[Identity] Adding AdditionallyAllowedTenants to constrain multi-tenant auth

sdk/identity/Azure.Identity/CHANGELOG.md

@@ -18,7 +18,7 @@
 - Added `TenantId` to `DefaultAzureCredentialOptions` to avoid having to set `InteractiveBrowserTenantId`, `SharedTokenCacheTenantId`, `VisualStudioCodeTenantId`, and `VisualStudioTenantId` individually.
 
 ### Breaking Changes
-- Credential types supporting multi-tenant authentication will now throw `AuthenticationFailedException` if the requested tenant ID doesn't match the tenant id of the credential, and is not included in the `AdditionallyAllowedTenants` option. Applications must now explicitly add additional tenents to the `AdditionallyAllowedTenants` list, or add '*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See [BREAKING_CHANGES.md](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#170)
+- Credential types supporting multi-tenant authentication will now throw `AuthenticationFailedException` if the requested tenant ID doesn't match the credential's tenant ID, and is not included in the `AdditionallyAllowedTenants` option. Applications must now explicitly add additional tenants to the `AdditionallyAllowedTenants` list, or add '*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See [BREAKING_CHANGES.md](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#170).
 
 ## 1.7.0-beta.1 (2022-08-09)
 

sdk/identity/Azure.Identity/src/Credentials/AzureCliCredentialOptions.cs

@@ -11,7 +11,7 @@ namespace Azure.Identity
     public class AzureCliCredentialOptions : TokenCredentialOptions
     {
         /// <summary>
-        /// The tenant ID the credential will authenticate to by default. If not specified the credential will authenticate to any requested tenant, and will default to the tenant specified to the 'az login' command.
+        /// The ID of the tenant to which the credential will authenticate by default. If not specified, the credential will authenticate to any requested tenant, and will default to the tenant provided to the 'az login' command.
         /// </summary>
         public string TenantId { get; set; }
 

sdk/identity/Azure.Identity/src/Credentials/AzurePowerShellCredentialOptions.cs

@@ -11,14 +11,14 @@ namespace Azure.Identity
     public class AzurePowerShellCredentialOptions : TokenCredentialOptions
     {
         /// <summary>
-        /// The tenant ID the credential will authenticate to by default. If not specified the credential will authenticate to any requested tenant, and will default to the tenant specified to the 'Connect-AzAccount' cmdlet.
+        /// The ID of the tenant to which the credential will authenticate by default. If not specified, the credential will authenticate to any requested tenant, and will default to the tenant provided to the 'Connect-AzAccount' cmdlet.
         /// </summary>
         public string TenantId { get; set; }
 
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for <see cref="TenantId"/> this option will have no effect, and the credential will acquire tokens for any requested tenant.
+        /// If no value is specified for <see cref="TenantId"/>, this option will have no effect, and the credential will acquire tokens for any requested tenant.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/ClientAssertionCredentialOptions.cs

@@ -15,7 +15,7 @@ public class ClientAssertionCredentialOptions : TokenCredentialOptions
         internal MsalConfidentialClient MsalClient { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/ClientCertificateCredentialOptions.cs

@@ -21,7 +21,7 @@ public class ClientCertificateCredentialOptions : TokenCredentialOptions, IToken
         public bool SendCertificateChain { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/ClientSecretCredentialOptions.cs

@@ -16,7 +16,7 @@ public class ClientSecretCredentialOptions : TokenCredentialOptions, ITokenCache
         public TokenCachePersistenceOptions TokenCachePersistenceOptions { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/DefaultAzureCredentialOptions.cs

@@ -45,7 +45,7 @@ public T Value
         private UpdateTracker<string> _visualStudioCodeTenantId = new UpdateTracker<string>(GetNonEmptyStringOrNull(EnvironmentVariables.TenantId));
 
         /// <summary>
-        /// The tenant ID the credential will authenticate to by default. If not specified the credential will authenticate to any requested tenant, and will default to the tenant to which the chosen authetication method was originally authenticated.
+        /// The ID of the tenant to which the credential will authenticate by default. If not specified, the credential will authenticate to any requested tenant, and will default to the tenant to which the chosen authentication method was originally authenticated.
         /// </summary>
         public string TenantId
         {
@@ -143,7 +143,7 @@ public string VisualStudioTenantId
         }
 
