NEWS

AzureAuth 1.3.3 (2021-09-13)

Documentation update only:
- Clarify that you can use get_managed_token to obtain tokens with a user-defined identity, not just a system identity.
- Clarify the distinction between authentication and authorization in the get_azure_token help, and also in the Shiny vignette.
- Add a webapp (Shiny) scenario to the "Common authentication scenarios" vignette.

Change the default caching behaviour to disable the cache if running inside Shiny.
Update Shiny vignette to clean up redirect page after authenticating (thanks to Tyler Littlefield).
Revert the changed behaviour for caching directory creation in 1.3.1.
Add a create_AzureR_dir function to create the caching directory manually. This can be useful not just for non-interactive sessions, but also Jupyter and R notebooks, which are not technically interactive in the sense that they cannot read user input from a console prompt.

Allow specifying the location of the token caching directory in the environment variable R_AZURE_DATA_DIR.
Change clean_token_directory to actually clean the directory (delete all files). This is because the main non-token objects found here are AzureRMR and AzureGraph logins, which are orphaned once their backing tokens are deleted. Deleting them as well is less confusing, as a message will be displayed saying to create a new login.
Always create the token caching directory, rather than asking first. This should result in consistent behaviour for both interactive and non-interactive sessions.
Add a vignette outlining the app registration settings and get_azure_token arguments for some common authentication scenarios.

Allow obtaining tokens for the organizations and consumers generic tenants, in addition to common.
More robust handling of expiry time calculation for AAD v2.0 authentication.

is_guid, normalize_guid and normalize_tenant now accept vector arguments. normalize_guid throws an error if any of its argument values is not a valid GUID.
get_azure_token will now display the authentication method it chooses if the auth_type argument is not explicitly specified. To avoid surprises, it's still recommended that you specify auth_type when obtaining a token.
New load_azure_token function to retrieve a token from the cache, given its hash value.
Fixes to allow authenticating personal accounts without a tenant.

Pass the resource and scope as explicit parameters to the AAD endpoint when refreshing a token. Among other things, this allows using a refresh token from one resource to obtain an access token for another resource.
Use utils::askYesNo for prompts, eg when creating the AzureR caching directory and deleting tokens; this fixes a bug in reading the input. As a side-effect, Windows users who are using RGUI.exe will see a popup dialog box instead of a message in the terminal.

Changes to token acquisition code to better integrate with Shiny. Use the build_authorization_uri and get_device_creds functions to initiate the authorization step from within a Shiny web app. get_azure_token has new auth_code and device_creds arguments for passing in authorization details obtained separately. See the "Authenticating from Shiny" vignette for a skeleton example app.
Add use_cache argument to get_azure_token and get_managed_token, which controls whether to cache tokens. Set this to FALSE to skip reading cached credentials from disk, and to skip saving credentials to the cache.
Make decode_jwt a generic, with methods for character strings, AzureToken objects and httr::Token objects.
Add extract_jwt generic to get the actual token from within an R object, with methods for character strings, AzureToken objects and httr::Token objects.
Fix bug in checking the expiry time for AAD v2.0 tokens.
Extend get_managed_token to work from within Azure Functions.
Refactor the underlying classes to represent authentication flows, which have a much greater impact on the program logic than AAD version. In place of AzureTokenV1 and AzureTokenV2 classes, there are now AzureTokenAuthCode, AzureTokenDeviceCode, AzureTokenClientCreds, AzureTokenOnBehalfOf, AzureTokenResOwner, and AzureTokenManaged. There should be no user-visible changes in behaviour arising from this.

New get_managed_token function to obtain a token for a managed identity. Note this only works within a VM, service or container to which an identity has been assigned.

Much improved support for authenticating with a certificate. In the certificate argument, specify either the name of a PEM/PFX file, or an AzureKeyVault object representing a cert.
Support providing a path in the aad_host argument, for Azure B2C logins.
Fix bug that prevented token_args argument from being passed to the token endpoint.
If authentication fails using the authorization_code flow, print the AAD error message, if possible.
Add support for the on_behalf_of authorization flow.

Corrections to vignette and readme.
Make prompt to create caching directory more generic, since other AzureR packages will also use it.

Export decode_jwt, a utility function to view the token data.
Force tokens to be cached using version 2 of the RDS format. This is mostly to ensure backward compatibility if the default format used by saveRDS ever changes.