AAD: Handling Azure.Core.TokenCredential

.publicApi/Microsoft.ApplicationInsights.dll/net452/PublicAPI.Unshipped.txt

@@ -1,3 +1,11 @@
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.CredentialEnvelope() -> void
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.CredentialEnvelope.get -> Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.SetCredential(object tokenCredential) -> void
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.Credential.get -> object
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetToken(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> string
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetTokenAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string>
+static Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetScopes() -> string[]
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>
 Microsoft.ApplicationInsights.Channel.InMemoryChannel.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>

.publicApi/Microsoft.ApplicationInsights.dll/net46/PublicAPI.Unshipped.txt

@@ -1,3 +1,11 @@
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.CredentialEnvelope() -> void
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.CredentialEnvelope.get -> Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.SetCredential(object tokenCredential) -> void
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.Credential.get -> object
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetToken(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> string
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetTokenAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string>
+static Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetScopes() -> string[]
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>
 Microsoft.ApplicationInsights.Channel.InMemoryChannel.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>

.publicApi/Microsoft.ApplicationInsights.dll/netstandard2.0/PublicAPI.Unshipped.txt

@@ -1,3 +1,11 @@
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.CredentialEnvelope() -> void
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.CredentialEnvelope.get -> Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope
+Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.SetCredential(Azure.Core.TokenCredential tokenCredential) -> void
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.Credential.get -> object
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetToken(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> string
+abstract Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetTokenAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string>
+static Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication.CredentialEnvelope.GetScopes() -> string[]
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable
 Microsoft.ApplicationInsights.Channel.IAsyncFlushable.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>
 Microsoft.ApplicationInsights.Channel.InMemoryChannel.FlushAsync(System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<bool>

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Tests/Extensibility/Implementation/Authentication/CredentialEnvelopeTests.cs

@@ -0,0 +1,105 @@
+namespace Microsoft.ApplicationInsights.TestFramework.Extensibility.Implementation.Authentication
+{
+    using System;
+    using System.Threading.Tasks;
+
+    using Microsoft.ApplicationInsights.Extensibility;
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
+    using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+    [TestClass]
+    [TestCategory("AAD")]
+    public class CredentialEnvelopeTests
+    {
+        /// <summary>
+        /// This tests verifies that each supported language can create and set a Credential.
+        /// </summary>
+        [TestMethod]
+        public void VerifyCanSetCredential()
+        {
+#if NET452 || NET46
+            // *THIS IS COMPLICATED*
+            // In this case, the test runner is NET452 or NET46.
+            // The Azure.Core.TokenCredential is NOT SUPPORTED in these frameworks, so we cannot run this test.
+            // This does not affect the end user because we REQUIRE the end user to create their own instance of TokenCredential.
+            // This ensures that the end user is consuming the AI SDK in one of the newer frameworks.
+#elif NET461
+            var mockCredential = new MockCredential();
+
+            var telemetryConfiguration = new TelemetryConfiguration();
+            telemetryConfiguration.SetCredential(mockCredential);
+
+            Assert.IsInstanceOfType(telemetryConfiguration.CredentialEnvelope, typeof(ReflectionCredentialEnvelope));
+            Assert.AreEqual(mockCredential, telemetryConfiguration.CredentialEnvelope.Credential);
+#elif NETCOREAPP2_1 || NETCOREAPP3_1 || NET5_0
+
+            var mockCredential = new MockCredential();
+
+            var telemetryConfiguration = new TelemetryConfiguration();
+            telemetryConfiguration.SetCredential(mockCredential);
+
+            Assert.IsInstanceOfType(telemetryConfiguration.CredentialEnvelope, typeof(TokenCredentialEnvelope));
+            Assert.AreEqual(mockCredential, telemetryConfiguration.CredentialEnvelope.Credential);
+#else
+            throw new NotImplementedException("this is a testing gap");
+#endif
+        }
+
+#if NET461
+        /// <summary>
+        /// For older frameworks, TelemetryConfiguration accepts an <see cref="Object"/> parameter.
+        /// This method will use reflection to verify the type at runtime.
+        /// This test is to verify that we cannot set invalid types.
+        /// </summary>
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCannotSetInvalidObjectOnTelemetryConfiguration()
+        {
+            var telemetryConfiguration = new TelemetryConfiguration();
+            telemetryConfiguration.SetCredential(Guid.Empty);
+        }
+#endif
+
+#if NETCOREAPP2_1 || NETCOREAPP3_1 || NET5_0
+        /// <summary>
+        /// This test verifies that both <see cref="TokenCredentialEnvelope"/> and <see cref="ReflectionCredentialEnvelope"/> return identical tokens.
+        /// This test can only run in frameworks that support both types.
+        /// </summary>
+        [TestMethod]
+        public void VerifyCanGetTokenString()
+        {
+            var mockCredential = new MockCredential();
+
+            var tokenCredentialEnvelope = new TokenCredentialEnvelope(mockCredential);
+            var token = tokenCredentialEnvelope.GetToken();
+            Assert.IsNotNull(token);
+
+            var reflectionCredentialEnvelope = new ReflectionCredentialEnvelope(mockCredential);
+            var tokenFromReflection = reflectionCredentialEnvelope.GetToken();
+            Assert.IsNotNull(tokenFromReflection);
+
+            Assert.AreEqual(token, tokenFromReflection);
+        }
+
+        /// <summary>
+        /// This test verifies that both <see cref="TokenCredentialEnvelope"/> and <see cref="ReflectionCredentialEnvelope"/> return identical tokens.
+        /// This test can only run in frameworks that support both types.
+        /// </summary>
+        [TestMethod]
+        public async Task VerifyCanGetTokenStringAsync()
+        {
+            var mockCredential = new MockCredential();
+
+            var tokenCredentialEnvelope = new TokenCredentialEnvelope(mockCredential);
+            var token = await tokenCredentialEnvelope.GetTokenAsync();
+            Assert.IsNotNull(token);
+
+            var reflectionCredentialEnvelope = new ReflectionCredentialEnvelope(mockCredential);
+            var tokenFromReflection = await reflectionCredentialEnvelope.GetTokenAsync();
+            Assert.IsNotNull(tokenFromReflection);
+
+            Assert.AreEqual(token, tokenFromReflection);
+        }
+#endif
+    }
+}

