[Account] Adding warning message to discourage username/password (#25435)

lijinpei2008 · web-flow · commit b4568135e4be · 2024-07-03T16:39:21.000+08:00
* adding warning message to discourage username/password

* adding warning message to discourage username/password

* update changelog

* use Resources.UsernamePasswordDiscourageWarningMessage to output warning message and update changelog

* use Resources.UsernamePasswordDeprecateWarningMessage to output warning message and update changelog

* update changelog
diff --git a/src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs b/src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs
@@ -337,6 +337,11 @@ public override void ExecuteCmdlet()
                 AzConfigReader.Instance?.UpdateConfig(ConfigKeys.EnableLoginByWam, false, ConfigScope.CurrentUser);
             }
 
+            if (ParameterSetName.Equals(UserWithCredentialParameterSet))
+            {
+                WriteWarning(Resources.UsernamePasswordDeprecateWarningMessage);
+            }
+
             if (MyInvocation.BoundParameters.ContainsKey(nameof(Subscription)))
             {
                 if (Guid.TryParse(Subscription, out subscriptionIdGuid))
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,8 @@
 -->
 
 ## Upcoming Release
+* Added a warning message in `Connect-AzAccount` to discourage the use of the username/password (a.k.a ROPC) login flow.
+* Preannounced a breaking change in `Get-AzAccessToken` to change `Token` property from `String` to `SecureString`.
 * Disable WAM when the customers login with device code flow or username password (ROPC) flow to prevent a potential issue with token cache.
 * Fixed [CVE-2024-35255](https://github.com/advisories/GHSA-m5vv-6r4h-3vj9)
 * Updated `Microsoft.Identity.Client.NativeInterop` to fix the WAM pop window issue in elevated mode [#24967]
diff --git a/src/Accounts/Accounts/Properties/Resources.Designer.cs b/src/Accounts/Accounts/Properties/Resources.Designer.cs
diff --git a/src/Accounts/Accounts/Properties/Resources.resx b/src/Accounts/Accounts/Properties/Resources.resx
@@ -631,4 +631,7 @@
   <data name="ReportIssue" xml:space="preserve">
     <value>If you encounter any problem, please open an issue at: https://aka.ms/azpsissue</value>
   </data>
+  <data name="UsernamePasswordDeprecateWarningMessage" xml:space="preserve">
+    <value>Authentication with a username and password at the command line is strongly discouraged. Use one of the recommended authentication methods based on your requirements. For additional information, visit https://go.microsoft.com/fwlink/?linkid=2276971.</value>
+  </data>
 </root>

Original file line number	Diff line number	Diff line change
`@@ -337,6 +337,11 @@ public override void ExecuteCmdlet()`
`337`	`337`	`AzConfigReader.Instance?.UpdateConfig(ConfigKeys.EnableLoginByWam, false, ConfigScope.CurrentUser);`
`338`	`338`	`}`
`339`	`339`
	`340`	`+ if (ParameterSetName.Equals(UserWithCredentialParameterSet))`
	`341`	`+ {`
	`342`	`+ WriteWarning(Resources.UsernamePasswordDeprecateWarningMessage);`
	`343`	`+ }`
	`344`	`+`
`340`	`345`	`if (MyInvocation.BoundParameters.ContainsKey(nameof(Subscription)))`
`341`	`346`	`{`
`342`	`347`	`if (Guid.TryParse(Subscription, out subscriptionIdGuid))`