in CredentialProvider.Microsoft/CredentialProviders/VstsBuildTaskServiceEndpoint/VstsBuildTaskServiceEndpointCredentialProvider.cs [62:151]
public override async Task<GetAuthenticationCredentialsResponse> HandleRequestAsync(GetAuthenticationCredentialsRequest request, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
Verbose(string.Format(Resources.IsRetry, request.IsRetry));
string uriString = request.Uri.AbsoluteUri;
bool externalEndpointFound = ExternalCredentials.TryGetValue(uriString, out ExternalEndpointCredentials matchingExternalEndpoint);
if (externalEndpointFound && !string.IsNullOrWhiteSpace(matchingExternalEndpoint.Password))
{
Verbose(string.Format(Resources.BuildTaskEndpointMatchingUrlFound, uriString));
return GetResponse(
matchingExternalEndpoint.Username,
matchingExternalEndpoint.Password,
null,
MessageResponseCode.Success);
}
bool endpointFound = Credentials.TryGetValue(uriString, out EndpointCredentials matchingEndpoint);
if (endpointFound && !string.IsNullOrWhiteSpace(matchingEndpoint.ClientId))
{
var authInfo = await AuthUtil.GetAuthorizationInfoAsync(request.Uri, cancellationToken);
Verbose(string.Format(Resources.UsingAuthority, authInfo.EntraAuthorityUri));
Verbose(string.Format(Resources.UsingTenant, authInfo.EntraTenantId));
var clientCertificate = GetCertificate(matchingEndpoint);
Info(clientCertificate == null
? (Resources.ClientCertificateNotFound)
: string.Format(Resources.UsingCertificate, clientCertificate.Subject));
IEnumerable<ITokenProvider> tokenProviders = await TokenProvidersFactory.GetAsync(authInfo.EntraAuthorityUri);
cancellationToken.ThrowIfCancellationRequested();
var tokenRequest = new TokenRequest()
{
IsRetry = request.IsRetry,
IsNonInteractive = true,
CanShowDialog = false,
IsWindowsIntegratedAuthEnabled = false,
InteractiveTimeout = TimeSpan.FromSeconds(EnvUtil.GetDeviceFlowTimeoutFromEnvironmentInSeconds(Logger)),
ClientId = matchingEndpoint.ClientId,
ClientCertificate = clientCertificate,
TenantId = authInfo.EntraTenantId
};
foreach(var tokenProvider in tokenProviders)
{
bool shouldRun = tokenProvider.CanGetToken(tokenRequest);
if (!shouldRun)
{
Verbose(string.Format(Resources.NotRunningBearerTokenProvider, tokenProvider.Name));
continue;
}
Verbose(string.Format(Resources.AttemptingToAcquireBearerTokenUsingProvider, tokenProvider.Name));
string bearerToken;
try
{
var result = await tokenProvider.GetTokenAsync(tokenRequest, cancellationToken);
bearerToken = result?.AccessToken;
}
catch (Exception ex)
{
Verbose(string.Format(Resources.BearerTokenProviderException, tokenProvider.Name, ex));
continue;
}
if (string.IsNullOrWhiteSpace(bearerToken))
{
Verbose(string.Format(Resources.BearerTokenProviderReturnedNull, tokenProvider.Name));
continue;
}
Info(string.Format(Resources.AcquireBearerTokenSuccess, tokenProvider.Name));
return GetResponse(
matchingEndpoint.ClientId,
bearerToken,
null,
MessageResponseCode.Success);
}
}
Verbose(string.Format(Resources.BuildTaskEndpointNoMatchingUrl, uriString));
return GetResponse(
null,
null,
string.Format(Resources.BuildTaskFailedToAuthenticate, uriString),
MessageResponseCode.Error);
}