[library usage] Refine internal token types (#379)

* refactor: move packages into `pkg/internal` * feat: hide sub commands from package exports * fix: revert go version change * refactor: add context.Context to token methods * feat: migrate to `go.uber.org/mock` * feat: export `NewTokenProvider` function
Azure · Dec 20, 2023 · 7564350 · 7564350
1 parent 2e9b789
commit 7564350
Show file tree

Hide file tree

Showing 26 changed files with 174 additions and 91 deletions.
diff --git a/go.mod b/go.mod
@@ -10,12 +10,12 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang-jwt/jwt/v5 v5.0.0
-	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.4.0
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
+	go.uber.org/mock v0.3.0
 	golang.org/x/crypto v0.14.0
 	gopkg.in/dnaeon/go-vcr.v3 v3.1.2
 	gopkg.in/retry.v1 v1.0.3

diff --git a/go.sum b/go.sum
@@ -63,8 +63,6 @@ github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJ
 github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -169,10 +167,11 @@ github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
 go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
+go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
+go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -187,7 +186,6 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -199,7 +197,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
@@ -213,7 +210,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -222,9 +218,7 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -257,7 +251,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/pkg/cmd/token.go b/pkg/cmd/token.go
@@ -1,6 +1,10 @@
 package cmd
 
 import (
+	"context"
+	"os"
+	"os/signal"
+
 	"github.com/Azure/kubelogin/pkg/internal/token"
 	"github.com/spf13/cobra"
 )
@@ -16,6 +20,10 @@ func newTokenCmd() *cobra.Command {
 		RunE: func(c *cobra.Command, args []string) error {
 			o.UpdateFromEnv()
 
+			ctx := context.Background()
+			ctx, cancel := signal.NotifyContext(ctx, os.Interrupt)
+			defer cancel()
+
 			if err := o.Validate(); err != nil {
 				return err
 			}
@@ -24,7 +32,7 @@ func newTokenCmd() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			if err := plugin.Do(); err != nil {
+			if err := plugin.Do(ctx); err != nil {
 				return err
 			}
 			return nil

diff --git a/pkg/internal/token/azurecli.go b/pkg/internal/token/azurecli.go
@@ -40,7 +40,7 @@ func newAzureCLIToken(resourceID string, tenantID string, timeout time.Duration)
 }
 
 // Token fetches an azcore.AccessToken from the Azure CLI SDK and converts it to an adal.Token for use with kubelogin.
-func (p *AzureCLIToken) Token() (adal.Token, error) {
+func (p *AzureCLIToken) Token(ctx context.Context) (adal.Token, error) {
 	emptyToken := adal.Token{}
 
 	// Request a new Azure CLI token provider
@@ -51,7 +51,7 @@ func (p *AzureCLIToken) Token() (adal.Token, error) {
 		return emptyToken, fmt.Errorf("unable to create credential. Received: %v", err)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), p.timeout)
+	ctx, cancel := context.WithTimeout(ctx, p.timeout)
 	defer cancel()
 
 	// Use the token provider to get a new token with the new context

diff --git a/pkg/internal/token/azurecli_test.go b/pkg/internal/token/azurecli_test.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"testing"
 
 	"github.com/Azure/kubelogin/pkg/internal/testutils"
@@ -17,7 +18,7 @@ func TestNewAzureCLITokenEmpty(t *testing.T) {
 
 func TestNewAzureCLIToken(t *testing.T) {
 	azcli := AzureCLIToken{}
-	_, err := azcli.Token()
+	_, err := azcli.Token(context.TODO())
 
 	if !testutils.ErrorContains(err, "expected an empty error but received:") {
 		t.Errorf("unexpected error: %v", err)

diff --git a/pkg/internal/token/devicecode.go b/pkg/internal/token/devicecode.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
@@ -35,7 +36,7 @@ func newDeviceCodeTokenProvider(oAuthConfig adal.OAuthConfig, clientID, resource
 	}, nil
 }
 
-func (p *deviceCodeTokenProvider) Token() (adal.Token, error) {
+func (p *deviceCodeTokenProvider) Token(ctx context.Context) (adal.Token, error) {
 	emptyToken := adal.Token{}
 	client := &autorest.Client{}
 	deviceCode, err := adal.InitiateDeviceAuth(client, p.oAuthConfig, p.clientID, p.resourceID)
@@ -48,7 +49,7 @@ func (p *deviceCodeTokenProvider) Token() (adal.Token, error) {
 		return emptyToken, fmt.Errorf("prompting the device code message: %s", err)
 	}
 
