azure-powershell icon indicating copy to clipboard operation
azure-powershell copied to clipboard

Published 20 hours ago verified publisher icon Azure

Draft to Support WAM

Open msJinLei opened this issue 2 years ago • 2 comments

Description

Login Form ( for both Windows PoweShell and PowerShell 7.1+

image

Code Change

InteractiveBrowserCredentialBrokerOptions --> InteractiveBrowserCredentialOptions

Key Assemblies that Contains the New Feature

We should load the assemblies following for different PoweShell version in different OSes

Windows PowerShell on Windows
  • Microsoft.Identity.Client, Version=4.39.0.0, TargetFramework(".NETFramework,Version=v4.6.1", FrameworkDisplayName = ".NET Framework 4.6.1")
  • Microsoft.Identity.Client.Desktop, Version=4.39.0.0, TargetFramework(".NETFramework,Version=v4.6.1", FrameworkDisplayName = ".NET Framework 4.6.1")
  • Azure.Identity.BrokeredAuthentication, Version=1.0.0.0,TargetFramework(".NETFramework,Version=v4.6.1", FrameworkDisplayName = ".NET Framework 4.6.1")
PowerShell 7.2+/7.1+ on Windows
  • Microsoft.Identity.Client Version=4.39.0.0 TargetFramework(".NETCoreApp,Version=v5.0", FrameworkDisplayName = "")]
  • Azure.Identity.BrokeredAuthentication, Version=1.0.0.0, TargetFramework(".NETStandard,Version=v2.0", FrameworkDisplayName = "")
PowerShell 7.0+ on Windows
  • Microsoft.Identity.Client Version=4.39.0.0 TargetFramework(".NETCoreApp,Version=v2.1", FrameworkDisplayName = "")
  • Azure.Identity.BrokeredAuthentication, Version=1.0.0.0, TargetFramework(".NETStandard,Version=v2.0", FrameworkDisplayName = "")
PowerShell 7.2+/7.1+ on Linux and MacOS (fallback to browser login)
  • Microsoft.Identity.Client Version=4.39.0.0 TargetFramework(".NETCoreApp,Version=v2.1", FrameworkDisplayName = "")
  • Azure.Identity.BrokeredAuthentication, Version=1.0.0.0, TargetFramework(".NETStandard,Version=v2.0", FrameworkDisplayName = "")

Packages From Nuget

azure.core.1.22.0
azure.identity.1.6.0-beta.1
azure.identity.brokeredauthentication.1.0.0-beta.1
microsoft.identity.client.4.39.0
microsoft.identity.client.desktop.4.39.0
microsoft.windows.cswinrt.1.5.0
microsoft.windows.sdk.net.ref.10.0.22000.23
system.security.cryptography.protecteddata.4.5.0
system.text.json.4.7.2

To Do List

  • Support fallback logic in Linux and MacOS Current Az.Accounts may throw exception in Linux and MacOS as the loaded Microsoft.Identity.Client doesn't support these 2 platforms. We should have Az.Accounts load the netcoreApp version of Microsoft.Identity.Client in these 2 platforms and the behvaiours of interactively login should fallback to browser login.
  • In Windows also provide a fallback implementation ? For any reason that WAM is not supported in windows, such as due to low version of PowerShell core, Az.Accounts should fallback to browser login.
  • PowerShell 7.0.3 not supported yet
PS D:\workspace\azure-powershell> Connect-AzAccount -Environment Dogfood
Connect-AzAccount: Could not load file or assembly 'System.Diagnostics.Tracing, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.

Related Resources

https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity.BrokeredAuthentication#configuring-the-interactivebrowsercredential-to-use-the-system-authentication-broker https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3176 https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-acquire-token-wam#availability

Checklist

  • [ ] I have read the Submitting Changes section of CONTRIBUTING.md
  • [ ] The title of the PR is clear and informative
  • [ ] The appropriate ChangeLog.md file(s) has been updated:
    • For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
  • [ ] The PR does not introduce breaking changes
  • [ ] If applicable, the changes made in the PR have proper test coverage
  • [ ] For public API changes to cmdlets:
    • [ ] a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
      • {Please put the link here}
    • [ ] the markdown help files have been regenerated using the commands listed here

msJinLei avatar Mar 14 '22 09:03 msJinLei

  • For PowerShell 7.0.x (.net core 3.1) and PowerShell core 6 (.net core 2.1), they cannot load dlls for .net 5. We might treat them just like linux
  • MSA account?

isra-fel avatar Mar 15 '22 06:03 isra-fel

  • For PowerShell 7.0.x (.net core 3.1) and PowerShell core 6 (.net core 2.1), they cannot load dlls for .net 5. We might treat them just like linux

As we discussed we may try to use the assembly Microsoft.Identity.Client Version=4.39.0.0 TargetFramework(".NETCoreApp,Version=v2.1", FrameworkDisplayName = "")

  • MSA account?

Not tried yet

msJinLei avatar Mar 15 '22 07:03 msJinLei

/azp run azure-powershell - powershell-core

isra-fel avatar Jan 03 '23 02:01 isra-fel

Azure Pipelines successfully started running 1 pipeline(s).

azure-pipelines[bot] avatar Jan 03 '23 02:01 azure-pipelines[bot]