Microsoft.Developer.IdentityService

Set of services the Aad account provider needs to abstract for testing and future changes.

Initializes a new instance of the class.

Configuration to use. logger.

Get the message and code the user needs in order to find the correct website to authenticate against.

Authentication context. Extra query parameters to pass to the login url once the user has entered their code in the verification url. cancellation token. things.

Get the authentication result of device flow.

Device code. Cancellation token. Authentication info.

Set of services the Aad account provider needs to abstract for testing and future changes.

How often we should retry our graph call.

Initializes a new instance of the class.

Configuration to use. Network client factory to provide network communication. If null is passed, a default value is used. logger.

Gets an to provide objects to use for network communication.

Gets logger.

Aquires an authentication token from the graph for the provided resource.

The resource or scopes to get an authentication token for. User to get the authentication token from. Tenant to get the authentication token from. If true, prompt the user for credentials if needed. Otherwise aquire silently. Additional parameters to pass to the query. The authentication flow being used. Additional properties which can affect auth Cancellation Token. An representing the result.

Constructs and HttpRequestMessage with an authorization header.

Uri to use for the request. Authorization header. Optional. Http verb to use. An HttpRequestMessage.

Call back to the client to ask it to prompt with UI.

resourceOrScopes to get access token for. Tenant to get the access token for. Authetnication information used to access the users list of tenants. Query parameters to pass to the authentication library. Type of flow to use. additonal authentication properties cancellationToken. Authentication information including the access token.

Does the client support the webui flow.

True if the flow is supported, false otherwise.

Checks to see if the client can support the username and password flow.

true if the flow is supported, false otherwise.

Gets the context for either msal or adal based on the parameters passed in.

Resource to get access token for. Tenant to get the access token for. Authetnication information used to access the users list of tenants. Query parameters to pass to the authentication library. Authentication flow type Additional authentication properties parent telemetry operation if it exists An interface that can be cast to the correct context.

Gets an authentication info using the interactive flow.

Context to get the correct token. Cancellation token. Authentication information.

Execute the webUI flow.

Context to execute the flow. Cancellation token. Authentication info.

Execute the device code flow.

Object containing the token context. Cancellation token. Authentication information.

Execute the username password flow.

Gets the username. Cancellation token. Should the flow use the broker or not from MSAL Authentication information.

Aad account provider for communicating with AAD accounts.

Key for adding email address to the exception data.

Error codes which can be ignored on error verbosity

Logger to log events.

INetworkClientFactory to provide objects to use for network communication.

Remote channel to send data back to the client that connects to this service.

SessionToken storage.

Set of services used to get tokens and other information from the network.

Aad configuration to use.

SessionTokenManager.

Has the service been initialzied.

Group policy reader

UI culture of visual studio

Initializes a new instance of the class.

Stream. Provider. Thrown when stream or serviceProvider are null.

Initializes a new instance of the class.

Stream. A factory object which provides network communication objects. Provider. Thrown when stream or serviceProvider are null.

Initializes a new instance of the class.

Stream, can be null. Provider. Services to talk to network resources with. If null a default network service will be used. sessionTokenStorage. Thrown when stream or serviceProvider are null.

Initialze the service with the configuration it is going to use.

Configuration to use. Name of the application. Eg: Visual Studio, Blend, etc. Cancellation token A representing the asynchronous operation. Thrown when configuration is null.

Acquires an access token for a given resource using an account.

Resource to get the access token for. TenantId where the resource is registered. Account to use as the user to get the acess token for. Cancellation token An AccessTokenResult that contains the access token. Null if no access token could be found. If resource, tenantId, or account is null. If resource or tenantId are empty or contain only whitespace.

Acquires an access token for a given resource using an account.

Scopes to get the access token for. TenantId where the resource is registered. Account to use as the user to get the acess token for. Cancellation token An AccessTokenResult that contains the access token. Null if no access token could be found. If resource, tenantId, or account is null. If resource or tenantId are empty or contain only whitespace.

Get an authentication result.

resourceOrScopes to get a token for. tenant to get a token for. Account to get a token for. flow type Cancellation token. Authentication result data.

Authenticate an already existing account. This may cause the service to call back into the client to launch UI.

Account to authenticate. Tarameters to use during interactive authentication. This can be null or empty. Cancellation token A new account after authentication. If account is null.

Authenticate an account any apply the passed in scopes. This may call back to the client to prompt for UI if required.

Account to apply scopes to. Scopes to apply to the account. cancellation token An account with the scopes applied.

Refresh the account information without prompting. This can include tenant information, display information, and scope information.

Account to refresh. Cancellation token Result with refreshed account.

Clear any authenticated state for all accounts.

Cancellation token A representing the asynchronous operation.

Create a new account. This will call back to the client to launch UI.

Optional user name to pre fill out the sign in dialog with. Parameters to use during interactive authentication. Can be null or empty. Cancellation token An account after it has been created.

Refresh the display information on an account.

Account to get the updated display information for. Cancellation token An account with the updated display information.

Create an account from an AAD token.

Account to use for re-authentication. Artimis scopes to use. List to put errors in. AUthentication info to create the account from. Prompt if needed. Are there any additional query parameters. Authentication flow to use. Additional authentication properties Cancellation token. Account to be added to the store.

Get the default image for an Work/School account.

Bitmap for the work or school account.

Get the default image for an MSA account.

/// Bitmap for the microsoft account.

Refresh the account tenant and other infomation, and apply any additional scopes if required.

Account to refresh. Scopes. Cancellation token. Account result with refreshed data.

Verify an account is for this account provider.

Account to verify.

Get the set of tenants a user is a member of and the associated scope information if any is provided.

Authentication information for the user. Scopes for the user. Is the account an MSA account or not. If attempting to acquire tokens silently fails should the user be prompted for credentials. Query parameters to pass to the authentication library. They are only used if is set to true. Type of authentication flow Additional authentication properties Cancellation token. Set of tenant information based on the users tenant membership and passed in scopes. And an updated set of scope info with tenantId filled in in the case where domain was used for the scope.

Get the list of AAD organizations a user is a member of.

Authentication information for the user. If attempting to acquire tokens silently fails should the user be prompted for credentials. Query parameters to pass to the authentication library. They are only used if is set to true. Type of authentication flow. Additional authentication properties. Cancellation token. Set of tenant information based on the users tenant membership and passed in scopes. And an updated set of scope info with tenantId filled in in the case where domain was used for the scope.

Throw if the service has not been initialzied when this method is called.

Thrown when this method is called before the service has been initialized.

Info returned after an authentication that is used to create an account.

Initializes a new instance of the class. Information retrieved after a sucessful authentication.

Display name such as first, last name. This can be empty, but not null. Email address, or other displayable user identifier. Id of the tenant where the user authenticated with. Identity provider that authenticated the user. UniqueId from AAD for the user in their home tenant. Identity Token, may not be available. Access token and its type.

Gets the displayable name the user has chosen in aad.

Gets the displayable Id such as email address.

Gets the tenant id for this authentication.

Gets the Identity provider for the account.

Gets the unique Id for the tenant Id.

Gets the id token may be empty.

Gets the access token and its type.

Provides callback functionality for Custom Web UI flows.

Gets or sets gets the Json stream that can be used to callback to the client.

Initializes a new instance of the class. Custom web UI for getting an access token interactivly.

RPC callback. Logger.

Acquire a token interactivly by handling the sign in flow.

Initial URI to browse to. URI to redirect to when finished. Cancellation token. URI with an authorization code.

Thrown when the graph rest api responds with a non-success.

The http status code of the response that triggered this exception.

Initializes a new instance of the class with a standard message.

The HTTP status code of the response that triggered this exception.

Initializes a new instance of the class with a custom message.

