From b6b53883b065699316b160773a4cc4e739159754 Mon Sep 17 00:00:00 2001 From: Caleb Kiage <747955+calebkiage@users.noreply.github.com> Date: Thu, 19 Oct 2023 16:01:32 +0300 Subject: [PATCH] Fetch new token on login to ensure new scopes are available (#274) * Fetch new token on login to ensure new scopes are available * Bump version * Apply suggestions from code review --------- Co-authored-by: Vincent Biret --- .../Authentication/AppOnlyLoginService.cs | 6 +----- .../AuthenticationServiceFactory.cs | 12 +++++------ .../Authentication/InteractiveLoginService.cs | 20 ++++++++++--------- .../Microsoft.Graph.Cli.Core.csproj | 2 +- 4 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/Microsoft.Graph.Cli.Core/Authentication/AppOnlyLoginService.cs b/src/Microsoft.Graph.Cli.Core/Authentication/AppOnlyLoginService.cs index b251135f..ac68cb39 100644 --- a/src/Microsoft.Graph.Cli.Core/Authentication/AppOnlyLoginService.cs +++ b/src/Microsoft.Graph.Cli.Core/Authentication/AppOnlyLoginService.cs @@ -12,16 +12,12 @@ namespace Microsoft.Graph.Cli.Core.Authentication; /// An app-only token credential type public class AppOnlyLoginService : LoginServiceBase where T : TokenCredential { - private T credential; - /// /// Creates a new instance of an app-only login service. /// - /// The app-only login credential. /// The path utility instance. - public AppOnlyLoginService(T credential, IPathUtility pathUtility) : base(pathUtility) + public AppOnlyLoginService(IPathUtility pathUtility) : base(pathUtility) { - this.credential = credential; } /// diff --git a/src/Microsoft.Graph.Cli.Core/Authentication/AuthenticationServiceFactory.cs b/src/Microsoft.Graph.Cli.Core/Authentication/AuthenticationServiceFactory.cs index 809f9029..e6f14091 100644 --- a/src/Microsoft.Graph.Cli.Core/Authentication/AuthenticationServiceFactory.cs +++ b/src/Microsoft.Graph.Cli.Core/Authentication/AuthenticationServiceFactory.cs @@ -55,17 +55,17 @@ public virtual async Task GetAuthenticationServiceAsync(Authen { return new InteractiveLoginService(browserCred, pathUtility); } - else if (strategy == AuthenticationStrategy.ClientCertificate && credential is ClientCertificateCredential certCred) + else if (strategy == AuthenticationStrategy.ClientCertificate && credential is ClientCertificateCredential) { - return new AppOnlyLoginService(GetClientCertificateCredential(tenantId, clientId, certificateName, certificateThumbPrint), pathUtility); + return new AppOnlyLoginService(pathUtility); } - else if (strategy == AuthenticationStrategy.ManagedIdentity && credential is ManagedIdentityCredential managedIdentityCred) + else if (strategy == AuthenticationStrategy.ManagedIdentity && credential is ManagedIdentityCredential) { - return new AppOnlyLoginService(managedIdentityCred, pathUtility); + return new AppOnlyLoginService(pathUtility); } - else if (strategy == AuthenticationStrategy.Environment && credential is EnvironmentCredential envCred) + else if (strategy == AuthenticationStrategy.Environment && credential is EnvironmentCredential) { - return new AppOnlyLoginService(envCred, pathUtility); + return new AppOnlyLoginService(pathUtility); } else { diff --git a/src/Microsoft.Graph.Cli.Core/Authentication/InteractiveLoginService.cs b/src/Microsoft.Graph.Cli.Core/Authentication/InteractiveLoginService.cs index fd08ef25..d28e364a 100644 --- a/src/Microsoft.Graph.Cli.Core/Authentication/InteractiveLoginService.cs +++ b/src/Microsoft.Graph.Cli.Core/Authentication/InteractiveLoginService.cs @@ -41,16 +41,18 @@ public InteractiveLoginService(T credential, IPathUtility pathUtility) : base(pa /// When the credential is not supported. protected override async Task DoLoginAsync(string[] scopes, CancellationToken cancellationToken = default) { - if (credential is DeviceCodeCredential deviceCodeCred) + var requestContext = new TokenRequestContext(scopes); + var record = credential switch { - return await deviceCodeCred.AuthenticateAsync(new TokenRequestContext(scopes), cancellationToken); - } - else if (credential is InteractiveBrowserCredential browserCred) - { - return await browserCred.AuthenticateAsync(new TokenRequestContext(scopes), cancellationToken); - } + DeviceCodeCredential deviceCodeCred => await deviceCodeCred.AuthenticateAsync(requestContext, cancellationToken).ConfigureAwait(false), + InteractiveBrowserCredential browserCred => await browserCred.AuthenticateAsync(requestContext, cancellationToken).ConfigureAwait(false), + // Due to the check in the constructor, this code shouldn't be reachable normally. + _ => throw new InvalidOperationException("The provided credential is not supported."), + }; + + // Request a new token to update the cache allowing incremental consent. + var _ = await credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false); - // Due to the check in the constructor, this code shouldn't be reachable normally. - throw new InvalidOperationException("The provided credential is not supported."); + return record; } } diff --git a/src/Microsoft.Graph.Cli.Core/Microsoft.Graph.Cli.Core.csproj b/src/Microsoft.Graph.Cli.Core/Microsoft.Graph.Cli.Core.csproj index 3fb2bc4f..37ba2308 100644 --- a/src/Microsoft.Graph.Cli.Core/Microsoft.Graph.Cli.Core.csproj +++ b/src/Microsoft.Graph.Cli.Core/Microsoft.Graph.Cli.Core.csproj @@ -8,7 +8,7 @@ embedded 1.0.0 - preview.6 + preview.7