Azure · pranavmalik-msft · Feb 14, 2024 · Feb 27, 2024 · Feb 28, 2024 · Feb 29, 2024
@@ -1449,7 +1449,7 @@ func (cca *CookedCopyCmdArgs) getSrcCredential(ctx context.Context, jpo *common.
 			// get token from env var or cache
 			if tokenInfo, err := uotm.GetTokenInfo(ctx); err != nil {
 				return srcCredInfo, err
-			} else if _, err := tokenInfo.GetTokenCredential(); err != nil {
+			} else if _, err := tokenInfo.GetTokenCredential(true); err != nil {
 				// we just verified we can get a token credential
 				return srcCredInfo, err
 			}

@@ -59,23 +59,14 @@ func warnIfSharedKeyAuthForDatalake() {
 // (given appAppPathFolder is mapped to current user)
 var currentUserOAuthTokenManager *common.UserOAuthTokenManager
 
-const oauthLoginSessionCacheKeyName = "AzCopyOAuthTokenCache"
-const oauthLoginSessionCacheServiceName = "AzCopyV10"
-const oauthLoginSessionCacheAccountName = "AzCopyOAuthTokenCache"
-
 // GetUserOAuthTokenManagerInstance gets or creates OAuthTokenManager for current user.
 // Note: Currently, only support to have TokenManager for one user mapping to one tenantID.
 func GetUserOAuthTokenManagerInstance() *common.UserOAuthTokenManager {
 	once.Do(func() {
 		if common.AzcopyJobPlanFolder == "" {
 			panic("invalid state, AzcopyJobPlanFolder should not be an empty string")
 		}
-		currentUserOAuthTokenManager = common.NewUserOAuthTokenManagerInstance(common.CredCacheOptions{
-			DPAPIFilePath: common.AzcopyJobPlanFolder,
-			KeyName:       oauthLoginSessionCacheKeyName,
-			ServiceName:   oauthLoginSessionCacheServiceName,
-			AccountName:   oauthLoginSessionCacheAccountName,
-		})
+		currentUserOAuthTokenManager = common.NewUserOAuthTokenManagerInstance()
 	})
 
 	return currentUserOAuthTokenManager
@@ -138,7 +129,7 @@ func GetOAuthTokenManagerInstance() (*common.UserOAuthTokenManager, error) {
 			return
 		}
 
-		lca.persistToken = false
+		lca.persistToken = true
 		if err = lca.process(); err != nil {
 			glcm.Error(fmt.Sprintf("Failed to perform Auto-login: %v.", err.Error()))
 		}

@@ -288,7 +288,7 @@ func (rca resumeCmdArgs) getSourceAndDestinationServiceClients(
 			return nil, nil, err
 		}
 
-		tc, err = tokenInfo.GetTokenCredential()
+		tc, err = tokenInfo.GetTokenCredential(true)
 		if err != nil {
 			return nil, nil, err
 		}

@@ -23,6 +23,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+
 	"github.com/Azure/azure-storage-azcopy/v10/common"
 	"github.com/Azure/azure-storage-azcopy/v10/ste"
 	"github.com/spf13/cobra"
@@ -51,7 +52,7 @@ func init() {
 			uotm := GetUserOAuthTokenManagerInstance()
 			tokenInfo, err := uotm.GetTokenInfo(ctx)
 
-			if err == nil && !tokenInfo.IsExpired() {
+			if err == nil && tokenInfo == nil {
 				glcm.Info("You have successfully refreshed your token. Your login session is still active")
 
 				if commandLineInput.tenantID {

@@ -700,7 +700,7 @@ func (cca *cookedSyncCmdArgs) process() (err error) {
 		// Get token from env var or cache.
 		if tokenInfo, err := uotm.GetTokenInfo(ctx); err != nil {
 			return err
-		} else if _, err := tokenInfo.GetTokenCredential(); err != nil {
+		} else if _, err := tokenInfo.GetTokenCredential(true); err != nil {
 			return err
 		}
 	}

