fix(provider): remove deprecated clientID

Author: ndyakov

README.md

@@ -61,8 +61,11 @@ func main() {
 
     // Create credentials provider
     provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
-        CredentialsProviderOptions: entraid.CredentialsProviderOptions{
-            ClientID: clientID,
+        CredentialsProviderOptions: entraid.CredentialsProviderOptions{},
+        ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
+            UserAssignedObjectID: clientID,
+            ManagedIdentityType:  identity.UserAssignedObjectID,
+            Scopes:               []string{identity.RedisScopeDefault},
         },
     })
     if err != nil {
@@ -214,13 +217,11 @@ AZURE_CLIENT_SECRET=your-client-secret
 ### Available Configuration Options
 
 #### 1. CredentialsProviderOptions
-Base options for all credential providers:
+Base options for credential providers includes the options for the token manager:
 ```go
 type CredentialsProviderOptions struct {
-    // Required: Client ID for authentication
-    ClientID string
-
-    // Optional: Token manager configuration
+    // TokenManagerOptions is the options for the token manager.
+    // This is used to configure the token manager when requesting a token.
     TokenManagerOptions manager.TokenManagerOptions
 }
 ```
@@ -275,7 +276,7 @@ type RetryOptions struct {
 ```
 
 #### 4. ManagedIdentityProviderOptions
-Options for managed identity authentication:
+Options for managed identity provider (user assigned or system assigned identity):
 ```go
 type ManagedIdentityProviderOptions struct {
     // Required: Type of managed identity
@@ -291,7 +292,7 @@ type ManagedIdentityProviderOptions struct {
 ```
 
 #### 5. ConfidentialIdentityProviderOptions
-Options for confidential client authentication:
+Options for confidential identity provider (client secret or client sertificate):
 ```go
 type ConfidentialIdentityProviderOptions struct {
     // Required: Client ID for authentication
@@ -355,7 +356,6 @@ type DefaultAzureIdentityProviderOptions struct {
 #### Basic Configuration
 ```go
 options := entraid.CredentialsProviderOptions{
-    ClientID: os.Getenv("AZURE_CLIENT_ID"),
     TokenManagerOptions: manager.TokenManagerOptions{
         ExpirationRefreshRatio: 0.7,
         LowerRefreshBounds: 10000,
@@ -366,7 +366,6 @@ options := entraid.CredentialsProviderOptions{
 #### Advanced Configuration
 ```go
 options := entraid.CredentialsProviderOptions{
-    ClientID: os.Getenv("AZURE_CLIENT_ID"),
     TokenManagerOptions: manager.TokenManagerOptions{
         ExpirationRefreshRatio: 0.7,
         LowerRefreshBounds: 10000,
@@ -414,6 +413,7 @@ authority := identity.AuthorityConfiguration{
 ```go
 // Create provider for system assigned identity
 provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
+    CredentialsProviderOptions: entraid.CredentialsProviderOptions{},
     ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
         ManagedIdentityType: identity.SystemAssignedIdentity,
         Scopes: []string{"https://redis.azure.com/.default"},
@@ -425,9 +425,7 @@ provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedId
 ```go
 // Create provider for user assigned identity
 provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
-    CredentialsProviderOptions: entraid.CredentialsProviderOptions{
-        ClientID: os.Getenv("AZURE_CLIENT_ID"),
-    },
+    CredentialsProviderOptions: entraid.CredentialsProviderOptions{},
     ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
         ManagedIdentityType: identity.UserAssignedObjectID,
         UserAssignedObjectID: os.Getenv("AZURE_USER_ASSIGNED_MANAGED_ID"),
@@ -617,8 +615,11 @@ This approach gives you the flexibility of custom authentication while benefitin
 func TestManagedIdentityProvider(t *testing.T) {
     // Create test provider
     provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
-        CredentialsProviderOptions: entraid.CredentialsProviderOptions{
-            ClientID: "test-client-id",
+        CredentialsProviderOptions: entraid.CredentialsProviderOptions{},
+        ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
+            UserAssignedObjectID: "test-managed-id",
+            ManagedIdentityType:  identity.UserAssignedObjectID,
+            Scopes:               []string{identity.RedisScopeDefault},
         },
     })
     if err != nil {
@@ -652,8 +653,11 @@ func TestManagedIdentityProvider(t *testing.T) {
 func TestRedisConnection(t *testing.T) {
     // Create provider
     provider, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
-        CredentialsProviderOptions: entraid.CredentialsProviderOptions{
-            ClientID: os.Getenv("AZURE_CLIENT_ID"),
+        CredentialsProviderOptions: entraid.CredentialsProviderOptions{},
+        ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
+            UserAssignedObjectID: os.Getenv("AZURE_CLIENT_ID"),
+            ManagedIdentityType:  identity.UserAssignedObjectID,
+            Scopes:               []string{identity.RedisScopeDefault},
         },
     })
     if err != nil {