The HTTP status code of the response that triggered this exception. Custom message.

Methods which access the network.

Gets or sets gets the Json stream that can be used to callback to the client.

Gets the configuration to use to call over the network.

Gets the name of the common tenant for this network service.

Get the current UTC time.

The current UTC time.

Acquire a token. This method will call back to the client to ask it to prompt with UI.

Resource or scopes to get access token for. Tenant to get the access token for. User identifier to get the access token for. Query parameters to pass to the authentication library. Which flow to use. Additional authentication properties. cancellationToken. Authentication information including the access token.

Acquire a token with no prompting allowed.

ResourceOrScopes to get access token for. Tenant to get the access token for. User identifier to get the access token for. kind of auth flow used cancellationToken. Authentication information including the access token.

Given a with at least , gets and updates values for in the supplied partial tenant object.

The object to be augmented with a friendly name and/or default domain. Authentication information used to access tenant details. If attempting to acquire tokens silently fails, should the user be prompted for credentials. Query parameters to pass to the authentication library. Which flow to use. Additional authentication properties. Cancellation Token. A task to track completion of async work.

Get a session token from VSO.

Account to get the session token for. Descriptor to tell us what parameters to use. Cancellation token. A session token entry.

Gets a set of tenant identifiers the user is a member of.

Authentication information. If attempting to acquire tokens silently fails should the user be prompted for credentials. Query parameters to pass to the authentication library. Which flow to use. Additional authentication properties. Cancellation token. Set of tenantIdentifiers.

Gets a list of objects representing all the tenants the user is a member of.

The client to use for network requests. Authentication information. If attempting to acquire tokens silently fails should the user be prompted for credentials. Query parameters to pass to the authentication library. Which flow to use. Additional authentication properties. Cancellation token. A set of .

Gets a list of strings representing all the AAD organizations the user is a member of.

Gets a list of objects representing all contracts that the user has access to.

Authentication information. Cancellation token. A set of .

Clear account state for all accounts.

Cancellation token. A representing the asynchronous operation.

Get profile information.

is the account an MSA account Authorization information. If attempting to acquire tokens silently fails should the user be prompted for credentials. Query parameters to pass to the authentication library. They are only used if is set to true. Which flow to use. Additional authentication properties. Cancellation token. A dictionary of configuration information.

Try to acquire a token silently. If that fails then call back to the client to ask it to prompt with UI.

Resource or scopes to get access token for. Tenant to get the access token for. Authetnication information used to access the users list of tenants. Query parameters to pass to the authentication library. Which flow to use. Additional authentication properties. cancellationToken. Authentication information including the access token.

Given an exception check to see if it has additional claims due to a claims challenge and return them. Return null if no claims are on the exception or the exception is not understood by the network service.

exception to check for claims. string of claims.

Removes the credentials for the given account from the machine.

The account to remove credentials for. Cancellation Token. A representing the result of the asynchronous operation.

Try to acquire a token silently using the OS broker.

Additional authentication properties. cancellationToken. Authentication information including the access token.

Users profile information.

Gets a users display name.

Gets the users profile identifier.

Gets the users profile logo.

Set of methods the identity services uses to communicates with network resources.

The common tenant.

Need to synchronize the call to MSAL interactive

Initializes a new instance of the class.

IMsalHttpClientFactory to provide to msal. Aad configuration. Logger. The name of the application. Eg: Visual Studio, Blend, etc.

Add login hint to the set of query parameters.

context which contains the query parameters. The query parameters in dictionary and string form.

Determines whether this context is for a Reauth scenario or not.

Context for authentication. Whether or not this is reauth.

Gets the header text for the WAM

Feature text to display domain if available tenant if no domain is available Localized string

Checks to see if we can contact the server which is hosting the successful redirect.

Cancellation token. True if a connection could be made, false otherwise.

Determines if the authority is an ADFS authority.

Uri to check if it is ADFS or not. true if the authority is an adfs authority, false otherwise.

Users profile infomation.

Initializes a new instance of the class.

Profile logo. Could be null. Display Name. Could be null. Identitifer.

Indicates the type of .

UniqueId from active directory

The identitifer is an email address and the user is allowed to change the email address during authentication

The identifier is a displayableId and the user is not allowed to change the authenticated user during authentication.

Contains identifier for a user.

Initializes a new instance of the class.

Identifier. Type of id.

Gets type of the .

Gets Id of the .

Definition for properties on accounts created by the Aad account provider.

Identity and Configuration hash.

This is the tenantId of the home tenant for the user. This is a GUID and its friendly name can be looked up in the TenantIdToNameMap property.

The name of the identity provider used to authenticate the account, this is set when the account is created.

This is an internal property that contains the tenant information for the account.

A dictionary of tenantId to default domain name for a given tenant.

This is an private property that contains the id token information for the account.

This is an internal property that contains the scope information for the account.

Is this account an MSA or WSA.

Tenants which the user is a member of but we could not get tokens for.

AAD account organizations that a user is a member of.

Tenants which the user has been granted partner access, but is not a member.

Default query parameters for use with during sign in for the embedded web browser flow.

A query parameter that tells AAD that we do not want to use the MSA login in screen. This forces users onto the work or school account screen.

The list of providers for the account.

A query parameter that tells AAD that we would like to authenticate with live.com. This also works with PPE so we do not need a different address for that.

A query parameter that tells AAD that we would like to authenticate with github.com. This also works with PPE so we do not need a different address for that.

Keep me signed in query parameter

Property that contains the VSID for the account in the VSO system.

The account is not un-authenticated but does need MFA authentication.

The endpoint that should be used when creating an account in order to get the user to MFA. The endpoint should be one that has MFA enabled.

The tenantId that has MFA enabled.

Additional claims to pass to the server due to a claims challenge.

String comparison to use when comparing two tenant identifiers. The tenantIds can come from active directory and we do not want to break if the casing changes for some reason. Currently tenants are normally guids or domain names both of which are currently case insensitive.

What kind of comparer to use when comparing tenantId's.

Account providerId for the Aad account provider.

Map of tenantId to Oid.

A query parameter that tells AAD which email address to pre-populate the sign in forms with.

A query parameter that tells AAD additional claims to use during authentication.

Display type query parameter.

Extra sign in query parameters for use with during sign in.

Nux query parameter, used by AAD to make sure we use the correct sign in page.

Format the guid as a string.

Guid to format. Formatted guid in string format.

Gets a dictionary of tenants mapped to verified domains for a given account.

The account to get tenant-domain pairs for. A dictionary of tenant-domain pairs for the given account.

Returns the value of the identity provider used for this account.

Account to get identity provider property from. The identity provider. This may be null, a guid(in string format), or some name.

Parses the Providers JSON array to get a list of providers.

Account to get providers from. The separator to use in the return list. A `separator`-separated list of providers, or the empty string if the providers property is missing or set to "null".

Returns the value of the identity combined with the configuration hash. This is used when converting between a identity service account and a visual studio online account.

Account to get provider property from. Will be normally be the uniqueId of the provider combined with the hash of the configuration.

Returns the visual studio identifier if it exists on the account.

Account to get vsid from. The visual studio identifier. This may be null if it does not exist on the account.

Determines if the account has the same configuration as the passed in configuration. This can be used to filter accounts with different configurations.

Account. Configuration. True if the accounts configuration matches the passed in configuration. False otherwise.

Gets the tenantId of the home tenant for the user of this account. This may be null if no home tenant is found.

Account to get Home tenant Id for. The home tenant Id for the account.

Gets the tenantId of the home tenant for the user of this account. This will only return a tenant if the account is an MSA> This will return null if the account is not an MSA>

Account to get Home tenant Id for. The home tenant Id for the account.

