[Identity] BrokeredAuthentication adding SharedTokenCacheCredentialBrokerOptions (Azure#27917)

* Azure.Identity.BrokeredAuthentication adding SharedTokenCacheCredentialBrokerOptions

* updating core ref to project ref

* updating api spec

* refactoring to use a shared internal interface

* fix tests

* move extension test back to avoid dups

Author: schaabs

sdk/identity/Azure.Identity.BrokeredAuthentication/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 1.0.0-beta.2 (Unreleased)
 
 ### Features Added
+- Added `SharedTokenCacheCredentialBrokerOptions` to enable `SharedTokenCacheCredential` to use the authentication broker for silent authentication calls when this specicialized options type is used to construct the credential.
 
 ### Breaking Changes
 

sdk/identity/Azure.Identity.BrokeredAuthentication/api/Azure.Identity.BrokeredAuthentication.net461.cs

@@ -4,4 +4,8 @@ public partial class InteractiveBrowserCredentialBrokerOptions : Azure.Identity.
     {
         public InteractiveBrowserCredentialBrokerOptions() { }
     }
+    public partial class SharedTokenCacheCredentialBrokerOptions : Azure.Identity.SharedTokenCacheCredentialOptions
+    {
+        public SharedTokenCacheCredentialBrokerOptions() { }
+    }
 }

sdk/identity/Azure.Identity.BrokeredAuthentication/api/Azure.Identity.BrokeredAuthentication.netstandard2.0.cs

@@ -4,4 +4,8 @@ public partial class InteractiveBrowserCredentialBrokerOptions : Azure.Identity.
     {
         public InteractiveBrowserCredentialBrokerOptions() { }
     }
+    public partial class SharedTokenCacheCredentialBrokerOptions : Azure.Identity.SharedTokenCacheCredentialOptions
+    {
+        public SharedTokenCacheCredentialBrokerOptions() { }
+    }
 }

sdk/identity/Azure.Identity.BrokeredAuthentication/src/Azure.Identity.BrokeredAuthentication.csproj

@@ -11,8 +11,16 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Core" />
-    <PackageReference Include="Azure.Identity" VersionOverride="1.6.0-beta.1" />
+    <!--TODO: Switch back to package reference once Core is released prior to Azure.Identity release
+   <PackageReference Include="Azure.Core" />
+   -->
+    <ProjectReference Include="../../../core/Azure.Core/src/Azure.Core.csproj" />
+    <!-- 
+      Update this project reference back to package refefence after next Azure.Identity
+      release, before relasing Azure.Identity.BrokeredAuthentication 1.0.0-beta.2.
+    -->
+    <!--<PackageReference Include="Azure.Identity" VersionOverride="1.6.0-beta.1" />-->
+    <ProjectReference Include="../../Azure.Identity/src/Azure.Identity.csproj"/>
     <PackageReference Include="System.Memory" />
     <PackageReference Include="System.Text.Json" />
     <PackageReference Include="System.Threading.Tasks.Extensions" />

sdk/identity/Azure.Identity.BrokeredAuthentication/src/InteractiveBrowserCredentialBrokerOptions.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using Microsoft.Identity.Client;
 #if (NETFRAMEWORK)
 using Microsoft.Identity.Client.Desktop;
@@ -11,15 +12,9 @@ namespace Azure.Identity.BrokeredAuthentication
     /// <summary>
     /// Options to configure the <see cref="InteractiveBrowserCredential"/> to use the system authentication broker in lieu of the system browser if available.
     /// </summary>
-    public class InteractiveBrowserCredentialBrokerOptions : InteractiveBrowserCredentialOptions
+    public class InteractiveBrowserCredentialBrokerOptions : InteractiveBrowserCredentialOptions, IMsalPublicClientInitializerOptions
     {
-        /// <summary>
-        /// Creates a new instance of <see cref="InteractiveBrowserCredentialBrokerOptions"/>.
-        /// </summary>
-        public InteractiveBrowserCredentialBrokerOptions()
-        {
-            this.BeforeBuildClient = AddBroker;
-        }
+        Action<PublicClientApplicationBuilder> IMsalPublicClientInitializerOptions.BeforeBuildClient => AddBroker;
 
         private void AddBroker(PublicClientApplicationBuilder builder)
         {

sdk/identity/Azure.Identity.BrokeredAuthentication/src/SharedTokenCacheCredentialBrokerOptions.cs

