Identity API updates July 2020

sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthenticationRecord.java

@@ -82,14 +82,14 @@ public String getUsername() {
      * @param outputStream The {@link OutputStream} to which the serialized record will be written to.
      * @return A {@link Mono} containing {@link Void}
      */
-    public Mono<Void> serialize(OutputStream outputStream) {
+    public Mono<OutputStream> serialize(OutputStream outputStream) {
         return Mono.defer(() -> {
             try {
                 OBJECT_MAPPER.writeValue(outputStream, this);
             } catch (IOException e) {
                 return Mono.error(e);
             }
-            return Mono.empty();
+            return Mono.just(outputStream);
         });
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java

@@ -49,21 +49,32 @@ public AuthorizationCodeCredentialBuilder redirectUrl(String redirectUrl) {
     }
 
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
+     * @return An updated instance of this builder.
+     */
+    public AuthorizationCodeCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
+        return this;
+    }
+
+    /**
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
-     * @return An updated instance of this builder with the unprotected token cache setting set as specified.
+     * @return An updated instance of this builder.
      */
-    public AuthorizationCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache);
+    public AuthorizationCodeCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
         return this;
     }
-
+  
     /**
      * Sets the client secret for the authentication. This is required for AAD web apps. Do not set this for AAD native
      * apps.
+     *
      * @param clientSecret the secret value of the AAD application.
      * @return the AuthorizationCodeCredentialBuilder itself
      */
@@ -72,18 +83,6 @@ public AuthorizationCodeCredentialBuilder clientSecret(String clientSecret) {
         return this;
     }
 
-    /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
-     *
-     * @param enabled whether to enabled using the shared token cache.
-     *
-     * @return An updated instance of this builder with if the shared token cache enabled specified.
-     */
-    public AuthorizationCodeCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
-        return this;
-    }
-
     /**
      * Creates a new {@link AuthorizationCodeCredential} with the current configurations.
      *

sdk/identity/azure-identity/src/main/java/com/azure/identity/ChainedTokenCredential.java

@@ -68,14 +68,4 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
                 return Mono.error(last);
             }));
     }
-
-
-    /**
-     * Get the read-only list of credentials sequentially used to attempt authentication.
-     *
-     * @return The list of {@link TokenCredential}.
-     */
-    public List<TokenCredential> getCredentials() {
-        return credentials;
-    }
 }

sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java

@@ -41,14 +41,25 @@ public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath,
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param enabled indicates whether to enable using the shared token cache.
+     * @return An updated instance of this builder.
+     */
+    public ClientCertificateCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
+        return this;
+    }
+
+    /**
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
      * @return An updated instance of this builder.
      */
-    public ClientCertificateCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
+    public ClientCertificateCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
         return this;
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java

@@ -26,14 +26,25 @@ public ClientSecretCredentialBuilder clientSecret(String clientSecret) {
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
-     * @param enabled indicates whether to enable using the shared token cache.
+     * @return An updated instance of this builder.
+     */
+    public ClientSecretCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
+        return this;
+    }
+
+    /**
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
      * @return An updated instance of this builder.
      */
-    public ClientSecretCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
+    public ClientSecretCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
         return this;
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java

@@ -36,16 +36,4 @@ public final class DefaultAzureCredential extends ChainedTokenCredential {
     DefaultAzureCredential(List<TokenCredential> tokenCredentials) {
         super(tokenCredentials);
     }
-
-
-    /**
-     * {@inheritDoc}
-     * The credentials in the returned list and their order may change in future versions of Identity.
-     * This API is not intended to be used in production ready code and should only be used for development purposes.
-     *
-     * @return The list of {@link TokenCredential}.
-     */
-    public List<TokenCredential> getCredentials() {
-        return super.getCredentials();
-    }
 }

sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java

@@ -91,7 +91,7 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
      *
      * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account
      * on future execution if persistent caching was enabled via
-     * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated.
+     * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated.
      */
     public Mono<AuthenticationRecord> authenticate(TokenRequestContext request) {
         return Mono.defer(() -> identityClient.authenticateWithDeviceCode(request, challengeConsumer))
@@ -108,7 +108,7 @@ public Mono<AuthenticationRecord> authenticate(TokenRequestContext request) {
      *
      * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account
      * on future execution if persistent caching was enabled via
-     * {@link DeviceCodeCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated.
+     * {@link DeviceCodeCredentialBuilder#enablePersistentCache()} when credential was instantiated.
      */
     public Mono<AuthenticationRecord> authenticate() {
         String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost);

sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java

@@ -31,27 +31,25 @@ public DeviceCodeCredentialBuilder challengeConsumer(
     }
 
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
-     *
-     * @return An updated instance of this builder with the unprotected token cache setting set as specified.
+     * @return An updated instance of this builder.
      */
-    public DeviceCodeCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache);
+    public DeviceCodeCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
         return this;
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
-     *
-     * @param enabled whether to enabled using the shared token cache.
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
      * @return An updated instance of this builder with if the shared token cache enabled specified.
      */
-    public DeviceCodeCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
+    public DeviceCodeCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
         return this;
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java

