Skip to content
17 changes: 16 additions & 1 deletion sdk/identity/azure-identity/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,23 @@
> Only code written against a beta version such as 1.6.0b1 may be affected.
- Renamed `CertificateCredential` keyword argument `certificate_bytes` to
`certificate_data`

- Credentials accepting keyword arguments `allow_unencrypted_cache` and
`enable_persistent_cache` to configure persistent caching accept a
`cache_persistence_options` argument instead whose value should be an
instance of `TokenCachePersistenceOptions`. For example:
```
# before (e.g. in 1.6.0b1):
DeviceCodeCredential(enable_persistent_cache=True, allow_unencrypted_cache=True)

# after:
cache_options = TokenCachePersistenceOptions(allow_unencrypted_storage=True)
DeviceCodeCredential(cache_persistence_options=cache_options)
```

See the documentation and samples for more details.

### Added
- New class `TokenCachePersistenceOptions` configures persistent caching
- The `AuthenticationRequiredError.claims` property provides any additional
claims required by a user credential's `authenticate()` method

Expand Down
2 changes: 2 additions & 0 deletions sdk/identity/azure-identity/azure/identity/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
UsernamePasswordCredential,
VisualStudioCodeCredential,
)
from ._persistent_cache import TokenCachePersistenceOptions


__all__ = [
Expand All @@ -41,6 +42,7 @@
"KnownAuthorities",
"ManagedIdentityCredential",
"SharedTokenCacheCredential",
"TokenCachePersistenceOptions",
"UsernamePasswordCredential",
"VisualStudioCodeCredential",
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,9 @@ class InteractiveBrowserCredential(InteractiveCredential):
:keyword AuthenticationRecord authentication_record: :class:`AuthenticationRecord` returned by :func:`authenticate`
:keyword bool disable_automatic_authentication: if True, :func:`get_token` will raise
:class:`AuthenticationRequiredError` when user interaction is required to acquire a token. Defaults to False.
:keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by
other user credentials. Defaults to False.
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms
where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False.
:keyword cache_persistence_options: configuration for persistent token caching. If unspecified, the credential
will cache tokens in memory.
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
:keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes).
:raises ValueError: invalid `redirect_uri`
"""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,9 @@ class CertificateCredential(ClientCredentialBase):
:keyword bool send_certificate_chain: if True, the credential will send the public certificate chain in the x5c
header of each token request's JWT. This is required for Subject Name/Issuer (SNI) authentication. Defaults
to False.
:keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to
False.
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption
is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False.
:keyword cache_persistence_options: configuration for persistent token caching. If unspecified, the credential
will cache tokens in memory.
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
"""

def __init__(self, tenant_id, client_id, certificate_path=None, **kwargs):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,9 @@ class ClientSecretCredential(ClientCredentialBase):
:keyword str authority: Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com',
the authority for Azure Public Cloud (which is the default). :class:`~azure.identity.AzureAuthorityHosts`
defines authorities for other clouds.
:keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache. Defaults to
False.
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption
is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False.
:keyword cache_persistence_options: configuration for persistent token caching. If unspecified, the credential
will cache tokens in memory.
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
"""

def __init__(self, tenant_id, client_id, client_secret, **kwargs):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,9 @@ class DeviceCodeCredential(InteractiveCredential):
:keyword AuthenticationRecord authentication_record: :class:`AuthenticationRecord` returned by :func:`authenticate`
:keyword bool disable_automatic_authentication: if True, :func:`get_token` will raise
:class:`AuthenticationRequiredError` when user interaction is required to acquire a token. Defaults to False.
:keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by
other user credentials. Defaults to False.
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms
where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False.
:keyword cache_persistence_options: configuration for persistent token caching. If unspecified, the credential
will cache tokens in memory.
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
"""

def __init__(self, client_id=DEVELOPER_SIGN_ON_CLIENT_ID, **kwargs):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,9 @@ class SharedTokenCacheCredential(SharedTokenCacheBase):
tokens for multiple identities.
:keyword AuthenticationRecord authentication_record: an authentication record returned by a user credential such as
:class:`DeviceCodeCredential` or :class:`InteractiveBrowserCredential`
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache when encryption
is unavailable. Defaults to False.
:keyword cache_persistence_options: configuration for persistent token caching. If not provided, the credential
will use the persistent cache shared by Microsoft development applications
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
"""

