microsoft · harsimar · Apr 11, 2025 · Mar 4, 2025 · Mar 4, 2025 · Mar 4, 2025
@@ -8,7 +8,7 @@ on:
         required: false
 
 env:
-  EXPORTER_VERSION: 1.0.0-beta.1 # to be updated with the latest version
+  EXPORTER_VERSION: 1.1.0 # to be updated with the latest version
 
 jobs:
   spotless:

@@ -1,4 +1,6 @@
 # CHANGELOG
+## Version 3.7.2 GA (Unreleased)
+* Support for using the AAD Audience from the connection string ([#4121](https://github.com/microsoft/ApplicationInsights-Java/pull/4121))
 
 ## Version 3.7.1 GA (02/26/2025)
 

diff --git a/agent/agent-tooling/build.gradle.kts b/agent/agent-tooling/build.gradle.kts
@@ -21,7 +21,8 @@ dependencies {
   implementation(project(":agent:agent-profiler:agent-diagnostics"))
   implementation(project(":etw:java"))
 
-  implementation("com.azure:azure-monitor-opentelemetry-autoconfigure:1.0.0")
+  implementation("com.azure:azure-monitor-opentelemetry-autoconfigure:1.1.0")
+
   compileOnly("io.opentelemetry.javaagent:opentelemetry-javaagent-bootstrap")
   compileOnly("io.opentelemetry.javaagent:opentelemetry-javaagent-tooling")
   compileOnly("io.opentelemetry.javaagent:opentelemetry-javaagent-tooling-java9")

diff --git a/agent/agent-tooling/gradle.lockfile b/agent/agent-tooling/gradle.lockfile
@@ -9,7 +9,7 @@ com.azure:azure-core-http-netty:1.15.10=runtimeClasspath
 com.azure:azure-core:1.55.2=runtimeClasspath
 com.azure:azure-identity:1.15.4=runtimeClasspath
 com.azure:azure-json:1.4.0=runtimeClasspath
-com.azure:azure-monitor-opentelemetry-autoconfigure:1.0.0=runtimeClasspath
+com.azure:azure-monitor-opentelemetry-autoconfigure:1.1.0=runtimeClasspath
 com.azure:azure-sdk-bom:1.2.32=runtimeClasspath
 com.azure:azure-storage-blob:12.29.1=runtimeClasspath
 com.azure:azure-storage-common:12.28.1=runtimeClasspath

@@ -37,9 +37,6 @@
 
 public class LazyHttpClient implements HttpClient {
 
-  private static final String APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE =
-      "https://monitor.azure.com//.default";
-
   private static final HttpClient INSTANCE = new LazyHttpClient();
 
   public static final CountDownLatch safeToInitLatch = new CountDownLatch(1);
@@ -113,16 +110,18 @@ private static HttpClient init() {
   }
 
   public static HttpPipeline newHttpPipeLineWithDefaultRedirect(
-      @Nullable Configuration.AadAuthentication aadConfiguration) {
-    return newHttpPipeLine(aadConfiguration, new RedirectPolicy(new DefaultRedirectStrategy()));
+      @Nullable Configuration.AadAuthentication aadConfiguration, String aadAudienceWithScope) {
+    return newHttpPipeLine(
+        aadConfiguration, aadAudienceWithScope, new RedirectPolicy(new DefaultRedirectStrategy()));
   }
 
   public static HttpPipeline newHttpPipeLine(
       @Nullable Configuration.AadAuthentication aadConfiguration,
+      String aadAudienceWithScope,
       HttpPipelinePolicy... additionalPolicies) {
     List<HttpPipelinePolicy> policies = new ArrayList<>();
     if (aadConfiguration != null && aadConfiguration.enabled) {
-      policies.add(getAuthenticationPolicy(aadConfiguration));
+      policies.add(getAuthenticationPolicy(aadConfiguration, aadAudienceWithScope));
     }
     policies.addAll(asList(additionalPolicies));
     // Add Logging Policy. Can be enabled using AZURE_LOG_LEVEL.
@@ -144,31 +143,31 @@ public Mono<HttpResponse> send(HttpRequest request, Context context) {
   }
 
   private static HttpPipelinePolicy getAuthenticationPolicy(
-      Configuration.AadAuthentication configuration) {
+      Configuration.AadAuthentication configuration, String aadAudienceWithScope) {
     switch (configuration.type) {
       case UAMI:
-        return getAuthenticationPolicyWithUami(configuration);
+        return getAuthenticationPolicyWithUami(configuration, aadAudienceWithScope);
       case SAMI:
-        return getAuthenticationPolicyWithSami();
+        return getAuthenticationPolicyWithSami(aadAudienceWithScope);
       case VSCODE:
-        return getAuthenticationPolicyWithVsCode();
+        return getAuthenticationPolicyWithVsCode(aadAudienceWithScope);
       case CLIENTSECRET:
-        return getAuthenticationPolicyWithClientSecret(configuration);
+        return getAuthenticationPolicyWithClientSecret(configuration, aadAudienceWithScope);
     }
     throw new IllegalStateException(
         "Invalid Authentication Type used in AAD Authentication: " + configuration.type);
   }
 
   private static HttpPipelinePolicy getAuthenticationPolicyWithUami(
-      Configuration.AadAuthentication configuration) {
+      Configuration.AadAuthentication configuration, String aadAudienceWithScope) {
     ManagedIdentityCredentialBuilder managedIdentityCredential =
         new ManagedIdentityCredentialBuilder().clientId(configuration.clientId);
     return new BearerTokenAuthenticationPolicy(
-        managedIdentityCredential.build(), APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE);
+        managedIdentityCredential.build(), aadAudienceWithScope);
   }
 
