Deprecate ROPC flow (#5355)

* deprecate ropc api

* add pragma tag in tests and sample apps

* add aka.ms link and remove confidential flow deprecation

* remove  imports

* add pragma to missed test

* remove please and  extra line

Author: Ugonnaak1

src/client/Microsoft.Identity.Client.Broker/RuntimeBroker.cs

@@ -6,6 +6,7 @@
 using System.Globalization;
 using System.Linq;
 using System.Diagnostics;
+using System.ComponentModel;
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Microsoft.Identity.Client.ApiConfig.Parameters;
@@ -456,6 +457,8 @@ public async Task<MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
             return msalTokenResponse;
         }
 
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         public async Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
             AuthenticationRequestParameters authenticationRequestParameters,
             AcquireTokenByUsernamePasswordParameters acquireTokenByUsernamePasswordParameters)
@@ -476,7 +479,8 @@ public async Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
                 authParams.Properties["MSALRuntime_Username"] = acquireTokenByUsernamePasswordParameters.Username;
                 authParams.Properties["MSALRuntime_Password"] = acquireTokenByUsernamePasswordParameters.Password;
                 // For Linux broker, use the interactive flow with username password to get the token
-                if (Environment.GetEnvironmentVariable("TF_BUILD") != null && DesktopOsHelper.IsLinux()) {
+                if (Environment.GetEnvironmentVariable("TF_BUILD") != null && DesktopOsHelper.IsLinux())
+                {
                     using (NativeInterop.AuthResult result = await s_lazyCore.Value.SignInInteractivelyAsync(
                         XOpenDisplay(":1"),
                         authParams,
@@ -487,7 +491,9 @@ public async Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
                         var errorMessage = "Could not acquire token with username and password.";
                         msalTokenResponse = WamAdapters.HandleResponse(result, authenticationRequestParameters, _logger, errorMessage);
                     }
-                } else {
+                }
+                else
+                {
                     using (NativeInterop.AuthResult result = await s_lazyCore.Value.SignInSilentlyAsync(
                         authParams,
                         authenticationRequestParameters.CorrelationId.ToString("D"),
@@ -497,7 +503,6 @@ public async Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
                         msalTokenResponse = WamAdapters.HandleResponse(result, authenticationRequestParameters, _logger, errorMessage);
                     }
                 }
-                
             }
 
             return msalTokenResponse;

src/client/Microsoft.Identity.Client/IPublicClientApplication.cs

@@ -113,8 +113,8 @@ AcquireTokenByIntegratedWindowsAuthParameterBuilder AcquireTokenByIntegratedWind
         /// Available only for .NET Framework and .NET Core applications. See <see href="https://aka.ms/msal-net-up">our documentation</see> for details.       
         /// .NET no longer recommends using SecureString and MSAL puts the plaintext value of the password on the wire, as required by the OAuth protocol. See <see href="https://docs.microsoft.com/dotnet/api/system.security.securestring?view=net-6.0#remarks">SecureString documentation</see> for details.
         /// </remarks>
-        [Obsolete("Using SecureString is not recommended. Use AcquireTokenByUsernamePassword(IEnumerable<string> scopes, string username, string password) instead.", false)]
-        [EditorBrowsable(EditorBrowsableState.Never)]
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePassword(
             IEnumerable<string> scopes,
             string username,
@@ -133,6 +133,8 @@ AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePassword(
         /// <remarks>
         /// Available only for .NET Framework and .NET Core applications. See <see href="https://aka.ms/msal-net-up">our documentation</see> for details.
         /// </remarks>
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePassword(
             IEnumerable<string> scopes,
             string username,

src/client/Microsoft.Identity.Client/Internal/Broker/IBroker.cs

@@ -6,7 +6,9 @@
 using Microsoft.Identity.Client.Instance.Discovery;
 using Microsoft.Identity.Client.Internal.Requests;
 using Microsoft.Identity.Client.OAuth2;
+using System;
 using System.Collections.Generic;
+using System.ComponentModel;
 using System.Threading.Tasks;
 
 namespace Microsoft.Identity.Client.Internal.Broker
@@ -27,6 +29,8 @@ Task<MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
             AuthenticationRequestParameters authenticationRequestParameters,
             AcquireTokenSilentParameters acquireTokenSilentParameters);
 
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
             AuthenticationRequestParameters authenticationRequestParameters,
             AcquireTokenByUsernamePasswordParameters acquireTokenByUsernamePasswordParameters);

src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs

@@ -76,11 +76,12 @@ private async Task<MsalTokenResponse> GetTokenResponseAsync(CancellationToken ca
                 {
                     _logger.Info(LogMessages.CanInvokeBrokerAcquireTokenWithBroker);
 
+#pragma warning disable CS0618 // Type or member is obsolete
                     MsalTokenResponse brokerTokenResponse = await broker.AcquireTokenByUsernamePasswordAsync(
                         _requestParameters,
                         _usernamePasswordParameters)
                         .ConfigureAwait(false);
-
+#pragma warning restore CS0618
                     if (brokerTokenResponse != null)
                     {
                         _logger.Info("Broker attempt completed successfully. ");

src/client/Microsoft.Identity.Client/PublicClientApplication.cs

@@ -139,8 +139,8 @@ public AcquireTokenByIntegratedWindowsAuthParameterBuilder AcquireTokenByIntegra
         }
 
