Feat/force wam

.azure-pipelines/ci-build.yml

@@ -13,7 +13,7 @@ parameters:
   default: false
 - name: Sign
   type: boolean
-  default: false
+  default: true
 - name: InternalFeed
   type: string
   default: '0985d294-5762-4bc2-a565-161ef349ca3e/PowerShell_V2_Build'

CONTRIBUTING.md

@@ -26,3 +26,15 @@ When it comes to modifying existing cmdlets, we recommend you use [AutoREST dire
 ## SDK generation
 
 See our [SDK generation steps wiki](https://github.com/microsoftgraph/msgraph-sdk-powershell/wiki/Generation-Process) for more information.
+
+## Debugging the Auth module
+
+* In a terminal run `.\tools\GenerateAuthenticationModule.ps1 -Build -Pack`
+* In Visual Studio open the `.\src\Authentication\Authentication.sln` solution
+* Start the project in debug mode
+* In the newly opened terminal run `pwd` to get the current working directory for the debug session
+* Copy the `Microsoft.Graph.Authencation.<version-number>.nupkg` to the working directory for the debug session
+* Rename the `.nupkg` file to `.zip`
+* Unzip the files to the working directory
+* In the working directory run `Import-Module .\Microsoft.Graph.Authentication.psm1`
+* Run any cmdlet from the Authentication module to hit your breakpoints

config/ModuleMetadata.json

@@ -27,15 +27,15 @@
   "versions": {
     "authentication": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     },
     "beta": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     },
     "v1.0": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     }
   }
 }

docs/authentication.md

@@ -129,3 +129,4 @@ Set-MgGraphOption -EnableLoginByWAM $true
 ```PowerShell
 Set-MgGraphOption -EnableLoginByWAM $false
 ```
+#### Note: Signin by Web Account Manager (WAM) is enabled by default on Windows and cannot be disabled. Setting this option to $False will have no effect on Windows systems. 

src/Authentication/Authentication.Core/Interfaces/IPSGraphOutputWriter.cs

@@ -6,6 +6,7 @@ public interface IPSGraphOutputWriter
     {
         Action<string> WriteObject { get; set; }
         Action<string> WriteDebug { get; set; }
+        Action<string> WriteWarning { get; set; }
         Action<Exception, string, int, object> WriteError { get; set; }
         Action<object, string> WriteInformation { get; set; }
         Action<string> WriteVerbose { get; set; }

src/Authentication/Authentication.Core/Microsoft.Graph.Authentication.Core.csproj

@@ -4,7 +4,7 @@
     <LangVersion>9.0</LangVersion>
     <TargetFrameworks>netstandard2.0;net6.0;net472</TargetFrameworks>
     <RootNamespace>Microsoft.Graph.PowerShell.Authentication.Core</RootNamespace>
-    <Version>2.31.0</Version>
+    <Version>2.32.0</Version>
     <!-- Suppress .NET Target Framework Moniker (TFM) Support Build Warnings -->
     <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
   </PropertyGroup>
@@ -13,11 +13,11 @@
     <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.13.2" />
-    <PackageReference Include="Azure.Identity.Broker" Version="1.2.0" />
-    <PackageReference Include="Microsoft.Graph.Core" Version="3.2.4" />
+    <PackageReference Include="Azure.Identity" Version="1.17.1" />
+    <PackageReference Include="Azure.Identity.Broker" Version="1.3.1" />
+    <PackageReference Include="Microsoft.Graph.Core" Version="3.2.5" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="8.0.6" />
   </ItemGroup>
   <Target Name="CopyFiles" AfterTargets="Build">
     <Copy SourceFiles="@(PreLoadAssemblies)" DestinationFolder="$(OutputPath)/publish" />

src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs

@@ -84,7 +84,7 @@ private static bool IsAuthFlowNotSupported()
 
         private static bool IsWamSupported()
         {
-            return GraphSession.Instance.GraphOption.EnableWAMForMSGraph && SharedUtilities.IsWindowsPlatform();
+            return SharedUtilities.IsWindowsPlatform();
         }
 