Returns the payload of the id token This may be null if no id token is found.

Account to get IdToken payload for. The IdTokenPayload for the account.

Gets the AadConfiguration for an account.

Account to get configuration for. AadConfiguration for the account or null if configuration cannot be retrieved. Json exception if the json is malformed in some way.

Gets the MFA resource if one exists in the account.

Account. The MFA resource to use during re-authentication for the account or null if endpoint cannot be retrieved.

Gets the MFA tenantId if one exists in the account.

Account. The tenantId for which MFA is enabled or null if tenantId cannot be retrieved.

Gets the additional claims if they exists on the account.

Account. Additional claims to use on the next authentication.

Gets the MFA resource if one exists in the account.

Account. Does the account need MFAAuthentication.

Gets the scopes for an account.

Account to get scopes for. Array of scopes or Empty array if none exists. Json exception if the json is malformed in some way.

Get tenants in scope for an account. If the account cannot be found an argument exception will be thrown.

Account to find tenants in scope for. Tenants in scope for an account.

Gets the set of contracts that the given account is a member of.

Account to find contracts for. Array of contracts or empty array if none exists. Json exception if the json is malformed in some way.

Gets the tenant information for the home tenant of the account. This will return a tenantInformation structure even if the home tenant is not in the scope of the account. If the account cannot be found an argument exception will be thrown. If no home tenand could be found null is returned.

Account to find home tenant info for. Home tenant info for the account.

Get the tenant information data off of an account.

Account to get tenant information for. A list of tenant information.

Get the missing tenant information data off of an account.

Account to get the missing tenant information for. A list of missing tenants and some associated error information.

Get the Azure Active Directory organization information data of an account.

Account to get the organization information for. A list of the organization the user belongs to in AAD.

Get a value indicating if the account is an MSA account or not.

Account to get the property form. True if the account is an MSA account, false otherwise.

Get extra query parameters for an account to be passed to AAD.

Account to get query parameters for. Authentication flow to use. Overrides the query parameters with these if not null. Query parameters.

Add the login hint to the query parameters string.

Existing query parameters. User name to add for the login hint. Query parameters.

Add the kmsi to the query parameters string.

Existing query parameters. Query parameters.

Add the additional claims to the query parameters string.

Existing query parameters. Extra claim to add. Query parameters.

Gets the Oid for a given tenantId can return null if there is no oid available.

Account to get Oid for. TenantId to get Oid for. An oid or null.

Add query parameter to the query parameter string.

Existing set of parameters. Name of the parameter. Value of the parameter. The updated query parameter string.

Defines what type of AAD client would be used.

VS client would be selected based on the user settings.

VS client that supports AAD along with MSA pass through and native MSA.

VS client that supports AAD and MSA pass through.

Aad configuration.

Initializes a new instance of the class.

Asm Endpoint. Authentication authority. Resource management endpoint. Audiences for the azure management endpoint. Client identitifer. Environment name. Graph endpoint. Home tenantId for microsoft accounts. Native client redirect. Azure portal endpoint. Resource endpoint used to acquire tokens by default. Should the authority be validated. Extra query parameters to use during authentication. Can be null or empty. Visual studio online endpoint. Can be null if the configuration does not support the endpoint. VSTS service principal. Can be null. Constructor for backward compatibility.

Initializes a new instance of the class.

Generate the SHA256 hash of this object.

String representation of the hash.

Clone with a new clientId

config to clone client id to clone with new configuration

Extensions for IAadConfiguration

Builds a AadConfiguration with default values for VS.

Default file name for the json store.

Aad configuration file extension.

Used for VS version 17.3 and above unless working with systems that haven't been upgraded yet.

Generally used for VS up to version 17.2, still occasionally needed for things like Azure Stack which have a slow update velocity. Anywhere you can limit usage of this, please do.

Generally used for Storage Explorer up to around version 1.34.0. Still occasionally needed for things like Azure Stack which have a slow update velocity. Anywhere you can limit usage of this, please do.

Storage Explorer client id.

Visual studio client id.

Default buffer size for file streams.

Gets a AadConfiguration with default values for VS The order of picking configuration values are - 1. Specified file path 2. Default file 3. Registry override 4. Default values specified above.

path to the file containing json configuration. Cancellation token. An AadConfiguration with default VS values.

Gets an AadProviderConfiguration for the given configuration name Searches in the home directory\identityservice, if none found returns null.

Name of the configuration without the file extension. Cancellation token. An AadConfiguration matching the name if exists, otherwise returns null.

Gets an AadProviderConfiguration for the given configuration name Searches in the , if none found returns null.

Name of the configuration without the file extension. Location to search for config files. Cancellation token. An AadConfiguration matching the name if exists, otherwise returns null.

Gets a list of names for all the configuration available in the specific location.

Optional location to search for config files. Cancellation token. list of account provider configuration names.

Creates a configuration file on disk for the input configuration if one doesn't already exist.

Input account whose configuration will be used to create the new configuration file. Optional directory where the configuration file is to be created. Cancellation token. Task.

Creates a configuration and writes it to disk if needed from a given management endpoint could throw webexception if fails to get a response from the management endpoint.

Management endpoint for the provider. IAadConfiguration if well known provider. Optional directory where the configuration file is to be created. Cancellation token. configuration.

Is the authority an ADFS authority or not.

Authority. True if the authority is an ADFS authority. False otherwise.

Result of an authorization.

Gets or sets the account identifier.

Gets or sets the tenant Id the account identifier is relative to.

Gets or sets the serialized exception if one exists. Null if no exception occured.

Which authentication flow to use.

Use a default flow type the service decides.

Use the embedded flow, this uses an embedded IE control.

Use the device code flow.

Use the system web browser flow.

Use WAM flow.

Gets a value indicating the account connected to windows OS.

Gets a value that represents the user profile image.

Gets a value indicating whether an account is connected to windows OS.

Device code result.

Initializes a new instance of the class.

User code returned by the service. Device code. Verificaton url. When the device code expires. How often to poll. Message to display. Client Id. Resource code is for. tenant the code is for.

Initializes a new instance of the class.

Gets the User code returned by the service.

Gets the Device code returned by the service.

Gets the Verification URL where the user must navigate to authenticate using the device code and credentials.

Gets the Time when the device code will expire.

Gets the Polling interval time to check for completion of authentication flow.

Gets the User friendly text response that can be used for display purpose.

Gets the Identifier of the client requesting device code.

Gets the Identifier of the target resource that would be the recipient of the token.

Gets the the tenant for the request.

Service method that a service will expose to clients.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. Extra parameters used for the UI portion of the call. cancellation token The account which has been authenticated or null if authentication fails or is cancelled.

Creates an account on the keychain by launching a sign in window and asking for credentials. If the account already exists on the keychain the account will be updated. No additional account will be created. This should be called on the UI thread.

user name to optionally use to create the account with. This may be null or empty. Extra parameters used for the UI portion of the call. Cancellation token The created account which has been created.

Clear any authentication tokens for all acounts.

Cancellation token A representing the asynchronous operation.

Acquires an access token for the resource based on the tenant and account requested.

Resource to get the token for. Tenant to get the token within. Account to get the uniqueId or display name for requesting a token. Cancellation token An IAuthResult which contains the access token and the token type.

Authenticate an account and apply a set of scopes to it.

Account to apply scopes to. Scopes to apply to the account. Cancellation token An account with the scopes applied to it.

Refreshes the account data from the server, this can include tenants, domains, display information. This is done without prompting for re-authentication.

Account to refresh information for. Cancellation token A result that contains a refreshed account.

Refresh the display info for an account.

Account to get updated display information for. Cancellation token A representing the asynchronous operation.

Initialzie the service.