-	token, err := adal.WaitForUserCompletion(client, deviceCode)
+	token, err := adal.WaitForUserCompletionWithContext(ctx, client, deviceCode)
 	if err != nil {
 		return emptyToken, fmt.Errorf("waiting for device code authentication to complete: %s", err)
 	}

diff --git a/pkg/internal/token/devicecode_test.go b/pkg/internal/token/devicecode_test.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"testing"
@@ -50,7 +51,7 @@ func TestNewDeviceCodeTokenProviderEmpty(t *testing.T) {
 
 func TestNewDeviceCodeToken(t *testing.T) {
 	deviceCode := deviceCodeTokenProvider{}
-	_, err := deviceCode.Token()
+	_, err := deviceCode.Token(context.TODO())
 
 	if !testutils.ErrorContains(err, "initialing the device code authentication:") {
 		t.Errorf("unexpected error: %v", err)

diff --git a/pkg/internal/token/execCredentialPlugin.go b/pkg/internal/token/execCredentialPlugin.go
@@ -3,6 +3,7 @@ package token
 //go:generate sh -c "mockgen -destination mock_$GOPACKAGE/execCredentialPlugin.go github.com/Azure/kubelogin/pkg/internal/token ExecCredentialPlugin"
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"time"
@@ -16,7 +17,7 @@ const (
 )
 
 type ExecCredentialPlugin interface {
-	Do() error
+	Do(ctx context.Context) error
 }
 
 type execCredentialPlugin struct {
@@ -31,7 +32,7 @@ type execCredentialPlugin struct {
 func New(o *Options) (ExecCredentialPlugin, error) {
 
 	klog.V(10).Info(o.ToString())
-	provider, err := newTokenProvider(o)
+	provider, err := NewTokenProvider(o)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +50,7 @@ func New(o *Options) (ExecCredentialPlugin, error) {
 	}, nil
 }
 
-func (p *execCredentialPlugin) Do() error {
+func (p *execCredentialPlugin) Do(ctx context.Context) error {
 	var (
 		token adal.Token
 		err   error
@@ -87,7 +88,7 @@ func (p *execCredentialPlugin) Do() error {
 				return fmt.Errorf("failed to get refresher: %s", err)
 			}
 			klog.V(5).Info("refresh token")
-			token, err := refresher.Token()
+			token, err := refresher.Token(ctx)
 			// if refresh fails, we will login using token provider
 			if err != nil {
 				klog.V(5).Infof("refresh failed, will continue to login: %s", err)
@@ -98,7 +99,7 @@ func (p *execCredentialPlugin) Do() error {
 			if tokenRefreshed {
 				klog.V(10).Info("token refreshed")
 
-				// if refresh succeeds, save tooken, and return
+				// if refresh succeeds, save token, and return
 				if err := p.tokenCache.Write(p.o.tokenCacheFile, token); err != nil {
 					return fmt.Errorf("failed to write to store: %s", err)
 				}
@@ -112,7 +113,7 @@ func (p *execCredentialPlugin) Do() error {
 
 	klog.V(5).Info("acquire new token")
 	// run the underlying provider
-	token, err = p.provider.Token()
+	token, err = p.provider.Token(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get token: %s", err)
 	}

diff --git a/pkg/internal/token/execCredentialPlugin_test.go b/pkg/internal/token/execCredentialPlugin_test.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -10,7 +11,7 @@ import (
 
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/kubelogin/pkg/internal/token/mock_token"
-	"github.com/golang/mock/gomock"
+	"go.uber.org/mock/gomock"
 )
 
 func TestExecCredentialPlugin(t *testing.T) {
@@ -45,7 +46,7 @@ func TestExecCredentialPlugin(t *testing.T) {
 			},
 			setupExpectations: func(tc testContext) {
 				tc.tokenCache.EXPECT().Read(cacheFile).Return(adal.Token{}, nil)
-				tc.tokenProvider.EXPECT().Token().Return(adal.Token{}, nil)
+				tc.tokenProvider.EXPECT().Token(gomock.Any()).Return(adal.Token{}, nil)
 				tc.tokenCache.EXPECT().Write(cacheFile, adal.Token{}).Return(nil)
 				tc.pluginWriter.EXPECT().Write(adal.Token{}, os.Stdout)
 			},
@@ -97,7 +98,7 @@ func TestExecCredentialPlugin(t *testing.T) {
 					ExpiresOn: json.Number(fmt.Sprintf("%d", time.Now().AddDate(1, 0, 0).Unix())),
 				}
 				tc.tokenCache.EXPECT().Read(cacheFile).Return(cachedToken, nil)
-				tc.tokenProvider.EXPECT().Token().Return(refreshedToken, nil)
+				tc.tokenProvider.EXPECT().Token(gomock.Any()).Return(refreshedToken, nil)
 				tc.tokenCache.EXPECT().Write(cacheFile, refreshedToken).Return(nil)
 				tc.pluginWriter.EXPECT().Write(refreshedToken, os.Stdout)
 			},
@@ -124,8 +125,9 @@ func TestExecCredentialPlugin(t *testing.T) {
 				execCredentialWriter: pluginWriter,
 			}
 