@@ -21,7 +21,6 @@
 package common
 
 import (
-	"errors"
 	"fmt"
 	"sync"
 )
@@ -54,22 +53,6 @@ func (c *CredCacheInternalIntegration) HasCachedToken() (bool, error) {
 	return has, err
 }
 
-// RemoveCachedToken deletes the cached token.
-func (c *CredCacheInternalIntegration) RemoveCachedToken() error {
-	c.lock.Lock()
-	err := c.removeCachedTokenInternal()
-	c.lock.Unlock()
-	return err
-}
-
-// SaveToken saves an oauth token.
-func (c *CredCacheInternalIntegration) SaveToken(token OAuthTokenInfo) error {
-	c.lock.Lock()
-	err := c.saveTokenInternal(token)
-	c.lock.Unlock()
-	return err
-}
-
 // LoadToken gets the cached oauth token.
 func (c *CredCacheInternalIntegration) LoadToken() (*OAuthTokenInfo, error) {
 	c.lock.Lock()
@@ -99,13 +82,8 @@ func (c *CredCacheInternalIntegration) hasCachedTokenInternal() (bool, error) {
 	return true, nil
 }
 
-// removeCachedTokenInternal deletes all the cached token.
-func (c *CredCacheInternalIntegration) removeCachedTokenInternal() error {
-	// By design, not useful currently.
-	return errors.New("Not implemented")
-}
-
 // loadTokenInternal restores a Token object from file cache.
+//
 //nolint:staticcheck
 func (c *CredCacheInternalIntegration) loadTokenInternal() (*OAuthTokenInfo, error) {
 	data, err := c.keyring.Get(c.serviceName, c.accountName)
@@ -119,9 +97,3 @@ func (c *CredCacheInternalIntegration) loadTokenInternal() (*OAuthTokenInfo, err
 	}
 	return token, nil
 }
-
-// saveTokenInternal persists an oauth token on disk.
-func (c *CredCacheInternalIntegration) saveTokenInternal(token OAuthTokenInfo) error {
-	// By design, not useful currently.
-	return errors.New("Not implemented")
-}
@@ -24,7 +24,6 @@ import (
 	"bytes"
 	"crypto/md5"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"strconv"
 	"sync"
@@ -54,22 +53,6 @@ func (c *CredCacheInternalIntegration) HasCachedToken() (bool, error) {
 	return has, err
 }
 
-// RemoveCachedToken deletes the cached token.
-func (c *CredCacheInternalIntegration) RemoveCachedToken() error {
-	c.lock.Lock()
-	err := c.removeCachedTokenInternal()
-	c.lock.Unlock()
-	return err
-}
-
-// SaveToken saves an oauth token.
-func (c *CredCacheInternalIntegration) SaveToken(token OAuthTokenInfo) error {
-	c.lock.Lock()
-	err := c.saveTokenInternal(token)
-	c.lock.Unlock()
-	return err
-}
-
 // LoadToken gets the cached oauth token.
 func (c *CredCacheInternalIntegration) LoadToken() (*OAuthTokenInfo, error) {
 	c.lock.Lock()
@@ -105,12 +88,6 @@ func (c *CredCacheInternalIntegration) hasCachedTokenInternal() (bool, error) {
 	return true, nil
 }
 
-// removeCachedTokenInternal deletes all the cached token.
-func (c *CredCacheInternalIntegration) removeCachedTokenInternal() error {
-	// By design, not useful currently.
-	return errors.New("Not implemented")
-}
-
 // segmentTokenInfo is used to present information about segmented token saved in credential manager.
 type segmentedTokenHeader struct {
 	SegmentNum string `json:"SegmentNum"`
@@ -163,9 +140,3 @@ func (c *CredCacheInternalIntegration) loadTokenInternal() (*OAuthTokenInfo, err
 
 	return token, nil
 }
-
-// saveTokenInternal persists an oauth token on disk.
-func (c *CredCacheInternalIntegration) saveTokenInternal(token OAuthTokenInfo) error {
-	// By design, not useful currently.
-	return errors.New("Not implemented")
-}
@@ -45,7 +45,7 @@ type CredCache struct {
 	// for more details, refer to https://developer.apple.com/documentation/security/ksecattraccessgroup?language=objc
 }
 
