diff --git a/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs b/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs index 14ced8afba..1982ac2e4c 100644 --- a/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs +++ b/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs @@ -8,6 +8,7 @@ using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; using Microsoft.Identity.Client; +using Microsoft.Identity.Client.AppConfig; namespace Microsoft.Bot.Connector.Authentication { @@ -16,10 +17,9 @@ namespace Microsoft.Bot.Connector.Authentication /// public class ManagedIdentityAuthenticator : IAuthenticator { - private readonly string _appId; private readonly string _resource; private readonly ILogger _logger; - private readonly IConfidentialClientApplication _clientApplication; + private readonly IManagedIdentityApplication _clientApplication; /// /// Initializes a new instance of the class. @@ -40,7 +40,6 @@ public ManagedIdentityAuthenticator(string appId, string resource, HttpClient cu throw new ArgumentNullException(nameof(resource)); } - _appId = appId; _resource = resource; _logger = logger ?? NullLogger.Instance; _clientApplication = CreateClientApplication(appId, customHttpClient); @@ -63,10 +62,8 @@ public async Task GetTokenAsync(bool forceRefresh = false) private async Task AcquireTokenAsync(bool forceRefresh) { - var scopes = new string[] { $"{_resource}/.default" }; var authResult = await _clientApplication - .AcquireTokenForClient(scopes) - .WithManagedIdentity(_appId) + .AcquireTokenForManagedIdentity(_resource) .WithForceRefresh(forceRefresh) .ExecuteAsync() .ConfigureAwait(false); @@ -86,10 +83,9 @@ private RetryParams HandleTokenProviderException(Exception e, int retryCount) : RetryParams.DefaultBackOff(retryCount); } - private IConfidentialClientApplication CreateClientApplication(string appId, HttpClient customHttpClient = null) + private IManagedIdentityApplication CreateClientApplication(string appId, HttpClient customHttpClient = null) { - var clientBuilder = ConfidentialClientApplicationBuilder.Create(appId) - .WithExperimentalFeatures(); + var clientBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(appId)); if (customHttpClient != null) { diff --git a/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj b/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj index 5fc5f2f36b..74e4ca28a7 100644 --- a/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj +++ b/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj @@ -29,7 +29,7 @@ - + diff --git a/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs b/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs index 7ccab5f4e6..9915504cfe 100644 --- a/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs +++ b/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs @@ -16,8 +16,8 @@ namespace Microsoft.Bot.Connector.Tests.Authentication { public class ManagedIdentityAuthenticatorTests { - private const string TestAppId = "foo"; - private const string TestAudience = "bar"; + private readonly Func appId = (id) => $"id {id} "; + private readonly Func audience = (id) => $"audience {id} "; [Fact] public void CanGetJwtToken() @@ -37,7 +37,7 @@ public void CanGetJwtToken() .ReturnsAsync(response); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanGetJwtToken)), audience(nameof(CanGetJwtToken)), httpClient); var token = sut.GetTokenAsync().GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken); @@ -45,9 +45,9 @@ public void CanGetJwtToken() } [Theory] - [InlineData(false)] - [InlineData(true)] - public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput) + [InlineData(false, 1)] + [InlineData(true, 2)] + public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput, int index) { var response = new HttpResponseMessage(HttpStatusCode.OK); var expiresOn = DateTimeOffset.Now.ToUnixTimeSeconds() + 10000; @@ -64,7 +64,7 @@ public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput) .ReturnsAsync(response); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanGetJwtTokenWithForceRefresh)) + index, audience(nameof(CanGetJwtTokenWithForceRefresh)) + index, httpClient); var token = sut.GetTokenAsync(forceRefreshInput).GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken); @@ -86,7 +86,7 @@ public void DefaultRetryOnException() }); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(DefaultRetryOnException)), audience(nameof(DefaultRetryOnException)), httpClient); try { @@ -130,7 +130,7 @@ public void CanRetryAndAcquireToken() }); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanRetryAndAcquireToken)), audience(nameof(CanRetryAndAcquireToken)), httpClient); var token = sut.GetTokenAsync().GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken);