[identity] Adding extensions API, identity-vscode, and identity-cache-persistence

[witemple-msft]

This PR introduces an extension API for @azure/identity:

import extension from "<name of extension package>";
import { useIdentityExtension } from "@azure/identity";

useIdentityExtension(extension);

// Now identity is imbued with the power of your extension package.

The extension API is based on passing a function that receives a control interface to set certain, sanctioned properties within the MSAL internals. In the first case, the only option exposed is to set a cache plugin. The function can also run any other arbitrary initialization logic it requires.

There are two first-party extension packages:

• @azure/identity-vscode, provides VisualStudioCodeCredential and an extension that will add it to the default credentials of DefaultAzureCredential
• @azure/identity-cache-persistence registers a CachePlugin to the underlying MSAL flows, allowing some credentials (those based on public client) to utilize persistent token storage based on the host platform's secret management capabilities (DPAPI on windows, keychain on macOS, and libsecret on Linux).

Items:

• Adding and restoring tests for the new packages as well as the extensions APIs.
• Adding READMEs and documentation for the new extension packages, and adding information to the mainline identity package readme about extensions and the two new extension packages.
• Reviewing and adding docstrings to all new functions.
• Adding samples (currently, the samples are using my dev appconfig instance scope as an example, for the sake of testing, but we can add live testing capabilities to these packages and test with real scopes.
• Needs architectural review.
• Ideally, we would not have to expose ICachePlugin in the public API surface (through the extension API), but it may be beneficial to do so to enable future scenarios such as distributed caching.
• Currently, the only way that VisualStudioCodeCredential works is by exposing IdentityClient through the identity package API surface and duplicating the logging code, but this isn't desired. A code-sharing approach or common core package is required to remove this leak.

[sadasant]

Persistance will, for sure, not work on browsers 🤔 I wonder if we should preemptively remove any browser-related logic or configuration.

[witemple-msft]

This ends up being required to build the tests, which import from identity sources. Identity uses lib: DOM, so we need it here for the same reason.

[sadasant]

Ok ok! I like how this is looking. We could get something like this merged and work together on the remaining tasks. For that, I propose the following:

• Do not expose anything to end-users that may have any reference to MSAL to be consistent with our efforts in the past and with other languages. Pick some other name that can be meaningful and have no references to MSAL.
• Let’s open issues for all of the remaining tasks that won’t be part of this PR to put them in the budget and place them in the schedule. This will help us divide and conquer!

Let me know what you think 🌞

[sadasant]

When I say that we can get something like this merged, I don’t mean today. What I mean to say is that: draw a line eventually, and make sure that what couldn’t get in is expressed in the form of issues so that we can follow up together.

[xirzec]

I'm glad we're splitting up identity! A few thoughts along the way, mostly I am confused by global object magic now that we're using an explicit function call to activate extensions.

[xirzec]

It feels a little weird to me that the extension depends on the base lib it is extending -- is this for interfaces?

[witemple-msft]

Yes. It's probably not required for VSCode anymore, but it is required for cache-persistence because it's where we get the options type for the cache from.

[xirzec]

should this be a function, so that the library can receive optional configuration at composition time? I could see this being useful for skipping platform detection in some cases

[witemple-msft]

In the new model without the symbolic stuff, this is already a function that takes a "context". Currently, neither of the extensions are equipped to take any configuration options, so do you think we could revisit this idea in a future beta if there's a clearer picture? There isn't any reason that two extension packages couldn't export different shapes, i.e. one package exports an extension directly and the other exports an extension factory that accepts options.

[xirzec]

similarly, this shouldn't work in the browser, yeah?

[witemple-msft]

For vscode it's fine. For cache-persistence it is required to build the tests, which reach into the identity source code during the build.

[xirzec]

Awesome!! This is a great change and I'm so happy you've landed it.

Now if we can just get identity onto corev2... 😉

[xirzec]

Can you file an issue to fix the linter?