         private static async Task<TokenCredential> GetClientSecretCredentialAsync(IAuthContext authContext)
@@ -129,16 +129,13 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
                     authRecord = await Task.Run(() =>
                     {
                         // Run the thread in MTA.
+                        GraphSession.Instance.OutputWriter.WriteWarning("Note: Sign in by Web Account Manager (WAM) is enabled by default on Windows. If using an embedded terminal, the interactive browser window may be hidden behind other windows.");
                         return interactiveBrowserCredential.Authenticate(new TokenRequestContext(authContext.Scopes), cancellationToken);
                     });
                 }
                 else
                 {
-                    authRecord = await Task.Run(() =>
-                    {
-                        // Run the thread in MTA.
-                        return interactiveBrowserCredential.AuthenticateAsync(new TokenRequestContext(authContext.Scopes), cancellationToken);
-                    });
+                    authRecord = await interactiveBrowserCredential.AuthenticateAsync(new TokenRequestContext(authContext.Scopes), cancellationToken);
                 }
                 await WriteAuthRecordAsync(authRecord).ConfigureAwait(false);
                 return interactiveBrowserCredential;

src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj

@@ -2,7 +2,7 @@
   <PropertyGroup>
     <TargetFrameworks>net8.0;net472</TargetFrameworks>
     <IsPackable>false</IsPackable>
-    <Version>2.25.0</Version>
+    <Version>2.32.0</Version>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.2" />

src/Authentication/Authentication/Cmdlets/ConnectMgGraph.cs

@@ -275,6 +275,7 @@ private static string GetWelcomeMessage(string clientId, string authType)
             stringBuilder.AppendLine($"SDK Docs: {Constants.SdkDocsLink}");
             stringBuilder.AppendLine($"API Docs: {Constants.ApiDocsLink}{System.Environment.NewLine}");
             stringBuilder.AppendLine($"NOTE: You can use the -NoWelcome parameter to suppress this message.");
+            stringBuilder.AppendLine($"NOTE: Sign in by Web Account Manager (WAM) is enabled by default on Windows systems and cannot be disabled. Any setting stating otherwise will be ignored.");
             return stringBuilder.ToString();
         }
 

src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs

@@ -25,7 +25,8 @@ protected override void ProcessRecord()
             if (this.IsParameterBound(nameof(EnableLoginByWAM)))
             {
                 GraphSession.Instance.GraphOption.EnableWAMForMSGraph = EnableLoginByWAM;
-                WriteDebug($"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}.");
+                WriteDebug($"Requested to {(EnableLoginByWAM ? "enable" : "disable")} sign in by Web Account Manager (WAM).");
+                WriteDebug("Note: Sign in by Web Account Manager (WAM) is mandatory for Microsoft Graph PowerShell SDK on Windows and cannot be disabled. This option is deprecated and no longer has any effect.");
             }
             File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented));
         }

src/Authentication/Authentication/Common/GraphSessionInitializer.cs

@@ -65,6 +65,7 @@ internal static void InitializeOutput(CustomAsyncCommandRuntime cmdLet)
                 },
                 WriteObject = cmdLet.WriteObject,
                 WriteVerbose = cmdLet.WriteVerbose,
+                WriteWarning = cmdLet.WriteWarning,
                 WriteError = (exception, errorId, errorCategory, targetObject) =>
                 {
                     var parseResult = Enum.TryParse(errorCategory.ToString(), out ErrorCategory result);

src/Authentication/Authentication/Microsoft.Graph.Authentication.csproj

@@ -10,7 +10,7 @@
     <WarningsAsErrors />
     <NuspecFile>Microsoft.Graph.Authentication.nuspec</NuspecFile>
     <Copyright>© Microsoft Corporation. All rights reserved.</Copyright>
-    <Version>2.6.1</Version>
+    <Version>2.32.0</Version>
   </PropertyGroup>
   <PropertyGroup>
     <EnableNETAnalyzers>true</EnableNETAnalyzers>

src/Authentication/Authentication/Microsoft.Graph.Authentication.nuspec

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <package>
   <metadata>
-    <version>2.6.1</version>
+    <version>2.32.0</version>
     <id>Microsoft.Graph.Authentication</id>
     <description>Microsoft Graph PowerShell authentication module</description>
     <authors>Microsoft</authors>
@@ -35,6 +35,7 @@
     <file src="artifacts\Dependencies\Microsoft.Bcl.AsyncInterfaces.dll" target="Dependencies" />
     <file src="artifacts\Dependencies\Microsoft.IdentityModel.Abstractions.dll" target="Dependencies" />
     <file src="artifacts\Dependencies\System.Buffers.dll" target="Dependencies" />
+    <file src="artifacts\Dependencies\System.ClientModel.dll" target="Dependencies" />
     <file src="artifacts\Dependencies\System.Memory.dll" target="Dependencies" />
     <file src="artifacts\Dependencies\System.Memory.Data.dll" target="Dependencies" />
     <file src="artifacts\Dependencies\System.Text.Json.dll" target="Dependencies" />

