Merge pull request #54 from microsoft/feature/defaults

- removes graph specific constants

CHANGELOG.md

@@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+## [1.0.0-rc.2] - 2023-01-16
+
+### Changed
+
+- Removed microsoft graph specific constants to make usage easier for other MIP protected APIs.
+
 ## [1.0.0-rc.1] - 2022-12-15
 
 ### Changed

Microsoft.Kiota.Authentication.Azure.Tests/AzureIdentityAuthenticationProviderTests.cs

@@ -27,15 +27,18 @@ public void ConstructorThrowsArgumentNullExceptionOnNullTokenCredential()
     public async Task GetAuthorizationTokenAsyncGetsToken(string url, string expectedToken)
     {
         // Arrange
+        var uri = new Uri(url);
         var mockTokenCredential = new Mock<TokenCredential>();
         mockTokenCredential.Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>())).Returns(new ValueTask<AccessToken>(new AccessToken(expectedToken, DateTimeOffset.Now)));
-        var azureIdentityAuthenticationProvider = new AzureIdentityAccessTokenProvider(mockTokenCredential.Object, null);
+        var azureIdentityAuthenticationProvider = new AzureIdentityAccessTokenProvider(mockTokenCredential.Object);
 
         // Act
-        var token = await azureIdentityAuthenticationProvider.GetAuthorizationTokenAsync(new Uri(url));
+        var token = await azureIdentityAuthenticationProvider.GetAuthorizationTokenAsync(uri);
 
         // Assert
         Assert.Equal(expectedToken, token);
+        mockTokenCredential.Verify(x => x.GetTokenAsync(It.Is<TokenRequestContext>(t =>
+                                                                            t.Scopes.Any(s => $"{uri.Scheme}://{uri.Host}/.default".Equals(s, StringComparison.OrdinalIgnoreCase))), It.IsAny<CancellationToken>()));
     }
 
     [Theory]

src/AzureIdentityAccessTokenProvider.cs

@@ -19,9 +19,8 @@ namespace Microsoft.Kiota.Authentication.Azure;
 public class AzureIdentityAccessTokenProvider : IAccessTokenProvider, IDisposable
 {
     private readonly TokenCredential _credential;
-    private readonly ObservabilityOptions _obsOptions;
     private readonly ActivitySource _activitySource;
-    private readonly List<string> _scopes;
+    private readonly HashSet<string> _scopes;
     /// <inheritdoc />
     public AllowedHostsValidator AllowedHostsValidator { get; private set; }
 
@@ -36,21 +35,14 @@ public AzureIdentityAccessTokenProvider(TokenCredential credential, string [] al
     {
         _credential = credential ?? throw new ArgumentNullException(nameof(credential));
 
-        if(!allowedHosts?.Any() ?? true)
-            AllowedHostsValidator = new AllowedHostsValidator(new string[] { "graph.microsoft.com", "graph.microsoft.us", "dod-graph.microsoft.us", "graph.microsoft.de", "microsoftgraph.chinacloudapi.cn", "canary.graph.microsoft.com" });
-        else
-            AllowedHostsValidator = new AllowedHostsValidator(allowedHosts);
+        AllowedHostsValidator = new AllowedHostsValidator(allowedHosts);
 
         if(scopes == null)
             _scopes = new();
         else
-            _scopes = scopes.ToList();
-
-        if(!_scopes.Any())
-            _scopes.Add("https://graph.microsoft.com/.default"); //TODO: init from the request hostname instead so it doesn't block national clouds?
+            _scopes = new(scopes, StringComparer.OrdinalIgnoreCase);
 
-        _obsOptions = observabilityOptions ?? new();
-        _activitySource = new(_obsOptions.TracerInstrumentationName);
+        _activitySource = new((observabilityOptions ?? new()).TracerInstrumentationName);
     }
 
     private const string ClaimsKey = "claims";
@@ -81,8 +73,10 @@ public async Task<string> GetAuthorizationTokenAsync(Uri uri, Dictionary<string,
         } else
             span?.SetTag("com.microsoft.kiota.authentication.additional_claims_provided", false);
 
+        if(!_scopes.Any())
+            _scopes.Add($"{uri.Scheme}://{uri.Host}/.default");
         span?.SetTag("com.microsoft.kiota.authentication.scopes", string.Join(",", _scopes));
-        var result = await this._credential.GetTokenAsync(new TokenRequestContext(_scopes.ToArray(), claims: decodedClaim), cancellationToken); //TODO: we might have to bubble that up for native apps or backend web apps to avoid blocking the UI/getting an exception
+        var result = await this._credential.GetTokenAsync(new TokenRequestContext(_scopes.ToArray(), claims: decodedClaim), cancellationToken);
         return result.Token;
     }
     /// <inheritdoc/>

src/Microsoft.Kiota.Authentication.Azure.csproj

@@ -14,7 +14,7 @@
     <EmbedUntrackedSources>true</EmbedUntrackedSources>
     <Deterministic>true</Deterministic>
     <VersionPrefix>1.0.0</VersionPrefix>
-    <VersionSuffix>rc.1</VersionSuffix>
+    <VersionSuffix>rc.2</VersionSuffix>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
     <!-- Enable this line once we go live to prevent breaking changes -->
@@ -23,7 +23,7 @@
     <DelaySign>false</DelaySign>
     <AssemblyOriginatorKeyFile>35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>
     <PackageReleaseNotes>
-        - Release candidate 1
+        https://github.com/microsoft/kiota-authentication-azure-dotnet/releases
     </PackageReleaseNotes>
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>