[Identity] Beta release prep (Azure#29813)

* [Identity] Beta release prep

Re-enabled some beta features and updated the changelog.

Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>

* Add mising import

Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>

---------

Signed-off-by: Paul Van Eck <paulvaneck@microsoft.com>

sdk/identity/azure-identity/CHANGELOG.md

@@ -1,18 +1,11 @@
 # Release History
 
-## 1.13.0 (Unreleased)
+## 1.13.0b4 (2023-04-11)
 
 ### Features Added
 
 - Credentials that are implemented via launching a subprocess to acquire tokens now have configurable timeouts using the `process_timeout` keyword argument. This addresses scenarios where these proceses can take longer than the current default timeout values. The affected credentials are `AzureCliCredential`, `AzureDeveloperCliCredential`, and `AzurePowerShellCredential`. (Note: For `DefaultAzureCredential`, the `developer_credential_timeout` keyword argument allows users to propagate this option to `AzureCliCredential`, `AzureDeveloperCliCredential`, and `AzurePowerShellCredential` in the authentication chain.) ([#28290](https://github.com/Azure/azure-sdk-for-python/pull/28290))
 
-### Breaking Changes
-
-> These changes do not impact the API of stable versions such as 1.12.0.
-> Only code written against a beta version such as 1.13.0b3 may be affected.
-- Windows Web Account Manager (WAM) Brokered Authentication is still in preview and not available in this release. It will be available in the next beta release.
-- Additional Continuous Access Evaluation (CAE) support for service principal credentials is still in preview and not available in this release. It will be available in the next beta release.
-
 ## 1.13.0b3 (2023-03-07)
 
 ### Features Added

sdk/identity/azure-identity/azure/identity/_credentials/browser.py

@@ -39,6 +39,10 @@ class InteractiveBrowserCredential(InteractiveCredential):
         will cache tokens in memory.
     :paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
     :keyword int timeout: seconds to wait for the user to complete authentication. Defaults to 300 (5 minutes).
+    :keyword bool allow_broker: Brokers provide single sign-on, device identification, and application identification
+        verification. If this parameter is set to True, the broker will be used when possible. Defaults to False.
+        Check https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-acquire-token-wam
+        for more WAM information.
     :raises ValueError: invalid **redirect_uri**
     """
 

sdk/identity/azure-identity/azure/identity/_credentials/user_password.py

@@ -33,6 +33,10 @@ class UsernamePasswordCredential(InteractiveCredential):
         "organizations" tenant, which supports only Azure Active Directory work or school accounts.
     :keyword cache_persistence_options: Configuration for persistent token caching. If unspecified, the credential
         will cache tokens in memory.
+    :keyword bool allow_broker: Brokers provide single sign-on, device identification, and application identification
+        verification. If this parameter is set to True, the broker will be used when possible. Defaults to False.
+        Check https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-acquire-token-wam
+        for more WAM information.
     :paramtype cache_persistence_options: ~azure.identity.TokenCachePersistenceOptions
     :keyword List[str] additionally_allowed_tenants: Specifies tenants in addition to the specified "tenant_id"
         for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to

sdk/identity/azure-identity/azure/identity/_internal/aad_client_base.py

@@ -5,6 +5,7 @@
 import abc
 import base64
 import json
+import os
 import time
 from uuid import uuid4
 from typing import TYPE_CHECKING, List, Any, Iterable, Optional, Union, Dict
@@ -17,6 +18,7 @@
 from azure.core.pipeline.transport import HttpRequest
 from azure.core.credentials import AccessToken
 from azure.core.exceptions import ClientAuthenticationError
+from .._constants import EnvironmentVariables
 from .utils import get_default_authority, normalize_authority, resolve_tenant
 from .aadclient_certificate import AadClientCertificate
 
@@ -52,7 +54,7 @@ def __init__(
 
         self._cache = cache or TokenCache()
         self._client_id = client_id
-        self._capabilities = None
+        self._capabilities = None if EnvironmentVariables.AZURE_IDENTITY_DISABLE_CP1 in os.environ else ["CP1"]
         self._additionally_allowed_tenants = additionally_allowed_tenants or []
         self._pipeline = self._build_pipeline(**kwargs)
 

sdk/identity/azure-identity/azure/identity/_internal/msal_credentials.py

@@ -22,7 +22,7 @@ def __init__(
             client_credential: Optional[Union[str, Dict]] = None,
             *,
             additionally_allowed_tenants: Optional[List[str]] = None,
-            # allow_broker: Optional[bool] = None,
+            allow_broker: Optional[bool] = None,
             authority: Optional[str] = None,
             disable_instance_discovery: Optional[bool] = None,
             tenant_id: Optional[str] = None,
@@ -39,7 +39,7 @@ def __init__(
         self._client_applications: Dict[str, msal.ClientApplication] = {}
         self._client_credential = client_credential
         self._client_id = client_id
-        # self._allow_broker = allow_broker
+        self._allow_broker = allow_broker
         self._additionally_allowed_tenants = additionally_allowed_tenants or []
 
         self._cache = kwargs.pop("_cache", None)
@@ -82,7 +82,7 @@ def _get_app(self, **kwargs):
                 token_cache=self._cache,
                 http_client=self._client,
                 instance_discovery=self._instance_discovery,
-                # allow_broker=self._allow_broker
+                allow_broker=self._allow_broker
             )
 
         return self._client_applications[tenant_id]

sdk/identity/azure-identity/azure/identity/_version.py

@@ -2,4 +2,4 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
-VERSION = "1.13.0"
+VERSION = "1.13.0b4"

sdk/identity/azure-identity/setup.py

@@ -37,7 +37,7 @@
     author_email="azpysdkhelp@microsoft.com",
     url="https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity",
     classifiers=[
-        "Development Status :: 5 - Production/Stable",
+        "Development Status :: 4 - Beta",
         "Programming Language :: Python",
         "Programming Language :: Python :: 3 :: Only",
         "Programming Language :: Python :: 3",

sdk/identity/azure-identity/tests/test_aad_client.py

@@ -328,39 +328,39 @@ def test_multitenant_cache():
         client_d.get_cached_access_token([scope], tenant_id=tenant_a)
 
