Bump msal4j version & add regional STS support (#22536)

* Bump msal4j version & add regional sts support

* Checkstyle - unused import

* Move environment variable to azure-core Configuration

* Add javadocs for regional authority values

Author: jianghaolu

eng/versioning/external_dependencies.txt

@@ -168,7 +168,7 @@ com.microsoft.azure:azure-mgmt-resources;1.3.0
 com.microsoft.azure:azure-mgmt-search;1.24.1
 com.microsoft.azure:azure-mgmt-storage;1.3.0
 com.microsoft.azure:azure-storage;8.0.0
-com.microsoft.azure:msal4j;1.10.0
+com.microsoft.azure:msal4j;1.10.1
 com.microsoft.azure:msal4j-persistence-extension;1.1.0
 com.sun.activation:jakarta.activation;1.2.2
 io.opentelemetry:opentelemetry-api;1.0.0

sdk/boms/azure-sdk-bom/pom.xml

@@ -278,7 +278,7 @@
       <dependency>
         <groupId>com.microsoft.azure</groupId>
         <artifactId>msal4j</artifactId>
-        <version>1.10.0</version>
+        <version>1.10.1</version>
       </dependency>
 
       <dependency>

sdk/boms/azure-spring-boot-bom/pom.xml

@@ -42,7 +42,7 @@
     <azure.core.version>1.17.0</azure.core.version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
     <azure.identity.version>1.3.1</azure.identity.version> <!-- {x-version-update;com.azure:azure-identity;dependency} -->
     <azure.keyvault.secret.version>4.3.0</azure.keyvault.secret.version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
-    <azure.msal.version>1.9.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+    <azure.msal.version>1.10.1</azure.msal.version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     <azure.servicebus.jms.version>0.0.7</azure.servicebus.jms.version> <!-- {x-version-update;com.microsoft.azure:azure-servicebus-jms;external_dependency} -->
     <azure.spring.data.cosmos.version>3.8.0</azure.spring.data.cosmos.version> <!-- {x-version-update;com.azure:azure-spring-data-cosmos;dependency} -->
     <azure.storage.blob.version>12.12.0</azure.storage.blob.version> <!-- {x-version-update;com.azure:azure-storage-blob;dependency} -->

sdk/core/azure-core/src/main/java/com/azure/core/util/Configuration.java

@@ -88,6 +88,11 @@ public class Configuration implements Cloneable {
      */
     public static final String PROPERTY_AZURE_IDENTITY_DISABLE_CP1 = "AZURE_IDENTITY_DISABLE_CP1";
 
+    /**
+     * Name of Azure AAD regional authority.
+     */
+    public static final String PROPERTY_AZURE_REGIONAL_AUTHORITY_NAME = "AZURE_REGIONAL_AUTHORITY_NAME";
+
     /**
      * Name of the Azure resource group.
      */

sdk/eventhubs/microsoft-azure-eventhubs/pom.xml

@@ -77,7 +77,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>

sdk/identity/azure-identity/CHANGELOG.md

@@ -1,7 +1,13 @@
 # Release History
 
 ## 1.4.0-beta.1 (Unreleased)
+### Features Added
 
+- Added regional STS support to client credential types.
+    - Added the `RegionalAuthority` type, that allows specifying Azure regions.
+    - Added `regionalAuthority()` setter to `ClientSecretCredentialBuilder` and `ClientCertificateCredentialBuilder`.
+    - If instead of a region, `RegionalAuthority.AutoDiscoverRegion` is specified as the value for `regionalAuthority`, MSAL will be used to attempt to discover the region.
+    - A region can also be specified through the `AZURE_REGIONAL_AUTHORITY_NAME` environment variable.
 
 ## 1.3.1 (2021-06-08)
 

sdk/identity/azure-identity/pom.xml

@@ -27,7 +27,7 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-core</artifactId>
-      <version>1.17.0</version> <!-- {x-version-update;com.azure:azure-core;dependency} -->
+      <version>1.18.0-beta.1</version> <!-- {x-version-update;com.azure:azure-core;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
@@ -37,7 +37,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.10.0</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.10.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
@@ -105,7 +105,7 @@
           <rules>
             <bannedDependencies>
               <includes>
-                <include>com.microsoft.azure:msal4j:[1.10.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.10.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.microsoft.azure:msal4j-persistence-extension:[1.1.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j-persistence-extension;external_dependency} -->
                 <include>net.java.dev.jna:jna-platform:[5.6.0]</include> <!-- {x-include-update;net.java.dev.jna:jna-platform;external_dependency} -->
                 <include>org.linguafranca.pwdb:KeePassJava2:[2.1.4]</include> <!-- {x-include-update;org.linguafranca.pwdb:KeePassJava2;external_dependency} -->

sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java

@@ -120,6 +120,19 @@ public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCerti
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a non-regional authority will be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientCertificateCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *

sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java

@@ -62,6 +62,19 @@ public ClientSecretCredentialBuilder tokenCachePersistenceOptions(TokenCachePers
         return this;
     }
 
+    /**
+     * Specifies either the specific regional authority, or use {@link RegionalAuthority#AUTO_DISCOVER_REGION} to
+     * attempt to auto-detect the region. If unset, a non-regional authority will be used. This argument should be used
+     * only by applications deployed to Azure VMs.
+     *
+     * @param regionalAuthority the regional authority
+     * @return An updated instance of this builder with the regional authority configured.
+     */
+    public ClientSecretCredentialBuilder regionalAuthority(RegionalAuthority regionalAuthority) {
+        this.identityClientOptions.setRegionalAuthority(regionalAuthority);
+        return this;
+    }
+
     /**
      * Creates a new {@link ClientCertificateCredential} with the current configurations.
      *