credentials_provider_test.go

@@ -20,7 +20,6 @@ func TestCredentialsProviderErrorScenarios(t *testing.T) {
 		// Create a test provider with invalid options
 		options := ConfidentialCredentialsProviderOptions{
 			CredentialsProviderOptions: CredentialsProviderOptions{
-				ClientID: "test-client-id",
 				TokenManagerOptions: manager.TokenManagerOptions{
 					ExpirationRefreshRatio: 0.7,
 				},
@@ -43,7 +42,6 @@ func TestCredentialsProviderErrorScenarios(t *testing.T) {
 		// Create a test provider with invalid options
 		options := ConfidentialCredentialsProviderOptions{
 			CredentialsProviderOptions: CredentialsProviderOptions{
-				ClientID: "test-client-id",
 				TokenManagerOptions: manager.TokenManagerOptions{
 					ExpirationRefreshRatio: 0.7,
 				},
@@ -66,7 +64,6 @@ func TestCredentialsProviderErrorScenarios(t *testing.T) {
 		// Create a test provider with invalid options
 		options := ManagedIdentityCredentialsProviderOptions{
 			CredentialsProviderOptions: CredentialsProviderOptions{
-				ClientID: "test-client-id",
 				TokenManagerOptions: manager.TokenManagerOptions{
 					ExpirationRefreshRatio: 0.7,
 				},
@@ -86,7 +83,6 @@ func TestCredentialsProviderErrorScenarios(t *testing.T) {
 		// Create a test provider with invalid options
 		options := DefaultAzureCredentialsProviderOptions{
 			CredentialsProviderOptions: CredentialsProviderOptions{
-				ClientID: "test-client-id",
 				TokenManagerOptions: manager.TokenManagerOptions{
 					ExpirationRefreshRatio: 0.7,
 				},
@@ -308,7 +304,6 @@ func TestCredentialsProviderSubscribe(t *testing.T) {
 	// Create a test provider
 	opts := ConfidentialCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},

examples/entraid/managedidentity_systemassigned/main.go

@@ -33,9 +33,8 @@ func main() {
 			},
 		},
 		ManagedIdentityProviderOptions: identity.ManagedIdentityProviderOptions{
-			// For system-assigned identity, we don't need to specify ClientID
 			Scopes:              cfg.GetRedisScopes(),
-			ManagedIdentityType: "SystemAssigned",
+			ManagedIdentityType: identity.SystemAssignedIdentity,
 		},
 	})
 	if err != nil {

examples/entraid/managedidentity_userassigned/main.go

@@ -27,7 +27,6 @@ func main() {
 	// Create a managed identity credentials provider for user-assigned identity
 	cp, err := entraid.NewManagedIdentityCredentialsProvider(entraid.ManagedIdentityCredentialsProviderOptions{
 		CredentialsProviderOptions: entraid.CredentialsProviderOptions{
-			ClientID: cfg.AzureClientID,
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.001,           // Set to refresh very early
 				LowerRefreshBound:      time.Second * 1, // Set lower bound to 1 second

providers.go

@@ -101,7 +101,7 @@ type ConfidentialCredentialsProviderOptions struct {
 // The client credentials can be either a client secret or a client certificate.
 func NewConfidentialCredentialsProvider(options ConfidentialCredentialsProviderOptions) (auth.StreamingCredentialsProvider, error) {
 	// If the client ID is not provided in the confidential identity provider options, use the one from the credentials provider options.
-	// Those are duplicated and should be the same.
+	// Those are duplicated and should be the same and the one in the credentials provider options is deprecated.
 	if options.ConfidentialIdentityProviderOptions.ClientID == "" {
 		options.ConfidentialIdentityProviderOptions.ClientID = options.CredentialsProviderOptions.ClientID
 	}

