Commit 2ec4c2f
committed
msauth: surface the authentication flow on the result
Two consumer needs the current result shape can't answer:
- "Did MSAL prompt the user to acquire this token?" Useful for
diagnostics, telemetry, and consumer policy: silent paths can
be retried more aggressively, interactive paths cost the user
real time.
- "Which technique did MSAL use?" Same audiences plus the
ability to distinguish broker-cached from MSAL-cached tokens
(different revocation and tenant-switch behaviour), or to
detect device-code use (often a fallback rather than the
user's first preference).
Add a public `MicrosoftAuthenticationFlow` enum and a `Flow`
property on `IMicrosoftAuthenticationResult` so consumers can read
both signals. No consumer reads `Flow` today — surfacing it now is
preparation for picker policy, future telemetry, and trace
diagnostics that already had no good way to learn this without
re-deriving it from log scraping.
The enum collapses non-interactive paths into named buckets
(`ServicePrincipal`, `ManagedIdentity`, `WorkloadFederation`,
`Silent`, `BrokerSilent`) rather than a single `NonInteractive`
value: the distinction is cheap to populate and the names carry
useful diagnostic information for free. `Silent` vs `BrokerSilent`
is determined at the silent return site by inspecting MSAL's own
`AuthenticationResultMetadata.TokenSource` — tokens returned by
the broker carry `TokenSource.Broker`, everything else (MSAL's
own cache, or a refresh against the identity provider) does not.
A small `ClassifySilent` helper inside `MicrosoftAuthentication`
keeps the lookup in one place.
The interactive bucket splits the same way the existing private
`InteractiveFlowType` enum already does: `BrokerInteractive`,
`EmbeddedWebView`, `SystemWebView`, `DeviceCode`. `BrokerInteractive`
(rather than just `Broker`) is named symmetrically with
`BrokerSilent` so a reader looking at one finds the other.
"Interactive" is exposed as an `IsInteractive()` extension method
on the enum, not as a property on the result. This keeps the
result interface minimal and works for callers that have a flow
value from elsewhere (e.g. an enum field on a stored request).
The OS-account-default flow does silent token acquisition
followed by a GCM-side "continue with current account?"
confirmation prompt — the token itself was acquired silently, so
the flow is `Silent` or `BrokerSilent`; the confirmation prompt
is GCM chrome that isn't reflected here.
Workload federation reports itself as `WorkloadFederation` even
though `GetTokenUsingWorkloadFederationAsync` internally calls
`GetTokenForManagedIdentityAsync`: the intermediate MI result is
private to the WIF path, and the surfaced result describes the
outer top-level call.
`MsalResult`'s constructor grows a `MicrosoftAuthenticationFlow`
parameter; every call site supplies a real value, so no `Unknown`
sentinel is needed on the public surface. The test fake
`AzureReposHostProviderTests.MockMsAuthResult` grows the property
to satisfy the interface; nothing reads it.
Assisted-by: Claude Opus 4.7
Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>1 parent a99750a commit 2ec4c2f
2 files changed
Lines changed: 84 additions & 5 deletions
File tree
Lines changed: 83 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
102 | 102 | | |
103 | 103 | | |
104 | 104 | | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
105 | 160 | | |
106 | 161 | | |
107 | 162 | | |
| |||
297 | 352 | | |
298 | 353 | | |
299 | 354 | | |
| 355 | + | |
300 | 356 | | |
301 | 357 | | |
302 | 358 | | |
| |||
316 | 372 | | |
317 | 373 | | |
318 | 374 | | |
| 375 | + | |
319 | 376 | | |
320 | 377 | | |
321 | 378 | | |
| |||
359 | 416 | | |
360 | 417 | | |
361 | 418 | | |
| 419 | + | |
| 420 | + | |
| 421 | + | |
| 422 | + | |
362 | 423 | | |
363 | 424 | | |
364 | 425 | | |
| |||
369 | 430 | | |
370 | 431 | | |
371 | 432 | | |
| 433 | + | |
372 | 434 | | |
373 | 435 | | |
374 | 436 | | |
| |||
395 | 457 | | |
396 | 458 | | |
397 | 459 | | |
| 460 | + | |
398 | 461 | | |
399 | 462 | | |
400 | 463 | | |
| |||
404 | 467 | | |
405 | 468 | | |
406 | 469 | | |
| 470 | + | |
407 | 471 | | |
408 | 472 | | |
409 | 473 | | |
| |||
412 | 476 | | |
413 | 477 | | |
414 | 478 | | |
| 479 | + | |
415 | 480 | | |
416 | 481 | | |
417 | 482 | | |
| |||
420 | 485 | | |
421 | 486 | | |
422 | 487 | | |
423 | | - | |
| 488 | + | |
424 | 489 | | |
425 | 490 | | |
426 | 491 | | |
| |||
438 | 503 | | |
439 | 504 | | |
440 | 505 | | |
441 | | - | |
| 506 | + | |
442 | 507 | | |
443 | 508 | | |
444 | 509 | | |
| |||
462 | 527 | | |
463 | 528 | | |
464 | 529 | | |
465 | | - | |
| 530 | + | |
466 | 531 | | |
467 | 532 | | |
468 | 533 | | |
| |||
482 | 547 | | |
483 | 548 | | |
484 | 549 | | |
485 | | - | |
| 550 | + | |
486 | 551 | | |
487 | 552 | | |
488 | 553 | | |
| |||
1173 | 1238 | | |
1174 | 1239 | | |
1175 | 1240 | | |
1176 | | - | |
| 1241 | + | |
1177 | 1242 | | |
1178 | 1243 | | |
1179 | 1244 | | |
| 1245 | + | |
1180 | 1246 | | |
1181 | 1247 | | |
1182 | 1248 | | |
1183 | 1249 | | |
| 1250 | + | |
1184 | 1251 | | |
| 1252 | + | |
| 1253 | + | |
| 1254 | + | |
| 1255 | + | |
| 1256 | + | |
| 1257 | + | |
| 1258 | + | |
| 1259 | + | |
| 1260 | + | |
| 1261 | + | |
| 1262 | + | |
1185 | 1263 | | |
1186 | 1264 | | |
Lines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1088 | 1088 | | |
1089 | 1089 | | |
1090 | 1090 | | |
| 1091 | + | |
1091 | 1092 | | |
1092 | 1093 | | |
1093 | 1094 | | |
0 commit comments