microsoft
diff --git a/‎durabletask-azuremanaged/durabletask/azuremanaged/client.py‎
Lines changed: 46 additions & 64 deletions b/‎durabletask-azuremanaged/durabletask/azuremanaged/client.py‎
Lines changed: 46 additions & 64 deletions
diff --git a/‎durabletask-azuremanaged/durabletask/azuremanaged/durabletask_grpc_interceptor.py‎
Lines changed: 42 additions & 29 deletions b/‎durabletask-azuremanaged/durabletask/azuremanaged/durabletask_grpc_interceptor.py‎
Lines changed: 42 additions & 29 deletions
diff --git a/‎durabletask-azuremanaged/durabletask/azuremanaged/internal/access_token_manager.py‎
Lines changed: 50 additions & 58 deletions b/‎durabletask-azuremanaged/durabletask/azuremanaged/internal/access_token_manager.py‎
Lines changed: 50 additions & 58 deletions
@@ -1,64 +1,46 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-
-from typing import Optional
-from durabletask.client import TaskHubGrpcClient
-from durabletask.azuremanaged.internal.access_token_manager import AccessTokenManager
-from durabletask.azuremanaged.durabletask_grpc_interceptor import DTSDefaultClientInterceptorImpl
-
-# Client class used for Durable Task Scheduler (DTS)
-class DurableTaskSchedulerClient(TaskHubGrpcClient):
-    def __init__(self, *,
-                 host_address: str,
-                 taskhub: str,
-                 secure_channel: Optional[bool] = True,
-                 metadata: Optional[list[tuple[str, str]]] = None,
-                 use_managed_identity: Optional[bool] = False,
-                 client_id: Optional[str] = None):
-
-        if taskhub == None:
-            raise ValueError("Taskhub value cannot be empty. Please provide a value for your taskhub")
-        
-        # Ensure metadata is a list
-        metadata = metadata or []
-        self._metadata = metadata.copy()  # Use a copy to avoid modifying original
-
-        # Append DurableTask-specific metadata
-        self._metadata.append(("taskhub", taskhub))
-        self._metadata.append(("dts", "True"))
-        self._metadata.append(("use_managed_identity", str(use_managed_identity)))
-        self._metadata.append(("client_id", str(client_id or "None")))
-
-        self._access_token_manager = AccessTokenManager(metadata=self._metadata)
-        self.__update_metadata_with_token()
-        self._interceptors = [DTSDefaultClientInterceptorImpl(self._metadata)]
-
-        # We pass in None for the metadata so we don't construct an additional interceptor in the parent class
-        # Since the parent class doesn't use anything metadata for anything else, we can set it as None
-        super().__init__(
-            host_address=host_address,
-            secure_channel=secure_channel,
-            metadata=None,
-            interceptors=self._interceptors)
-
-    def __update_metadata_with_token(self):
-        """
-        Add or update the `authorization` key in the metadata with the current access token.
-        """
-        token = self._access_token_manager.get_access_token()
-
-        # Ensure that self._metadata is initialized
-        if self._metadata is None:
-            self._metadata = []  # Initialize it if it's still None
-        
-        # Check if "authorization" already exists in the metadata
-        updated = False
-        for i, (key, _) in enumerate(self._metadata):
-            if key == "authorization":
-                self._metadata[i] = ("authorization", token)
-                updated = True
-                break
-        
-        # If not updated, add a new entry
-        if not updated:
-            self._metadata.append(("authorization", token))
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+from typing import Optional
+from durabletask.client import TaskHubGrpcClient, OrchestrationStatus
+from durabletask.azuremanaged.internal.access_token_manager import AccessTokenManager
+from durabletask.azuremanaged.durabletask_grpc_interceptor import DTSDefaultClientInterceptorImpl
+from azure.identity import DefaultAzureCredential
+
+# Client class used for Durable Task Scheduler (DTS)
+class DurableTaskSchedulerClient(TaskHubGrpcClient):
+    def __init__(self, *,
+                 host_address: str,
+                 taskhub: str,
+                 secure_channel: Optional[bool] = True,
+                 metadata: Optional[list[tuple[str, str]]] = None,
+                 use_managed_identity: Optional[bool] = False,
+                 client_id: Optional[str] = None):