@@ -93,7 +93,7 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
      *
      * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account
      * on future execution if persistent caching was enabled via
-     * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated.
+     * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated.
      */
     public Mono<AuthenticationRecord> authenticate(TokenRequestContext request) {
         return Mono.defer(() -> identityClient.authenticateWithBrowserInteraction(request, port))
@@ -106,7 +106,7 @@ public Mono<AuthenticationRecord> authenticate(TokenRequestContext request) {
      *
      * @return The {@link AuthenticationRecord} which can be used to silently authenticate the account
      * on future execution if persistent caching was enabled via
-     * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache(boolean)} when credential was instantiated.
+     * {@link InteractiveBrowserCredentialBuilder#enablePersistentCache()} when credential was instantiated.
      */
     public Mono<AuthenticationRecord> authenticate() {
         String defaultScope = KnownAuthorityHosts.getDefaultScope(authorityHost);

sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java

@@ -31,27 +31,25 @@ public InteractiveBrowserCredentialBuilder port(int port) {
     }
 
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
-     *
-     * @return An updated instance of this builder with the unprotected token cache setting set as specified.
+     * @return An updated instance of this builder.
      */
-    public InteractiveBrowserCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache);
+    public InteractiveBrowserCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
         return this;
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
-     *
-     * @param enabled whether to enabled using the shared token cache.
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
      * @return An updated instance of this builder with if the shared token cache enabled specified.
      */
-    public InteractiveBrowserCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
+    public InteractiveBrowserCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
         return this;
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/SharedTokenCacheCredentialBuilder.java

@@ -24,15 +24,13 @@ public SharedTokenCacheCredentialBuilder username(String username) {
     }
 
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
-     *
-     * @return An updated instance of this builder with the unprotected token cache setting set as specified.
+     * @return An updated instance of this builder.
      */
-    public SharedTokenCacheCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache);
+    public SharedTokenCacheCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
         return this;
     }
 
@@ -43,6 +41,6 @@ public SharedTokenCacheCredentialBuilder allowUnencryptedCache(boolean allowUnen
      */
     public SharedTokenCacheCredential build() {
         return new SharedTokenCacheCredential(username, clientId, tenantId,
-                identityClientOptions.enablePersistentCache(true));
+                identityClientOptions.enablePersistentCache());
     }
 }

sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java

@@ -37,27 +37,25 @@ public UsernamePasswordCredentialBuilder password(String password) {
     }
 
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
-     *
-     * @return An updated instance of this builder with the unprotected token cache setting set as specified.
+     * @return An updated instance of this builder.
      */
-    public UsernamePasswordCredentialBuilder allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.identityClientOptions.allowUnencryptedCache(allowUnencryptedCache);
+    public UsernamePasswordCredentialBuilder allowUnencryptedCache() {
+        this.identityClientOptions.allowUnencryptedCache();
         return this;
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
-     *
-     * @param enabled whether to enabled using the shared token cache.
+     * Enables the shared token cache which is disabled by default. If enabled, the credential will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
      * @return An updated instance of this builder with if the shared token cache enabled specified.
      */
-    public UsernamePasswordCredentialBuilder enablePersistentCache(boolean enabled) {
-        this.identityClientOptions.enablePersistentCache(enabled);
+    public UsernamePasswordCredentialBuilder enablePersistentCache() {
+        this.identityClientOptions.enablePersistentCache();
         return this;
     }
 

sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java

@@ -61,8 +61,6 @@ public IdentityClientOptions() {
         authorityHost = configuration.get(Configuration.PROPERTY_AZURE_AUTHORITY_HOST, KnownAuthorityHosts.AZURE_CLOUD);
         maxRetry = MAX_RETRY_DEFAULT_LIMIT;
         retryTimeout = i -> Duration.ofSeconds((long) Math.pow(2, i.getSeconds() - 1));
-        allowUnencryptedCache = false;
-        sharedTokenCacheEnabled = false;
     }
 
     /**
@@ -238,16 +236,15 @@ PersistenceSettings getConfidentialClientPersistenceSettings() {
             .build();
     }
 
+
     /**
-     * Sets whether to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
-     * Gnome keyring on Linux. This is false by default.
-     *
-     * @param allowUnencryptedCache whether to use an unprotected file for cache storage.
+     * Allows to use an unprotected file specified by <code>cacheFileLocation()</code> instead of
+     * Gnome keyring on Linux. This is restricted by default.
      *
      * @return The updated identity client options.
      */
-    public IdentityClientOptions allowUnencryptedCache(boolean allowUnencryptedCache) {
-        this.allowUnencryptedCache = allowUnencryptedCache;
+    public IdentityClientOptions allowUnencryptedCache() {
+        this.allowUnencryptedCache = true;
         return this;
     }
 
@@ -270,14 +267,14 @@ public boolean isSharedTokenCacheEnabled() {
     }
 
     /**
-     * Sets whether to enable using the shared token cache. This is disabled by default.
-     *
-     * @param enabled whether to enable using the shared token cache.
+     * Enables the shared token cache which is disabled by default. If enabled, the client will store tokens
+     * in a cache persisted to the machine, protected to the current user, which can be shared by other credentials
+     * and processes.
      *
      * @return The updated identity client options.
      */
-    public IdentityClientOptions enablePersistentCache(boolean enabled) {
-        this.sharedTokenCacheEnabled = enabled;
+    public IdentityClientOptions enablePersistentCache() {
+        this.sharedTokenCacheEnabled = true;
         return this;
     }