         /// <summary>
-        /// The tenant id of the user to authenticate, in the case the <see cref="DefaultAzureCredential"/> authenticates through, the
+        /// The tenant ID of the user to authenticate, in the case the <see cref="DefaultAzureCredential"/> authenticates through, the
         /// <see cref="VisualStudioCodeCredential"/>. The default is null and will authenticate users to their default tenant.
         /// The value can also be set by setting the environment variable AZURE_TENANT_ID.
         /// </summary>
@@ -165,7 +165,7 @@ public string VisualStudioCodeTenantId
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="InteractiveBrowserTenantId"/>, <see cref="VisualStudioTenantId"/>, <see cref="VisualStudioCodeTenantId"/>, <see cref="SharedTokenCacheTenantId"/>, for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for any of the above tenant this option will have no effect on that authentication method, and the credential will acquire tokens for any requested tenant when using that method.
+        /// If no value is specified for any of the above tenants, this option will have no effect on that authentication method, and the credential will acquire tokens for any requested tenant when using that method.
         /// This value can also be set by setting the environment variable AZURE_ADDITOINAL_ALLOWED_TENANTS.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants { get; private set; } = EnvironmentVariables.AdditionallyAllowedTenants;

sdk/identity/Azure.Identity/src/Credentials/DeviceCodeCredentialOptions.cs

@@ -33,7 +33,7 @@ public string TenantId
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for <see cref="TenantId"/> this option will have no effect, and the credential will acquire tokens for any requested tenant.
+        /// If no value is specified for <see cref="TenantId"/>, this option will have no effect, and the credential will acquire tokens for any requested tenant.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
 

sdk/identity/Azure.Identity/src/Credentials/InteractiveBrowserCredentialOptions.cs

@@ -32,7 +32,7 @@ public string TenantId
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for <see cref="TenantId"/> this option will have no effect, and the credential will acquire tokens for any requested tenant.
+        /// If no value is specified for <see cref="TenantId"/>, this option will have no effect, and the credential will acquire tokens for any requested tenant.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
 

sdk/identity/Azure.Identity/src/Credentials/OnBehalfOfCredentialOptions.cs

@@ -21,7 +21,7 @@ public class OnBehalfOfCredentialOptions : TokenCredentialOptions, ITokenCacheOp
         public bool SendCertificateChain { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs

@@ -42,7 +42,7 @@ public Uri AuthorityHost
         internal bool IsLoggingPIIEnabled { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         internal List<string> AdditionallyAllowedTenantsCore { get; set; } = new List<string>();
 

sdk/identity/Azure.Identity/src/Credentials/UsernamePasswordCredentialOptions.cs

@@ -16,7 +16,7 @@ public class UsernamePasswordCredentialOptions : TokenCredentialOptions, ITokenC
         public TokenCachePersistenceOptions TokenCachePersistenceOptions { get; set; }
 
         /// <summary>
-        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+        /// For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant in which the application is installed.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/VisualStudioCodeCredentialOptions.cs

@@ -15,7 +15,7 @@ public class VisualStudioCodeCredentialOptions : TokenCredentialOptions
         private string _tenantId;
 
         /// <summary>
-        /// The tenant ID the user will be authenticated to. If not specified the user will be authenticated to any requested tenant, and by default to the tenant the user originally authenticated to via the Visual Studio Code Azure Account plugin.
+        /// The tenant ID the user will be authenticated to. If not specified, the user will be authenticated to any requested tenant, and by default to the tenant the user originally authenticated to via the Visual Studio Code Azure Account extension.
         /// </summary>
         public string TenantId
         {
@@ -26,7 +26,7 @@ public string TenantId
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for <see cref="TenantId"/> this option will have no effect, and the credential will acquire tokens for any requested tenant.
+        /// If no value is specified for <see cref="TenantId"/>, this option will have no effect, and the credential will acquire tokens for any requested tenant.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }

sdk/identity/Azure.Identity/src/Credentials/VisualStudioCredentialOptions.cs

@@ -13,7 +13,7 @@ public class VisualStudioCredentialOptions : TokenCredentialOptions
         private string _tenantId;
 
         /// <summary>
-        /// The tenant ID the credential will be authenticated to by default. If not specified the credential will authenticate to any requested tenant, and will default to the tenant the user originally authenticated to via the Visual Studio Azure Service Account dialog.
+        /// The tenant ID the credential will be authenticated to by default. If not specified, the credential will authenticate to any requested tenant, and will default to the tenant the user originally authenticated to via the Visual Studio Azure Service Account dialog.
         /// </summary>
         public string TenantId
         {
@@ -24,7 +24,7 @@ public string TenantId
         /// <summary>
         /// Specifies tenants in addition to the specified <see cref="TenantId"/> for which the credential may acquire tokens.
         /// Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the logged in account can access.
-        /// If no value is specified for <see cref="TenantId"/> this option will have no effect, and the credential will acquire tokens for any requested tenant.
+        /// If no value is specified for <see cref="TenantId"/>, this option will have no effect, and the credential will acquire tokens for any requested tenant.
         /// </summary>
         public IList<string> AdditionallyAllowedTenants => AdditionallyAllowedTenantsCore;
     }