From 4a5fb7b1e818eff3aa41cd56a61a9b83e945c436 Mon Sep 17 00:00:00 2001 From: Joel Mut Date: Thu, 24 Aug 2023 21:43:56 +0200 Subject: [PATCH 1/2] Update MSI implementation --- .../Authentication/ManagedIdentityAuthenticator.cs | 14 +++++--------- .../Microsoft.Bot.Connector.csproj | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs b/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs index b16078809a..d19bf25a20 100644 --- a/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs +++ b/libraries/Microsoft.Bot.Connector/Authentication/ManagedIdentityAuthenticator.cs @@ -8,6 +8,7 @@ using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; using Microsoft.Identity.Client; +using Microsoft.Identity.Client.AppConfig; namespace Microsoft.Bot.Connector.Authentication { @@ -16,10 +17,9 @@ namespace Microsoft.Bot.Connector.Authentication /// public class ManagedIdentityAuthenticator : IAuthenticator { - private readonly string _appId; private readonly string _resource; private readonly ILogger _logger; - private readonly IConfidentialClientApplication _clientApplication; + private readonly IManagedIdentityApplication _clientApplication; /// /// Initializes a new instance of the class. @@ -54,7 +54,6 @@ public ManagedIdentityAuthenticator(string appId, string resource, HttpClient cu throw new ArgumentNullException(nameof(resource)); } - _appId = appId; _resource = resource; _logger = logger ?? NullLogger.Instance; _clientApplication = CreateClientApplication(appId, customHttpClient); @@ -77,10 +76,8 @@ public async Task GetTokenAsync(bool forceRefresh = false) private async Task AcquireTokenAsync(bool forceRefresh) { - var scopes = new string[] { $"{_resource}/.default" }; var authResult = await _clientApplication - .AcquireTokenForClient(scopes) - .WithManagedIdentity(_appId) + .AcquireTokenForManagedIdentity(_resource) .WithForceRefresh(forceRefresh) .ExecuteAsync() .ConfigureAwait(false); @@ -100,10 +97,9 @@ private RetryParams HandleTokenProviderException(Exception e, int retryCount) : RetryParams.DefaultBackOff(retryCount); } - private IConfidentialClientApplication CreateClientApplication(string appId, HttpClient customHttpClient = null) + private IManagedIdentityApplication CreateClientApplication(string appId, HttpClient customHttpClient = null) { - var clientBuilder = ConfidentialClientApplicationBuilder.Create(appId) - .WithExperimentalFeatures(); + var clientBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(appId)); if (customHttpClient != null) { diff --git a/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj b/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj index 244dea2297..ffe70e6c9c 100644 --- a/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj +++ b/libraries/Microsoft.Bot.Connector/Microsoft.Bot.Connector.csproj @@ -29,7 +29,7 @@ - + From b158a9c0c2288e9357b52b93794b5db5cadb204f Mon Sep 17 00:00:00 2001 From: Joel Mut Date: Tue, 19 Sep 2023 21:24:51 +0200 Subject: [PATCH 2/2] Fix unit tests --- .../ManagedIdentityAuthenticatorTests.cs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs b/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs index 7ccab5f4e6..9915504cfe 100644 --- a/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs +++ b/tests/Microsoft.Bot.Connector.Tests/Authentication/ManagedIdentityAuthenticatorTests.cs @@ -16,8 +16,8 @@ namespace Microsoft.Bot.Connector.Tests.Authentication { public class ManagedIdentityAuthenticatorTests { - private const string TestAppId = "foo"; - private const string TestAudience = "bar"; + private readonly Func appId = (id) => $"id {id} "; + private readonly Func audience = (id) => $"audience {id} "; [Fact] public void CanGetJwtToken() @@ -37,7 +37,7 @@ public void CanGetJwtToken() .ReturnsAsync(response); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanGetJwtToken)), audience(nameof(CanGetJwtToken)), httpClient); var token = sut.GetTokenAsync().GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken); @@ -45,9 +45,9 @@ public void CanGetJwtToken() } [Theory] - [InlineData(false)] - [InlineData(true)] - public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput) + [InlineData(false, 1)] + [InlineData(true, 2)] + public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput, int index) { var response = new HttpResponseMessage(HttpStatusCode.OK); var expiresOn = DateTimeOffset.Now.ToUnixTimeSeconds() + 10000; @@ -64,7 +64,7 @@ public void CanGetJwtTokenWithForceRefresh(bool forceRefreshInput) .ReturnsAsync(response); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanGetJwtTokenWithForceRefresh)) + index, audience(nameof(CanGetJwtTokenWithForceRefresh)) + index, httpClient); var token = sut.GetTokenAsync(forceRefreshInput).GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken); @@ -86,7 +86,7 @@ public void DefaultRetryOnException() }); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(DefaultRetryOnException)), audience(nameof(DefaultRetryOnException)), httpClient); try { @@ -130,7 +130,7 @@ public void CanRetryAndAcquireToken() }); var httpClient = new HttpClient(mockHttpMessageHandler.Object); - var sut = new ManagedIdentityAuthenticator(TestAppId, TestAudience, httpClient); + var sut = new ManagedIdentityAuthenticator(appId(nameof(CanRetryAndAcquireToken)), audience(nameof(CanRetryAndAcquireToken)), httpClient); var token = sut.GetTokenAsync().GetAwaiter().GetResult(); Assert.Equal("at_secret", token.AccessToken);