } |
| | | 145 | | } |
| | | 146 | | } |