Add customSignedAssertion

AzureAD · Jan 22, 2025 · c2bba6a · c2bba6a
1 parent 38dbb1d
commit c2bba6a
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 3 deletions.
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>
     <PropertyGroup>
         <!-- This should be passed from the VSTS build -->
-        <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">7.1.1</MicrosoftIdentityAbstractionsVersion>
+        <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">7.2.0</MicrosoftIdentityAbstractionsVersion>
         <!-- This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion -->
         <Version>$(MicrosoftIdentityAbstractionsVersion)</Version>
         <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)\build\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>

diff --git a/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialDescription.cs b/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialDescription.cs
@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Collections.Generic;
+using System.ComponentModel;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Microsoft.Identity.Abstractions
@@ -67,6 +69,7 @@ public string? Container
                     CredentialSource.StoreWithThumbprint or CredentialSource.StoreWithDistinguishedName => CertificateStorePath,
                     CredentialSource.SignedAssertionFilePath => SignedAssertionFileDiskPath,
                     CredentialSource.SignedAssertionFromVault => KeyVaultUrl,
+                    CredentialSource.CustomSignedAssertion => null,
                     _ => null
                 };
             }
@@ -96,6 +99,8 @@ public string? Container
                     case CredentialSource.SignedAssertionFilePath:
                         SignedAssertionFileDiskPath = value;
                         break;
+                    case CredentialSource.CustomSignedAssertion:
+                        break;
                     default:
                         break;
                 }
@@ -348,6 +353,7 @@ public string? ReferenceOrValue
                     CredentialSource.Certificate or CredentialSource.Base64Encoded => Base64EncodedValue,
                     CredentialSource.SignedAssertionFromManagedIdentity => ManagedIdentityClientId,
                     CredentialSource.ClientSecret => ClientSecret,
+                    CredentialSource.CustomSignedAssertion => null,
                     _ => null,
                 };
             }
@@ -381,6 +387,8 @@ public string? ReferenceOrValue
                     case CredentialSource.SignedAssertionFromManagedIdentity:
                         ManagedIdentityClientId = value;
                         break;
+                    case CredentialSource.CustomSignedAssertion:
+                        break;
                     default:
                         break;
                 }
@@ -452,7 +460,8 @@ or CredentialSource.Certificate
 
                     CredentialSource.SignedAssertionFromManagedIdentity 
                     or CredentialSource.SignedAssertionFilePath 
-                    or CredentialSource.SignedAssertionFromVault => CredentialType.SignedAssertion,
+                    or CredentialSource.SignedAssertionFromVault
+                    or CredentialSource.CustomSignedAssertion => CredentialType.SignedAssertion,
 