def __init__(self, username=None, **kwargs):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,9 @@ class UsernamePasswordCredential(InteractiveCredential):
defines authorities for other clouds.
:keyword str tenant_id: tenant ID or a domain associated with a tenant. If not provided, defaults to the
'organizations' tenant, which supports only Azure Active Directory work or school accounts.
:keyword bool enable_persistent_cache: if True, the credential will store tokens in a persistent cache shared by
other user credentials. Defaults to False.
:keyword bool allow_unencrypted_cache: if True, the credential will fall back to a plaintext cache on platforms
where encryption is unavailable. Default to False. Has no effect when `enable_persistent_cache` is False.
:keyword cache_persistence_options: configuration for persistent token caching. If unspecified, the credential
will cache tokens in memory.
:paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
"""

def __init__(self, client_id, username, password, **kwargs):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# Licensed under the MIT License.
# ------------------------------------
import os

from six.moves.urllib_parse import urlparse

from .._constants import EnvironmentVariables, KnownAuthorities
Expand Down Expand Up @@ -47,7 +48,6 @@ def validate_tenant_id(tenant_id):
from .aad_client_base import AadClientBase
from .auth_code_redirect_handler import AuthCodeRedirectServer
from .aadclient_certificate import AadClientCertificate
from .client_secret_credential_base import ClientSecretCredentialBase
from .decorators import wrap_exceptions
from .interactive import InteractiveCredential

Expand All @@ -71,7 +71,6 @@ def _scopes_to_resource(*scopes):
"AadClientBase",
"AuthCodeRedirectServer",
"AadClientCertificate",
"ClientSecretCredentialBase",
"get_default_authority",
"InteractiveCredential",
"normalize_authority",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
from azure.core.credentials import AccessToken
from azure.core.exceptions import ClientAuthenticationError
from .get_token_mixin import GetTokenMixin
from .persistent_cache import load_service_principal_cache

from . import wrap_exceptions
from .msal_credentials import MsalCredential
Expand All @@ -22,14 +21,6 @@
class ClientCredentialBase(MsalCredential, GetTokenMixin):
"""Base class for credentials authenticating a service principal with a certificate or secret"""

def __init__(self, **kwargs):
if kwargs.pop("enable_persistent_cache", False):
allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False)
cache = load_service_principal_cache(allow_unencrypted)
else:
cache = msal.TokenCache()
super(ClientCredentialBase, self).__init__(_cache=cache, **kwargs)

@wrap_exceptions
def _acquire_token_silently(self, *scopes, **kwargs):
# type: (*str, **Any) -> Optional[AccessToken]
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
import msal

from .msal_client import MsalClient
from .persistent_cache import load_user_cache
from .._internal import get_default_authority, normalize_authority, validate_tenant_id
from .._persistent_cache import _load_persistent_cache, TokenCachePersistenceOptions

try:
ABC = abc.ABC
Expand All @@ -29,7 +29,7 @@ class MsalCredential(ABC):
"""Base class for credentials wrapping MSAL applications"""

def __init__(self, client_id, client_credential=None, **kwargs):
# type: (str, Optional[Union[str, Mapping[str, str]]], **Any) -> None
# type: (str, Optional[Union[str, dict]], **Any) -> None
authority = kwargs.pop("authority", None)
self._authority = normalize_authority(authority) if authority else get_default_authority()
self._tenant_id = kwargs.pop("tenant_id", None) or "organizations"
Expand All @@ -38,11 +38,11 @@ def __init__(self, client_id, client_credential=None, **kwargs):
self._client_credential = client_credential
self._client_id = client_id

self._cache = kwargs.pop("_cache", None) # internal, for use in tests
self._cache = kwargs.pop("_cache", None)
if not self._cache:
if kwargs.pop("enable_persistent_cache", False):
allow_unencrypted = kwargs.pop("allow_unencrypted_cache", False)
self._cache = load_user_cache(allow_unencrypted)
options = kwargs.pop("cache_persistence_options", None)
if options:
self._cache = _load_persistent_cache(options)
else:
self._cache = msal.TokenCache()

Expand Down

This file was deleted.

Loading