enable pii logging (Azure#23658)

* enable pii logging

* add changelog

* update version

Author: xiangyan99

sdk/identity/azure-identity/CHANGELOG.md

@@ -1,16 +1,18 @@
 # Release History
 
-## 1.9.0 (Unreleased)
+## 1.9.0 (2022-04-05)
 
 ### Features Added
 
+- Added PII logging if logging.DEBUG is enabled.    ([#23203](https://github.com/Azure/azure-sdk-for-python/issues/23203))
+
 ### Breaking Changes
 
 - `validate_authority` support is not available in 1.9.0.
 
 ### Bugs Fixed
 
-- Added check on `content` from msal response    ([#23483](https://github.com/Azure/azure-sdk-for-python/issues/23483))
+- Added check on `content` from msal response.    ([#23483](https://github.com/Azure/azure-sdk-for-python/issues/23483))
 - Fixed the issue that async OBO credential does not refresh correctly.    ([#21981](https://github.com/Azure/azure-sdk-for-python/issues/21981))
 
 ### Other Changes

sdk/identity/azure-identity/azure/identity/_credentials/vscode.py

@@ -12,6 +12,7 @@
 from .._internal import normalize_authority, validate_tenant_id
 from .._internal.aad_client import AadClient
 from .._internal.get_token_mixin import GetTokenMixin
+from .._internal.decorators import log_get_token
 
 if sys.platform.startswith("win"):
     from .._internal.win_vscode_adapter import get_refresh_token, get_user_settings
@@ -136,6 +137,7 @@ def close(self):
         """Close the credential's transport session."""
         self.__exit__()
 
+    @log_get_token("VSCodeCredential")
     def get_token(self, *scopes, **kwargs):
         # type: (*str, **Any) -> AccessToken
         """Request an access token for `scopes` as the user currently signed in to Visual Studio Code.

sdk/identity/azure-identity/azure/identity/_internal/decorators.py

@@ -4,6 +4,8 @@
 # ------------------------------------
 import functools
 import logging
+import json
+import base64
 
 from six import raise_from
 from azure.core.exceptions import ClientAuthenticationError
@@ -31,8 +33,24 @@ def wrapper(*args, **kwargs):
                 _LOGGER.log(
                     logging.DEBUG if within_credential_chain.get() else logging.INFO, "%s succeeded", qualified_name
                 )
+                if _LOGGER.isEnabledFor(logging.DEBUG):
+                    try:
+                        base64_meta_data = token.token.split(".")[1].encode("utf-8") + b'=='
+                        json_bytes = base64.decodebytes(base64_meta_data)
+                        json_string = json_bytes.decode('utf-8')
+                        json_dict = json.loads(json_string)
+                        upn = json_dict.get('upn', 'unavailableUpn')
+                        log_string = '[Authenticated account] Client ID: {}. Tenant ID: {}. User Principal Name: {}. ' \
+                                     'Object ID (user): {}'.format(json_dict['appid'],
+                                                                   json_dict['tid'],
+                                                                   upn,
+                                                                   json_dict['oid']
+                                                                   )
+                        _LOGGER.debug(log_string)
+                    except Exception:     # pylint: disable=broad-except
+                        _LOGGER.debug("Fail to log the account information")
                 return token
-            except Exception as ex:
+            except Exception as ex:   # pylint: disable=broad-except
                 _LOGGER.log(
                     logging.DEBUG if within_credential_chain.get() else logging.WARNING,
                     "%s failed: %s",

sdk/identity/azure-identity/azure/identity/aio/_credentials/vscode.py

@@ -8,6 +8,7 @@
 from .._internal import AsyncContextManager
 from .._internal.aad_client import AadClient
 from .._internal.get_token_mixin import GetTokenMixin
+from .._internal.decorators import log_get_token_async
 from ..._credentials.vscode import _VSCodeCredentialBase
 
 if TYPE_CHECKING:
@@ -39,6 +40,7 @@ async def close(self) -> None:
         if self._client:
             await self._client.__aexit__()
 
+    @log_get_token_async
     async def get_token(self, *scopes: str, **kwargs: "Any") -> "AccessToken":
         """Request an access token for `scopes` as the user currently signed in to Visual Studio Code.
 

sdk/identity/azure-identity/azure/identity/aio/_internal/decorators.py

@@ -4,6 +4,8 @@
 # ------------------------------------
 import functools
 import logging
+import json
+import base64
 
 from azure.core.exceptions import ClientAuthenticationError
 
@@ -20,8 +22,24 @@ async def wrapper(*args, **kwargs):
             _LOGGER.log(
                 logging.DEBUG if within_credential_chain.get() else logging.INFO, "%s succeeded", fn.__qualname__
             )
+            if _LOGGER.isEnabledFor(logging.DEBUG):
+                try:
+                    base64_meta_data = token.token.split(".")[1].encode("utf-8") + b'=='
+                    json_bytes = base64.decodebytes(base64_meta_data)
+                    json_string = json_bytes.decode('utf-8')
+                    json_dict = json.loads(json_string)
+                    upn = json_dict.get('upn', 'unavailableUpn')
+                    log_string = '[Authenticated account] Client ID: {}. Tenant ID: {}. User Principal Name: {}. ' \
+                                 'Object ID (user): {}'.format(json_dict['appid'],
+                                                               json_dict['tid'],
+                                                               upn,
+                                                               json_dict['oid']
+                                                               )
+                    _LOGGER.debug(log_string)
+                except Exception:  # pylint: disable=broad-except
+                    _LOGGER.debug("Fail to log the account information")
             return token
-        except Exception as ex:
+        except Exception as ex: # pylint: disable=broad-except
             _LOGGER.log(
                 logging.DEBUG if within_credential_chain.get() else logging.WARNING,
                 "%s failed: %s",