Skip to content

[Identity] Always include the Broker as part of DAC #52189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

[Identity] Always include the Broker as part of DAC #52189

wants to merge 17 commits into from

Conversation

JonathanCrd
Copy link
Member

Fixes #52138

This PR changes the DAC Factory to always include the Broker even if the Azure.Identity.Broker package is not installed. In order to do this, a new internal BrokerCredential type is used, so instead of throwing an error during the construction of DAC, an error will be thrown when GetToken() is called.

This is the same Behaviour as VisualStudioCodeCredential.

@JonathanCrd JonathanCrd self-assigned this Aug 22, 2025
@Copilot Copilot AI review requested due to automatic review settings August 22, 2025 06:49
@JonathanCrd JonathanCrd requested review from christothes and a team as code owners August 22, 2025 06:49
Copilot
Copilot AI reviewed Aug 22, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR changes the DefaultAzureCredential (DAC) factory to always include the Broker credential in the credential chain, even when the Azure.Identity.Broker package is not installed. Instead of throwing an error during DAC construction, the error is now deferred until GetToken() is called, matching the behavior of VisualStudioCodeCredential.

Key changes:

  • Introduces a new internal BrokerCredential type that handles broker availability checks at token request time
  • Updates the credential factory to unconditionally include broker credentials in the chain
  • Modifies tests to account for the additional credential in the chain

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
DefaultAzureCredentialTests.cs Updates test assertions to expect 9/10 credentials instead of 8/9, adds broker credential exclusion option
DefaultAzureCredentialFactoryTests.cs Adds broker credential to test matrices, removes broker package availability checks, updates credential count expectations
DefaultAzureCredentialFactory.cs Simplifies broker credential creation by always including it in the chain, removes package availability checks
BrokerCredential.cs New internal credential type that defers broker availability checking to token request time
DevelopmentBrokerOptionsTests.cs Updates test to use simplified broker credential creation method
DefaultAzureCredentialFactoryTests.cs (Broker package) Updates test assertion to expect BrokerCredential type instead of InteractiveBrowserCredential

christothes
christothes reviewed Aug 22, 2025
View reviewed changes
christothes
christothes reviewed Aug 22, 2025
View reviewed changes
christothes
christothes reviewed Aug 22, 2025
View reviewed changes
@JonathanCrd
Add ISupportsTenantId interface to credential options for tenant ID s…
bc1328b 
…upport
@JonathanCrd
Refactor broker options mapping to new helper class
4784970 
Moved logic for mapping credential options to broker options from BrokerCredential to a new CredentialOptionsMapper class. This improves code organization and reusability by centralizing the mapping logic.
@JonathanCrd
remove CredentialsSection from broker
fce7a3b
@JonathanCrd
Simplify checks
cca550f
@JonathanCrd
Remove duplicated code
ea85917
@JonathanCrd
Adjust tests to new simplified logic
c86b06f
christothes
christothes reviewed Aug 29, 2025
View reviewed changes
christothes
christothes reviewed Aug 29, 2025
View reviewed changes
sdk/identity/Azure.Identity/src/DefaultAzureCredentialFactory.cs
@@ -343,22 +332,14 @@ public virtual TokenCredential CreateInteractiveBrowserCredential()
Pipeline);
}

public TokenCredential CreateBrokerCredential(InteractiveBrowserCredentialOptions brokerOptions)
internal TokenCredential CreateBrokerCredential()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this method?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's used in this factory class to add the Broker into the chain

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I meant was all it does is return new BrokerCredential(options) - can callers just do that themselves?

christothes
christothes reviewed Aug 29, 2025
View reviewed changes
christothes
christothes reviewed Aug 29, 2025
View reviewed changes
christothes
christothes reviewed Sep 4, 2025
View reviewed changes
sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs
@@ -5,13 +5,14 @@
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;
using Azure.Identity.Credentials;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All these added using statements can be removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottaddie scottaddie scottaddie left review comments

Copilot code review Copilot Copilot left review comments

@christothes christothes christothes approved these changes

@maorleger maorleger Awaiting requested review from maorleger maorleger is a code owner automatically assigned from Azure/azure-sdk-write-identity

@pvaneck pvaneck Awaiting requested review from pvaneck pvaneck is a code owner automatically assigned from Azure/azure-sdk-write-identity

@chlowell chlowell Awaiting requested review from chlowell chlowell is a code owner automatically assigned from Azure/azure-sdk-write-identity

@xiangyan99 xiangyan99 Awaiting requested review from xiangyan99 xiangyan99 is a code owner automatically assigned from Azure/azure-sdk-write-identity

@anannya03 anannya03 Awaiting requested review from anannya03 anannya03 is a code owner automatically assigned from Azure/azure-sdk-write-identity

@minhanh-phan minhanh-phan Awaiting requested review from minhanh-phan minhanh-phan is a code owner automatically assigned from Azure/azure-sdk-write-identity

At least 1 approving review is required to merge this pull request.

Assignees

@JonathanCrd JonathanCrd

Labels
Azure.Identity
Projects
Azure Identity SDK Improvements
Status: Untriaged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Always include the Broker as part of DAC
3 participants
@JonathanCrd @christothes @scottaddie