Configuration to initialize with. Name of the application. Eg: Visual Studio, Blend, etc. Cancellation token A representing the asynchronous operation.

Service method that a service will expose to clients.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. Extra parameters used for the UI portion of the call. Use the device flow. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

user name to optionally use to create the account with. This may be null or empty. Extra parameters used for the UI portion of the call. Use the device flow. Cancellation token. The created account which has been created.

Service method that a service will expose to clients.

Get an Oid for a tenantId in an account. Can be null if the oid could not be retrieved.

TenantId. Account. Cancellation token. An Oid if one exists for the account and tenant, else returns null.

Service method that a service will expose to clients.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. Extra parameters used for the UI portion of the call. Authentication flow. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

user name to optionally use to create the account with. This may be null or empty. Extra parameters used for the UI portion of the call. Authentication flow. Cancellation token. The created account which has been created.

Service method that a service will expose to clients.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. Properties to define the behavior of authentication. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

Properties to define the behavior of authentication. Cancellation token. The created account which has been created.

Allows a caller to asyncrhonously delete authentication information for the given account.

The account to clear authentication for. Cancellation Token. A representing the result of the asynchronous operation.

Creates an account using WAM and the default OS account.

Additional properties Cancellation token A representing the result of the asynchronous operation.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. s that need to be fixed. Each of these might launch a UI prompt. Properties to define the behavior of authentication. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. s that need to be fixed. Each of these might launch a UI prompt. Extra parameters used for the UI portion of the call. Use the device flow. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

This method is used to authenticate an account from an unauthenticated state.

Account to authenticate. s that need to be fixed. Each of these might launch a UI prompt. Extra parameters used for the UI portion of the call. Authentication flow. Cancellation token. The account which has been authenticated or null if authentication fails or is cancelled.

Acquires an access token for a given resource using an account.

Gets the Microsoft Graph endpoint to use which matches with the AAD authority.

Can return null if Microsoft Graph not available (ex. on Azure Stack).

Represents a missing tenant during account creation.

Initializes a new instance of the class. Constructor.

Missing tenant id. exceptionTypeName. Error that caused the missing tenant.

Gets the missing tenantid.

Gets the type name of the exception that caused the error. Can be null or empty if the error was not due to an exception.

Gets the error message that caused the missing tenantid.

Check the equality of an object with this one.

object to check equality for. are the objects equal.

Gets the hash code for the tenantId.

hash code.

Comparer to compare two missing tenant info objects.

Equality comparer singleton to compare two MissingTenantInfos.

Check equality for the two missing tenant info.

First object. Second object. Are the object equal.

Gets the hash code for the tenantId.

object to get hash code for. hash code.

Contains information about how an account should be scoped. This will contain one scope element which is either a tenantId guid or a domain name which will be converted to a tenantId at a later point.

Initializes a new instance of the class with domain.

Domain for the scope.

Initializes a new instance of the class with tenant Id and domain.

tenant id for the scope. Domain for the scope.

Gets a domain to scope an account to.

Gets a tenantId to scope the account to.

After we transform a domain to a tenantId we need to update the scope info with the tenantId guid.

Updated tenant Id for the domain.

Structure to contain the information about a tenant.

Initializes a new instance of the class. The uniqueId cannot be null or empty. The tenantId cannot be null or empty. The friendly name can be null or empty.

unique Id that belongs to the tenant. tenant id guid. friendly name of the tenant. whether the tenant is owned by the account.

Gets the set of uniqueId's that belong to a tenant. Normally this is only one. But if we are authenticating an MSA that is a dual headed account we will get get one from live and one from AAD.

Gets the TenantId identifier from AAD.

Gets the friendly name of the tenant if it is available. If the tenant came from a filter this will be null or empty. If it came from VSTS it will normally have a friendly anme.

Gets a value indicating whether the tenant is owned by this account. This list comes from VSTS.

Gets the name of the default domain associated with the tenant. This is not serialized as part of to maintain backward compatibility, but is instead put into account properties under the name . The default domain of the home tenant of an MSA account is null, since MSA accounts don't really have a home tenant.

Result of an authorization.

Gets or sets the URI which contains the authorization code.

Gets or sets the error description if one exists.

Gets or sets the error code if one exists.

Represents information about a single account, that would transfered via rpc.

Initializes a new instance of the class with username, environment and homeAccountId.

Initializes a new instance of the class from see .

Set of constants to make calls between the service and the client.

User Name.

Password.

Methods that we can call back on the client to assist in adal authentication.

Does the client support UI.

True if the client supports UI. False if we need to ask for a username and password.

Gets the user name and password to use with adal.

Dictionary of username and password or other credential data.

Methods that we can call back on the client to assist in adal authentication.

Present the user the device flow message.

Device code with uri and message. Cancellation token. Should we start polling for the authorization to complete.

Methods that we can call back on the client to assist in adal authentication.

Does the client support web UI.

True if the client supports web UI. False otherwise.

Acquire authorization result.

scopes for the token. clientId of the app. authority for the account. Should the authority be validated. Msal identifier for the account in case of reauth. query parameters to add to the network call during authorization. cancellation token. AccountIdentifierResult.

Gets the authorization uri with the authorization code attached.

Initial authorization uri without code. The redirect uri. Successful calls will return an authorization uri with the code attached. Error cases will return error code and error description. Keys for the dictionary are: "AuthorizationUriWithCode" "ErrorCode" "ErrorDescription" If the error was user cancellation, the error code will be: "authentication_canceled".

Methods that we can call back on the client to assist in authentication.

Acquire authorization result.

Methods that we can call back on the client to assist in authentication.

Auth flow type currently configured

Method to get the authentication flow type.

Provides extensions methods for .

Add metadata to a telemetry operation.

Source of data. Teletmetry operation to add metadata to. Original .

Allows switching between different token contexts.

Gets or sets Additional authentication properties.

Will contain the parent telemetry operation if available, may be null

Authentication flow type

Parameters to get an msal token interactivly.

Gets or sets the authority to use to acquire tokens.

Gets or sets the scopes to use for access.

Gets or sets the query parameters.

Gets or sets the User identifier if available.

Gets or sets Additional auth properties passed from the caller.

Authentication flow type to use during authentication

The result of asking for a list of tenants and scopes for a user.

Initializes a new instance of the class.

Tenant information. Scopes for the user. Missing tenants if any. Dictionary mapping tenantIds to default domain names.

Gets tenants which have been found for the user and have had a token retrieved for them.

Gets Scopes for the user.

Gets a set of information that descrbes a missing tenant and why we would not get tokens for it.

Gets a dictionary of tenantId to default domain names.

Utilities.

Environment variable used to force the use of the device code flow with the AadAccountProvider client.

Environment variable used to disable the WAM clientID for VS and use the old clientId.

Environment variable which indicates which authentication to use for the AadAccountProvider client.

Reg key which indicates which authentication to use for the AadAccountProvider client.

Environment variable which indicates that signing in should only authenticate against the home tenant.

Gets or sets a func that is used to read environment variables. Internal for testing, this func can be short-circuited by unit tests to provide. mock data.

Gets a value indicating whether or not to use DeviceCodeFlow for ALL AadAccountProviderClients in the process.

Should device code flow be used for all aad acount provider clients. Value indicating if the global override is set or not.

Gets a value indicating whether or not the new clientId should be used.

Value indicating if the WAM clientId should be used

Gets a value indicating whether or not to sign in only against the home tenant.

Whether sign-in should only authenticate against the home tenant. Value indicating if the global override is set or not.

Gets selected authentication flow type.

Sets a value indicating whether or not to use DeviceCodeFlow for ALL AadAccountProviderClients in the process.

Should device code flow be used for all aad acount provider clients.

Sets a value indicating whether or not signing in should only authenticate against the home tenant.

