Identity ga doc updates (Azure#36304)

* Doc updates

Updates to match the August GA.

* Doc updates

Updates to match the August GA.

* feedback address

* add msal logging to tsg

* add section

* Update sdk/identity/azure-identity/README.md

Co-authored-by: Paul Van Eck <[email protected]>

* Update sdk/identity/azure-identity/README.md

Co-authored-by: Paul Van Eck <[email protected]>

* feedback

* feedback

* Update sdk/identity/azure-identity/README.md

Co-authored-by: Scott Addie <[email protected]>

* Update sdk/identity/azure-identity/TOKEN_CACHING.md

Co-authored-by: Scott Addie <[email protected]>

* Update sdk/identity/azure-identity/TOKEN_CACHING.md

Co-authored-by: Scott Addie <[email protected]>

* feedback

* Remove cache filenames after discussion

* Update sdk/identity/azure-identity/TROUBLESHOOTING.md

Co-authored-by: Scott Addie <[email protected]>

* Update sdk/identity/azure-identity/README.md

Co-authored-by: Scott Addie <[email protected]>

---------

Co-authored-by: Paul Van Eck <[email protected]>
Co-authored-by: Scott Addie <[email protected]>

Author: 3 people

sdk/identity/azure-identity/README.md

@@ -96,6 +96,12 @@ The `DefaultAzureCredential` will attempt to authenticate via the following mech
 6. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
 7. **Azure PowerShell** - If the developer has authenticated an account via the Azure PowerShell `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
 
+#### Continuation policy
+
+As of v1.10.0, `DefaultAzureCredential` will attempt to authenticate with all developer credentials until one succeeds, regardless of any errors previous developer credentials experienced. For example, a developer credential may attempt to get a token and fail, so `DefaultAzureCredential` will continue to the next credential in the flow. Deployed service credentials will stop the flow with a thrown exception if they're able to attempt token retrieval, but don't receive one.
+
+This allows for trying all of the developer credentials on your machine while having predictable deployed behavior.
+
 #### Note about `VisualStudioCodeCredential`
 
 Due to a [known issue](https://github.com/Azure/azure-sdk-for-java/issues/27364), `VisualStudioCodeCredential` has been removed from the `DefaultAzureCredential` token chain. When the issue is resolved in a future release, this change will be reverted.
@@ -532,6 +538,10 @@ Credentials can be chained together to be tried in turn until one succeeds using
 
 Configuration is attempted in the above order. For example, if values for a client secret and certificate are both present, the client secret will be used.
 
+## Continuous Access Evaluation
+
+As of v1.10.0, accessing resources protected by [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) (CAE) is possible on a per-request basis. This can be enabled using the [`TokenRequestContext.setCaeEnabled(boolean)` API](https://learn.microsoft.com/java/api/com.azure.core.credential.tokenrequestcontext?view=azure-java-stable#com-azure-core-credential-tokenrequestcontext-setcaeenabled(boolean)). CAE isn't supported for developer credentials.
+
 ## Token caching
 Token caching is a feature provided by the Azure Identity library that allows apps to:
 - Cache tokens in memory (default) or on disk (opt-in).

sdk/identity/azure-identity/TOKEN_CACHING.md

@@ -16,6 +16,10 @@ Token caching, via the Azure Identity library, allows the app to store this acce
 
 **Note:** When Azure Identity library credentials are used with Azure service libraries (for example, Azure Blob Storage), the in-memory token caching is active in the `HttpPipeline` layer as well. All `TokenCredential` implementations are supported there, including custom implementations external to the Azure Identity library.
 
+#### Caching cannot be disabled
+
+As there are many levels of cache, it's not possible disable in-memory caching. However, the in-memory cache may be cleared by creating a new credential instance.
+
 ### Persistent token caching
 
 *Persistent disk token caching* is an opt-in feature in the Azure Identity library. The feature allows apps to cache access tokens in an encrypted, persistent storage mechanism. As indicated in the following table, the storage mechanism differs across operating systems.

sdk/identity/azure-identity/TROUBLESHOOTING.md

@@ -72,6 +72,8 @@ This error contains several pieces of information:
 
 Azure SDK for Java offers a consistent logging story to help aid in troubleshooting application errors and expedite their resolution. The logs produced will capture the flow of an application before reaching the terminal state to help locate the root issue. View the [logging](https://learn.microsoft.com/azure/developer/java/sdk/logging-overview) documentation for guidance to enable logging.
 
+The underlying MSAL library, MSAL4J, also has detailed logging. It is highly verbose and will include all PII including tokens. This logging is most useful when working with product support. As of v1.10.0, credentials which offer this logging will have a method called `enableUnsafeSupportLogging()`.
+
 > CAUTION: Requests and responses in the Azure Identity library contain sensitive information. Precaution must be taken to protect logs when customizing the output to avoid compromising account security.
 
 ## Troubleshoot `DefaultAzureCredential` authentication issues