Skip to main content

AzureDevOpsFederatedCredentialProvider

  • Namespace: PPDS.Auth.Credentials
  • Assembly: PPDS.Auth
  • Kind: Class
  • Implements: ICredentialProvider, IDisposable

Summary

Provides authentication using Azure DevOps OIDC (workload identity federation). For use in Azure DevOps CI/CD pipelines.

Members

Constructors

AzureDevOpsFederatedCredentialProvider(string applicationId, string tenantId, CloudEnvironment cloud)

AzureDevOpsFederatedCredentialProvider(string applicationId, string tenantId, CloudEnvironment cloud)

Creates a new Azure DevOps federated credential provider.

  • Param applicationId: The application (client) ID.

  • Param tenantId: The tenant ID.

  • Param cloud: The cloud environment.

Methods

CreateServiceClientAsync

Task<ServiceClient> CreateServiceClientAsync(string environmentUrl, CancellationToken cancellationToken, bool forceInteractive)

Creates an authenticated ServiceClient for the specified environment URL.

  • Param environmentUrl: The Dataverse environment URL.

  • Param cancellationToken: Cancellation token.

  • Param forceInteractive: If true, skip silent auth and prompt user directly. Use for profile creation.

  • Returns: An authenticated ServiceClient.

Dispose

void Dispose()

(inherited from System.IDisposable.Dispose)

GetCachedTokenInfoAsync

Task<CachedTokenInfo> GetCachedTokenInfoAsync(string environmentUrl, CancellationToken cancellationToken)

Gets cached token information without triggering interactive authentication. Queries the MSAL token cache to determine current token state.

  • Param environmentUrl: The Dataverse environment URL to check token for.

  • Param cancellationToken: Cancellation token.

  • Returns: Token information if a valid cached token exists, null if token is expired or not cached.

Properties

AccessToken

string AccessToken { get; }

Gets the access token from the last authentication. Available after successful authentication. Used for extracting JWT claims.

AuthMethod

AuthMethod AuthMethod { get; }

Gets the authentication method this provider handles.

HomeAccountId

string HomeAccountId { get; }

Gets the MSAL home account identifier. Format: {objectId}.{tenantId} - uniquely identifies the account+tenant for token cache lookup. Available after successful authentication.

IdTokenClaims

ClaimsPrincipal IdTokenClaims { get; }

Gets the ID token claims from the last authentication (if available). The ID token typically contains user claims like country that aren't in the access token.

Identity

string Identity { get; }

Gets the identity string for display (e.g., username or app ID). Available after successful authentication.

ObjectId

string ObjectId { get; }

Gets the Entra Object ID (OID) from the authentication result. Available after successful authentication.

TenantId

string TenantId { get; }

Gets the tenant ID from the authentication result. Available after successful authentication.

TokenExpiresAt

Nullable<DateTimeOffset> TokenExpiresAt { get; }

Gets the token expiration time. Available after successful authentication.