in CredentialProvider.Microsoft/CredentialProviders/Vsts/IAuthUtil.cs [47:86]
public async Task<Uri> GetAadAuthorityUriAsync(Uri uri, CancellationToken cancellationToken)
{
var environmentAuthority = EnvUtil.GetAuthorityFromEnvironment(logger);
if (environmentAuthority != null)
{
return environmentAuthority;
}
var headers = await GetResponseHeadersAsync(uri, cancellationToken);
var bearerHeaders = headers.WwwAuthenticate.Where(x => x.Scheme.Equals("Bearer", StringComparison.Ordinal));
foreach (var param in bearerHeaders)
{
if (param.Parameter == null)
{
// MSA-backed accounts don't expose a parameter
continue;
}
var equalSplit = param.Parameter.Split(new[] { "=" }, StringSplitOptions.RemoveEmptyEntries);
if (equalSplit.Length == 2)
{
if (equalSplit[0].Equals("authorization_uri", StringComparison.OrdinalIgnoreCase))
{
if (Uri.TryCreate(equalSplit[1], UriKind.Absolute, out Uri parsedUri))
{
logger.Verbose(string.Format(Resources.FoundAADAuthorityFromHeaders, parsedUri));
return parsedUri;
}
}
}
}
// Return the common tenant
var aadBase = UsePpeAadUrl(uri) ? "https://login.windows-ppe.net" : "https://login.microsoftonline.com";
logger.Verbose(string.Format(Resources.AADAuthorityNotFound, aadBase));
var tenant = EnvUtil.MsalEnabled() ? OrganizationsTenant: CommonTenant;
return new Uri($"{aadBase}/{tenant}");
}