[FEATURE REQ] Reuse credentials from Powershell AZ Module

[eosfor]

We use Fluent SDK to develop some binary PowerShell modules to manage some pieces of our Azure resources. It does not mean we re-implementing the AZ module, but rather, adding some extensions to it. According to the Auth document you have already integrated with Azure CLI, that allows Fluent to reuse CLI authentication context. We would like to have a similar feature to be implemented with the PowerShell AZ module, where we could refer and reuse its authentication context inside Fluent SDK.

[eosfor]

Here is the simple test to see what is happening

using System.Management.Automation;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.Fluent;
using System;
//using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace pstest3
{
    [Cmdlet(VerbsCommon.New, "Test")]
    public class NewTestCmdlet : PSCmdlet
    {
        protected override void ProcessRecord()
        {
            var env = AzureEnvironment.AzureGlobalCloud;
            var c = new AzureCredentialsFactory();
            var cred =  c.FromDevice("e988df20-46b9-4de9-9eb7-82c52c9ac406", "8db27d07-03f0-41f0-9254-9ba7db634e6d", env, c => {
                Console.WriteLine(c.Message);
                return true;
            });
            var azure = Azure.Authenticate(cred).WithDefaultSubscription();
            // base.ProcessRecord();
        }
    }
}

Then I run the cmdlet above, it works, but then when I load the AZ module, it fails to load.

[nickzhums]

@eosfor thanks for reporting this. We will look into it

[eosfor]

Hello @nickzhums , sounds like AZ has switched to using MSAL (https://github.com/Azure/azure-powershell/issues/11978), do you plan to do a similar thing?

[nickzhums]

Hi @eosfor , there is no current plan to support MSAL for .NET Fluent, but it will be supported in the upcoming preview version of Standard .NET SDK (Non-Fluent). Please monitor the repo (https://github.com/Azure/azure-sdk-for-net/)

Is there a specific reason why you are using Fluent .NET?

[eosfor]

Well, it looked simpler to use :)

[coreazure-jd]

So basically the fluent approach is heading for deprecation with no equivalent in the new SDK which will be structured significantly differently?

I raised essentially the same feature request as it's about MSAL integration with the same response but it looks like the inference is that we shouldn't invest too much effort in using the fluent libraries, they're not LTS. Is this correct?

[eosfor]

@coreazure-jd, @nickzhums , @weidongxu-microsoft this looks disturbing :), is fluent "heading for deprecation"? I hope not ...

[coreazure-jd]

@eosfor That was the inference of the statement but maybe read too much into it. I did manage to resolve my issue with the following code BUT this was for a plain .NET Core console app not a powershell module and it may be falling back not to the AZ credentials but my device identity store: AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider(); return new AzureCredentials( new TokenCredentials(tokenProvider.GetAccessTokenAsync("https://management.azure.com/").Result), new TokenCredentials(tokenProvider.GetAccessTokenAsync("https://graph.windows.net/").Result), tenantId, AzureEnvironment.AzureGlobalCloud);

As you see it uses the AzureServiceTokenProvider from Microsoft.Azure.Services.AppAuthentication to get the tokens (I need both ARM and MS Graph). For my scenario it was silent as I am using my logged domain account, I probably need to do something to allow for signing in with a different account.

[nickzhums]

@coreazure-jd, @nickzhums , @weidongxu-microsoft this looks disturbing :), is fluent "heading for deprecation"? I hope not ...

It is heading for deprecation but there will be newer version of .NET SDK coming out in late June. We are actively working on collecting feedback from current .NET Fluent customers, would love your input on what you would like to see in the next-gen .NET SDK. Out of curiosity, when you choose .NET Fluent SDK, what was the motivation behind? (apart from that you like .NET :) ) Was it the fluent style API ? Or code samples ? or other things

[coreazure-jd]

Thanks for clarifying @nickzhums , personally it's a coding style that is prevalent across so many different libraries one uses that it sits nicely and can really help to accelerate learning resource definitions and coding it (yes I admit, as an Intellisense warrior). Granted it's not suitable for a lot of scenarios but when it is it works well. It would be a great shame to have a more traditional SDK style only.