Skip to content

Fix that RemoveUser doesn't work when create Public Client with broker #27448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 7, 2025
Merged

Fix that RemoveUser doesn't work when create Public Client with broker #27448

merged 3 commits into from
May 7, 2025

Conversation

@msJinLei
Copy link
Contributor

@msJinLei msJinLei commented Mar 26, 2025
edited
Loading

Description

The test cases to cover

I

[wam enabled]

  • login the account
  • Get-AzAccessToken (token0)
  • disconnect-azaccount
  • login the same account
  • Get-AzAccessToken (token1)
  • check token0 and token1 are different
II

[wam enabled]

  • login the account
  • Get-AzAccessToken (token0)
  • clear-azcontext
  • login the same account
  • Get-AzAccessToken (token1)
  • check token0 and token1 are different
III

[wam disabled]

  • login the account
  • Get-AzAccessToken (token0)
  • disconnect-azaccount
  • login the same account
  • Get-AzAccessToken (token1)
  • check token0 and token1 are different
IV

[wam disabled]

  • login the account
  • Get-AzAccessToken (token0)
  • clear-azcontext
  • login the same account
  • Get-AzAccessToken (token1)
  • check token0 and token1 are different

Mandatory Checklist

  • SHOULD update ChangeLog.md file(s) appropriately
    • For SDK-based development mode, update src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.
      • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense.
    • For autorest-based development mode, include the changelog in the PR description.
    • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
  • SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
  • SHOULD have proper test coverage for changes in pull request.
  • SHOULD NOT adjust version of module manually in pull request

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 26, 2025

Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status.

@msJinLei msJinLei requested a review from Copilot March 27, 2025 02:24
Copilot AI reviewed Mar 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses an issue with RemoveUser when creating a public client with broker support, by propagating an authority parameter through various authentication calls. Key changes include:

  • Introducing new RemoveUser overloads that accept an authority string in the authentication factories and mocks.
  • Propagating the authority parameter to public client creation and token cache removal methods.
  • Updating related context and cache clearing logic to use the provided authority.

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/Accounts/Authentication/Factories/AuthenticationFactory.cs Added RemoveUser overload and updated RemoveFromTokenCache to pass authority.
src/Accounts/Accounts/Context/GetAzureRMContext.cs Updated context refresh logic by setting the environment property before refreshing contexts.
src/Accounts/Accounts/Account/DisconnectAzureRmAccount.cs Changed RemoveUser call to pass the authority from the current context.
src/Accounts/Accounts/Context/RemoveAzureRmContext.cs Updated TryRemoveAccount call to include the authority parameter.
tools/TestFx/Mocks/MockTokenAuthenticationFactory.cs
tools/TestFx/Mocks/MockCertificateAuthenticationFactory.cs		 Added new RemoveUser overloads that throw NotImplementedException.
src/Accounts/Accounts/Context/ClearAzureRmContext.cs Updated clearing of token cache to pass the authority from the default context.
src/Accounts/Authentication/ResourceManager/AzureRmProfile.cs Updated authority handling in RefreshContextsFromCache and maintained a fixme comment regarding Connect-AzAccount.
src/Accounts/Authentication/Authentication/TokenCache/InMemoryTokenCacheProvider.cs
SharedTokenCacheProvider.cs
PowerShellTokenCacheProvider.cs		 Changed ClearCache and other token cache related methods to accept an authority parameter.
Comments suppressed due to low confidence (2)

src/Accounts/Accounts/Context/GetAzureRMContext.cs:87

  • Add null checks for 'DefaultProfile.DefaultContext' and its 'Environment' property to prevent potential NullReferenceException when accessing Environment.Name.
AzureSession.Instance.SetProperty(AzureSession.Property.Environment, DefaultProfile.DefaultContext.Environment.Name);

src/Accounts/Authentication/ResourceManager/AzureRmProfile.cs:825

  • Verify that concatenating 'organizations' directly to ActiveDirectoryAuthority produces a valid authority URL; consider inserting a '/' if required.
authority = "${sessionEnvironment.ActiveDirectoryAuthority}organizations";

@msJinLei msJinLei added this to the Az 13.5.0 (05/06/2025) milestone Apr 25, 2025
@msJinLei msJinLei force-pushed the clearcontext_fix branch 3 times, most recently from 4427836 to 82fc7ad Compare April 28, 2025 07:18
@msJinLei msJinLei marked this pull request as ready for review April 30, 2025 06:20
@msJinLei msJinLei force-pushed the clearcontext_fix branch 2 times, most recently from d961ba2 to 88f4363 Compare May 6, 2025 07:04
@msJinLei
Copy link
Contributor Author

msJinLei commented May 6, 2025

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented May 6, 2025

Azure Pipelines successfully started running 3 pipeline(s).

@msJinLei msJinLei force-pushed the clearcontext_fix branch from 88f4363 to 84ecb97 Compare May 7, 2025 03:07
isra-fel
isra-fel reviewed May 7, 2025
View reviewed changes
src/Accounts/Accounts/Context/GetAzureRMContext.cs
var defaultProfile = DefaultProfile as AzureRmProfile;
if (defaultProfile != null && string.Equals(AzureSession.Instance?.ARMContextSaveMode, "CurrentUser"))
{
AzureSession.Instance.SetProperty(AzureSession.Property.Environment, DefaultContext.Environment.Name);
Copy link
Member

@isra-fel isra-fel May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why need to update session in a Get cmdlet which usually doesn't have side effects?

Copy link
Contributor Author

@msJinLei msJinLei May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why need to update session in a Get cmdlet which usually doesn't have side effects?

The value is used in

azure-powershell/src/Accounts/Authentication.ResourceManager/AzureRmProfile.cs

Line 822 in a39b7bf

if (TryGetEnvironment(AzureSession.Instance.GetProperty(AzureSession.Property.Environment), out IAzureEnvironment sessionEnvironment))
which is used in Get-AzContext -ListAvailable -RefreshContextFromTokenCache

Copy link
Member

@isra-fel isra-fel May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just feel it strange to set the environment when getting the context. Shouldn't it be set when during connect-azaccount?

Copy link
Contributor Author

@msJinLei msJinLei May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just feel it strange to set the environment when getting the context. Shouldn't it be set when during connect-azaccount?

It is already set in Connect-AzAccount. But when the customers restart the powershell and run Get-AzContext -ListAvailable -RefreshContextFromTokenCache without login, the contexts are going to be cleared. That's why we have to set it here.

isra-fel
isra-fel requested changes May 7, 2025
View reviewed changes
@isra-fel isra-fel mentioned this pull request May 7, 2025
Merged
6 tasks
@msJinLei msJinLei merged commit a39288f into Azure:main May 7, 2025
12 checks passed
@msJinLei msJinLei mentioned this pull request May 8, 2025
Merged
msJinLei added a commit to msJinLei/azure-powershell that referenced this pull request May 15, 2025
@msJinLei
Fix that RemoveUser doesn't work when create Public Client with broker (
299d1d6 
Azure#27448)
msJinLei added a commit to msJinLei/azure-powershell that referenced this pull request May 19, 2025
@msJinLei
Fix that RemoveUser doesn't work when create Public Client with broker (
764cccd 
Azure#27448)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@isra-fel isra-fel isra-fel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Az 14.0.0 (05/19/2025) ❗Breaking chan...

Development

Successfully merging this pull request may close these issues.

2 participants

@msJinLei @isra-fel