Should authentication only use the home tenant.

Sets a value indicating whether or not to use SystemBrowser flow for ALL AadAccountProviderClients in the process.

Should system browser flow be used for all aad acount provider clients.

Define interface used to to store session tokens.

Writes a list of session tokens into storage.

Writes session tokens and some metadata to storage. Cancellation token. A representing the asynchronous operation.

Read accounts from storage.

Cancellation token. Read only list of accounts.

Clear out the session token storage.

Cancel the operation if it has not started by the time the cancellation token is set. A representing the asynchronous operation.

Entry in session token storage.

Initializes a new instance of the class.

Session token from VSO. "Account unique identifier". Account provider for the account. Tenant used to generate the session token. SessionToken type.

Gets the session token from VSO.

Gets the account unique identitifer that was used to get the session token for.

Gets the account provider identifier for the account used to get the session token.

Gets the tenant used to acquire the session token with.

Gets the session Token type.

Store the session tokens in a file store. If two threads are writing to the store at the same time the last one to write will have written its contents to the storage.

Default file name for the json store.

Default buffer size for file streams.

How many times to retry a locked file.

How long to wait between retries to access a locked file.

Logger to log information to tracelog.

Initializes a new instance of the class.

Logger.

Initializes a new instance of the class.

Path to write the account storage file. Logger to log with.

Gets location of the account file.

Read accounts from storage.

Cancellation token. Collection of accounts from storage.

Write session tokens to storage.

Set of accounts. Cancellation token. A representing the asynchronous operation.

This class allows the acquisition and storage of session tokens which can be used to talk to Visual Studio Team Services accounts.

Logger.

Netwok mocks.

Store for the session tokens.

Initializes a new instance of the class.

Storage for the session tokens. logger. network services. UiCulture

Clear out any Session tokens from the token storage.

Cancellation token. A representing the asynchronous operation."

Gets a session token from storage or VSO.

Account to get the session token from. Parameters to configure the session token. Should the storage by bypassed. Cancellation token. A session token result. Will contain the session token and any errors.

Calculate the date to refresh the token by taking the length of the token and then calculating the date it will reach 80% of its lifetime remaining.

Date the token is valid from. Date the token is valid to. Date the token should be attempted to be refreshed even if it is still valid.

From a session token stored in session token storage, determine if the token has reached a point where it should be refreshed. This can happen if the token is already expired or the token has reach a percentage of its usefull life span. The data as to how many days before the token needs to be refreshed is encoded as a property in the token and set when the token is created or refreshed.

Session Token. Is the token expired. Does the token need refresh.

Go through token storage for the list of scopes we would like to get tokens for and see if they are in token storage and have enough lifetime such that they do not need to be refreshed. The scopesAndTokenValues dictionary will contain scopes and their session tokens if they are found in token storage. This will include tokens that are fresh and those that need to be refreshed. The reason is that the tokens may have enough lifetime on them to be used even if they are passed their refresh date. We will also check to see which scopes need to be refreshed. This will be passed back in the scopedNeedingRefreshing.

Session tokens from storage. Account to refresh the session token with. Token parameters. Should the storage be used or should we go right to VSO. What tokens need to be refreshed. Session token if one matches the description. Null if the token could not be found or is expired.

This service provides access to session tokens from visual studio online for a given account.

Acquires a session token if it exists in storage, and if not will request a new one.

Account to get the session tokens from. Token parameters to configure the session token. Should force the refresh of the session token in storage and bypass the token cache if it exists. An AccessTokenResult which contains the access token and the token type. If there was a problem an exception will be attached to the SessionTokenResult.

Descriptor used to acquire a session token.

Compare scope names case without considering case. This is because they can be entered by the user and the server does not consider them case sensitive.

Have matching comparer so in getHashCode we use the same kind of comparison we are using to compare the scope names.

Initializes a new instance of the class.

Scope for the session token. Can be null or empty to indicate an unscoped token. Set of account guids to target. can be a null. TenantId for the account. Cannot be empty or null. Token type requested.

Gets the scope used to retrieve the session token. If this is null then an unscoped token will be requested.

Gets the set of target accounts to get the session token for. If this is empty a default set of targets will be used.

Gets the tenant to get the session token for. If this is null we will get the session token for the home tenant.

Gets what kind of session token is being requested.

Override equals.

Object to compare to. Are the object equal or not.

Get the hash code for the descriptor.

the hash code.

Kind of session token.

Self describing token

Compact token

Result of an authorization.

Initializes a new instance of the class.

Token string. SessionToken type. An error which is related to this result. Will be null if no error occured.

Initializes a new instance of the class. Create a new session token result due to an error.

SessionToken type. An error which is related to this result. Will be null if no error occured.

Gets the access token.

Gets the session token type.

Gets an error related to this result.

This factory class maintains a cache of objects based on the path that they are created using. It is thread safe.

Execute the critical code path using a SemaphoreSlim lock asynchronously.

Critical code path Cancellation token name of caller Returns the value returned by the critical code path after unwrapping the task.

This constructor is used as an entry point for the service to start up. It should not do anything but call the other ctor with the correct deps.

This exists so we can easily inject dependencies for testing. The other ctor should just be passing deps to this one and not doing anything else.

Interface that error storage service clients need to implement. Currently we are not using dynamic proxies over JsonRpc, which enable .net events as a notification. For now, the client needs to implement this interface. The OnStoreChange method is called from the service whenever it detects a change. Once dynamic proxies are enabled, this interface can be deleted.

When the service has detected the error store has changed it will callback to the client and issue a StoreChangedEventArgs which contains the changes.

Store changed arguments.

Comparer to compare two errors only using their keys.

Add or update an error in the error store. If the store contains an error with the same error source, it will be updated. Otherwise a new error will be added to the store.

Error to add or update in the error store. The added or updated error

Get all errors stored in the error store.

An IEnumerable containing errors.

Remove an error from the error store based on the source of the error.

The source of the error to search for in the error store. Error if it was removed from the store, null if no matching error was found.

Remove multiple errors from the error store based on the error sources.

The sources of the errors to search for in the error store. An IEnumerable containing all the removed errors.

Remove all errors from the error store if are for any of the provided accounts.

Ids of the accounts for which the errors should be removed. An IEnumerable containing all the removed errors.

Set the prefix of the file on disk used to store errors.

Interface to read and write data of type T to a file.

Type of the data structure stored in a file

The path of the file.

Raised when the file is changed.

Gets the file stored in cache.

Returns T or null if file does not exist.

Reads the file stored on disk and refreshes the cache.

Returns T or null if file does not exist.

Reads the file stored on disk and refreshes the cache. In most concrete implementations T is normally the string representation of a file. The result of the transformation will be the returned as a task.

Apply a transformation to the file while holding a lock to the file. Returning null as part of the transformation will clear the file. Cancellation token Returns U (the result of the transformation) or null if file does not exist.

Mutates the file and writes it to disk.

Function where the parameter is the result of the latest file read. The return value is used as the data to write to file Cancellation token The return value of the mutation function

Default buffer size for file streams.

How many times to retry a locked file.

How long to wait between retries to access a locked file.

File watcher to watch for changes to the store.

Old copy of the file used for firing change events

Cached version of the file.

Holds all parts needed to instantiate an instance of GitHubCredentialStoreService

Extension methods for objects implementing Credential.

Converts an Credential to an Octokit.Credential object.

Credential object. A new Octokit.Credential object.

Hashes the password of the Credential using SHA256.

A hash of the value of the Password property.

A wrapper around an ICredentialStore that provides methods for accessing GitHub credentials specifically.

Prefix of the key of credentials stored by GitHub For Visual Studio. Needed for legacy credential enumeration.

