Az.accounts 2.1.2 (#13397)

* fix issue: the error message is unclear if browser is unavailable for Interactive scenario

* fix issues: a. Token is not renewed after expiring for LRO; b. AccountId is not respected in MSI

* code refactoring

* remove unused code

* fix typo

* update version

* update for 2.1.2

* update version to 2.1.2

Author: erich-wang

src/Accounts/Accounts/Account/ConnectAzureRmAccount.cs

@@ -19,6 +19,8 @@
 using System.Threading;
 using System.Threading.Tasks;
 
+using Azure.Identity;
+
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core;
@@ -29,6 +31,7 @@
 using Microsoft.Azure.Commands.Profile.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common;
 using Microsoft.Azure.PowerShell.Authenticators;
+using Microsoft.Identity.Client;
 using Microsoft.WindowsAzure.Commands.Common;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 
@@ -398,12 +401,36 @@ public override void ExecuteCmdlet()
                    }
 
                    HandleActions();
-                   var result = (PSAzureProfile) (task.ConfigureAwait(false).GetAwaiter().GetResult());
-                   WriteObject(result);
+
+                   try
+                   {
+                       var result = (PSAzureProfile)(task.ConfigureAwait(false).GetAwaiter().GetResult());
+                       WriteObject(result);
+                   }
+                   catch (AuthenticationFailedException ex)
+                   {
+                       if(IsUnableToOpenWebPageError(ex))
+                       {
+                           WriteWarning(Resources.InteractiveAuthNotSupported);
+                           WriteDebug(ex.ToString());
+                       }
+                       else
+                       {
+                           WriteWarning(Resources.SuggestToUseDeviceCodeAuth);
+                           WriteDebug(ex.ToString());
+                           throw;
+                       }
+                   }
                });
             }
         }
 
+        private bool IsUnableToOpenWebPageError(AuthenticationFailedException exception)
+        {
+            return exception.InnerException is MsalClientException && ((MsalClientException)exception.InnerException)?.ErrorCode == MsalError.LinuxXdgOpen
+                            || (exception.Message?.ToLower()?.Contains("unable to open a web page") ?? false);
+        }
+
         private ConcurrentQueue<Task> _tasks = new ConcurrentQueue<Task>();
 
         private void HandleActions()

src/Accounts/Accounts/Az.Accounts.psd1

@@ -3,7 +3,7 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 10/23/2020
+# Generated on: 11/2/2020
 #
 
 @{
@@ -12,7 +12,7 @@
 # RootModule = ''
 
 # Version number of this module.
-ModuleVersion = '2.1.0'
+ModuleVersion = '2.1.2'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'
@@ -143,8 +143,7 @@ PrivateData = @{
         # IconUri = ''
 
         # ReleaseNotes of this module
-        ReleaseNotes = '* [Breaking Change] Removed ''Get-AzProfile'' and ''Select-AzProfile''
-* Replaced Azure Directory Authentication Library with Microsoft Authentication Library(MSAL)'
+        ReleaseNotes = '* Fixed one issue related to MSI'
 
         # Prerelease string of this module
         # Prerelease = ''

src/Accounts/Accounts/ChangeLog.md

@@ -21,6 +21,14 @@
 * Fixed an issue causing `Connect-AzAccount -KeyVaultAccessToken` not working [#13127]
 * Fixed null reference and method case insensitive in `Invoke-AzRestMethod`
 
+## Version 2.1.2
+* Fixed one issue related to MSI
+
+## Version 2.1.1
+* Fixed the issue that token is not renewed after expiring for LRO [#13367]
+* Fixed the issue that AccountId is not respected in MSI [#13376]
+* Fixed the issue that error message is unclear if browser is not avaialable for Interactive auth [#13340]
+
 ## Version 2.1.0
 * [Breaking Change] Removed `Get-AzProfile` and `Select-AzProfile`
 * Replaced Azure Directory Authentication Library with Microsoft Authentication Library(MSAL)

src/Accounts/Accounts/Properties/AssemblyInfo.cs

@@ -43,8 +43,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 
-[assembly: AssemblyVersion("2.1.0")]
-[assembly: AssemblyFileVersion("2.1.0")]
+[assembly: AssemblyVersion("2.1.2")]
+[assembly: AssemblyFileVersion("2.1.2")]
 #if !SIGN
 [assembly: InternalsVisibleTo("Microsoft.Azure.PowerShell.Cmdlets.Accounts.Test")]
 #endif

src/Accounts/Accounts/Properties/Resources.Designer.cs

@@ -513,4 +513,10 @@
   <data name="SendFeedbackOpenLinkManually" xml:space="preserve">
     <value>Use a web browser to open the page {0}.</value>
   </data>
+  <data name="InteractiveAuthNotSupported" xml:space="preserve">
+    <value>Interactive authentication is not supported in this session, please run Connect-AzAccount using switch -DeviceCode.</value>
+  </data>
+  <data name="SuggestToUseDeviceCodeAuth" xml:space="preserve">
+    <value>Please run 'Connect-AzAccount -DeviceCode' if browser is not supported in this session.</value>
+  </data>
 </root>

src/Accounts/Accounts/Properties/Resources.resx

@@ -610,8 +610,7 @@ Accept wildcard characters: False
 
 ### -UseDeviceAuthentication
 
-Use device code authentication instead of a browser control. This is the default authentication type
-for PowerShell version 6 and higher.
+Use device code authentication instead of a browser control.
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter

src/Accounts/Accounts/help/Connect-AzAccount.md

@@ -43,5 +43,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.1.0")]
-[assembly: AssemblyFileVersion("2.1.0")]
+[assembly: AssemblyVersion("2.1.2")]
+[assembly: AssemblyFileVersion("2.1.2")]

src/Accounts/Authentication/Properties/AssemblyInfo.cs

@@ -57,7 +57,8 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             var authTask = codeCredential.AuthenticateAsync(requestContext, source.Token);
             return MsalAccessToken.GetAccessTokenAsync(
                 authTask,
-                () => codeCredential.GetTokenAsync(requestContext, source.Token),
+                codeCredential,
+                requestContext,
                 source.Token);
         }
 

src/Accounts/Authenticators/DeviceCodeAuthenticator.cs

@@ -71,7 +71,8 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
 
             return MsalAccessToken.GetAccessTokenAsync(
                 authTask,
-                () => browserCredential.GetTokenAsync(requestContext, source.Token),
+                browserCredential,
+                requestContext,
                 source.Token);
         }