Support AAD on MSA accounts

AzureDevOps.Authentication/Src/MsaAuthentication.cs

@@ -33,16 +33,13 @@ namespace AzureDevOps.Authentication
 
     public sealed class MsaAuthentication : Authentication, IMsaAuthentication
     {
-        public const string DefaultAuthorityHost = AzureDevOps.Authentication.Authority.AuthorityHostUrlBase + "/live.com";
-        internal const string QueryParameters = "domain_hint=live.com&display=popup&site_id=501454&nux=1";
-
         public MsaAuthentication(
             RuntimeContext context,
             TokenScope tokenScope,
             ICredentialStore personalAccessTokenStore)
             : base(context, tokenScope, personalAccessTokenStore)
         {
-            Authority = new Authority(context, DefaultAuthorityHost);
+            Authority = new Authority(context, AzureDevOps.Authentication.Authority.DefaultAuthorityHostUrl);
         }
 
         /// <summary>
@@ -79,7 +76,12 @@ namespace AzureDevOps.Authentication
             try
             {
                 Token token;
-                if ((token = await Authority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), QueryParameters)) != null)
+                if ((token = await Authority.InteractiveAcquireToken(
+                    targetUri,
+                    ClientId,
+                    Resource,
+                    new Uri(RedirectUrl),
+                    queryParameters: null)) != null)
                 {
                     Trace.WriteLine($"token '{targetUri}' successfully acquired.");
 
@@ -109,7 +111,12 @@ namespace AzureDevOps.Authentication
             try
             {
                 Token token;
-                if ((token = await Authority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), QueryParameters)) != null)
+                if ((token = await Authority.InteractiveAcquireToken(
+                    targetUri,
+                    ClientId,
+                    Resource,
+                    new Uri(RedirectUrl),
+                    queryParameters: null)) != null)
                 {
                     Trace.WriteLine($"token '{targetUri}' successfully acquired.");
 

AzureDevOps.Authentication/Test/MsaTests.cs

@@ -109,7 +109,7 @@ namespace AzureDevOps.Authentication.Test
         {
             ICredentialStore tokenStore1 = new SecretCache(context, @namespace + 1, Secret.UriToIdentityUrl);
             ITokenStore tokenStore2 = new SecretCache(context, @namespace + 2, Secret.UriToIdentityUrl);
-            IAuthority liveAuthority = new AuthorityFake(MsaAuthentication.QueryParameters);
+            IAuthority liveAuthority = new AuthorityFake(null);
             return new MsaAuthentication(context, tokenStore1, tokenStore2, liveAuthority);
         }
     }

Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogonWithRevokedCredentials_Success.json

@@ -3231,17 +3231,17 @@
     "Adal": {
       "Operations": [
         {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
           "Error": {},
           "Input": {
             "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1",
+            "ExtraQueryParameters": "",
             "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
             "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob"
           },
           "Result": {
             "AccessToken": "Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token",
-            "Authority": "https://login.microsoftonline.com/live.com/",
+            "Authority": "https://login.microsoftonline.com/common/",
             "TokenType": "Bearer",
             "TenantId": "9cd80435-793b-4f48-844b-6b3f37d1c1f3"
           }

Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Canceled.json

@@ -3005,7 +3005,7 @@
     "Adal": {
       "Operations": [
         {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
           "Error": {
             "Message": "User canceled authentication"
           },
@@ -3013,7 +3013,7 @@
             "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
             "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
             "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1"
+            "ExtraQueryParameters": ""
           },
           "Result": {}
         }

Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Success.json

@@ -3670,17 +3670,17 @@
     "Adal": {
       "Operations": [
         {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
           "Error": {},
           "Input": {
             "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1",
+            "ExtraQueryParameters": "",
             "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
             "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob"
           },
           "Result": {
             "AccessToken": "Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token",
-            "Authority": "https://login.microsoftonline.com/live.com/",
+            "Authority": "https://login.microsoftonline.com/common/",
             "TokenType": "Bearer",
             "TenantId": "9cd80435-793b-4f48-844b-6b3f37d1c1f3"
           }