Prefix of the key of credentials stored by GCM. Needed for credential enumeration.

Initializes a new instance of the class.

Use multi account mode. This would be default in the future. Telemetry Logger for sending telemetry Generates event and property names for telemetry The Credential Store that backs this GithubCredentialStorage instance. to use for exception handling. Generates key names for storing credentials.

Finds all credentials whos keys start with git prefixes in the credential store.

A dictionary mapping Uris to Credential objects.

Finds all credentials whos keys start with git prefixes in the credential store.

A dictionary mapping Uris to Credential objects.

Finds all credentials who's keys start with GitHubDevHomeExtension prefixes in the credential store.

A dictionary mapping Uris to Credential objects.

Interface whcih credential stores implement.

Because any credential store is effectively a Key/Value storage, this interface attempts to replicate as closely as possible. However, credential stores are not collections, so this interface omits many methods that would be present in IDictionary -- such as item[key], ContainsValue, and Count -- since they would create opposing semantics, be impossible to implement, or provide no useful function in the context of a credential store.

Returns the credential associate with the key.

The key associated with the credential. Thrown if the key does not exist in the credential store. A username/password pair.

Returns the credential associated with the key, without throwing an exception.

Tke key associated with the credential. The credential associated with the key. Will be null if the credential does not exist. True if success. False if failure.

Inserts a new credential into the credential store, overriding if the key exists already.

The key to put the credential under. The credential to store.

Inserts a new credential into the credential store, overriding if the key exists already and provides list of attempts.

The key to put the credential under. The credential to store. List of attempts to write the credential. See https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credwritew for potential error codes.

Removes the credential with the specified key from the credential store.

The key of the credential to remove. Returns true if the credential was found and was successfully removed, false otherwise. If no element exists, false is returned.

Checks if the credential exists in the credential store.

The key to locate in the credential store. Returns true if a credential with the associated key was found in the credential store, false otherwise.

An that also allows enumeration over the credentials in the store.

Enumerates over all credentials in the credential store, returning those that begin with the specified filter.

The filter to apply to the enumeration. If null or empty, all credentials will be returned. An IDictionary object holding the credential key mapped to the credential itself.

An exception in interop code.

Native error code.

The CredWrite function creates a new credential or modifies an existing credential in the user's credential set. The new credential is associated with the logon session of the current token. The token must not have the user's security identifier (SID) disabled.

A pointer to the credential structure to be written. Flags that control the function's operation. Must be set to 0. True if success; false otherwise.

Reads a credential from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.

Pointer to a null-terminated string that contains the name of the credential to read. Type of the credential to read. Type must be one of the `` defined types. Currently reserved and must be zero. Pointer to a single allocated block buffer to return the credential. Any pointers contained within the buffer are pointers to locations within this single allocated block. The single returned buffer must be freed by calling ``. True if success; false otherwise.

The CredDelete function deletes a credential from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.

The name of the credential to delete. Type of the credential to delete. If the value of this parameter is DomainExtended, this function can delete a credential that specifies a user name when there are multiple credentials for the same target. The value of the TargetName parameter must specify the user name as Target|UserName. Reserved and must be zero. The function returns TRUE on success and FALSE on failure.

The CredFree function frees a buffer returned by any of the credentials management functions.

Pointer to the buffer to be freed.

Enumerates the credentials from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.

Pointer to a null-terminated string that contains the filter for the returned credentials. Only credentials with a TargetName matching the filter will be returned. The filter specifies a name prefix followed by an asterisk. For instance, the filter "FRED*" will return all credentials with a TargetName beginning with the string "FRED". If is specified, all credentials will be returned. The value of this parameter can be zero or more values combined with a bitwise-OR operation. Count of the credentials returned in the . Pointer to an array of pointers to credentials. The returned credential is a single allocated block. Any pointers contained within the buffer are pointers to locations within this single allocated block. The single returned buffer must be freed by calling .

Bit set if the `` does not persist the `` and the credential has not been written during this logon session. This bit is ignored on input and is set automatically when queried. If `` is , the `` is not persisted across logon sessions because the PIN of a certificate is very sensitive information. Indeed, when the credential is written to credential manager, the PIN is passed to the CSP associated with the certificate. The CSP will enforce a PIN retention policy appropriate to the certificate. If Type is `` or ``, an authentication package always fails an authentication attempt when using credentials marked as ``. The application (typically through the key ring UI) prompts the user for the password. The application saves the credential and retries the authentication. Because the credential has been recently written, the authentication package now gets a credential that is not marked as ``.

Bit is set if this `` has a `` member set to the same value as the `` member. Such a credential is one designed to store the `` for a specific user. This bit can only be specified if `` is `` or .

The `` persists for the life of the logon session. It will not be visible to other logon sessions of this same user. It will not exist after this user logs off and back on.

The `` persists for all subsequent logon sessions on this same computer. It is visible to other logon sessions of this same user on this same computer and not visible to logon sessions for this user on other computers.

Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Starter, and Windows XP Home Edition: This value is not supported.

The `` persists for all subsequent logon sessions on this same computer. It is visible to other logon sessions of this same user on this same computer and to logon sessions for this user on other computers.

Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Starter, and Windows XP Home Edition: This value is not supported.

The `` is a generic credential. The credential will not be used by any particular authentication package. The credential will be stored securely but has no other significant characteristics.para>

The `` is a password credential and is specific to Microsoft's authentication packages. The NTLM, Kerberos, and Negotiate authentication packages will automatically use this credential when connecting to the named target.

The `` is a certificate credential and is specific to Microsoft's authentication packages. The Kerberos, Negotiate, and Schannel authentication packages automatically use this credential when connecting to the named target.

The `` is a password credential and is specific to authentication packages from Microsoft. The Passport authentication package will automatically use this credential when connecting to the named target.

The `` is a certificate credential that is a generic authentication package.

The `` is supported by extended Negotiate packages.

Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This value is not supported.

The maximum number of supported credential types.

Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This value is not supported.

The extended maximum number of supported credential types that now allow new applications to run on older operating systems.

Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This value is not supported.

A bit member that identifies characteristics of the credential. Undefined bits should be initialized as zero and not otherwise altered to permit future enhancement.

The type of the credential. This member cannot be changed after the credential is created.

A string comment from the user that describes this credential. This member cannot be longer than `` characters.

The time, in Coordinated Universal Time (Greenwich Mean Time), of the last modification of the credential. For write operations, the value of this member is ignored.

The size, in bytes, of the `` member. This member cannot be larger than `` bytes.

Secret data for the credential. The CredentialBlob member can be both read and written. If the `` member is ``, this member contains the plaintext Unicode password for ``. The `` and `` members do not include a trailing zero character. Also, for ``, this member can only be read by the authentication packages. If the Type member is ``, this member contains the clear test Unicode PIN for ``. The `` and `` members do not include a trailing zero character. Also, this member can only be read by the authentication packages. If the `` member is ``, this member is defined by the application. Credentials are expected to be portable. Applications should ensure that the data in `` is portable.

Defines the persistence of this credential. This member can be read and written.

The number of application-defined attributes to be associated with the credential. This member can be read and written. Its value cannot be greater than ``.

Application-defined attributes that are associated with the credential. This member can be read and written.

Alias for the TargetName member. This member can be read and written. It cannot be longer than `` characters. If the credential Type is ``, this member can be non-NULL, but the credential manager ignores the member.

The user name of the account used to connect to TargetName. If the credential Type is ``, this member can be either a DomainName\UserName or a UPN. If the credential Type is ``, this member must be a marshaled certificate reference created by calling `CredMarshalCredential` with a `CertCredential`. If the credential Type is ``, this member can be non-NULL, but the credential manager ignores the member. This member cannot be longer than CRED_MAX_USERNAME_LENGTH(513) characters.

