From 15ae379897d92d2e90ab69f9d8bcf1f6e04e4653 Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Tue, 2 Aug 2022 12:22:23 -0400 Subject: [PATCH 1/5] [identity] Use environment variable for password for PEM --- sdk/identity/identity/.gitignore | 1 + .../identity/assets/fake-cert-password.pem | 58 +++++++++++++++++++ .../clientCertificateCredential.ts | 10 ++++ .../src/credentials/environmentCredential.ts | 5 +- .../msal/nodeFlows/msalClientCertificate.ts | 21 ++++++- .../public/node/environmentCredential.spec.ts | 21 +++++++ 6 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 sdk/identity/identity/assets/fake-cert-password.pem diff --git a/sdk/identity/identity/.gitignore b/sdk/identity/identity/.gitignore index 638c39107077..3d6981104f4d 100644 --- a/sdk/identity/identity/.gitignore +++ b/sdk/identity/identity/.gitignore @@ -1,2 +1,3 @@ src/**/*.js !assets/fake-cert.pem +!assets/fake-cert-password.pem diff --git a/sdk/identity/identity/assets/fake-cert-password.pem b/sdk/identity/identity/assets/fake-cert-password.pem new file mode 100644 index 000000000000..1a33f8dfa187 --- /dev/null +++ b/sdk/identity/identity/assets/fake-cert-password.pem @@ -0,0 +1,58 @@ +Bag Attributes + localKeyID: F3 93 1A AD 84 1C D7 2E F3 20 08 C7 7D A9 ED B0 3D 29 4E F7 +subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd +issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIUHBH8mppwjLI2dFOQ7haLnd6iRjQwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMDAxMDMxODE2MzlaGA8yMTk5 +MDYwODE4MTYzOVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANMXamdgXR+0B2b6zt2nURcYcwC0YrqjvTH/ofF3 +MjUzZ1uKziPNxxAYrUY0O0zIcZWo9Aqfi10vS5oNya/aDrKoWxVRCsLltAV9dbLJ +65zF7wbVE7ZnZ7Nknop+ytd1t1VNTlpbxgWdT6z/WTn4ydqH7Hlh0Ucu2Q3QGQL3 +G9He0kOMog4Y0myxP2xNGjLoig2kh60KEwtxbudOxVN4rLpqhT/1n/L5s+7rznKc +cB4MRqPJMdycIYhTD2mfp/E9hDWRcVJY+9GlqzyxXFTsDsO1SzGgpMEjdO5mtc6N +A0dd8fZQLt1BHLFJlpsuk5Fk40y7HtT3kYKUcD55Xd0pd6ECAwEAAaNTMFEwHQYD +VR0OBBYEFKG65qd+cChhFLB8y4po+vL3HwxuMB8GA1UdIwQYMBaAFKG65qd+cChh +FLB8y4po+vL3HwxuMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AAlEqWO8tGKprQrqfdZDsMyKyne+WYYA7RqRxYzKJ5j1zsPa4f7RKhLYzx6TqWK3 +keBc6aw9aeNYNqTBeDLGHRHRRwdHwwU5HdqowhE0sEQzOIJvs2JK5L+LcoSkTViy +PzidZ0qoAHRluuFw8Ag9sahcQfao6rqJOFY/16KEjDthATGo/4mHRsuAM+xza+2m +GbqJH/iO/q0lsPb3culm8aoJNxULTHrU5YWhuGvRypSYrfdL7RBkzW4VEt5LcRK6 +KcfmfHMrjPl/XxSSvrBmly7nYNH80DGSMRP/lnrQ8OS+hSiDy1KBaCcNhja5Dyzn +K0dXlMGmWrnDMs8m+4cUoIM= +-----END CERTIFICATE----- +Bag Attributes + localKeyID: F3 93 1A AD 84 1C D7 2E F3 20 08 C7 7D A9 ED B0 3D 29 4E F7 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFMcFVFpHnS0CAggA +MBQGCCqGSIb3DQMHBAi+r+wNWXgmYASCBMiZWRwBAkRI+CPrAf5OQ6v8SiEW3L4v +zLze/kzHFM+9u2fK7svyLYspNAUrnOKGl/LXupdGxa6kvJba4rPNGGjpwLoHx/Hr +f3UOXlwLNs3KD+cSrL2/XBLciW6qLESZ6BIsOy8siTjeaOY0lyTkzI3uKZ2sqA3F +RlS81uKK5B7iksBNIhYx32MN0FgRRsaAie3CTXnbf9yB2fQO/042n50UbOXnHTkl +NpnKqgGlp4Ilog6aGnyRUBHrxHgkdpEUACTgSnEgDX3rs2xcaprCns0Pr+8KJLAF +qrmFBcxYKct1pFx/PtKO65uVmTjLHWsZL5qkTAn70V2Hc728dijMcMdPcycQ5Kvi +1PLajlkO+WgGS0Q2u9FsJ5ojikc4CiHuC46Y3H/MprhCwXnrA65yNUbiY66iDN5n +sXCK9DGL3STk3Dfcyan102aXErTJYSbAddK0cPOnkJTcoONxFZP2uxoJsrWeSH9n +xp08FJvW6oqBS3RBWlMugtQ4dRs3bbsg1YrGodunOgK0ZxAT9/Kn8rg/KUM5Yiz6 +K20DXw8Qbzj0tq7nggyd9yVSjR0oSZ9uFzhehzT3TzhjBtBCcFD/M3sJoZVmCMDg +XslIPDxJlAlkZ14rmFrSRUBUcXHhmAMq85taocSVejw7ntA1mTa3G6Os2tW0ObfJ +1uoRUCM/bK7jR25BVlpI9cxJe32e6IGTQvEoqY051GYn/LkwWcTEdaYOLg7JsqUP +yMvLn+qjSbPaG7e/yKASP9EOs1Bi4pb6OcXIv9YVmujhbNJRSNRc8aW85nJ3M56x +v9r8WBV6IooyOH9UslNqt7DYzgCxvNWgp1E6WGrlWJMyfmgEjQCLYhmQJZU+lWCg +LOwEfcZgnCItNjI/JCv+bB9WkJqbsLvDT9ae7oVIwMlXNyuacKMbCuWsrG4C4JqN +xzjCSangAN+0AouqLUGIL+k8NUGLkrt5yBsnUxvltSwmneVos/SW5CzAuP95PvsN +FV8LTi0T7YB8YssklP/u+j6tdtERt7EaQ/F+bUBlRctcypc5wB6kpfjc/7HaG8Mf +7dZ2IcwhnkQIcqQ7bAOwUQgwnQs2yLsTJ0fXLTVMPtdwCYJy+7o33dU/qGxajXDO +o+gHQr3Vvk5wrHIbdTwUci6oZclQt2xFCDqql2l41g4t530rm2aiDDnG0eaKyWQ3 +TrxF1j8LHcewzzFcQ+nGtcomfP7QAW2/km+w+Cnro4TjC3GbB3h6UH1CUCLlEMKv +rEK2lDWngJJzhsfExbUWYIYLOZpyhcvFEZMCOjOBFPVmRGdak8f9M/X5lo0wYIRi +DALFmc7/e+aiKbYE5n2B+uzP1Cvw+8eUr1wbSFjgK35qZYVGY9kKcA4pnMwVVtnM +dBrJt7QZMfdjmlc49lsfw/hC38xKm+Kbqz2+yg4Ra0WCQTwsWxDMTaZt5DZgImw1 +R+jbdZQP45cPNdUFKLGdjyvmQpmcYnKIJndcGvOqGWVPdGKy4oekewT7frvHUT4M +6MjJdve8pIZV/ClwWM6Q5WMj9D2ChK5aDGztEp/Qc2K0cYSzZ28prd89mDehfTZj +XNmM4HVlOKU7AJGKt3Cf6AYtiSYnjUCNqjSY1ZQyG982Z5xr6FCUN4GZUXHoIUtA +dTU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts index 06639bdfb6af..22b8c0f435ca 100644 --- a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts +++ b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts @@ -20,6 +20,11 @@ export interface ClientCertificatePEMCertificate { * The PEM-encoded public/private key certificate on the filesystem. */ certificate: string; + + /** + * The password for the certificate file. + */ + certificatePassword?: string; } /** * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate. @@ -29,6 +34,11 @@ export interface ClientCertificatePEMCertificatePath { * The path to the PEM-encoded public/private key certificate on the filesystem. */ certificatePath: string; + + /** + * The password for the certificate file. + */ + certificatePassword?: string; } /** * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate. diff --git a/sdk/identity/identity/src/credentials/environmentCredential.ts b/sdk/identity/identity/src/credentials/environmentCredential.ts index 813c88d798ab..5997dbefd0d3 100644 --- a/sdk/identity/identity/src/credentials/environmentCredential.ts +++ b/sdk/identity/identity/src/credentials/environmentCredential.ts @@ -24,6 +24,7 @@ export const AllSupportedEnvironmentVariables = [ "AZURE_CLIENT_ID", "AZURE_CLIENT_SECRET", "AZURE_CLIENT_CERTIFICATE_PATH", + "AZURE_CLIENT_CERTIFICATE_PASSWORD", "AZURE_USERNAME", "AZURE_PASSWORD", ]; @@ -56,6 +57,7 @@ export class EnvironmentCredential implements TokenCredential { * Environment variables used for client credential authentication: * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration. * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret. + * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file. * * Alternatively, users can provide environment variables for username and password authentication: * - `AZURE_USERNAME`: Username to authenticate with. @@ -89,6 +91,7 @@ export class EnvironmentCredential implements TokenCredential { } const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH; + const certificatePassword = process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD; if (tenantId && clientId && certificatePath) { logger.info( `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}` @@ -96,7 +99,7 @@ export class EnvironmentCredential implements TokenCredential { this._credential = new ClientCertificateCredential( tenantId, clientId, - { certificatePath }, + { certificatePath, certificatePassword }, options ); return; diff --git a/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts b/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts index 5755103e97a3..6f41a7224d68 100644 --- a/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts +++ b/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts @@ -2,7 +2,7 @@ // Licensed under the MIT license. import { readFile } from "fs"; -import { createHash } from "crypto"; +import { createHash, createPrivateKey } from "crypto"; import { promisify } from "util"; import { AccessToken } from "@azure/core-auth"; @@ -121,9 +121,26 @@ export class MsalClientCertificate extends MsalNode { async init(options?: CredentialFlowGetTokenOptions): Promise { try { const parts = await parseCertificate(this.configuration, this.sendCertificateChain); + + let privateKey: string | undefined; + if (this.configuration.certificatePassword !