+			ctx := context.TODO()
 			errMessage := ""
-			if err := plugin.Do(); err != nil {
+			if err := plugin.Do(ctx); err != nil {
 				errMessage = err.Error()
 			}
 			if errMessage != data.expectedError {

diff --git a/pkg/internal/token/federatedIdentity.go b/pkg/internal/token/federatedIdentity.go
@@ -67,7 +67,7 @@ func newWorkloadIdentityToken(clientID, federatedTokenFile, authorityHost, serve
 	}, nil
 }
 
-func (p *workloadIdentityToken) Token() (adal.Token, error) {
+func (p *workloadIdentityToken) Token(ctx context.Context) (adal.Token, error) {
 	emptyToken := adal.Token{}
 
 	resource := strings.TrimSuffix(p.serverID, "/")
@@ -76,7 +76,7 @@ func (p *workloadIdentityToken) Token() (adal.Token, error) {
 		resource += defaultScope
 	}
 
-	result, err := p.client.AcquireTokenByCredential(context.Background(), []string{resource})
+	result, err := p.client.AcquireTokenByCredential(ctx, []string{resource})
 	if err != nil {
 		return emptyToken, fmt.Errorf("failed to acquire token. %s", err)
 	}

diff --git a/pkg/internal/token/interactive.go b/pkg/internal/token/interactive.go
@@ -46,12 +46,11 @@ func newInteractiveTokenProvider(oAuthConfig adal.OAuthConfig, clientID, resourc
 }
 
 // Token fetches an azcore.AccessToken from the interactive browser SDK and converts it to an adal.Token for use with kubelogin.
-func (p *InteractiveToken) Token() (adal.Token, error) {
-	return p.TokenWithOptions(nil)
+func (p *InteractiveToken) Token(ctx context.Context) (adal.Token, error) {
+	return p.TokenWithOptions(ctx, nil)
 }
 
-func (p *InteractiveToken) TokenWithOptions(options *azcore.ClientOptions) (adal.Token, error) {
-	ctx := context.Background()
+func (p *InteractiveToken) TokenWithOptions(ctx context.Context, options *azcore.ClientOptions) (adal.Token, error) {
 	emptyToken := adal.Token{}
 
 	// Request a new Interactive token provider

diff --git a/pkg/internal/token/manualtoken.go b/pkg/internal/token/manualtoken.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
@@ -40,7 +41,7 @@ func newManualToken(oAuthConfig adal.OAuthConfig, clientID, resourceID, tenantID
 	return provider, nil
 }
 
-func (p *manualToken) Token() (adal.Token, error) {
+func (p *manualToken) Token(ctx context.Context) (adal.Token, error) {
 	emptyToken := adal.Token{}
 	callback := func(t adal.Token) error {
 		return nil
@@ -55,7 +56,7 @@ func (p *manualToken) Token() (adal.Token, error) {
 		return emptyToken, fmt.Errorf("failed to create service principal from manual token for token refresh: %s", err)
 	}
 
-	err = spt.Refresh()
+	err = spt.RefreshWithContext(ctx)
 	if err != nil {
 		return emptyToken, err
 	}

diff --git a/pkg/internal/token/manualtoken_test.go b/pkg/internal/token/manualtoken_test.go
@@ -1,6 +1,7 @@
 package token
 
 import (
+	"context"
 	"errors"
 	"testing"
 
@@ -87,7 +88,7 @@ func TestManualTokenToken(t *testing.T) {
 	provider, _ := newManualToken(oAuthConfig, clientID, resourceID, tenantID, token)
 
 	// Test successful token refresh
-	if _, err := provider.Token(); err == nil {
+	if _, err := provider.Token(context.TODO()); err == nil {
 		if err == nil {
 			t.Errorf("Expected no error, but got %v", err)
 		}