// Copyright (c) Microsoft. All rights reserved. // // Licensed under the MIT license. using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.Artifacts.Authentication; using Microsoft.Extensions.Logging; using Microsoft.Identity.Client; using NuGetCredentialProvider.Util; namespace NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint; internal class VstsBuildTaskMsalTokenProvidersFactory : ITokenProvidersFactory { private readonly ILogger logger; public VstsBuildTaskMsalTokenProvidersFactory(ILogger logger) { this.logger = logger; } public Task<IEnumerable<ITokenProvider>> GetAsync(Uri authority) { var app = AzureArtifacts.CreateDefaultBuilder(authority) .WithBroker(EnvUtil.MsalAllowBrokerEnabled(), logger) .WithHttpClientFactory(HttpClientFactory.Default) .WithLogging( (level, message, containsPii) => { // We ignore containsPii param because we are passing in enablePiiLogging below. logger.LogTrace("MSAL Log ({level}): {message}", level, message); }, enablePiiLogging: EnvUtil.GetLogPIIEnabled() ) .Build(); return Task.FromResult(ConstructTokenProvidersList(app)); } private IEnumerable<ITokenProvider> ConstructTokenProvidersList(IPublicClientApplication app) { yield return new MsalServicePrincipalTokenProvider(app, logger); yield return new MsalManagedIdentityTokenProvider(app, logger); } }