Dev credential timeout (Azure#34237)

* Dev credential timeout

* update changelog

Author: billwert

sdk/identity/azure-identity/CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Features Added
 - Added CAE support to service principal authentication.
 - Pass more detailed refresh policy for managed identity tokens to MSAL.
+- Add configurable timeout for developer credentials (Azure CLI, Azure Developer CLI)
 
 ### Bugs Fixed
 - Fixed detection logic for az/azd.

sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredentialBuilder.java

@@ -7,6 +7,7 @@
 import com.azure.identity.implementation.util.IdentityUtil;
 import com.azure.identity.implementation.util.ValidationUtil;
 
+import java.time.Duration;
 import java.util.Arrays;
 import java.util.List;
 
@@ -55,6 +56,16 @@ public AzureCliCredentialBuilder tenantId(String tenantId) {
         return this;
     }
 
+    /**
+     * Specifies a {@link Duration} timeout for calling the Azure CLI.
+     * @param duration The {@link Duration} to wait.
+     * @return An updated instance of this builder with the timeout specified.
+     */
+    public AzureCliCredentialBuilder azureCliCredentialTimeout(Duration duration) {
+        this.identityClientOptions.setDeveloperCredentialTimeout(duration);
+        return this;
+    }
+
      /**
      * Creates a new {@link AzureCliCredential} with the current configurations.
      *

sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredentialBuilder.java

@@ -7,6 +7,7 @@
 import com.azure.identity.implementation.util.IdentityUtil;
 import com.azure.identity.implementation.util.ValidationUtil;
 
+import java.time.Duration;
 import java.util.Arrays;
 import java.util.List;
 
@@ -32,6 +33,16 @@ public AzureDeveloperCliCredentialBuilder tenantId(String tenantId) {
         return this;
     }
 
+    /**
+     * Specifies a {@link Duration} timeout for calling the Azure Developer CLI.
+     * @param duration The {@link Duration} to wait.
+     * @return An updated instance of this builder with the timeout specified.
+     */
+    public AzureDeveloperCliCredentialBuilder azureDeveloperCliCredentialTimeout(Duration duration) {
+        this.identityClientOptions.setDeveloperCredentialTimeout(duration);
+        return this;
+    }
+
     /**
      * Creates a new {@link AzureDeveloperCliCredential} with the current configurations.
      *

sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java

@@ -11,6 +11,7 @@
 import com.azure.identity.implementation.util.IdentityConstants;
 import com.azure.identity.implementation.util.IdentityUtil;
 
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -218,6 +219,16 @@ public DefaultAzureCredentialBuilder additionallyAllowedTenants(List<String> add
         return this;
     }
 
+    /**
+     * Specifies a {@link Duration} timeout for developer credentials (such as Azure CLI or IntelliJ).
+     * @param duration The {@link Duration} to wait.
+     * @return An updated instance of this builder with the timeout specified.
+     */
+    public DefaultAzureCredentialBuilder developerCredentialTimeout(Duration duration) {
+        this.identityClientOptions.setDeveloperCredentialTimeout(duration);
+        return this;
+    }
+
     /**
      * Disable instance discovery. Instance discovery is acquiring metadata about an authority from https://login.microsoft.com
      * to validate that authority. This may need to be disabled in private cloud or ADFS scenarios.

sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java

@@ -478,7 +478,7 @@ AccessToken getTokenFromAzureCLIAuthentication(StringBuilder azCommand) {
             }
             String processOutput = output.toString();
 
-            process.waitFor(10, TimeUnit.SECONDS);
+            process.waitFor(this.options.getDeveloperCredentialTimeout().getSeconds(), TimeUnit.SECONDS);
 
             if (process.exitValue() != 0) {
                 if (processOutput.length() > 0) {
@@ -571,7 +571,7 @@ AccessToken getTokenFromAzureDeveloperCLIAuthentication(StringBuilder azdCommand
             String processOutput = output.toString();
 
             // wait until the process completes or the timeout (10 sec) is reached.
-            process.waitFor(10, TimeUnit.SECONDS);
+            process.waitFor(this.options.getDeveloperCredentialTimeout().getSeconds(), TimeUnit.SECONDS);
 
             if (process.exitValue() != 0) {
                 if (processOutput.length() > 0) {

sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java

@@ -70,6 +70,8 @@ public final class IdentityClientOptions implements Cloneable {
     private List<HttpPipelinePolicy> perRetryPolicies;
     private boolean instanceDiscovery;
 
+    private Duration developerCredentialTimeout = Duration.ofSeconds(10);
+
     /**
      * Creates an instance of IdentityClientOptions with default settings.
      */
@@ -689,6 +691,22 @@ private void loadFromConfiguration(Configuration configuration) {
             .get(AZURE_IDENTITY_DISABLE_MULTI_TENANT_AUTH, false);
     }
 
+    /**
+     * Gets the timeout to apply to developer credential operations.
+     * @return The timeout value for developer credential operations.
+     */
+    public Duration getDeveloperCredentialTimeout() {
+        return developerCredentialTimeout;
+    }
+
+    /**
+     * Sets the timeout for developer credential operations.
+     * @param developerCredentialTimeout The timeout value for developer credential operations.
+     */
+    public void setDeveloperCredentialTimeout(Duration developerCredentialTimeout) {
+        this.developerCredentialTimeout = developerCredentialTimeout;
+    }
+
     public IdentityClientOptions clone() {
         IdentityClientOptions clone =  new IdentityClientOptions()
             .setAdditionallyAllowedTenants(this.additionallyAllowedTenants)