in pkg/internal/token/adalclientcertcredential.go [57:84]
func (c *ADALClientCertCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
// Get the certificate and private key from cert file
cert, rsaPrivateKey, err := readCertificate(c.clientCert, c.clientCertPassword)
if err != nil {
return azcore.AccessToken{}, fmt.Errorf("failed to read certificate: %w", err)
}
// to keep backward compatibility,
// 1. we only support one resource
// 2. we remove the "/.default" suffix from the resource
resource := strings.Replace(opts.Scopes[0], "/.default", "", 1)
spt, err := adal.NewServicePrincipalTokenFromCertificate(
c.oAuthConfig,
c.clientID,
cert,
rsaPrivateKey,
resource)
if err != nil {
return azcore.AccessToken{}, fmt.Errorf("failed to create service principal token using secret: %w", err)
}
if err := spt.EnsureFreshWithContext(ctx); err != nil {
return azcore.AccessToken{}, err
}
token := spt.Token()
return azcore.AccessToken{Token: token.AccessToken, ExpiresOn: token.Expires()}, nil
}