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Tests/Extensibility/Implementation/Authentication/MockCredential.cs

@@ -0,0 +1,27 @@
+#if NET461 || NETCOREAPP2_1 || NETCOREAPP3_1 || NET5_0
+namespace Microsoft.ApplicationInsights.TestFramework.Extensibility.Implementation.Authentication
+{
+    using System;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    using Azure.Core;
+
+
+    /// <remarks>
+    /// Copied from (https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/core/Azure.Core.TestFramework/src/MockCredential.cs).
+    /// </remarks>
+    public class MockCredential : TokenCredential
+    {
+        public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+        {
+            return new ValueTask<AccessToken>(GetToken(requestContext, cancellationToken));
+        }
+
+        public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+        {
+            return new AccessToken("TEST TOKEN " + string.Join(" ", requestContext.Scopes), DateTimeOffset.MaxValue);
+        }
+    }
+}
+#endif

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Tests/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelopeTests.cs

@@ -0,0 +1,179 @@
+#if NET461 || NETCOREAPP2_1 || NETCOREAPP3_1 || NET5_0
+namespace Microsoft.ApplicationInsights.TestFramework.Extensibility.Implementation.Authentication
+{
+    using System;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    using Azure.Core;
+
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
+    using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+    /// <summary>
+    /// The <see cref="ReflectionCredentialEnvelope"/> cannot take a dependency on <see cref="Azure.Core.TokenCredential"/>.
+    /// We must use reflection to interact with this class.
+    /// These tests are to confirm that we can correctly identity classes that implement TokenCredential and address it's methods.
+    /// </summary>
+    [TestClass]
+    [TestCategory("AAD")]
+    public class ReflectionCredentialEnvelopeTests
+    {
+        [TestMethod]
+        public void VerifyCanIdentifyValidClass()
+        {
+            var testClass2 = new TestClass2();
+            _ = new ReflectionCredentialEnvelope(testClass2);
+        }
+
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCanIdentityInvalidClass()
+        {
+            var notTokenCredential2 = new NotTokenCredential2();
+            _ = new ReflectionCredentialEnvelope(notTokenCredential2);
+        }
+
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCannotSetInvalidType()
+        {
+            _ = new ReflectionCredentialEnvelope(Guid.Empty);
+        }
+
+        //[TestMethod]
+        //public void VerifyGetTokenAsExpression_UsingCompileTimeTypes()
+        //{
+        //    var mockCredential = new MockCredential();
+        //    var requestContext = new TokenRequestContext(new string[] { "test/scope" });
+
+        //    var expression = ReflectionCredentialEnvelope.GetTokenAsExpression(mockCredential, requestContext).Compile();
+
+        //    var testResult = expression(mockCredential, requestContext, CancellationToken.None);
+        //    Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        //}
+
+        ///// <summary>
+        ///// This more closely represents how this would be used in a production environment.
+        ///// </summary>
+        //[TestMethod]
+        //public void VerifyGetTokenAsExpression_UsingDynamicTypes()
+        //{
+        //    // This currently throws ArgumentExceptions:
+        //    // ParameterExpression of type 'Microsoft.ApplicationInsights.Authentication.Tests.MockCredential' cannot be used for delegate parameter of type 'System.Object'
+        //    // ParameterExpression of type 'Azure.Core.TokenRequestContext' cannot be used for delegate parameter of type 'System.Object'
+
+
+        //    var mockCredential = (object)new MockCredential();
+        //    var requestContext = ReflectionCredentialEnvelope.MakeTokenRequestContext(new[] { "test/scope" });
+
+        //    var expression = ReflectionCredentialEnvelope.GetTokenAsExpression(mockCredential, requestContext).Compile();
+
+        //    var testResult = expression(mockCredential, requestContext, CancellationToken.None);
