Wrap WAM in config check (#20981)

isra-fel · web-flow · commit 003fc626b5a0 · 2023-02-27T15:57:00.000+08:00
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Fixed the issue that errors related to WAM are thrown when it is not enabled. [#20871] [#20824]
 * Updated Azure.Core library to 1.28.0.
 * Fixed an issue that the helper message about missing modules shows up at the wrong time. [#19228]
 
diff --git a/src/Accounts/Authentication/Authentication/TokenCache/PowerShellTokenCacheProvider.cs b/src/Accounts/Authentication/Authentication/TokenCache/PowerShellTokenCacheProvider.cs
@@ -21,8 +21,10 @@
 using Hyak.Common;
 
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.Shared.Config;
 using Microsoft.Azure.Internal.Subscriptions;
 using Microsoft.Azure.Internal.Subscriptions.Models;
+using Microsoft.Azure.PowerShell.Common.Config;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Broker;
 using Microsoft.Rest;
@@ -162,11 +164,19 @@ private SubscriptionClient GetSubscriptionClient(IAccessToken token, IAzureEnvir
 
         protected abstract void RegisterCache(IPublicClientApplication client);
 
+        /// <summary>
+        /// Creates a public client app.
+        /// This method is not meant for authentication purpose. Use APIs from Azure.Identity instead.
+        /// </summary>
         public virtual IPublicClientApplication CreatePublicClient(string authority = null)
         {
-            var builder = PublicClientApplicationBuilder.Create(Constants.PowerShellClientId).WithBrokerPreview();
-
-            if(!string.IsNullOrEmpty(authority))
+            var builder = PublicClientApplicationBuilder.Create(Constants.PowerShellClientId);
+            if (AzureSession.Instance.TryGetComponent<IConfigManager>(nameof(IConfigManager), out var config)
+                && config.GetConfigValue<bool>(ConfigKeys.EnableLoginByWam))
+            {
+                builder = builder.WithBrokerPreview();
+            }
+            if (!string.IsNullOrEmpty(authority))
             {
                 builder.WithAuthority(authority);
             }
diff --git a/src/Accounts/Authenticators/SilentAuthenticator.cs b/src/Accounts/Authenticators/SilentAuthenticator.cs
@@ -58,8 +58,11 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
 
         private static SharedTokenCacheCredentialOptions GetTokenCredentialOptions(SilentParameters silentParameters, string tenantId, string authority, PowerShellTokenCacheProvider tokenCacheProvider)
         {
-            SharedTokenCacheCredentialOptions options =
-                new SharedTokenCacheCredentialBrokerOptions(tokenCacheProvider.GetTokenCachePersistenceOptions());
+            bool isWamEnabled = AzureSession.Instance.TryGetComponent<IConfigManager>(nameof(IConfigManager), out var config)
+                && config.GetConfigValue<bool>(ConfigKeys.EnableLoginByWam);
+            SharedTokenCacheCredentialOptions options = isWamEnabled
+                ? new SharedTokenCacheCredentialBrokerOptions(tokenCacheProvider.GetTokenCachePersistenceOptions())
+                : new SharedTokenCacheCredentialOptions(tokenCacheProvider.GetTokenCachePersistenceOptions());
             options.EnableGuestTenantAuthentication = true;
             options.ClientId = Constants.PowerShellClientId;
             options.Username = silentParameters.UserId;
