Feat/force wam (#3472)

* feat: force WAM auth for windows users

* feat(auth): Provide messages to user regarding WAM on windows support.

* Wiring up WriteWarning

* Sign parameter set to True in CI

* clear messages regarding WAM option deprecation

* remove writeDebug as it doesnt exist in context

* bump versions to 2.34.0

* fix warning placement to ensure output is initialized

---------

Co-authored-by: Gavin Barron (from Dev Box) <[email protected]>

Author: ramsessanchez

.azure-pipelines/ci-build.yml

@@ -13,7 +13,7 @@ parameters:
   default: false
 - name: Sign
   type: boolean
-  default: false
+  default: true
 - name: InternalFeed
   type: string
   default: '0985d294-5762-4bc2-a565-161ef349ca3e/PowerShell_V2_Build'

CONTRIBUTING.md

@@ -26,3 +26,15 @@ When it comes to modifying existing cmdlets, we recommend you use [AutoREST dire
 ## SDK generation
 
 See our [SDK generation steps wiki](https://github.com/microsoftgraph/msgraph-sdk-powershell/wiki/Generation-Process) for more information.
+
+## Debugging the Auth module
+
+* In a terminal run `.\tools\GenerateAuthenticationModule.ps1 -Build -Pack`
+* In Visual Studio open the `.\src\Authentication\Authentication.sln` solution
+* Start the project in debug mode
+* In the newly opened terminal run `pwd` to get the current working directory for the debug session
+* Copy the `Microsoft.Graph.Authencation.<version-number>.nupkg` to the working directory for the debug session
+* Rename the `.nupkg` file to `.zip`
+* Unzip the files to the working directory
+* In the working directory run `Import-Module .\Microsoft.Graph.Authentication.psm1`
+* Run any cmdlet from the Authentication module to hit your breakpoints

config/ModuleMetadata.json

@@ -27,15 +27,15 @@
   "versions": {
     "authentication": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     },
     "beta": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     },
     "v1.0": {
       "prerelease": "",
-      "version": "2.33.0"
+      "version": "2.34.0"
     }
   }
 }

docs/authentication.md

@@ -129,3 +129,4 @@ Set-MgGraphOption -EnableLoginByWAM $true
 ```PowerShell
 Set-MgGraphOption -EnableLoginByWAM $false
 ```
+#### Note: Signin by Web Account Manager (WAM) is enabled by default on Windows and cannot be disabled. Setting this option to $False will have no effect on Windows systems. 

src/Authentication/Authentication.Core/Interfaces/IPSGraphOutputWriter.cs

@@ -6,6 +6,7 @@ public interface IPSGraphOutputWriter
     {
         Action<string> WriteObject { get; set; }
         Action<string> WriteDebug { get; set; }
+        Action<string> WriteWarning { get; set; }
         Action<Exception, string, int, object> WriteError { get; set; }
         Action<object, string> WriteInformation { get; set; }
         Action<string> WriteVerbose { get; set; }

src/Authentication/Authentication.Core/Microsoft.Graph.Authentication.Core.csproj

@@ -4,7 +4,7 @@
     <LangVersion>9.0</LangVersion>
     <TargetFrameworks>netstandard2.0;net6.0;net472</TargetFrameworks>
     <RootNamespace>Microsoft.Graph.PowerShell.Authentication.Core</RootNamespace>
-    <Version>2.31.0</Version>
+    <Version>2.32.0</Version>
     <!-- Suppress .NET Target Framework Moniker (TFM) Support Build Warnings -->
     <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
   </PropertyGroup>
@@ -13,11 +13,11 @@
     <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.13.2" />
-    <PackageReference Include="Azure.Identity.Broker" Version="1.2.0" />
-    <PackageReference Include="Microsoft.Graph.Core" Version="3.2.4" />
+    <PackageReference Include="Azure.Identity" Version="1.17.1" />
+    <PackageReference Include="Azure.Identity.Broker" Version="1.3.1" />
+    <PackageReference Include="Microsoft.Graph.Core" Version="3.2.5" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="8.0.6" />
   </ItemGroup>
   <Target Name="CopyFiles" AfterTargets="Build">
     <Copy SourceFiles="@(PreLoadAssemblies)" DestinationFolder="$(OutputPath)/publish" />

