diff --git a/eng/Packages.Data.props b/eng/Packages.Data.props
index b47de1137f52f..638a3f2749c99 100644
--- a/eng/Packages.Data.props
+++ b/eng/Packages.Data.props
@@ -104,13 +104,13 @@
-
-
+
+
-
+
diff --git a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
index e45dd7c812d08..5b7779a9cfb14 100644
--- a/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
+++ b/sdk/identity/Azure.Identity/src/MsalConfidentialClient.cs
@@ -12,7 +12,6 @@ namespace Azure.Identity
{
internal class MsalConfidentialClient : MsalClientBase
{
- private const string s_instanceMetadata = "{\"tenant_discovery_endpoint\":\"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration\",\"api-version\":\"1.1\",\"metadata\":[{\"preferred_network\":\"login.microsoftonline.com\",\"preferred_cache\":\"login.windows.net\",\"aliases\":[\"login.microsoftonline.com\",\"login.windows.net\",\"login.microsoft.com\",\"sts.windows.net\"]}]}";
internal readonly string _clientSecret;
internal readonly bool _includeX5CClaimHeader;
internal readonly IX509Certificate2Provider _certificateProvider;
@@ -76,7 +75,7 @@ protected override async ValueTask CreateClientA
{
confClientBuilder.WithAppTokenProvider(_appTokenProviderCallback)
.WithAuthority(_authority.AbsoluteUri, TenantId, false)
- .WithInstanceDiscoveryMetadata(s_instanceMetadata);
+ .WithInstanceDiscovery(false);
}
else
{
@@ -104,6 +103,7 @@ protected override async ValueTask CreateClientA
confClientBuilder.WithCertificate(clientCertificate);
}
+ // When the appTokenProviderCallback is set, meaning this is for managed identity, the regional authority is not relevant.
if (_appTokenProviderCallback == null && !string.IsNullOrEmpty(RegionalAuthority))
{
confClientBuilder.WithAzureRegion(RegionalAuthority);
diff --git a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs
index 69a7c8455d272..9401753977704 100644
--- a/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs
+++ b/sdk/identity/Azure.Identity/tests/ManagedIdentityCredentialTests.cs
@@ -109,10 +109,9 @@ public async Task VerifyImdsRequestWithClientIdMockAsync()
[TestCase("westus")]
public async Task VerifyImdsRequestWithClientIdAndRegionalAuthorityNameMockAsync(string regionName)
{
- using var environment = new TestEnvVar(new() { {"AZURE_REGIONAL_AUTHORITY_NAME", regionName}, {"MSI_ENDPOINT", null }, { "MSI_SECRET", null }, { "IDENTITY_ENDPOINT", null }, { "IDENTITY_HEADER", null }, { "AZURE_POD_IDENTITY_AUTHORITY_HOST", null } });
+ using var environment = new TestEnvVar(new() { { "AZURE_REGIONAL_AUTHORITY_NAME", regionName }, { "MSI_ENDPOINT", null }, { "MSI_SECRET", null }, { "IDENTITY_ENDPOINT", null }, { "IDENTITY_HEADER", null }, { "AZURE_POD_IDENTITY_AUTHORITY_HOST", null } });
- var response = CreateMockResponse(200, ExpectedToken);
- var mockTransport = new MockTransport(response);
+ var mockTransport = new MockTransport(req => CreateMockResponse(200, ExpectedToken));
var options = new TokenCredentialOptions() { Transport = mockTransport };
var pipeline = CredentialPipeline.GetInstance(options);
@@ -121,18 +120,6 @@ public async Task VerifyImdsRequestWithClientIdAndRegionalAuthorityNameMockAsync
AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(ExpectedToken, actualToken.Token);
-
- MockRequest request = mockTransport.Requests[0];
-
- string query = request.Uri.Query;
-
- Assert.AreEqual(request.Uri.Host, "169.254.169.254");
- Assert.AreEqual(request.Uri.Path, "/metadata/identity/oauth2/token");
- Assert.IsTrue(query.Contains("api-version=2018-02-01"));
- Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}"));
- Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue));
- Assert.IsTrue(query.Contains($"{Constants.ManagedIdentityClientId}=mock-client-id"));
- Assert.AreEqual("true", metadataValue);
}
[NonParallelizable]
@@ -147,9 +134,12 @@ public async Task VerifyImdsRequestWithClientIdAndNonPubCloudMockAsync(Uri autho
var options = new TokenCredentialOptions() { Transport = mockTransport, AuthorityHost = authority };
//var pipeline = CredentialPipeline.GetInstance(options);
var _pipeline = new HttpPipeline(mockTransport);
- var pipeline = new CredentialPipeline(authority, _pipeline, new ClientDiagnostics(options));
+ var pipeline = new CredentialPipeline(authority, _pipeline, new ClientDiagnostics(options));
- ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential(new ManagedIdentityClient( pipeline, "mock-client-id")));
+ ManagedIdentityCredential credential = InstrumentClient(
+ new ManagedIdentityCredential(
+ new ManagedIdentityClient(
+ new ManagedIdentityClientOptions { Pipeline = pipeline, ClientId = "mock-client-id", Options = options })));
AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
@@ -696,10 +686,11 @@ public async Task VerifyInitialImdsConnectionTimeoutHonored()
var startTime = DateTimeOffset.UtcNow;
var ex = Assert.ThrowsAsync(async () => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
+ var endTime = DateTimeOffset.UtcNow;
Assert.That(ex.Message, Does.Contain(ImdsManagedIdentitySource.AggregateError));
- Assert.Less(DateTimeOffset.UtcNow - startTime, TimeSpan.FromSeconds(2));
+ Assert.Less(endTime - startTime, TimeSpan.FromSeconds(2));
await Task.CompletedTask;
}
@@ -857,7 +848,6 @@ public static IEnumerable AuthorityHostValues()
yield return new object[] { AzureAuthorityHosts.AzureGermany };
yield return new object[] { AzureAuthorityHosts.AzureGovernment };
yield return new object[] { AzureAuthorityHosts.AzurePublicCloud };
- yield return new object[] { new Uri("https://foo.bar") };
}
private MockResponse CreateMockResponse(int responseCode, string token)