Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Region] Redesign regional #2509

Merged
merged 8 commits into from
Mar 29, 2021
Merged

[Region] Redesign regional #2509

merged 8 commits into from
Mar 29, 2021

Conversation

bgavrilMS
Copy link
Member

@bgavrilMS bgavrilMS commented Mar 26, 2021
edited
Loading

Work remaining:

  • emit telemetry
  • refactor the existing unit tests
  • refactor the existing integration tests
  • more testing

An important improvement can also be made:

  • we now attempt region discovery every single time, i.e. for each request and once region discovery is done once, it is cached (even if it failed). So there is an oportunity to block all but one requsets from making region discovery, instead of letting them all go for it.

@bgavrilMS bgavrilMS requested a review from jmprieur March 26, 2021 10:50
jmprieur
jmprieur reviewed Mar 26, 2021
View reviewed changes
Copy link
Contributor

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @bgavrilMS
I've proposed a few suggestions

@bgavrilMS bgavrilMS changed the title [Region] Public API changes [Region] Redesign regional Mar 26, 2021
bgavrilMS
bgavrilMS commented Mar 26, 2021
View reviewed changes
src/client/Microsoft.Identity.Client/Instance/Region/RegionManager.cs Outdated
return result;
}

private async Task<RegionInfo> DiscoverRegionNoCacheAsync(ICoreLogger logger, CancellationToken requestCancellationToken)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actual discovery logic was just copied, no review required.

@pmaytak pmaytak self-requested a review March 26, 2021 18:29
pmaytak
pmaytak reviewed Mar 26, 2021
View reviewed changes
Copy link
Contributor

@pmaytak pmaytak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments. (Disregard my previous accidental approval).

src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs Show resolved Hide resolved
src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs Show resolved Hide resolved
src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs Show resolved Hide resolved
src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationOptions.cs Show resolved Hide resolved
src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs Outdated Show resolved Hide resolved
src/client/Microsoft.Identity.Client/Instance/Discovery/RegionDiscoveryProvider.cs Outdated Show resolved Hide resolved
@henrik-me
Copy link
Contributor

lgtm as well. mostly wondering about the tests as those didn't pass (I would also have assumed a few updates to tests would be needed).

@bgavrilMS
Copy link
Member Author

@henrik-me - because I'm adding new tests as I have full understanding of the feature. There were a few missed scenarios, and I am logging bugs for them.

I also refactored the existing logic a bit to decouple a few things....

@henrik-me
Copy link
Contributor

Like the refactorings for sure. Before signing off, would like to see the tests. Assuming someone is helping to also do manual verification.

In reply to: 808589600 [](ancestors = 808589600)

@pmaytak
Copy link
Contributor

pmaytak commented Mar 27, 2021
edited
Loading

Pushed 2 commits.

  • Partially refactored RegionalAuthIntegrationTests but still needs more work.
  • Refactored RegionalTestApp and added test cases.

Tested with the app on my PC and also on a VM. Everything worked except the invalid user-provided region.

  • If a user passes in an invalid region (ex. invalidregion), then the token request will be send to https://invalidregion.login.microsoft.com...
    • STS returns 401 Unauthorized. AADSTS700023: Client assertion audience claim does not match Realm issuer.
  • Also a minor thing, but we seem to be checking for auto-discovery twice (probably fine).
[Region discovery] Auto-discovery already ran and found centralus.
[Region discovery] Returning user provided region: westus.
Resolving authority endpoints... Already resolved? - FALSE
[Region discovery] Auto-discovery already ran and found centralus.
[Region discovery] Returning user provided region: westus.

henrik-me
henrik-me approved these changes Mar 29, 2021
View reviewed changes
Copy link
Contributor

@henrik-me henrik-me left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@henrik-me
Copy link
Contributor

If invalidregion is passed in, it's expected that we go to the above authority. The authority exists (it will point to global for now).
Wondering why we have the autodicovery code running more than once, also it returns westus, but you passed in invalidregion, right?

In reply to: 808673645 [](ancestors = 808673645)

@bgavrilMS
Copy link
Member Author

@henrik-me - the "auto-discovery" code runs more than once because we "resolve the authority" many times during an auth request. It's not a great design, but seemed too much to refactor now.

Note that the auto-discovery does all the work the first time, but afteerwards reads from the cached static var.

@bgavrilMS
Copy link
Member Author

That's a good test @pmaytak ! I expect a log message like [Region discovery] Auto-discovery already ran and found {s_autoDiscoveredRegion}. to be printed a few times.

I think it's also automated here:

microsoft-authentication-library-for-dotnet/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ClientCredentialWithRegionTests.cs

Line 256 in d17db23

public async Task UserRegionAsync()

@bgavrilMS bgavrilMS merged commit 2ad5514 into master Mar 29, 2021
@bgavrilMS bgavrilMS deleted the bogavril/regional branch March 29, 2021 11:35
@mezaugusto mezaugusto mentioned this pull request Feb 18, 2022
Closed
bgavrilMS added a commit that referenced this pull request May 8, 2024
@bgavrilMS
Fix for #2509 - do not throw exception for ADFS + WithTenantId
6b576f4
bgavrilMS added a commit that referenced this pull request May 9, 2024
@bgavrilMS
Fix for #2509 - do not throw exception for ADFS + WithTenantId
2350f17
bgavrilMS added a commit that referenced this pull request May 10, 2024
@bgavrilMS
Fix for #2509 - do not throw exception for ADFS + WithTenantId
4bcbbb7
bgavrilMS added a commit that referenced this pull request May 13, 2024
@bgavrilMS
Fix for #4608- do not throw exception for ADFS + WithTenantId (#4753)
be0ea5c 
Fix for #2509 - do not throw exception for ADFS + WithTenantId
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmprieur jmprieur jmprieur left review comments

@jennyf19 jennyf19 jennyf19 left review comments

@trwalke trwalke trwalke left review comments

@pmaytak pmaytak pmaytak approved these changes

@henrik-me henrik-me henrik-me approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@bgavrilMS @henrik-me @pmaytak @jmprieur @jennyf19 @trwalke