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using Microsoft.Identity.Client;
+#if (NETFRAMEWORK)
+using Microsoft.Identity.Client.Desktop;
+#endif
+
+namespace Azure.Identity.BrokeredAuthentication
+{
+    /// <summary>
+    /// Options to configure the <see cref="SharedTokenCacheCredential"/> to use the system authentication broker for silent authentication if available.
+    /// </summary>
+    public class SharedTokenCacheCredentialBrokerOptions : SharedTokenCacheCredentialOptions, IMsalPublicClientInitializerOptions
+    {
+        Action<PublicClientApplicationBuilder> IMsalPublicClientInitializerOptions.BeforeBuildClient => AddBroker;
+
+        private void AddBroker(PublicClientApplicationBuilder builder)
+        {
+#if (NETFRAMEWORK)
+            builder.WithWindowsBroker();
+#else
+            builder.WithBroker();
+#endif
+        }
+    }
+}

sdk/identity/Azure.Identity.BrokeredAuthentication/tests/ManualSharedTokenCacheCredentialBrokerTests.cs

@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Security.AccessControl;
+using System.Threading.Tasks;
+using Azure.Core;
+using NUnit.Framework;
+
+namespace Azure.Identity.BrokeredAuthentication.Tests
+{
+    public class ManualSharedTokenCacheCredentialBrokerTests
+    {
+        [Test]
+        [Ignore("This test is an integration test which can only be run with user interaction")]
+        public async Task SilentAuthenticateWithBrokerAsync()
+        {
+            TokenCachePersistenceOptions persistenceOptions = new TokenCachePersistenceOptions();
+
+            // to fully manually verify the InteractiveBrowserCredential this test should be run both authenticating with a
+            // school / organization account as well as a personal live account, i.e. a @outlook.com, @live.com, or @hotmail.com
+            var cred = new InteractiveBrowserCredential(new InteractiveBrowserCredentialBrokerOptions { TokenCachePersistenceOptions = persistenceOptions});
+
+            AccessToken token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://vault.azure.net/.default" })).ConfigureAwait(false);
+
+            Assert.NotNull(token.Token);
+
+            var silentCred = new SharedTokenCacheCredential(new SharedTokenCacheCredentialBrokerOptions());
+
+            // The calls below this should be silent and not require user interaction
+            token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://vault.azure.net/.default" })).ConfigureAwait(false);
+
+            Assert.NotNull(token.Token);
+
+            token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://management.core.windows.net//.default" })).ConfigureAwait(false);
+
+            Assert.NotNull(token.Token);
+        }
+    }
+}

sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredential.cs

@@ -80,8 +80,7 @@ internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCre
             Pipeline = pipeline ?? CredentialPipeline.GetInstance(options);
             LoginHint = (options as InteractiveBrowserCredentialOptions)?.LoginHint;
             var redirectUrl = (options as InteractiveBrowserCredentialOptions)?.RedirectUri?.AbsoluteUri ?? Constants.DefaultRedirectUrl;
-            var beforeBuildClient = (options as InteractiveBrowserCredentialOptions)?.BeforeBuildClient;
-            Client = client ?? new MsalPublicClient(Pipeline, tenantId, clientId, redirectUrl, options, beforeBuildClient);
+            Client = client ?? new MsalPublicClient(Pipeline, tenantId, clientId, redirectUrl, options);
         }
 
         /// <summary>

sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs

@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading;
-using Microsoft.Identity.Client;
 
 namespace Azure.Identity
 {
@@ -54,7 +53,5 @@ public string TenantId
         /// Avoids the account prompt and pre-populates the username of the account to login.
         /// </summary>
         public string LoginHint { get; set; }
-
-        internal Action<PublicClientApplicationBuilder> BeforeBuildClient { get; set; }
     }
 }

sdk/identity/Azure.Identity/src/IMsalPublicClientInitializerOptions.cs

@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Microsoft.Identity.Client;
+
+namespace Azure.Identity
+{
+    internal interface IMsalPublicClientInitializerOptions
+    {
+        Action<PublicClientApplicationBuilder> BeforeBuildClient { get; }
+    }
+}