   private static HttpPipelinePolicy getAuthenticationPolicyWithClientSecret(
-      Configuration.AadAuthentication configuration) {
+      Configuration.AadAuthentication configuration, String aadAudienceWithScope) {
     ClientSecretCredentialBuilder credential =
         new ClientSecretCredentialBuilder()
             .tenantId(configuration.tenantId)
@@ -177,21 +176,18 @@ private static HttpPipelinePolicy getAuthenticationPolicyWithClientSecret(
     if (configuration.authorityHost != null) {
       credential.authorityHost(configuration.authorityHost);
     }
-    return new BearerTokenAuthenticationPolicy(
-        credential.build(), APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE);
+    return new BearerTokenAuthenticationPolicy(credential.build(), aadAudienceWithScope);
   }
 
-  private static HttpPipelinePolicy getAuthenticationPolicyWithVsCode() {
+  private static HttpPipelinePolicy getAuthenticationPolicyWithVsCode(String aadAudienceWithScope) {
     VisualStudioCodeCredential visualStudioCodeCredential =
         new VisualStudioCodeCredentialBuilder().build();
-    return new BearerTokenAuthenticationPolicy(
-        visualStudioCodeCredential, APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE);
+    return new BearerTokenAuthenticationPolicy(visualStudioCodeCredential, aadAudienceWithScope);
   }
 
-  private static HttpPipelinePolicy getAuthenticationPolicyWithSami() {
+  private static HttpPipelinePolicy getAuthenticationPolicyWithSami(String aadAudienceWithScope) {
     ManagedIdentityCredential managedIdentityCredential =
         new ManagedIdentityCredentialBuilder().build();
-    return new BearerTokenAuthenticationPolicy(
-        managedIdentityCredential, APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE);
+    return new BearerTokenAuthenticationPolicy(managedIdentityCredential, aadAudienceWithScope);
   }
 }
@@ -201,7 +201,9 @@ public void customize(AutoConfigurationCustomizer autoConfiguration) {
     if (telemetryClient.getConnectionString() != null) {
       statsbeatModule.start(
           AzureMonitorHelper.createStatsbeatTelemetryItemExporter(
-              LazyHttpClient.newHttpPipeLine(null), statsbeatModule, tempDir),
+              LazyHttpClient.newHttpPipeLine(null, telemetryClient.getAadAudienceWithScope()),
+              statsbeatModule,
+              tempDir),
           telemetryClient::getStatsbeatConnectionString,
           telemetryClient::getInstrumentationKey,
           configuration.internal.statsbeat.disabledAll,
@@ -224,7 +226,8 @@ public void customize(AutoConfigurationCustomizer autoConfiguration) {
     if (configuration.preview.liveMetrics.enabled) {
       quickPulse =
           QuickPulse.create(
-              LazyHttpClient.newHttpPipeLineWithDefaultRedirect(configuration.authentication),
+              LazyHttpClient.newHttpPipeLineWithDefaultRedirect(
+                  configuration.authentication, telemetryClient.getAadAudienceWithScope()),
               () -> {
                 ConnectionString connectionString = telemetryClient.getConnectionString();
                 return connectionString == null ? null : connectionString.getLiveEndpoint();

@@ -121,6 +121,7 @@ private synchronized void performInit() {
     httpPipeline =
         LazyHttpClient.newHttpPipeLine(
             telemetryClient.getAadAuthentication(),
+            telemetryClient.getAadAudienceWithScope(),
             new RedirectPolicy(
                 new DefaultRedirectStrategy(
                     3,

@@ -85,6 +85,9 @@ public class TelemetryClient {
   @Nullable private volatile BatchItemProcessor metricsBatchItemProcessor;
   @Nullable private volatile BatchItemProcessor statsbeatBatchItemProcessor;
 
+  private static final String APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE =
+      "https://monitor.azure.com//.default";
+
   public static TelemetryClient.Builder builder() {
     return new TelemetryClient.Builder();
   }
@@ -223,10 +226,13 @@ public BatchItemProcessor getMetricsBatchItemProcessor() {
 
   private BatchItemProcessor initBatchItemProcessor(
       int exportQueueCapacity, int maxExportBatchSize, String queueName) {
-
+    // logger.info("Connection string telemetryclient: {}", connectionString.getOriginalString());
+    // logger.info("Statsbeat connection string telemetryclient: {}",
+    // statsbeatConnectionString.getInstrumentationKey());
     HttpPipeline httpPipeline =
         LazyHttpClient.newHttpPipeLine(
             aadAuthentication,
+            getAadAudienceWithScope(),
             new NetworkStatsbeatHttpPipelinePolicy(statsbeatModule.getNetworkStatsbeat()));
     // TODO (heya) refactor the following by using AzureMonitorHelper.createTelemetryItemExporter by
     // passing in getNonessentialStatsbeat
@@ -353,6 +359,13 @@ public ConnectionString getConnectionString() {
     return connectionString;
   }
 
+  public String getAadAudienceWithScope() {
+    if (connectionString == null) {
+      return APPLICATIONINSIGHTS_AUTHENTICATION_SCOPE;
+    }
+    return connectionString.getAadAudienceWithScope();
+  }
+
   @Nullable
   public String getRoleName() {
     return roleName;