providers_test.go

@@ -24,7 +24,6 @@ func TestNewManagedIdentityCredentialsProvider(t *testing.T) {
 			name: "valid managed identity options",
 			options: ManagedIdentityCredentialsProviderOptions{
 				CredentialsProviderOptions: CredentialsProviderOptions{
-					ClientID: "test-client-id",
 					TokenManagerOptions: manager.TokenManagerOptions{
 						ExpirationRefreshRatio: 0.7,
 					},
@@ -112,7 +111,6 @@ func TestNewConfidentialCredentialsProvider(t *testing.T) {
 			name: "valid confidential options with client secret",
 			options: ConfidentialCredentialsProviderOptions{
 				CredentialsProviderOptions: CredentialsProviderOptions{
-					ClientID: "test-client-id",
 					TokenManagerOptions: manager.TokenManagerOptions{
 						ExpirationRefreshRatio: 0.7,
 					},
@@ -197,7 +195,6 @@ func TestNewDefaultAzureCredentialsProvider(t *testing.T) {
 			name: "valid default azure options",
 			options: DefaultAzureCredentialsProviderOptions{
 				CredentialsProviderOptions: CredentialsProviderOptions{
-					ClientID: "test-client-id",
 					TokenManagerOptions: manager.TokenManagerOptions{
 						ExpirationRefreshRatio: 0.7,
 					},
@@ -271,7 +268,6 @@ func TestCredentialsProviderInterface(t *testing.T) {
 			provider: func() auth.StreamingCredentialsProvider {
 				options := ManagedIdentityCredentialsProviderOptions{
 					CredentialsProviderOptions: CredentialsProviderOptions{
-						ClientID: "test-client-id",
 						TokenManagerOptions: manager.TokenManagerOptions{
 							ExpirationRefreshRatio: 0.7,
 						},
@@ -305,7 +301,6 @@ func TestCredentialsProviderInterface(t *testing.T) {
 			provider: func() auth.StreamingCredentialsProvider {
 				options := ConfidentialCredentialsProviderOptions{
 					CredentialsProviderOptions: CredentialsProviderOptions{
-						ClientID: "test-client-id",
 						TokenManagerOptions: manager.TokenManagerOptions{
 							ExpirationRefreshRatio: 0.7,
 						},
@@ -341,7 +336,6 @@ func TestCredentialsProviderInterface(t *testing.T) {
 			provider: func() auth.StreamingCredentialsProvider {
 				options := DefaultAzureCredentialsProviderOptions{
 					CredentialsProviderOptions: CredentialsProviderOptions{
-						ClientID: "test-client-id",
 						TokenManagerOptions: manager.TokenManagerOptions{
 							ExpirationRefreshRatio: 0.7,
 						},
@@ -386,7 +380,6 @@ func TestCredentialsProviderInterface(t *testing.T) {
 func TestNewManagedIdentityCredentialsProvider_TokenManagerFactoryError(t *testing.T) {
 	options := ManagedIdentityCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},
@@ -412,7 +405,6 @@ func TestNewManagedIdentityCredentialsProvider_TokenManagerFactoryError(t *testi
 func TestNewConfidentialCredentialsProvider_TokenManagerFactoryError(t *testing.T) {
 	options := ConfidentialCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},
@@ -440,7 +432,6 @@ func TestNewConfidentialCredentialsProvider_TokenManagerFactoryError(t *testing.
 func TestNewDefaultAzureCredentialsProvider_TokenManagerFactoryError(t *testing.T) {
 	options := DefaultAzureCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},
@@ -464,7 +455,6 @@ func TestNewDefaultAzureCredentialsProvider_TokenManagerFactoryError(t *testing.
 func TestNewManagedIdentityCredentialsProvider_TokenManagerStartError(t *testing.T) {
 	options := ManagedIdentityCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},
@@ -506,7 +496,6 @@ func TestNewManagedIdentityCredentialsProvider_TokenManagerStartError(t *testing
 func TestNewConfidentialCredentialsProvider_TokenManagerStartError(t *testing.T) {
 	options := ConfidentialCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},
@@ -550,7 +539,6 @@ func TestNewConfidentialCredentialsProvider_TokenManagerStartError(t *testing.T)
 func TestNewDefaultAzureCredentialsProvider_TokenManagerStartError(t *testing.T) {
 	options := DefaultAzureCredentialsProviderOptions{
 		CredentialsProviderOptions: CredentialsProviderOptions{
-			ClientID: "test-client-id",
 			TokenManagerOptions: manager.TokenManagerOptions{
 				ExpirationRefreshRatio: 0.7,
 			},