The System Error Codes are very broad. Each one can occur in one of many hundreds of locations in the system. Consequently the descriptions of these codes cannot be very specific. Use of these codes requires some amount of investigation and analysis. You need to note both the programmatic and the run-time context in which these errors occur. Because these codes are defined in WinError.h for anyone to use, sometimes the codes are returned by non-system software. Sometimes the code is returned by a function deep in the stack and far removed from your code that is handling the error.

The operation completed successfully.

The system cannot find the file specified.

The handle is invalid.

Not enough storage is available to process this command.

The process cannot access the file because it is being used by another process.

The file exists.

Cannot create a file when that file already exists.

Element not found.

A specified logon session does not exist. It may already have been terminated.

Throws a if errorCode is not Success.

Error code of the operation. Function that caused an error. Error message.

Gets last Win32 error code if call was not successful.

Creates instance of with detailed error message.

Error code of the operation. Function that caused an error. Error message.

Credential store implementation for Windows platforms

See https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credwritew for potential error codes.

Cache wrapper on top of to handle cases when credentials not available for read right after they are written.

Inner credential store to wrap and delegate calls to. Filter for credentials that should be added to cache on initialization. This is needed since reading from cred store could fail when write is in progress, so we would like to have current cred store values in cache.

Allows suppressing exceptions to keep regular workflow. Should be combined with

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to additionalContext must be of type JsonRpc.

Looks up a localized string similar to {0} needs your credentials..

Looks up a localized string similar to Error.

Looks up a localized string similar to GitHub account.

Looks up a localized string similar to Could not get details about the home tenant.

Looks up a localized string similar to SecKeychainItemDelete failed with error code: {0}.

Looks up a localized string similar to SecKeychainFindGenericPassword failed with error code: {0}.

Looks up a localized string similar to SecKeychainAddGenericPassword failed with error code: {0}.

Looks up a localized string similar to SecKeychainItemModifyAttributesAndData failed with error code: {0}.

Looks up a localized string similar to No home tenant could be found.

Looks up a localized string similar to No session token entry found.

Looks up a localized string similar to For potential mitigation and additional information go to the following url: '{0}'.

Looks up a localized string similar to Retry count exceeded.

Looks up a localized string similar to Could not get the list of tenants.

Looks up a localized string similar to Microsoft account.

Looks up a localized string similar to The account provider is not supported.

Looks up a localized string similar to The account is not supported by this provider. The configuration does not match..

Looks up a localized string similar to Work or school account.

Looks up a localized string similar to {0} needs your credentials for directory: {1}.

Store the accounts in a file store.

Default file name for the json store.

Initializes a new instance of the class.

Logger to log with. Path to write the account storage file. IFileStoreFactory to operate on files. indicates if multi account store for GitHub accounts should be used.

Gets or sets the handlers for when the store changes.

Gets location of the account file.

Generate the default file storage path.

File prefix to the default file name. Provider to use for storage file. File version to return indicates if multi account store for GitHub accounts should be used. Default storage path.

Read accounts from storage.

Cancellation token. Collection of accounts from storage.

Dispose of the file account storage.

Define interface used to to store accounts.

Has the store changed

Read accounts from storage.

Cancellation token. Read only list of accounts.

Define interface used to to store accounts.

Gets the path to the file which backs the account store.

A constructor function that generates an IAccountStore instance from a filepath and . Used as the type of . The intent of using a delegate type is to provide more documentation and context than a simple type.

The path to the accountStore file on disk. A traceSource to use for debugging. An IFileAccountStore instance to read and write Accounts to.

Storage service for accounts on the keychain. The methods in this class ensure that the storage service is properly initalized first. This class also handles synchronization between the filesystem and memory objects.

Locks the access to initializing the service and updating the account store.

Internal for testing.

Collection of singleton instances of StorageServiceImpl. This is lazy populated by .

Logger to log events.

Function that takes a filepath for a instance and provides a TraceSource for support objects.

Remote channel to send data back to the client that connects to this service.

Constructor function that generates an IAccountStore object. Primarily intended for unit testing.

ServiceProvider for Nexus.

Instance of the storage service to use.

If the client does not support the raising of a store changed event we do not want to keep on trying to raise the event with the client.

Object to generate HttpClients that is passed to the Synchronizer.

Detect redundant dispose calls and detect if we are being called after disposed.

Initializes a new instance of the class.

Stream to communicate with via JSON RPC. Service provider. Service activation options. Function that generates an object. Intended for testing purposes. Can be null. If false, the synchronizer will not be created. NetworkClientFactory to pass to the Synchronizer to use for HttpClients. If null, a default will be used. Function which generates a TraceSource for each private singleton instance this class generates.

Sets the storage location for an account to another file with a different prefix, the configuration is which configuration the automatic synchrnoization should use to create accounts in that path.

Prefix for the account path. null means use default. Unused public parameter. Null is fine. Cancellation token Task which completes once the storage location has been changed.

Add or update an account in the account store. In the update case the properties will be merged. Any properties that exist in the new account and the store will be overwritten by the values in the passed in account. Any properties in the account in storage not in the passed in account will be preserved.

Account object to add or update in the account store. Cancellation token Instantce of the account as it is represented in storage.

Update the properties on an account.

Account to update the properties on. Dictionary of properties to update. When properties are set to null the property dictionary will be cleared. Cancellation token New Account object with the updated properties.

Update the properties on an account.

Account to update the properties on. Is the account stale or not. Cancellation token New Account object with the updated stale property.

Update the display information on an account.

Account to update the properties on. Display information on the account. Cancellation token New Account object with the updated display information.

Get all accounts in the store.

Cancellation token List of accounts in the store.

Remove an account from storage.

Account to remove. Cancellation token A representing the asynchronous operation.

Remove all accounts from storage.

Cancallation token A representing the asynchronous operation.

Dispose of this object.

Initialize the storage service.

Generates the filePath of an accountStore for a particular prefix and AccountProvider GUID.

Creates a .

Raise an event that indicates the store has changed.

sender. Event that contains the store modifications.

Dispose the storage service.

Are we disposing.

Returns the ASAL selected account or null if not found

CancellationToken representing the asynchronous operation.

Manages the accounts on the keychain.

Logger to log events.

Storage where the account information will be stored.

Cancellation token for the changed event management task.

Default configuration for the identity service.

Initializes a new instance of the class. Internal constructor to allow tests to set a different storage mechanism.

Stream. Storage. Ports accounts between stores on Impl creation.

The store has changed.

Gets a value indicating whether gets a value indicating if this instance disposed.

Account object to add or update in the account store. Cancellation token Instantce of the account as it is represented in storage.

Update the properties on an account.

Account to update the properties on. Dictionary of properties to update. When properties are set to null the property dictionary will be cleared. CancellationToken New Account object with the updated properties.

Mark an account as preserved.

Account to update the properties on. A Task representing the asynchronous operation.

Gets a value indicating whether the account is preserved or not.

Account to check for preserved status. Preservation status of the account.

Remove the preservation marker for an account.

Account to update the properties on. A Task representing the asynchronous operation.

Update the properties on an account.

Account to update the properties on. Is the account stale or not. CancellationToken New Account object with the updated stale property.

Update the display information on an account.

Account to update the properties on. Display information on the account. Cancellation token New Account object with the updated display information.

Get all accounts in the store.

Cancellation token List of accounts in the store.

Remove an account from storage.

Account to remove. Cancellation token A representing the asynchronous operation.

Remove all accounts from storage.

A representing the asynchronous operation.

Dispose the service.

Merge two property dictionaries together.

Exsiting properties. new properties. Merged dictionary.

Merge two accounts when adding or updating an account in the store.

