Azure · PascalSenn · Feb 14, 2024
diff --git a/.gitignore b/.gitignore
@@ -348,3 +348,6 @@ MigrationBackup/
 
 # Ionide (cross platform F# VS Code tools) working folder
 .ionide/
+
+# Ignore jetbrains rider
+.idea/
diff --git a/src/AzureCacheForRedis.cs b/src/AzureCacheForRedis.cs
@@ -100,6 +100,32 @@ public static async Task<ConfigurationOptions> ConfigureForAzureWithTokenCredent
                 PrincipalId = userName,
                 TokenCredential = tokenCredential
             }).ConfigureAwait(false);
+
+    /// <summary>
+    /// Configures a Redis connection authenticated using a TokenCredential.
+    /// </summary>
+    /// <param name="configurationOptions">The configuration to update.</param>
+    /// <param name="tokenCredential">The TokenCredential to be used.</param>
+    /// <returns></returns>
+    public static async Task<ConfigurationOptions> ConfigureForAzureWithTokenCredentialAsync(this ConfigurationOptions configurationOptions, TokenCredential tokenCredential)
+    {
+        var client = CacheIdentityClient.CreateForTokenCredential(tokenCredential);
+        var token = await client.GetTokenAsync();
+
+        if(!TokenHelpers.TryGetOidFromToken(token.Token, out var oid))
+        {
+            throw new InvalidOperationException("Token does not contain an OID claim.");
+        }
+
+        return await ConfigureForAzureAsync(
+                configurationOptions,
+                new AzureCacheOptions
+                {
+                    PrincipalId = oid,
+                    TokenCredential = tokenCredential
+                })
+            .ConfigureAwait(false);
+    }
 
     /// <summary>
     /// Configures a connection to an Azure Cache for Redis using advanced options.

diff --git a/src/PublicAPI.Unshipped.txt b/src/PublicAPI.Unshipped.txt
@@ -1 +1,2 @@
-#nullable enable
+#nullable enable
+static StackExchange.Redis.AzureCacheForRedis.ConfigureForAzureWithTokenCredentialAsync(this StackExchange.Redis.ConfigurationOptions! configurationOptions, Azure.Core.TokenCredential! tokenCredential) -> System.Threading.Tasks.Task<StackExchange.Redis.ConfigurationOptions!>!
diff --git a/src/TokenHelpers.cs b/src/TokenHelpers.cs
@@ -0,0 +1,50 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System;
+using System.Buffers.Text;
+
+namespace StackExchange.Redis
+{
+    internal static class TokenHelpers
+    {
+        public static bool TryGetOidFromToken(string token, out string? oid)
+        {
+            oid = null;
+
+            if (string.IsNullOrEmpty(token))
+            {
+                return false;
+            }
+
+            var parts = token.Split('.');
+
+            if (parts.Length < 2)
+            {
+                return false;
+            }
+
+            try
+            {
+                var decoded = Convert.FromBase64String(parts[1]);
+
+                var json = System.Text.Encoding.UTF8.GetString(decoded);
+
+                var jwt = System.Text.Json.JsonDocument.Parse(json);
+
+                if (jwt.RootElement.TryGetProperty("oid", out var oidElement))
+                {
+                    oid = oidElement.GetString();
+                    return true;
+                }
+
+                return false;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+    }
+}
diff --git a/tests/TokenHelpersTests.cs b/tests/TokenHelpersTests.cs
@@ -0,0 +1,98 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using StackExchange.Redis;
+
+namespace Microsoft.Azure.StackExchangeRedis.Tests
+{
+    [TestClass]
+    public sealed class TokenHelpersTests
+    {
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ReturnFalse_When_TokenIsEmpty()
+        {
+            // Arrange
+            const string token = "";
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsFalse(result);
+            Assert.IsNull(oid);
+        }
+
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ReturnFalse_When_TokenHasLessThanTwoParts()
+        {
+            // Arrange
+            const string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsFalse(result);
+            Assert.IsNull(oid);
+        }
+
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ReturnFalse_When_TokenIsValidButNoOid()
+        {
+            // Arrange
+            const string token =
+                "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvdGhlciI6IjEyMzQ1Njc4OTAifQ==";
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsFalse(result);
+            Assert.IsNull(oid);
+        }
+
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ReturnTrueAndOid_When_TokenIsValid()
+        {
+            // Arrange
+            const string token =
+                "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvaWQiOiIxMjM0NTY3ODkwIn0=";
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsTrue(result);
+            Assert.AreEqual("1234567890", oid);
+        }
+
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ReturnFalse_When_TokenIsInvalidBase64String()
+        {
+            // Arrange
+            const string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.invalidbase64";
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsFalse(result);
+            Assert.IsNull(oid);
+        }
+
+        [TestMethod]
+        public void TryGetOidFromToken_Should_ThrowFormatException_When_TokenHasInvalidJsonFormat()
+        {
+            // Arrange
+            const string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.W10="; // W10= -> []
+
+            // Act
+            var result = TokenHelpers.TryGetOidFromToken(token, out var oid);
+
+            // Assert
+            Assert.IsFalse(result);
+            Assert.IsNull(oid);
+        }
+    }
+}