-func NewCredCache(options CredCacheOptions) *CredCache {
+func NewCredCacheInternalIntegration(options CredCacheOptions) *CredCache {
 	return &CredCache{
 		serviceName: options.ServiceName,
 		accountName: options.AccountName,
@@ -60,9 +60,6 @@ func NewCredCache(options CredCacheOptions) *CredCache {
 	}
 }
 
-// keychain is used for internal integration as well.
-var NewCredCacheInternalIntegration = NewCredCache
-
 // HasCachedToken returns if there is cached token for current executing user.
 func (c *CredCache) HasCachedToken() (bool, error) {
 	c.lock.Lock()
@@ -71,22 +68,6 @@ func (c *CredCache) HasCachedToken() (bool, error) {
 	return has, err
 }
 
-// RemoveCachedToken deletes the cached token.
-func (c *CredCache) RemoveCachedToken() error {
-	c.lock.Lock()
-	err := c.removeCachedTokenInternal()
-	c.lock.Unlock()
-	return err
-}
-
-// SaveToken saves an oauth token.
-func (c *CredCache) SaveToken(token OAuthTokenInfo) error {
-	c.lock.Lock()
-	err := c.saveTokenInternal(token)
-	c.lock.Unlock()
-	return err
-}
-
 // LoadToken gets the cached oauth token.
 func (c *CredCache) LoadToken() (*OAuthTokenInfo, error) {
 	c.lock.Lock()
@@ -129,59 +110,6 @@ func (c *CredCache) hasCachedTokenInternal() (bool, error) {
 	return true, nil
 }
 
-// removeCachedTokenInternal delete the cached token.
-func (c *CredCache) removeCachedTokenInternal() error {
-	err := keychain.DeleteGenericPasswordItem(c.serviceName, c.accountName)
-	if err != nil {
-		err = handleGenericKeyChainSecError(err)
-
-		if err == keychain.ErrorItemNotFound {
-			return fmt.Errorf("no cached token found for current user")
-		}
-
-		return fmt.Errorf("failed to remove cached token, %v", err)
-	}
-	return nil
-}
-
-// saveTokenInternal saves an oauth token in keychain(use user's default keychain, i.e. login keychain).
-func (c *CredCache) saveTokenInternal(token OAuthTokenInfo) error {
-	b, err := token.toJSON()
-	if err != nil {
-		return fmt.Errorf("failed to marshal during saving token, %v", err)
-	}
-	item := keychain.NewItem()
-	item.SetSecClass(c.kcSecClass)
-	item.SetService(c.serviceName)
-	item.SetAccount(c.accountName)
-	item.SetData(b)
-	item.SetSynchronizable(c.kcSynchronizable)
-	item.SetAccessible(c.kcAccessible)
-
-	err = keychain.AddItem(item)
-	if err != nil {
-		// Handle duplicate key error
-		if err != keychain.ErrorDuplicateItem {
-			err = handleGenericKeyChainSecError(err)
-			return fmt.Errorf("failed to save token, %v", err)
-		}
-
-		// Update the key
-		query := keychain.NewItem()
-		query.SetSecClass(c.kcSecClass)
-		query.SetService(c.serviceName)
-		query.SetAccount(c.accountName)
-		query.SetMatchLimit(keychain.MatchLimitOne)
-		query.SetReturnData(true)
-		err := keychain.UpdateItem(query, item)
-		if err != nil {
-			err = handleGenericKeyChainSecError(err)
-			return fmt.Errorf("failed to save token, %v", err)
-		}
-	}
-	return nil
-}
-
 // loadTokenInternal gets an oauth token from keychain.
 func (c *CredCache) loadTokenInternal() (*OAuthTokenInfo, error) {
 	query := keychain.NewItem()