src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs

@@ -84,7 +84,7 @@ private static bool IsAuthFlowNotSupported()
 
         private static bool IsWamSupported()
         {
-            return GraphSession.Instance.GraphOption.EnableWAMForMSGraph && SharedUtilities.IsWindowsPlatform();
+            return SharedUtilities.IsWindowsPlatform();
         }
 
         private static async Task<TokenCredential> GetClientSecretCredentialAsync(IAuthContext authContext)
@@ -129,16 +129,13 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
                     authRecord = await Task.Run(() =>
                     {
                         // Run the thread in MTA.
+                        GraphSession.Instance.OutputWriter.WriteWarning("Note: Sign in by Web Account Manager (WAM) is enabled by default on Windows. If using an embedded terminal, the interactive browser window may be hidden behind other windows.");
                         return interactiveBrowserCredential.Authenticate(new TokenRequestContext(authContext.Scopes), cancellationToken);
                     });
                 }
                 else
                 {
-                    authRecord = await Task.Run(() =>
-                    {
-                        // Run the thread in MTA.
-                        return interactiveBrowserCredential.AuthenticateAsync(new TokenRequestContext(authContext.Scopes), cancellationToken);
-                    });
+                    authRecord = await interactiveBrowserCredential.AuthenticateAsync(new TokenRequestContext(authContext.Scopes), cancellationToken);
                 }
                 await WriteAuthRecordAsync(authRecord).ConfigureAwait(false);
                 return interactiveBrowserCredential;

src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj

@@ -2,7 +2,7 @@
   <PropertyGroup>
     <TargetFrameworks>net8.0;net472</TargetFrameworks>
     <IsPackable>false</IsPackable>
-    <Version>2.25.0</Version>
+    <Version>2.32.0</Version>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.2" />

src/Authentication/Authentication/Cmdlets/ConnectMgGraph.cs

@@ -275,6 +275,7 @@ private static string GetWelcomeMessage(string clientId, string authType)
             stringBuilder.AppendLine($"SDK Docs: {Constants.SdkDocsLink}");
             stringBuilder.AppendLine($"API Docs: {Constants.ApiDocsLink}{System.Environment.NewLine}");
             stringBuilder.AppendLine($"NOTE: You can use the -NoWelcome parameter to suppress this message.");
+            stringBuilder.AppendLine($"NOTE: Sign in by Web Account Manager (WAM) is enabled by default on Windows systems and cannot be disabled. Any setting stating otherwise will be ignored.");
             return stringBuilder.ToString();
         }
 

src/Authentication/Authentication/Cmdlets/SetMgGraphOption.cs

@@ -25,7 +25,8 @@ protected override void ProcessRecord()
             if (this.IsParameterBound(nameof(EnableLoginByWAM)))
             {
                 GraphSession.Instance.GraphOption.EnableWAMForMSGraph = EnableLoginByWAM;
-                WriteDebug($"Signin by Web Account Manager (WAM) is {(EnableLoginByWAM ? "enabled" : "disabled")}.");
+                WriteDebug($"Requested to {(EnableLoginByWAM ? "enable" : "disable")} sign in by Web Account Manager (WAM).");
+                WriteDebug("Note: Sign in by Web Account Manager (WAM) is mandatory for Microsoft Graph PowerShell SDK on Windows and cannot be disabled. This option is deprecated and no longer has any effect.");
             }
             File.WriteAllText(Constants.GraphOptionsFilePath, JsonConvert.SerializeObject(GraphSession.Instance.GraphOption, Formatting.Indented));
         }