src/Authentication/Authentication/Models/PsGraphOutputWriter.cs

@@ -10,6 +10,7 @@ internal class PsGraphOutputWriter : IPSGraphOutputWriter
     {
         public Action<string> WriteObject { get; set; }
         public Action<string> WriteDebug { get; set; }
+        public Action<string> WriteWarning { get; set; }
         public Action<Exception, string, int, object> WriteError { get; set; }
         public Action<object, string> WriteInformation { get; set; }
         public Action<string> WriteVerbose { get; set; }

src/Authentication/Authentication/ModuleInitializer.cs

@@ -76,7 +76,7 @@ public void OnRemove(PSModuleInfo psModuleInfo)
         /// Checks to see if the requested assembly matches the assemblies in our dependencies folder.
         /// The requesting assembly is always available in .NET, but could be null in .NET Framework.
         /// - When the requesting assembly is available, we check whether the loading request came from this
-        ///   module (the 'Microsoft.Graph*' assembly in this case), so as to make sure we only act on the request
+        ///   module (the 'Microsoft.*', Azure.Identity, or Azure.Core assemblies in this case), so as to make sure we only act on the request
         ///   from this module.
         /// - When the requesting assembly is not available, we just have to depend on the assembly name only.
         /// </summary>
@@ -86,7 +86,9 @@ public void OnRemove(PSModuleInfo psModuleInfo)
         private static bool IsAssemblyMatching(AssemblyName assemblyName, Assembly requestingAssembly)
         {
             return requestingAssembly != null
-                ? (requestingAssembly.FullName.StartsWith("Microsoft") || requestingAssembly.FullName.StartsWith("Azure.Identity")) && IsAssemblyPresent(assemblyName)
+                ? (requestingAssembly.FullName.StartsWith("Microsoft") 
+                    || requestingAssembly.FullName.StartsWith("Azure.Identity")
+                    || requestingAssembly.FullName.StartsWith("Azure.Core")) && IsAssemblyPresent(assemblyName)
                 : IsAssemblyPresent(assemblyName);
         }
 

src/Authentication/docs/Get-MgGraphOption.md

@@ -45,5 +45,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ### Microsoft.Graph.PowerShell.Authentication.IGraphOption
 
 ## NOTES
+Web Account Manager is enabled by default on Windows systems and cannot be disabled. Setting the `EnableWAMForMSGraph` option no longer has any effect.
 
 ## RELATED LINKS

src/Authentication/docs/Microsoft.Graph.Authentication.md

@@ -48,7 +48,7 @@ Removes Microsoft Graph environment to the settings file
 Sets a Microsoft Graph environment to the settings file.
 
 ### [Set-MgGraphOption](Set-MgGraphOption.md)
-Sets global configurations that apply to the SDK. For example, toggle Web Account Manager (WAM) support.
+Sets global configurations that apply to the SDK. For example, toggle Web Account Manager (WAM) support. Web Account Manager is enabled by default on Windows systems and cannot be disabled.
 
 ### [Set-MgRequestContext](Set-MgRequestContext.md)
 Sets request context for Microsoft Graph invocations

src/Authentication/docs/Set-MgGraphOption.md

@@ -8,7 +8,7 @@ schema: 2.0.0
 # Set-MgGraphOption
 
 ## SYNOPSIS
-Sets global configurations that apply to the SDK. For example, toggle Web Account Manager (WAM) support.
+Sets global configurations that apply to the SDK. For example, toggle Web Account Manager (WAM) support. Web Account Manager is enabled by default on Windows systems and cannot be disabled.
 
 ## SYNTAX
 

src/Authentication/examples/Get-MgGraphOption.md

@@ -5,4 +5,4 @@ EnableWAMForMSGraph
 --------------------
                 True
 ```
-Confirms if WAM support has been enabled.
+Confirms if WAM support has been enabled. Web Account Manager is enabled by default on Windows systems and cannot be disabled.

src/Authentication/examples/Set-MgGraphOption.md

@@ -2,4 +2,5 @@
 ```powershell
 PS C:\> Set-MgGraphOption -EnableLoginByWAM $True
 ```
- Sets web account manager support
+ Sets web account manager support
+ Note: Signin by Web Account Manager (WAM) is enabled by default on Windows and cannot be disabled. Setting this option will no longer have any effect.