+
+        if taskhub == None:
+            raise ValueError("Taskhub value cannot be empty. Please provide a value for your taskhub")
+
+        # Ensure metadata is a list
+        metadata = metadata or []
+        self._metadata = metadata.copy()  # Use a copy to avoid modifying original
+
+        # Append DurableTask-specific metadata
+        self._metadata.append(("taskhub", taskhub))
+        self._metadata.append(("dts", "True"))
+        self._metadata.append(("use_managed_identity", str(use_managed_identity)))
+        self._metadata.append(("client_id", str(client_id or "None")))
+
+        self._access_token_manager = AccessTokenManager(use_managed_identity=use_managed_identity,
+                                                        client_id=client_id)
+        token = self._access_token_manager.get_access_token()
+        self._metadata.append(("authorization", token))
+
+        self._interceptors = [DTSDefaultClientInterceptorImpl(self._metadata)]
+
+        # We pass in None for the metadata so we don't construct an additional interceptor in the parent class
+        # Since the parent class doesn't use anything metadata for anything else, we can set it as None
+        super().__init__(
+            host_address=host_address,
+            secure_channel=secure_channel,
+            metadata=None,
+            interceptors=self._interceptors)
@@ -1,29 +1,42 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-
-from durabletask.internal.grpc_interceptor import _ClientCallDetails, DefaultClientInterceptorImpl
-from durabletask.azuremanaged.internal.access_token_manager import AccessTokenManager
-
-import grpc
-
-class DTSDefaultClientInterceptorImpl (DefaultClientInterceptorImpl):
-    """The class implements a UnaryUnaryClientInterceptor, UnaryStreamClientInterceptor,
-    StreamUnaryClientInterceptor and StreamStreamClientInterceptor from grpc to add an 
-    interceptor to add additional headers to all calls as needed."""
-
-    def __init__(self, metadata: list[tuple[str, str]]):
-        super().__init__(metadata)
-        self._token_manager = AccessTokenManager(metadata=self._metadata)
-
-    def _intercept_call(
-                self, client_call_details: _ClientCallDetails) -> grpc.ClientCallDetails:
-        """Internal intercept_call implementation which adds metadata to grpc metadata in the RPC
-            call details."""
-        # Refresh the auth token if it is present and needed
-        if self._metadata is not None:
-            for i, (key, _) in enumerate(self._metadata):
-                if key.lower() == "authorization":  # Ensure case-insensitive comparison
-                    new_token = self._token_manager.get_access_token()  # Get the new token
-                    self._metadata[i] = ("authorization", new_token)  # Update the token
-
-        return super()._intercept_call(client_call_details)
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+from durabletask.internal.grpc_interceptor import _ClientCallDetails, DefaultClientInterceptorImpl
+from durabletask.azuremanaged.internal.access_token_manager import AccessTokenManager
+
+import grpc
+
+class DTSDefaultClientInterceptorImpl (DefaultClientInterceptorImpl):
+    """The class implements a UnaryUnaryClientInterceptor, UnaryStreamClientInterceptor,
+    StreamUnaryClientInterceptor and StreamStreamClientInterceptor from grpc to add an 
+    interceptor to add additional headers to all calls as needed."""
+
+    def __init__(self, metadata: list[tuple[str, str]]):
+        super().__init__(metadata)
+
+        use_managed_identity = False
+        client_id = None
+        
+        # Check what authentication we are using
+        if metadata:
+            for key, value in metadata:
+                if key.lower() == "use_managed_identity":
+                    self.use_managed_identity = value.strip().lower() == "true"  # Convert to boolean
+                elif key.lower() == "client_id":
+                    self.client_id = value
+
+        self._token_manager = AccessTokenManager(use_managed_identity=use_managed_identity,
+                                                 client_id=client_id)
+
+    def _intercept_call(
+                self, client_call_details: _ClientCallDetails) -> grpc.ClientCallDetails:
+        """Internal intercept_call implementation which adds metadata to grpc metadata in the RPC
+            call details."""
