CredentialProvider.Microsoft/CredentialProviders/Vsts/VstsSessionTokenFromBearerTokenProvider.cs (51 lines of code) (raw):
// Copyright (c) Microsoft. All rights reserved.
//
// Licensed under the MIT license.
using System;
using System.Threading;
using System.Threading.Tasks;
using NuGet.Protocol.Plugins;
using NuGetCredentialProvider.Logging;
using NuGetCredentialProvider.Util;
namespace NuGetCredentialProvider.CredentialProviders.Vsts
{
public class VstsSessionTokenFromBearerTokenProvider : IAzureDevOpsSessionTokenFromBearerTokenProvider
{
private const double DefaultSessionTimeHours = 4;
private const double DefaultPersonalAccessTimeHours = 2160; // 90 days
private readonly IAuthUtil authUtil;
private readonly ILogger logger;
public VstsSessionTokenFromBearerTokenProvider(IAuthUtil authUtil, ILogger logger)
{
this.authUtil = authUtil;
this.logger = logger;
}
public async Task<string> GetAzureDevOpsSessionTokenFromBearerToken(
GetAuthenticationCredentialsRequest request,
string bearerToken,
bool bearerTokenObtainedInteractively,
CancellationToken cancellationToken)
{
// Allow the user to choose their token type
// If they don't and interactive auth was required, then prefer a PAT so we can safely default to a much longer validity period
VstsTokenType tokenType = EnvUtil.GetVstsTokenType() ??
(bearerTokenObtainedInteractively
? VstsTokenType.Compact
: VstsTokenType.SelfDescribing);
// Allow the user to override the validity period
TimeSpan? preferredTokenTime = EnvUtil.GetSessionTimeFromEnvironment(logger);
TimeSpan sessionTimeSpan;
if (tokenType == VstsTokenType.Compact)
{
// Allow Personal Access Tokens to be as long as SPS will grant, since they're easily revokable
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultPersonalAccessTimeHours);
}
else
{
// But limit self-describing session tokens to a strict 24 hours, since they're harder to revoke
sessionTimeSpan = preferredTokenTime ?? TimeSpan.FromHours(DefaultSessionTimeHours);
if (sessionTimeSpan >= TimeSpan.FromHours(24))
{
sessionTimeSpan = TimeSpan.FromHours(24);
}
}
DateTime endTime = DateTime.UtcNow + sessionTimeSpan;
logger.Verbose(string.Format(Resources.VSTSSessionTokenValidity, tokenType.ToString(), sessionTimeSpan.ToString(), endTime.ToUniversalTime().ToString()));
VstsSessionTokenClient sessionTokenClient = new VstsSessionTokenClient(request.Uri, bearerToken, authUtil, this.logger);
return await sessionTokenClient.CreateSessionTokenAsync(tokenType, endTime, cancellationToken);
}
}
}