[Identity] Exclude SharedTokenCacheCredential from DefaultAzureCredential by default (Azure#16615)

* [Identity] Exclude SharedTokenCacheCredential from DefaultAzureCredential by default

* adding BREAKING_CHANGES.md

* link changelog to breaking_changes

Author: schaabs

sdk/identity/Azure.Identity/BREAKING_CHANGES.md

@@ -0,0 +1,16 @@
+# Breaking Changes
+
+## 1.4.0
+
+### Changed `ExcludeSharedTokenCacheCredential` default value from __false__ to __true__ on `DefaultAzureCredentialsOptions`
+
+Starting in Azure.Identity 1.4.0-beta.4 the default value of the `ExcludeSharedTokenCacheCredential` property on `DefaultAzureCredentialsOptions` has changed from __false__ to __true__, excluding the `SharedTokenCacheCredential` from the `DefaultAzureCredential` authentication flow by default. We expect that few users will be impacted by this change as the `VisualStudioCredential` has effectively replaced the `SharedTokenCacheCredential` in this authentication flow. However, users who find this change does negatively impact them can still invoke the old behavior by explicitly setting the value to false.
+
+```C# Snippet:Identity_BreakingChanges_SetExcludeSharedTokenCacheCredentialToFalse
+var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
+{
+    ExcludeSharedTokenCacheCredential = false
+});
+```
+
+More information on this change and the consideration behind it can be found [here](https://github.com/Azure/azure-sdk/issues/1970).

sdk/identity/Azure.Identity/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## 1.4.0-beta.4 (Unreleased)
 
+### Breaking Changes
+
+- Update the default value of `ExcludeSharedTokenCacheCredential` on `DefaultAzureCredentialsOptions` to true, to exclude the `SharedTokenCacheCredential` from the `DefaultAzureCredential` by default. See [BREAKING_CHANGES.md](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#140)
 
 ## 1.4.0-beta.3 (2021-02-09)
 

sdk/identity/Azure.Identity/src/DefaultAzureCredentialOptions.cs

@@ -72,7 +72,7 @@ public class DefaultAzureCredentialOptions : TokenCredentialOptions
         /// Specifies whether the <see cref="SharedTokenCacheCredential"/> will be excluded from the <see cref="DefaultAzureCredential"/> authentication flow.
         /// Setting to true disables single sign on authentication with development tools which write to the shared token cache.
         /// </summary>
-        public bool ExcludeSharedTokenCacheCredential { get; set; }
+        public bool ExcludeSharedTokenCacheCredential { get; set; } = true;
 
         /// <summary>
         /// Specifies whether the <see cref="InteractiveBrowserCredential"/> will be excluded from the <see cref="DefaultAzureCredential"/> authentication flow.

sdk/identity/Azure.Identity/tests/DefaultAzureCredentialTests.cs

@@ -30,10 +30,9 @@ public void ValidateCtorNoOptions()
             Assert.AreEqual(sources.Length, 7);
             Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
             Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
-            Assert.IsInstanceOf(typeof(SharedTokenCacheCredential), sources[2]);
-            Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[3]);
-            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[4]);
-            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[5]);
+            Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
+            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
+            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
             Assert.IsNull(sources[6]);
         }
 
@@ -48,18 +47,17 @@ public void ValidateCtorIncludedInteractiveParam([Values(true, false)] bool incl
             Assert.AreEqual(sources.Length, 7);
             Assert.IsInstanceOf(typeof(EnvironmentCredential), sources[0]);
             Assert.IsInstanceOf(typeof(ManagedIdentityCredential), sources[1]);
-            Assert.IsInstanceOf(typeof(SharedTokenCacheCredential), sources[2]);
-            Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[3]);
-            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[4]);
-            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[5]);
+            Assert.IsInstanceOf(typeof(VisualStudioCredential), sources[2]);
+            Assert.IsInstanceOf(typeof(VisualStudioCodeCredential), sources[3]);
+            Assert.IsInstanceOf(typeof(AzureCliCredential), sources[4]);
 
             if (includeInteractive)
             {
-                Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[6]);
+                Assert.IsInstanceOf(typeof(InteractiveBrowserCredential), sources[5]);
             }
             else
             {
-                Assert.IsNull(sources[6]);
+                Assert.IsNull(sources[5]);
             }
         }
 
@@ -91,6 +89,7 @@ public void ValidateCtorOptionsPassedToCredentials()
             {
                 ManagedIdentityClientId = expClientId,
                 SharedTokenCacheUsername = expUsername,
+                ExcludeSharedTokenCacheCredential = false,
                 SharedTokenCacheTenantId = expCacheTenantId,
                 VisualStudioTenantId = expVsTenantId,
                 VisualStudioCodeTenantId = expCodeTenantId,

sdk/identity/Azure.Identity/tests/samples/BreakingChangesSnippets.cs

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Azure.Identity.Tests.samples
+{
+    public class BreakingChangesSnippets
+    {
+        public void SetExcludeSharedTokenCacheCredentialToFalse()
+        {
+            #region Snippet:Identity_BreakingChanges_SetExcludeSharedTokenCacheCredentialToFalse
+            var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
+            {
+                ExcludeSharedTokenCacheCredential = false
+            });
+            #endregion
+        }
+    }
+}