+        # Refresh the auth token if it is present and needed
+        if self._metadata is not None:
+            for i, (key, _) in enumerate(self._metadata):
+                if key.lower() == "authorization":  # Ensure case-insensitive comparison
+                    new_token = self._token_manager.get_access_token()  # Get the new token
+                    self._metadata[i] = ("authorization", new_token)  # Update the token
+
+        return super()._intercept_call(client_call_details)
@@ -1,59 +1,51 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-from azure.identity import DefaultAzureCredential, ManagedIdentityCredential
-from datetime import datetime, timedelta, timezone
-from typing import Optional
-import durabletask.internal.shared as shared
-
-# By default, when there's 10minutes left before the token expires, refresh the token
-class AccessTokenManager:
-    def __init__(self, refresh_interval_seconds: int = 600, metadata: Optional[list[tuple[str, str]]] = None):
-        self.scope = "https://durabletask.io/.default"
-        self.refresh_interval_seconds = refresh_interval_seconds
-        self._use_managed_identity = False
-        self._metadata = metadata
-        self._client_id = None
-        self._logger = shared.get_logger("token_manager")
-
-        if metadata:  # Ensure metadata is not None
-            for key, value in metadata:
-                if key == "use_managed_identity":
-                    self._use_managed_identity = value.lower() == "true"  # Properly convert string to bool
-                elif key == "client_id":
-                    self._client_id = value  # Directly assign string
-
-        # Choose the appropriate credential based on use_managed_identity
-        if self._use_managed_identity:
-            if not self._client_id:
-                self._logger.debug("Using System Assigned Managed Identity for authentication.")
-                self.credential = ManagedIdentityCredential()
-            else:
-                self._logger.debug("Using User Assigned Managed Identity for authentication.")
-                self.credential = ManagedIdentityCredential(client_id=self._client_id)
-        else:
-            self.credential = DefaultAzureCredential()
-            self._logger.debug("Using Default Azure Credentials for authentication.")
-        
-        self.token = None
-        self.expiry_time = None
-
-    def get_access_token(self) -> str:
-        if self.token is None or self.is_token_expired():
-            self.refresh_token()
-        return self.token
-
-    # Checks if the token is expired, or if it will expire in the next "refresh_interval_seconds" seconds.
-    # For example, if the token is created to have a lifespan of 2 hours, and the refresh buffer is set to 30 minutes,
-    # We will grab a new token when there're 30minutes left on the lifespan of the token
-    def is_token_expired(self) -> bool:
-        if self.expiry_time is None:
-            return True
-        return datetime.now(timezone.utc) >= (self.expiry_time - timedelta(seconds=self.refresh_interval_seconds))
-
-    def refresh_token(self):
-        new_token = self.credential.get_token(self.scope)
-        self.token = f"Bearer {new_token.token}"
-        
-        # Convert UNIX timestamp to timezone-aware datetime
-        self.expiry_time = datetime.fromtimestamp(new_token.expires_on, tz=timezone.utc)
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+from azure.identity import DefaultAzureCredential, ManagedIdentityCredential
+from datetime import datetime, timedelta, timezone
+from typing import Optional
+import durabletask.internal.shared as shared
+
+# By default, when there's 10minutes left before the token expires, refresh the token
+class AccessTokenManager:
+    def __init__(self, refresh_interval_seconds: int = 600, use_managed_identity: bool = False, client_id: str = None):
+        self.scope = "https://durabletask.io/.default"
+        self.refresh_interval_seconds = refresh_interval_seconds
+        self._use_managed_identity = use_managed_identity
+        self._client_id = client_id
+        self._logger = shared.get_logger("token_manager")
+
+        # Choose the appropriate credential based on use_managed_identity
+        if self._use_managed_identity:
+            if not self._client_id:
+                self._logger.debug("Using System Assigned Managed Identity for authentication.")
+                self.credential = ManagedIdentityCredential()
+            else:
+                self._logger.debug("Using User Assigned Managed Identity for authentication.")
+                self.credential = ManagedIdentityCredential(client_id=self._client_id)
+        else:
+            self.credential = DefaultAzureCredential()
+            self._logger.debug("Using Default Azure Credentials for authentication.")
+        
+        self.token = None
+        self.expiry_time = None
+
+    def get_access_token(self) -> str:
+        if self.token is None or self.is_token_expired():
+            self.refresh_token()
+        return self.token
+
+    # Checks if the token is expired, or if it will expire in the next "refresh_interval_seconds" seconds.
+    # For example, if the token is created to have a lifespan of 2 hours, and the refresh buffer is set to 30 minutes,
+    # We will grab a new token when there're 30minutes left on the lifespan of the token
+    def is_token_expired(self) -> bool:
+        if self.expiry_time is None:
+            return True
+        return datetime.now(timezone.utc) >= (self.expiry_time - timedelta(seconds=self.refresh_interval_seconds))
+
+    def refresh_token(self):
+        new_token = self.credential.get_token(self.scope)
+        self.token = f"Bearer {new_token.token}"
+        
+        # Convert UNIX timestamp to timezone-aware datetime
+        self.expiry_time = datetime.fromtimestamp(new_token.expires_on, tz=timezone.utc)
         self._logger.debug(f"Token refreshed. Expires at: {self.expiry_time}")