+        //    Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        //}
+
+        [TestMethod]
+        public void VerifyCanMakeTokenRequestContext()
+        {
+            var testScope = new string[] { "test/scope" };
+
+            var requestContext = new TokenRequestContext(testScope);
+
+            var tokenRequestContext = ReflectionCredentialEnvelope.AzureCore.MakeTokenRequestContext(testScope);
+            Assert.IsInstanceOfType(tokenRequestContext, typeof(TokenRequestContext));
+        }
+
+
+        [TestMethod]
+        public void VerifyGetToken_AsLambdaExpression_UsingCompileTimeTypes()
+        {
+            var mockCredential = new MockCredential();
+            var requestContext = new TokenRequestContext(new string[] { "test/scope" });
+
+            var testResult = ReflectionCredentialEnvelope.AzureCore.InvokeGetToken(mockCredential, requestContext, CancellationToken.None);
+
+            Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        }
+
+        /// <summary>
+        /// This more closely represents how this would be used in a production environment.
+        /// </summary>
+        [TestMethod]
+        public void VerifyGetToken_AsLambdaExpression_UsingDynamicTypes()
+        {
+            var mockCredential = (object)new MockCredential();
+            var requestContext = ReflectionCredentialEnvelope.AzureCore.MakeTokenRequestContext(new[] { "test/scope" });
+
+            var testResult = ReflectionCredentialEnvelope.AzureCore.InvokeGetToken(mockCredential, requestContext, CancellationToken.None);
+
+            Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        }
+
+
+        [TestMethod]
+        public async Task VerifyGetTokenAsync_AsLambdaExpression_UsingCompileTimeTypes()
+        {
+            var mockCredential = new MockCredential();
+            var requestContext = new TokenRequestContext(new string[] { "test/scope" });
+
+            var testResult = await ReflectionCredentialEnvelope.AzureCore.InvokeGetTokenAsync(mockCredential, requestContext, CancellationToken.None);
+
+            Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        }
+
+        /// <summary>
+        /// This more closely represents how this would be used in a production environment.
+        /// </summary>
+        [TestMethod]
+        public async Task VerifyGetTokenAsync_AsLambdaExpression_UsingDynamicTypes()
+        {
+            var mockCredential = (object)new MockCredential();
+            var requestContext = ReflectionCredentialEnvelope.AzureCore.MakeTokenRequestContext(new[] { "test/scope" });
+
+            var testResult = await ReflectionCredentialEnvelope.AzureCore.InvokeGetTokenAsync(mockCredential, requestContext, CancellationToken.None);
+
+            Assert.AreEqual("TEST TOKEN test/scope", testResult);
+        }
+
+#region TestClasses
+        private class TestClass1 : Azure.Core.TokenCredential
+        {
+            public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+
+            public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class TestClass2 : TestClass1 { }
+
+        private abstract class NotTokenCredential 
+        {
+            public abstract AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken);
+
+            public abstract ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken);
+        }
+
+        private class NotTokenCredential1 : NotTokenCredential
+        {
+            public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+
+            public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class NotTokenCredential2 : NotTokenCredential1 { }
+#endregion
+    }
+}
+#endif

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Tests/Microsoft.ApplicationInsights.Tests.csproj

@@ -41,6 +41,10 @@
     <Reference Include="System.Xml.Linq" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == 'net461'  Or '$(TargetFramework)' == 'netcoreapp2.1'  Or '$(TargetFramework)' == 'netcoreapp3.1' Or '$(TargetFramework)' == 'net5.0'">
+    <PackageReference Include="Azure.Identity" Version="1.3.0" /> <!-- Supports: netstandard2.0 -->
+  </ItemGroup>
+
   <ItemGroup>
     <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>