== undefined) { + const privateKeyObject = createPrivateKey({ + key: parts.certificateContents, + passphrase: this.configuration.certificatePassword, + format: "pem" + }); + + privateKey = privateKeyObject.export({ + format: "pem", + type: "pkcs8" + }).toString(); + } else { + privateKey = parts.certificateContents; + } + this.msalConfig.auth.clientCertificate = { thumbprint: parts.thumbprint, - privateKey: parts.certificateContents, + privateKey: privateKey, x5c: parts.x5c, }; } catch (error: any) { diff --git a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts index df2f6b872a8f..3e3122af0812 100644 --- a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts +++ b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts @@ -19,6 +19,7 @@ describe("EnvironmentCredential", function () { "AZURE_CLIENT_ID", "AZURE_CLIENT_SECRET", "AZURE_CLIENT_CERTIFICATE_PATH", + "AZURE_CLIENT_CERTIFICATE_PASSWORD", "AZURE_USERNAME", "AZURE_PASSWORD", ]; @@ -75,6 +76,26 @@ describe("EnvironmentCredential", function () { assert.ok(token?.expiresOnTimestamp! > Date.now()); }); + it("authenticates with a client certificate and password on the environment variables", async function (this: Context) { + if (isLiveMode()) { + // Live test run not supported on CI at the moment. Locally should work though. + this.skip(); + } + // The following environment variables must be set for this to work. + // On TEST_MODE="playback", the recorder automatically fills them with stubbed values. + process.env.AZURE_TENANT_ID = cachedValues.AZURE_TENANT_ID; + process.env.AZURE_CLIENT_ID = cachedValues.AZURE_CLIENT_ID; + process.env.AZURE_CLIENT_CERTIFICATE_PATH = + cachedValues.AZURE_CLIENT_CERTIFICATE_PATH || "assets/fake-cert-password.pem"; + process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD = "password"; + + const credential = new EnvironmentCredential(recorder.configureClientOptions({})); + + const token = await credential.getToken(scope); + assert.ok(token?.token); + assert.ok(token?.expiresOnTimestamp! > Date.now()); + }); + it("finds and uses client username/password environment variables", async () => { // The following environment variables must be set for this to work. // On TEST_MODE="playback", the recorder automatically fills them with stubbed values. From 7cc70458743e9c9c94dfcea84e060d8bcc1a3543 Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Tue, 2 Aug 2022 13:35:34 -0400 Subject: [PATCH 2/5] [identity] update formatting --- .../src/credentials/clientCertificateCredential.ts | 4 ++-- .../src/msal/nodeFlows/msalClientCertificate.ts | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts index 22b8c0f435ca..e32363321683 100644 --- a/sdk/identity/identity/src/credentials/clientCertificateCredential.ts +++ b/sdk/identity/identity/src/credentials/clientCertificateCredential.ts @@ -24,7 +24,7 @@ export interface ClientCertificatePEMCertificate { /** * The password for the certificate file. */ - certificatePassword?: string; + certificatePassword?: string; } /** * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate. @@ -38,7 +38,7 @@ export interface ClientCertificatePEMCertificatePath { /** * The password for the certificate file. */ - certificatePassword?: string; + certificatePassword?: string; } /** * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate. diff --git a/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts b/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts index 6f41a7224d68..c18b3d54fb7d 100644 --- a/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts +++ b/sdk/identity/identity/src/msal/nodeFlows/msalClientCertificate.ts @@ -127,13 +127,15 @@ export class MsalClientCertificate extends MsalNode { const privateKeyObject = createPrivateKey({ key: parts.certificateContents, passphrase: this.configuration.certificatePassword, - format: "pem" + format: "pem", }); - privateKey = privateKeyObject.export({ - format: "pem", - type: "pkcs8" - }).toString(); + privateKey = privateKeyObject + .export({ + format: "pem", + type: "pkcs8", + }) + .toString(); } else { privateKey = parts.certificateContents; } From be3c2757b5eb085049ac3bcee960fda804eb56ab Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Tue, 2 Aug 2022 14:29:36 -0400 Subject: [PATCH 3/5] [identity] update API Docs --- sdk/identity/identity/review/identity.api.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sdk/identity/identity/review/identity.api.md b/sdk/identity/identity/review/identity.api.md index 925003368f17..013fad8c45b5 100644 --- a/sdk/identity/identity/review/identity.api.md +++ b/sdk/identity/identity/review/identity.api.md @@ -128,10 +128,12 @@ export type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCe // @public export interface ClientCertificatePEMCertificate { certificate: string; + certificatePassword?: string; } // @public export interface ClientCertificatePEMCertificatePath { + certificatePassword?: string; certificatePath: string; } From 3dbdd4c3421412a9e5b772651d2262797375736b Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Tue, 2 Aug 2022 19:06:40 -0400 Subject: [PATCH 4/5] [identity] Add recording for identity --- ...password_on_the_environment_variables.json | 208 ++++++++++++++++++ .../public/node/environmentCredential.spec.ts | 2 +- 2 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 sdk/identity/identity/recordings/node/environmentcredential/recording_authenticates_with_a_client_certificate_and_password_on_the_environment_variables.json diff --git a/sdk/identity/identity/recordings/node/environmentcredential/recording_authenticates_with_a_client_certificate_and_password_on_the_environment_variables.json b/sdk/identity/identity/recordings/node/environmentcredential/recording_authenticates_with_a_client_certificate_and_password_on_the_environment_variables.json new file mode 100644 index 000000000000..96336cbc9fe0 --- /dev/null +++ b/sdk/identity/identity/recordings/node/environmentcredential/recording_authenticates_with_a_client_certificate_and_password_on_the_environment_variables.json @@ -0,0 +1,208 @@ +{ + "Entries": [ + { + "RequestUri": "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1\u0026authorization_endpoint=https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/authorize", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept-Encoding": "gzip,deflate", + "Connection": "keep-alive", + "User-Agent": "User-Agent", + "x-ms-client-request-id": "6291c2a9-9fd8-4ba5-bf91-0a34cab52e00" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Access-Control-Allow-Methods": "GET, OPTIONS", + "Access-Control-Allow-Origin": "*", + "Cache-Control": "max-age=86400, private", + "Content-Length": "980", + "Content-Type": "application/json; charset=utf-8", + "Date": "Tue, 02 Aug 2022 23:05:43 GMT", + "P3P": "CP=\u0022DSP CUR OTPi IND OTRi ONL FIN\u0022", + "Set-Cookie": "fpc=secret_cookie; expires=Thu, 01-Sep-2022 23:05:43 GMT; path=/; secure; HttpOnly; SameSite=None", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-ests-server": "2.1.13355.6 - NCUS ProdSlices", + "x-ms-request-id": "e04f0f23-0b4a-4b80-8e5e-3945fbadbb00", + "X-XSS-Protection": "0" + }, + "ResponseBody": { + "tenant_discovery_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/v2.0/.well-known/openid-configuration", + "api-version": "1.1", + "metadata": [ + { + "preferred_network": "login.microsoftonline.com", + "preferred_cache": "login.windows.net", + "aliases": [ + "login.microsoftonline.com", + "login.windows.net", + "login.microsoft.com", + "sts.windows.net" + ] + }, + { + "preferred_network": "login.partner.microsoftonline.cn", + "preferred_cache": "login.partner.microsoftonline.cn", + "aliases": [ + "login.partner.microsoftonline.cn", + "login.chinacloudapi.cn" + ] + }, + { + "preferred_network": "login.microsoftonline.de", + "preferred_cache": "login.microsoftonline.de", + "aliases": [ + "login.microsoftonline.de" + ] + }, + { + "preferred_network": "login.microsoftonline.us", + "preferred_cache": "login.microsoftonline.us", + "aliases": [ + "login.microsoftonline.us", + "login.usgovcloudapi.net" + ] + }, + { + "preferred_network": "login-us.microsoftonline.com", + "preferred_cache": "login-us.microsoftonline.com", + "aliases": [ + "login-us.microsoftonline.com" + ] + } + ] + } + }, + { + "RequestUri": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/v2.0/.well-known/openid-configuration", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept-Encoding": "gzip,deflate", + "Connection": "keep-alive", + "User-Agent": "User-Agent", + "x-ms-client-request-id": "a43942a2-c308-4b71-99ea-4722ce5f74b4" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Access-Control-Allow-Methods": "GET, OPTIONS", + "Access-Control-Allow-Origin": "*", + "Cache-Control": "max-age=86400, private", + "Content-Length": "1753", + "Content-Type": "application/json; charset=utf-8", + "Date": "Tue, 02 Aug 2022 23:05:43 GMT", + "P3P": "CP=\u0022DSP CUR OTPi IND OTRi ONL FIN\u0022", + "Set-Cookie": "fpc=secret_cookie; expires=Thu, 01-Sep-2022 23:05:43 GMT; path=/; secure; HttpOnly; SameSite=None", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-ests-server": "2.1.13418.9 - EUS ProdSlices", + "x-ms-request-id": "959b41d1-66f7-49e5-8173-993f4f3d3f00", + "X-XSS-Protection": "0" + }, + "ResponseBody": { + "token_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/token", + "token_endpoint_auth_methods_supported": [ + "client_secret_post", + "private_key_jwt", + "client_secret_basic" + ], + "jwks_uri": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/discovery/v2.0/keys", + "response_modes_supported": [ + "query", + "fragment", + "form_post" + ], + "subject_types_supported": [ + "pairwise" + ], + "id_token_signing_alg_values_supported": [ + "RS256" + ], + "response_types_supported": [ + "code", + "id_token", + "code id_token", + "id_token token" + ], + "scopes_supported": [ + "openid", + "profile", + "email", + "offline_access" + ], + "issuer": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/v2.0", + "request_uri_parameter_supported": false, + "userinfo_endpoint": "https://graph.microsoft.com/oidc/userinfo", + "authorization_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/authorize", + "device_authorization_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/devicecode", + "http_logout_supported": true, + "frontchannel_logout_supported": true, + "end_session_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/logout", + "claims_supported": [ + "sub", + "iss", + "cloud_instance_name", + "cloud_instance_host_name", + "cloud_graph_host_name", + "msgraph_host", + "aud", + "exp", + "iat", + "auth_time", + "acr", + "nonce", + "preferred_username", + "name", + "tid", + "ver", + "at_hash", + "c_hash", + "email" + ], + "kerberos_endpoint": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/kerberos", + "tenant_region_scope": "WW", + "cloud_instance_name": "microsoftonline.com", + "cloud_graph_host_name": "graph.windows.net", + "msgraph_host": "graph.microsoft.com", + "rbac_url": "https://pas.windows.net" + } + }, + { + "RequestUri": "https://login.microsoftonline.com/12345678-1234-1234-1234-123456789012/oauth2/v2.0/token", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept-Encoding": "gzip,deflate", + "Connection": "keep-alive", + "Content-Length": "612", + "Content-Type": "application/x-www-form-urlencoded;charset=utf-8", + "User-Agent": "User-Agent", + "x-ms-client-request-id": "fe97e6bb-cf26-4f18-9e44-6f7547858ca2" + }, + "RequestBody": "client_id=azure_client_id\u0026scope=https%3A%2F%2Fvault.azure.net%2F.default%20openid%20profile%20offline_access\u0026grant_type=client_credentials\u0026x-client-SKU=msal.js.node\u0026x-client-VER=identity-client-version\u0026x-client-OS=x-client-OS\u0026x-client-CPU=x-client-CPU\u0026x-ms-lib-capability=retry-after, h429\u0026x-client-current-telemetry=5|771,2,,,|,\u0026x-client-last-telemetry=5|0|||0,0\u0026client-request-id=client-request-id\u0026client_assertion=client_assertion\u0026client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer\u0026claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22cp1%22%5D%7D%7D%7D", + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-store, no-cache", + "Content-Length": "95", + "Content-Type": "application/json; charset=utf-8", + "Date": "Tue, 02 Aug 2022 23:05:43 GMT", + "Expires": "-1", + "P3P": "CP=\u0022DSP CUR OTPi IND OTRi ONL FIN\u0022", + "Pragma": "no-cache", + "Set-Cookie": "fpc=secret_cookie; expires=Thu, 01-Sep-2022 23:05:43 GMT; path=/; secure; HttpOnly; SameSite=None", + "Strict-Transport-Security": "max-age=31536000; includeSubDomains", + "X-Content-Type-Options": "nosniff", + "x-ms-clitelem": "1,0,0,,", + "x-ms-ests-server": "2.1.13418.9 - SCUS ProdSlices", + "x-ms-request-id": "3c50cbd3-c72d-4390-bc8d-771eed8a4100", + "X-XSS-Protection": "0" + }, + "ResponseBody": { + "token_type": "Bearer", + "expires_in": 86399, + "ext_expires_in": 86399, + "access_token": "access_token" + } + } + ], + "Variables": {} +} diff --git a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts index 3e3122af0812..cdf9ae20c2c9 100644 --- a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts +++ b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts @@ -76,7 +76,7 @@ describe("EnvironmentCredential", function () { assert.ok(token?.expiresOnTimestamp! > Date.now()); }); - it("authenticates with a client certificate and password on the environment variables", async function (this: Context) { + it.only("authenticates with a client certificate and password on the environment variables", async function (this: Context) { if (isLiveMode()) { // Live test run not supported on CI at the moment. Locally should work though. this.skip(); From 2608809d55a4a672cf7727758b5227cac901ae56 Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Tue, 2 Aug 2022 19:09:32 -0400 Subject: [PATCH 5/5] [identity] Add recording for identity --- .../identity/test/public/node/environmentCredential.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts index cdf9ae20c2c9..3e3122af0812 100644 --- a/sdk/identity/identity/test/public/node/environmentCredential.spec.ts +++ b/sdk/identity/identity/test/public/node/environmentCredential.spec.ts @@ -76,7 +76,7 @@ describe("EnvironmentCredential", function () { assert.ok(token?.expiresOnTimestamp! > Date.now()); }); - it.only("authenticates with a client certificate and password on the environment variables", async function (this: Context) { + it("authenticates with a client certificate and password on the environment variables", async function (this: Context) { if (isLiveMode()) { // Live test run not supported on CI at the moment. Locally should work though. this.skip();