         /// <inheritdoc/>
-        [Obsolete("Using SecureString is not recommended. Use AcquireTokenByUsernamePassword(IEnumerable<string> scopes, string username, string password) instead.", false)]
-        [EditorBrowsable(EditorBrowsableState.Never)]
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         public AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePassword(
             IEnumerable<string> scopes,
             string username,
@@ -154,6 +154,8 @@ public AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePass
         }
 
         /// <inheritdoc/>
+        [Obsolete("This API has been deprecated, use a more secure flow. See https://aka.ms/msal-ropc-migration for migration guidance", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)] // deprecated, this API is no longer supported
         public AcquireTokenByUsernamePasswordParameterBuilder AcquireTokenByUsernamePassword(
             IEnumerable<string> scopes,
             string username,

tests/CacheCompat/CommonCache.Test.MsalV3/Program.cs

@@ -67,10 +67,12 @@ protected override async Task<IEnumerable<CacheExecutorAccountResult>> InternalE
                     }
                     catch (MsalUiRequiredException)
                     {
+                        #pragma warning disable CS0618 // Type or memeber is obsolete
                         var result = await app
                             .AcquireTokenByUsernamePassword(scopes, labUserData.Upn, labUserData.Password)
                             .ExecuteAsync(CancellationToken.None)
                             .ConfigureAwait(false);
+                        #pragma warning restore CS0618
 
                         if (string.IsNullOrWhiteSpace(result.AccessToken))
                         {

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/B2CUsernamePasswordIntegrationTests.cs

@@ -43,10 +43,12 @@ public async Task ROPC_B2C_Async()
                 .WithTestLogging()
                 .Build();
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             AuthenticationResult authResult = await msalPublicClient
                 .AcquireTokenByUsernamePassword(s_b2cScopes, user.Upn, user.GetOrFetchPassword())
                 .ExecuteAsync(CancellationToken.None)
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             Assert.IsNotNull(authResult);
             Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/CiamIntegrationTests.cs

@@ -60,10 +60,12 @@ private async Task RunCiamRopcTest(string authority, LabResponse labResponse)
                 .WithRedirectUri(_ciamRedirectUri)
                 .Build();
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             var result = await msalPublicClient
                 .AcquireTokenByUsernamePassword(_ciamScopes, labResponse.User.Upn, labResponse.User.GetOrFetchPassword())
                 .ExecuteAsync()
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             Assert.IsNotNull(result.AccessToken);
             Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
@@ -170,10 +172,12 @@ public async Task OBOCiam_CustomDomain_ReturnsValidTokens()
                 .WithRedirectUri(labResponse.App.RedirectUri)
                 .Build();
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             var result = await msalPublicClient
                 .AcquireTokenByUsernamePassword(new[] { labResponse.App.DefaultScopes }, labResponse.User.Upn, labResponse.User.GetOrFetchPassword())
                 .ExecuteAsync()
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             Assert.IsNotNull(result.AccessToken);
             Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs

@@ -223,10 +223,12 @@ public async Task ByRefreshTokenTestAsync()
                 .WithAuthority(labResponse.Lab.Authority, "organizations")
                 .BuildConcrete();
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             AuthenticationResult authResult = await msalPublicClient
                 .AcquireTokenByUsernamePassword(s_scopes, labResponse.User.Upn, labResponse.User.GetOrFetchPassword())
                 .ExecuteAsync(CancellationToken.None)
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             var confidentialApp = ConfidentialClientApplicationBuilder
                 .Create(labResponse.App.AppId)

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs

@@ -41,6 +41,7 @@ public async Task AuthorityMigrationAsync()
 
             Trace.WriteLine("Acquire a token using a not so common authority alias");
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             AuthenticationResult authResult = await pca.AcquireTokenByUsernamePassword(
                s_scopes,
                 user.Upn,
@@ -51,6 +52,7 @@ public async Task AuthorityMigrationAsync()
                 .WithTenantId(labResponse.Lab.TenantId)
                 .ExecuteAsync()
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             Assert.IsNotNull(authResult.AccessToken);
 
@@ -78,13 +80,15 @@ public async Task FailedAuthorityValidationTestAsync()
 
             Trace.WriteLine("Acquire a token using a not so common authority alias");
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             MsalServiceException exception = await AssertException.TaskThrowsAsync<MsalServiceException>(() =>
                  pca.AcquireTokenByUsernamePassword(
                     s_scopes,
                      user.Upn,
                      user.GetOrFetchPassword())
                      .ExecuteAsync())
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
 
             Assert.IsTrue(exception.Message.Contains("AADSTS50049"));
             Assert.AreEqual("invalid_instance", exception.ErrorCode);
@@ -104,13 +108,15 @@ public async Task AuthorityValidationTestWithFalseValidateAuthorityAsync()
 
             Trace.WriteLine("Acquire a token using a not so common authority alias");
 
+            #pragma warning disable CS0618 // Type or member is obsolete
             _ = await AssertException.TaskThrowsAsync<HttpRequestException>(() =>
                  pca.AcquireTokenByUsernamePassword(
                     s_scopes,
                      user.Upn,
                      user.GetOrFetchPassword())
                      .ExecuteAsync())
                 .ConfigureAwait(false);
+            #pragma warning restore CS0618
         }
 
         /// <summary>