Support overrides of token issuer from environment variables

[HarmanDhunna]

This pr intends to add support for overrides of issuer for token validation.

Introducing new properties:

• AuthenticationEvents__AuthorityUrl
• AuthenticationEvents__AuthorizedPartyAppId

Removing:

• AuthenticationEvents__TenantId

NOTE: This PR will break current API contract.

With the above combined with and AuthenticationEvents__AudienceAppId a developer can define their own application for token validation.

Another property we are including is AuthenticationEvents__ShowPIIDataInLogs (false by default) which can only be configured as Environment Variable. This property allows the developer to see PII data in the logs. Currently we are only checking this flag for token validation, and logging PII data if token validation fails.

There is no change to the API with this.

Example usages:
When setting it up in Azure Function Attributes:

[FunctionName("onTokenIssuanceStart")]
public async static Task<AuthenticationEventResponse> Run(
    [AuthenticationEventsTrigger(
    AudienceAppId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx1",
    AuthorityUrl = "https://odiccondig",
    AuthorizedPartyAppId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx2")] TokenIssuanceStartRequest request, ILogger log) 

When setting it up in Azure Function Environment variables:

End to End Validation:

[x] Success Scenario : 200

[x] No Access Token : 401

[x] Invalid AuthorityUrl: 401

2024-03-02T08:24:25Z   [Error]   IDX20807: Unable to retrieve document from: 'https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx2/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  Cache-Control: private
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Methods: GET, OPTIONS
  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
  x-ms-request-id: c17ce315-a84e-4c67-9761-19f9becdda01
  x-ms-ests-server: 2.1.17396.8 - NCUS ProdSlices
  X-XSS-Protection: 0
  Set-Cookie: fpc= ...x
  Set-Cookie: esctx= ...x
  Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; httponly
  Set-Cookie: stsservicecookie=estsfd; path=/; secure; httponly
  Date: Sat, 02 Mar 2024 08:24:24 GMT
  Content-Type: application/json; charset=utf-8
  Content-Length: 681
}', HttpResponseMessage.Content: '{"error":"invalid_tenant","error_description":"AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx2' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. Trace ID: xxx Correlation ID: xxx Timestamp: 2024-03-02 08:24:24Z","error_codes":[90002],"timestamp":"2024-03-02 08:24:24Z","trace_id":"xxx","correlation_id":"xxx","error_uri":"https://login.microsoftonline.com/error?code=90002"}'.

[x] Invalid Audience: 401

2024-03-02T00:29:50Z   [Error]   IDX10214: Audience validation failed. Audiences: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx1'. Did not match: validationParameters.ValidAudience: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx2' or validationParameters.ValidAudiences: 'null'.

[x] Invalid Authorized App Party ID: 401

2024-03-02T00:11:40Z   [Error]   Authorized Party Application ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx1' from token does match Authentication Event Trigger configuration AuthorizedPartyAppId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx2'.

[azure-sdk]

API change check

APIView has identified API level changes in this PR and created following API reviews.

Microsoft.Azure.WebJobs.Extensions.AuthenticationEvents

[HarmanDhunna]

@hakimms Tried adding you as a reviewer but your name isn't coming up. Can you give this a review please?