                     CredentialSource.AutoDecryptKeys => CredentialType.DecryptKeys,
 
@@ -478,5 +487,19 @@ or CredentialSource.SignedAssertionFilePath
         /// </example> 
         /// <remarks>If you want to use the default token exchange resource "api://AzureADTokenExchange", don't provide a token exchange url.</remarks>
         public string? TokenExchangeUrl { get; set; }
+
+        /// <summary>
+        /// Extensibility. When used with <see cref="SourceType"/> = <see cref="CredentialSource.CustomSignedAssertion"/>, this property specifies the fully qualified
+        /// named of the extension that will be used to retrieve the signed assertion used as a client credentials.
+        /// </summary>
+        public string? CustomSignedAssertionProviderName { get; set; }
+
+        /// <summary>
+        /// Extensibility. When used with <see cref="SourceType"/> = <see cref="CredentialSource.CustomSignedAssertion"/>, this property specifies 
+        /// additional data that will be passed to the extension computing the signed assertion. This is meant for SDKs extending the credential
+        /// description capabilities.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public Dictionary<string, object>? CustomSignedAssertionProviderData { get; set; }
     }
 }
diff --git a/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialSource.cs b/src/Microsoft.Identity.Abstractions/ApplicationOptions/CredentialSource.cs
@@ -175,6 +175,12 @@ public enum CredentialSource
         /// :::code language="csharp" source="~/../abstractions-samples/test/Microsoft.Identity.Abstractions.Tests/CredentialDescriptionTest.cs" id="autodecryp_csharp":::
         /// ]]></format>
         /// </example>
-        AutoDecryptKeys = 10
+        AutoDecryptKeys = 10,
+
+        /// <summary>
+        /// Use this value in order to utilize a credential provider that is not part of the Microsoft.Identity.Abstractions library.
+        /// This is an extension point, which goes along with <see cref = "CredentialDescription.CustomSignedAssertionProviderName" />
+        /// </summary>
+        CustomSignedAssertion = 11
     }
 }
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net462/PublicAPI.Unshipped.txt
@@ -1,3 +1,8 @@
 #nullable enable
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.get -> System.Collections.Generic.Dictionary<string!, object!>?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/net8.0/PublicAPI.Unshipped.txt
@@ -1,3 +1,8 @@
 #nullable enable
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.get -> System.Collections.Generic.Dictionary<string!, object!>?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
@@ -1,3 +1,8 @@
 #nullable enable
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.get -> System.Collections.Generic.Dictionary<string!, object!>?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Unshipped.txt b/src/Microsoft.Identity.Abstractions/PublicAPI/netstandard2.1/PublicAPI.Unshipped.txt
@@ -1,3 +1,8 @@
 #nullable enable
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.get -> System.Collections.Generic.Dictionary<string!, object!>?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderData.set -> void
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.get -> string?
+Microsoft.Identity.Abstractions.CredentialDescription.CustomSignedAssertionProviderName.set -> void
+Microsoft.Identity.Abstractions.CredentialSource.CustomSignedAssertion = 11 -> Microsoft.Identity.Abstractions.CredentialSource
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.get -> string?
 Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.AppHomeTenantId.set -> void
diff --git a/test/Microsoft.Identity.Abstractions.Tests/CredentialDescriptionTest.cs b/test/Microsoft.Identity.Abstractions.Tests/CredentialDescriptionTest.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using Xunit;
+using System.Collections.Generic;
 
 namespace Microsoft.Identity.Abstractions.ApplicationOptions.Tests
 {
@@ -342,6 +343,24 @@ public void AutomaticDecryptKeys()
             Assert.Null(credentialDescription.Container);
         }
 
+        [Fact]
+        public void CustomSignedAssertion()
+        {
+            // Signed assertion from a custom provider
+            // -------------------------------------------
+            CredentialDescription credentialDescription = new CredentialDescription
+            {
+                SourceType = CredentialSource.CustomSignedAssertion,
+                CustomSignedAssertionProviderName = "MyCustomProvider",
+                CustomSignedAssertionProviderData = new Dictionary<string, object>(){ { "MyCustomProviderData_Key", "MyCustomProviderData_Data" } }
+
+            };
+
+            Assert.Equal(CredentialType.SignedAssertion, credentialDescription.CredentialType);
+            Assert.Null(credentialDescription.Container);
+            Assert.Null(credentialDescription.ReferenceOrValue);
+        }
+
         [Fact]
         public void TokenExchangeUrl()
         {
@@ -415,6 +434,17 @@ public void TestContainerAndValueOrReferenceForCertificate()
             Assert.Null(credentialDescription.ReferenceOrValue);
         }
 
+        // This is still in the process of being implemented so for now it will return null. This test will need to change once it is fully implemented.
+        [Fact]
+        public void TestContainerAndValueOrReferenceForCustomSignedAssertion()
+        {
+            CredentialDescription credentialDescription = new CredentialDescription { SourceType = CredentialSource.CustomSignedAssertion };
+            credentialDescription.Container = "container";
+            Assert.Null(credentialDescription.Container);
+            credentialDescription.ReferenceOrValue = "referenceOrValue";
+            Assert.Null(credentialDescription.ReferenceOrValue);
+        }
+
         // Container only
         [Theory]
         [InlineData(CredentialSource.SignedAssertionFilePath)]