NuGet brings in very old versions of Newtonsoft.Json. Need to look at
upgrading NuGet dependencies, but in the meantime, bring back the
explicit version.
Depending on the operation outputs are either pulled from the project
intermediate directory (e.g. in publish) or the output directory. Since
signing occurs after the build, the unsigned assembly has been copied to
the output directory so needs to be signed there as well.
MSAL integrated Windows authentication requires using default
credentials. This is done if using MSALs http client factory, so must
explicitly opt into this behavior.
---------
Co-authored-by: John Erickson <jerick@microsoft.com>
Adding a reference to the Microsoft.Artifacts.Authentication project and
removing all associated code from the credential provider that it
replaces. Also includes a few bug fixes present in the credential
provider that were not yet ported to the library.
Bringing PlatformUtils and UserAgent defaults over to the authentication
library. Since netstandard2.0 doesn't have all the types required it's
still expected that callers will need to construct their own http client
factory. For .NET Framework however, using a static HttpClient is still
the recommendation so providing some extension methods to support that.
Proposed changes to pull the MSAL related types into their own project
and deliver as an extension to MSAL. Design and implementation are a
work in progress to collect feedback on the approach and API design.
Example usage of to create a PublicClientApplication with recommended
settings and defaults for Azure Artifacts and enumerate providers:
```csharp
var app = AzureArtifacts.CreateDefaultBuilder(authority)
.WithBroker(true, logger)
.WithLogging((LogLevel level, string message, bool containsPii) =>
{
// Application specific logging
})
.Build();
// Can use MsalTokenProviders which works for most cases, or compose the token providers manually
var providers = MsalTokenProviders.Get(app, logger);
var tokenRequest = new TokenRequest("https://pkgs.dev.azure.com/org")
{
IsInteractive = true
};
foreach (var provider in providers)
{
if (!provider.CanGetToken(tokenRequest))
continue;
var result = await provider.GetTokenAsync(tokenRequest);
}
```
1. Uses and extends the MSAL token types, and not trying to be a wrapper
around them. No plans to support more token authentication libraries in
the future.
2. Uses Microsoft.Extensions.Logging as the logging infrastructure, and
adaptors will be created where necessary to interface with client
tooling.
3. All settings and defaults are pulled out onto TokenRequest, or are
composable using extension methods.
When using MSAL or ADAL authentication libraries no attempt is done to
populate the UserAgent header when making requests, and no great API is
provided to easily set this. The only mechanism is to implement their
IHttpClientFactory interface and customize the HttpClients being used by
the library. As such I'm taking this opportunity to use this factory to
return a singleton instance for use in all places that we're making HTTP
requests.
Additionally I'm updating the UserAgent header we're sending to include
more information about the platform and runtime, which now produces a
header that looks like the following: ```User-Agent:
CredentialProvider.Microsoft/1.0.4+aae4981de95d543b7935811c05474e393dd9e144
(Windows; X64; Microsoft Windows 10.0.19045) CLR/6.0.16
(.NETCoreApp,Version=v6.0; win10-x64; .NET 6.0.16)```
Add default devcontainer.json to enable the repository to build in
Codespaces. This builds from the dotnet latest images and adds .NET 6.0.
The repository is able to build, run, and test if using .NET 6.0
(probably .NET Core 3.1 as well but untested). .NET Framework requires
mono to run but didn't see any convenient features for that.
Also adding the artifacts-helper to set up NuGet authentication so
collaborators on the Azure DevOps feed are able to pull new packages
into the feed.
A credential provider wrapper for Conda protocol. It will call the
credential provider and set the token into an environment variable for
Conda client. The conda package artifacts-credprovider-conda will be
published to anaconda.org for users to consume.
All of the methods off of IAuthUtil will probe the same url to get
response headers. We were making 3 requests for the same response, and
after #392 we made one less in the common case. Adding an internal cache
to simply cache the response headers by url. It's possible to refactor
to make this a little more explicit (e.g. pull the headers once and pass
that around) but those changes ended up being quite large and may cause
more work with planned changes.
Also passing the HttpCompletionOption.ResponseHeadersRead option since
we don't care about the request body or any trailing headers.
John Schmeichel
Zheng Hao Tang