First account. Second account. Merged account.

Initialize the storage service.

A representing the asynchronous operation.

Mutate the account store within a file lock.

Account Whcih caused the mutation. Function to mutate the store. cancellationToken. Task.

Raise an event that indicates the store has changed.

Event that contains the store modifications.

Read a specific account from the store.

accounts to find the instance within. Account to find a fresh instance in the store. A new instance of the account from the store.

Calculate the differences between the store on disk and what is in memory and raise the correct events.

Dispose the storage service.

Are we disposing.

A wrapper around a nested dictionary for objects. This class aims to simplify data management.

A ReadOnlyDictionary that contains the value it was keyed with. This type is returned by to provide a read-only collection of StorageServiceImpl objects keyed with AccountProvider GUIDs.

Applies an asynchronous action over all values in this view.

The action to apply. A task representing the work.

Creates an by applying a function asynchronously to all values in this View. Asynchronous analog to the Select methond in Linq.

Return type. Transformer function. A collection of results after applying the function to all elements in this View.

Creates an by applying a function asychronously to all values in this View, and flattening the result into one collection.

The return type. A transform function. A collection of results after applying the function to all elements in this View.

Helper method to read all accounts from all StorageServiceImpls in this view.

Cancellation token A read-only collection of accounts.

Gets the number of (StorageServiceImpl, Synchronizer) pairs in this collection.

Gets an Enumerable over all values in this collection.

Adds many -> objects under one prefix key.

The prefix key The values to insert under the prefix. A view of the inner dictionary the values were added too.

Empties the inner dictionaries while preserving the instances. This will invalidate all instances.

Empties the dictionary and inner dictionary of all values. This will invalidate all instances.

Selected asal account

Selected asal account key. Null if none is set

A representing the result of the asynchronous operation.

Storage service.

Get all connected accounts from the OS.

List of accounts in the store.

Storage service.

Account object to add or update in the account store. Cancellation token Instantce of the account as it is represented in storage.

Get all accounts in the store.

Cancellation token List of accounts in the store.

Remove an account from storage.

Account to remove. Cancellation token A representing the asynchronous operation.

Remove all accounts from storage.

Cancellation token A representing the asynchronous operation.

Update the display information on an account.

Account to update the properties on. Display information on the account. Cancellation token New Account object with the updated display information.

Update the properties on an account.

Account to update the properties on. Is the account stale or not. Cancellation token New Account object with the updated stale property.

Set a storage prefix to use for the account store.

Prefix to attach to the front of the file to make it unique. Configuration to use to synchronze the account store. Cancellation token A representing the asynchronous operation.

Storage service.

Complete the initialization after the RPC connections have been made.

Contains static storage objects for creating and manipulating token caches in both ADAL and MSAL.

Gets a static instance of Msal StorageCreationProperties.

Gets a singleton instance of the for this process.

Gets a static instance of a trace source.

Creates a new ErrorResult from an exception.

The exception to convert into an ErrorResult. Ui culture to use when localizing A new ErrorResult representing the Exception.

Error code, Message and help link are all tightly related since the link is determined by the error code in many cases.

dictionary to add metadata to exception culture to localize with

Utility class.

Name value for the Bearer token, some services expect this to be capital B but it is supposed to be case insensitive.

Validate an account is for a specific account provider.

Account key to check against the expected accountProvider. Account provider id to match against.

Throw an object disposed exception if the object is disposed.

Is the object disposed. Component that was disposed.

Is the account an MSA account or not.

Identity provider used to authenticate the account. Aad configuration. True if the account is an MSA account, false otherwise.

Compare two tenant identifiers.

First tenants. Second tenant. Are the tenants equal.

Given a list of exceptions convert them to error results.

Errors. Array of error results.

Verify that the two configurations match, throw exceptions if they don't.

Configuration from the account. Expected configuration.

Creates a new object with recommended settings.

Extension methods for formatting Microsoft VS Account Organization uris.

Property name for obtaining correct uri format for AAD organizations

Formatting Organizations uris for Microsoft Visual Studio Account Organization type

Definition for properties passed during Aad account authentication.

Property name for QueryString.

Property name for Authentication Flow Type.

Property name for User Name.

Property name for Home Tenant Only flag.

Dictionary key to find feature text entry.

Domain the user is authenticating with.

Header text to be shown in the sign in dialog. Will be combined with additional data in the service but should be a friendly feature name. And if localization makes sense should be localized prior to being passed in.

Existing property collection builder. Text to contribue to the overall header text. Object populated with feature text.

Tries to get the feature text property out of the property collection.

The property collection. The feature text if it exists in the property collection. True if the property exists. False otherwise.

Domain information for what is being authenticated.

Existing property collection builder. Text to contribue to the overall header text. Object populated with domain text.

Tries to get the feature text property out of the property collection.

The property collection. The domain text if it exists in the property collection. True if the property exists. False otherwise.

Augments an existing property collection with a given query string.

Existing property collection builder. Query string to use during authentication. Builder object to enable chaining.

Tries to get the query string property out of the property collection.

The property collection The query string if it exists in the property collection. True if the property exists. False otherwise.

Augments an existing property collection with a given flow type.

Existing property collection builder. The flow type to use for authentication. Builder object to enable chaining.

Tries to get the authentication flow type out of the property collection.

The property collection. The authentication flow if it exists in the property collection. True if the property exists. False otherwise.

Augments an existing property collection with a given user name.

Existing property collection builder. User name to use during authentication. Builder object to enable chaining.

Tries to get the user name property out of the property collection.

The property collection The user name if it exists in the property collection. True if the property exists. False otherwise.

Augments an existing property collection with flag describing whether to authenticate against the user's home tenant only.

Existing property collection builder. Whether or not to authenticate against the home tenant only. Builder object to enable chaining.

Tries to get the flag describing whether to authenticate against the home tenant only out of the property collection.

The property collection Whether or not to authenticate atainst the home tenant only. True if the property exists. False otherwise.

Compare two account display info objects.

Comparer to compare two account display information objects.

Determine if the two objects are equal.

First account display info to comapre. Second account display info to compare. True if the display info objects are the same. False if they are different.

Generate a hash code for the display info.

DisplayInfo to get the hash code for. Hash code for the account display info.

Comparer to compare two account keys.

Compare accounts as accountkeys.

First account to compare. Second account to comapre. Are the accounts equal.

Determine if two account keys are equal.

First account to comapre. Second account to comapre. True if the objects are equal. False if they are not equal.

Get the hash code.

Account to get the hash code for. Hash code.

Generate a hash code based on the account keys.

Object to get the hash code for. Hash code for the object.

Compare the individual fields on an account to determine if they are different in contents.

Compare two accounts by members.

Determine if the accounts are the same including contents.

First account to compare. Second account to compare. True if the two accounts are equal in terms of their members. False if they are not equal.

Generate a hash code for the account.

Account to get the hash code for. Get the hash code of the account.

Initializes a new instance of the class.

Uri for proxy server NetworkCredential object for proxy credentials

A pointer to the credential structure to be written. Flags that control the function's operation. Must be set to 0. True if success; false otherwise.

Reads a credential from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.

The CredFree function frees a buffer returned by any of the credentials management functions.

Pointer to the buffer to be freed.

Enumerates the credentials from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.

Bit is set if this `` has a `` member set to the same value as the `` member. Such a credential is one designed to store the `` for a specific user. This bit can only be specified if `` is `` or .

The `` persists for the life of the logon session. It will not be visible to other logon sessions of this same user. It will not exist after this user logs off and back on.

Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Starter, and Windows XP Home Edition: This value is not supported.

The `` is a generic credential. The credential will not be used by any particular authentication package. The credential will be stored securely but has no other significant characteristics.