 
-# @pytest.mark.parametrize("method,args", BASE_CLASS_METHODS)
-# def test_claims(method, args):
+@pytest.mark.parametrize("method,args", BASE_CLASS_METHODS)
+def test_claims(method, args):
 
-#     scopes = ["scope"]
-#     claims = '{"access_token": {"essential": "true"}}'
+    scopes = ["scope"]
+    claims = '{"access_token": {"essential": "true"}}'
 
-#     client = AadClient("tenant_id", "client_id")
+    client = AadClient("tenant_id", "client_id")
 
-#     expected_merged_claims = '{"access_token": {"essential": "true", "xms_cc": {"values": ["CP1"]}}}'
+    expected_merged_claims = '{"access_token": {"essential": "true", "xms_cc": {"values": ["CP1"]}}}'
 
-#     with patch.object(AadClient, "_post") as post_mock:
-#         func = getattr(client, method)
-#         func(scopes, *args, claims=claims)
+    with patch.object(AadClient, "_post") as post_mock:
+        func = getattr(client, method)
+        func(scopes, *args, claims=claims)
 
-#         assert post_mock.call_count == 1
-#         data, _ = post_mock.call_args
-#         assert len(data) == 1
-#         assert data[0]["claims"] == expected_merged_claims
+        assert post_mock.call_count == 1
+        data, _ = post_mock.call_args
+        assert len(data) == 1
+        assert data[0]["claims"] == expected_merged_claims
 
 
-# @pytest.mark.parametrize("method,args", BASE_CLASS_METHODS)
-# def test_claims_disable_capabilities(method, args):
-#     scopes = ["scope"]
-#     claims = '{"access_token": {"essential": "true"}}'
+@pytest.mark.parametrize("method,args", BASE_CLASS_METHODS)
+def test_claims_disable_capabilities(method, args):
+    scopes = ["scope"]
+    claims = '{"access_token": {"essential": "true"}}'
 
-#     with patch.dict("os.environ", {"AZURE_IDENTITY_DISABLE_CP1": "true"}):
-#         client = AadClient("tenant_id", "client_id")
+    with patch.dict("os.environ", {"AZURE_IDENTITY_DISABLE_CP1": "true"}):
+        client = AadClient("tenant_id", "client_id")
 
-#         with patch.object(AadClient, "_post") as post_mock:
-#             func = getattr(client, method)
-#             func(scopes, *args, claims=claims)
+        with patch.object(AadClient, "_post") as post_mock:
+            func = getattr(client, method)
+            func(scopes, *args, claims=claims)
 
-#             assert post_mock.call_count == 1
-#             data, _ = post_mock.call_args
-#             assert len(data) == 1
-#             assert data[0]["claims"] == claims
+            assert post_mock.call_count == 1
+            data, _ = post_mock.call_args
+            assert len(data) == 1
+            assert data[0]["claims"] == claims

sdk/identity/azure-identity/tests/test_live.py

@@ -46,8 +46,8 @@ def test_certificate_credential(certificate_fixture, request):
         tenant_id, client_id, certificate_data=cert["cert_with_password_bytes"], password=cert["password"]
     )
     token = get_token(credential)
-    # parsed_payload = get_token_payload_contents(token.token)
-    # assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
+    parsed_payload = get_token_payload_contents(token.token)
+    assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
 
 
 def test_client_secret_credential(live_service_principal):
@@ -57,8 +57,8 @@ def test_client_secret_credential(live_service_principal):
         live_service_principal["client_secret"],
     )
     token = get_token(credential)
-    # parsed_payload = get_token_payload_contents(token.token)
-    # assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
+    parsed_payload = get_token_payload_contents(token.token)
+    assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
 
 
 def test_default_credential(live_service_principal):

sdk/identity/azure-identity/tests/test_live_async.py

@@ -40,8 +40,8 @@ async def test_certificate_credential(certificate_fixture, request):
         tenant_id, client_id, certificate_data=cert["cert_with_password_bytes"], password=cert["password"]
     )
     token = await get_token(credential)
-    # parsed_payload = get_token_payload_contents(token.token)
-    # assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
+    parsed_payload = get_token_payload_contents(token.token)
+    assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
 
 
 
@@ -53,8 +53,8 @@ async def test_client_secret_credential(live_service_principal):
         live_service_principal["client_secret"],
     )
     token = await get_token(credential)
-    # parsed_payload = get_token_payload_contents(token.token)
-    # assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]
+    parsed_payload = get_token_payload_contents(token.token)
+    assert "xms_cc" in parsed_payload and "CP1" in parsed_payload["xms_cc"]