@@ -40,11 +40,6 @@ pub struct ClientAssertionCredentialOptions {
4040 /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is registered.
4141 pub additionally_allowed_tenants : Vec < String > ,
4242
43- /// The base URL for token requests.
44- ///
45- /// The default is `https://login.microsoftonline.com`.
46- pub authority_host : Option < String > ,
47-
4843 /// Should be set true only by applications authenticating in disconnected clouds, or private clouds such as Azure Stack.
4944 ///
5045 /// It determines whether the credential requests Microsoft Entra instance metadata
@@ -89,7 +84,7 @@ impl<C: ClientAssertion> ClientAssertionCredential<C> {
8984 validate_tenant_id ( & tenant_id) ?;
9085 validate_not_empty ( & client_id, "no client ID specified" ) ?;
9186 let options = options. unwrap_or_default ( ) ;
92- let authority_host = get_authority_host ( None , options. authority_host ) ?;
87+ let authority_host = get_authority_host ( None , options. client_options . cloud . as_deref ( ) ) ?;
9388 let endpoint = authority_host
9489 . join ( & format ! ( "/{tenant_id}/oauth2/v2.0/token" ) )
9590 . with_context_fn ( ErrorKind :: DataConversion , || {
@@ -98,7 +93,7 @@ impl<C: ClientAssertion> ClientAssertionCredential<C> {
9893 let pipeline = Pipeline :: new (
9994 option_env ! ( "CARGO_PKG_NAME" ) ,
10095 option_env ! ( "CARGO_PKG_VERSION" ) ,
101- options. client_options . clone ( ) ,
96+ options. client_options ,
10297 Vec :: default ( ) ,
10398 Vec :: default ( ) ,
10499 None ,
@@ -194,7 +189,6 @@ pub(crate) mod tests {
194189 use super :: * ;
195190 use crate :: tests:: * ;
196191 use azure_core:: {
197- authority_hosts:: AZURE_PUBLIC_CLOUD ,
198192 http:: {
199193 headers:: { self , content_type, Headers } ,
200194 Body , BufResponse , Method , Request , Transport ,
@@ -207,12 +201,10 @@ pub(crate) mod tests {
207201
208202 pub const FAKE_ASSERTION : & str = "fake assertion" ;
209203
210- pub fn is_valid_request ( ) -> impl Fn ( & Request ) -> azure_core:: Result < ( ) > {
211- let expected_url = format ! (
212- "{}{}/oauth2/v2.0/token" ,
213- AZURE_PUBLIC_CLOUD . as_str( ) ,
214- FAKE_TENANT_ID
215- ) ;
204+ pub fn is_valid_request (
205+ expected_authority : String ,
206+ ) -> impl Fn ( & Request ) -> azure_core:: Result < ( ) > {
207+ let expected_url = format ! ( "{expected_authority}/oauth2/v2.0/token" ) ;
216208 move |req : & Request | {
217209 assert_eq ! ( Method :: Post , req. method( ) ) ;
218210 assert_eq ! ( expected_url, req. url( ) . to_string( ) ) ;
@@ -269,7 +261,9 @@ pub(crate) mod tests {
269261 expected
270262 ) ) ,
271263 ) ] ,
272- Some ( Arc :: new ( is_valid_request ( ) ) ) ,
264+ Some ( Arc :: new ( is_valid_request (
265+ FAKE_PUBLIC_CLOUD_AUTHORITY . to_string ( ) ,
266+ ) ) ) ,
273267 ) ;
274268 let credential = ClientAssertionCredential :: new (
275269 FAKE_TENANT_ID . to_string ( ) ,
@@ -300,15 +294,10 @@ pub(crate) mod tests {
300294 #[ tokio:: test]
301295 async fn get_token_success ( ) {
302296 let mock = MockSts :: new (
303- vec ! [ BufResponse :: from_bytes(
304- StatusCode :: Ok ,
305- Headers :: default ( ) ,
306- Bytes :: from( format!(
307- r#"{{"access_token":"{}","expires_in":3600,"token_type":"Bearer"}}"# ,
308- FAKE_TOKEN
309- ) ) ,
310- ) ] ,
311- Some ( Arc :: new ( is_valid_request ( ) ) ) ,
297+ vec ! [ token_response( ) ] ,
298+ Some ( Arc :: new ( is_valid_request (
299+ FAKE_PUBLIC_CLOUD_AUTHORITY . to_string ( ) ,
300+ ) ) ) ,
312301 ) ;
313302 let credential = ClientAssertionCredential :: new (
314303 FAKE_TENANT_ID . to_string ( ) ,
@@ -340,4 +329,33 @@ pub(crate) mod tests {
340329 assert_eq ! ( token. token. secret( ) , cached_token. token. secret( ) ) ;
341330 assert_eq ! ( token. expires_on, cached_token. expires_on) ;
342331 }
332+
333+ #[ tokio:: test]
334+ async fn cloud_configuration ( ) {
335+ for ( cloud, expected_authority) in cloud_configuration_cases ( ) {
336+ let mock = MockSts :: new (
337+ vec ! [ token_response( ) ] ,
338+ Some ( Arc :: new ( is_valid_request ( expected_authority) ) ) ,
339+ ) ;
340+ let credential = ClientAssertionCredential :: new (
341+ FAKE_TENANT_ID . to_string ( ) ,
342+ FAKE_CLIENT_ID . to_string ( ) ,
343+ MockAssertion { } ,
344+ Some ( ClientAssertionCredentialOptions {
345+ client_options : ClientOptions {
346+ transport : Some ( Transport :: new ( Arc :: new ( mock) ) ) ,
347+ cloud : Some ( Arc :: new ( cloud) ) ,
348+ ..Default :: default ( )
349+ } ,
350+ ..Default :: default ( )
351+ } ) ,
352+ )
353+ . expect ( "valid credential" ) ;
354+
355+ credential
356+ . get_token ( LIVE_TEST_SCOPES , None )
357+ . await
358+ . expect ( "token" ) ;
359+ }
360+ }
343361}
0 commit comments