Simplify managed identity configuration (#113)

Reducing complexity of managed identity implementation.

src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquireTokenOptions.cs

@@ -95,13 +95,10 @@ public AcquireTokenOptions(AcquireTokenOptions other)
         /// <summary>
         /// When <see cref="ManagedIdentity"/> is set, the application uses a managed identity instead of client credentials to
         /// acquire an app token.
-        /// The type of managed identity is defined by the <see cref="ManagedIdentityOptions.ManagedIdentityType"/> field. When
-        /// using a <see cref="ManagedIdentityType.SystemAssigned"/> identity, this is the only field that needs to be set and is
-        /// set by default. However, for readability it can be useful to set explicitly.
-        /// To use a user-assigned identity, select the <see cref="ManagedIdentityType"/> that corresponds to the
-        /// <see cref="ManagedIdentityOptions.ClientId"/> you plan to use for authentication.
-        /// Using either form of managed identity requires the application to be deployed on Azure and
-        /// the managed identity to be configured. For more details, check the
+        /// To use a system-assigned identity, simply leave <see cref="ManagedIdentityOptions.UserAssignedClientId"/> null.
+        /// To use a user-assigned identity, set <see cref="ManagedIdentityOptions.UserAssignedClientId"/> to the ClientID of the
+        /// user-assigned identity you want to use. Using either form of managed identity requires the application to be deployed
+        /// on Azure and the managed identity to be configured. For more details, check the
         /// <see href="https://aka.ms/Entra/ManagedIdentityOverview"> managed identities for Azure documentation</see>.
         /// </summary>
         /// <example>

src/Microsoft.Identity.Abstractions/TokenAcquisition/ManagedIdentityOptions.cs

@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.ComponentModel;
+
+namespace Microsoft.Identity.Abstractions
+{
+    /// <summary>
+    /// Data object to hold the definition of a managed identity for an application to use for authentication. If 
+    /// <see cref="UserAssignedClientId"/> is null, the application will use the system-assigned managed identity. If
+    /// <see cref="UserAssignedClientId"/> is set, the application will try to use the user-assigned managed identity associated
+    /// with the provided ClientID. See <see href="https://aka.ms/Entra/ManagedIdentityOverview"/> for more details.
+    /// </summary>
+    public class ManagedIdentityOptions
+    {
+        /// <summary>
+        /// Gets or sets the value of the ClientID for user-assigned managed identity. If not set, the default value is null
+        /// which will tell the application to use the system-assigned managed identity.
+        /// </summary>
+        [DefaultValue(null)]
+        public string? UserAssignedClientId { get; set; }
+
+        /// <summary>
+        /// Makes a new object to avoid sharing the same reference.
+        /// </summary>
+        /// <returns>
+        /// New instance of <see cref="ManagedIdentityOptions"/> with the same <see cref="UserAssignedClientId"/>.
+        /// </returns>
+        public ManagedIdentityOptions Clone()
+        {
+            return new ManagedIdentityOptions
+            {
+                UserAssignedClientId = UserAssignedClientId
+            };
+        }
+    }
+}

test/Microsoft.Identity.Abstractions.Tests/AquireTokenOptionsTests.cs

@@ -17,9 +17,7 @@ public void ManagedIdentitySystemAssigned()
             // <managedidentity_json>
             {
                 "AquireTokenOptions": {
-                    "ManagedIdentity": {
-                        "ManagedIdentityType": "SystemAssigned"
-                    }
+                    "ManagedIdentity"
                 }
             }
             // </managedidentitysystem_json>
@@ -29,14 +27,11 @@ public void ManagedIdentitySystemAssigned()
             AcquireTokenOptions acquireTokenOptions = new AcquireTokenOptions
             {
                 ManagedIdentity = new ManagedIdentityOptions()
-                {
-                    // default: ManagedIdentityType = ManagedIdentityType.SystemAssigned
-                }
             };
             // </managedidentitysystem_csharp>
 
-            Assert.Equal(ManagedIdentityType.SystemAssigned, acquireTokenOptions.ManagedIdentity.ManagedIdentityType);
-            Assert.Null(acquireTokenOptions.ManagedIdentity.ClientId);
+            Assert.NotNull(acquireTokenOptions.ManagedIdentity);
+            Assert.Null(acquireTokenOptions.ManagedIdentity.UserAssignedClientId);
         }
 
         [Fact]
@@ -50,29 +45,27 @@ public void ManagedIdentityUserAssigned()
             {
                 "AquireTokenOptions": {
                     "ManagedIdentity": {
-                        "ManagedIdentityType": "UserAssigned"
-                        "ClientId": "[ClientIdForTheManagedIdentityResource]"
+                        "UserAssignedClientId": "[ClientIdForTheManagedIdentityResource]"
                     }
                 }
             }
             // </managedidentityuser_json>
             */
 
             // <managedidentityuser_csharp>
-            ManagedIdentityOptions managedIdentityDescription = new ManagedIdentityOptions
+            ManagedIdentityOptions managedIdentityOptions = new ManagedIdentityOptions
             {
-                ManagedIdentityType = ManagedIdentityType.UserAssigned,
-                ClientId = "[ClientIdForTheManagedIdentityResource]"
+                UserAssignedClientId = "[ClientIdForTheManagedIdentityResource]"
             };
 
             AcquireTokenOptions acquireTokenOptions = new AcquireTokenOptions
             {
-                ManagedIdentity = managedIdentityDescription
+                ManagedIdentity = managedIdentityOptions
             };
             // </managedidentityuser_csharp>
 
-            Assert.Equal(ManagedIdentityType.UserAssigned, acquireTokenOptions.ManagedIdentity.ManagedIdentityType);
-            Assert.Equal(managedIdentityDescription.ClientId, acquireTokenOptions.ManagedIdentity.ClientId);
+            Assert.NotNull(acquireTokenOptions.ManagedIdentity);
+            Assert.Equal(managedIdentityOptions.UserAssignedClientId, acquireTokenOptions.ManagedIdentity.UserAssignedClientId);
         }
     }
 }

test/Microsoft.Identity.Abstractions.Tests/DownstreamApiTests.cs

@@ -76,8 +76,7 @@ public void CloneClonesAllProperties()
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ExtraQueryParameters, downstreamApiClone.AcquireTokenOptions.ExtraQueryParameters);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ForceRefresh, downstreamApiClone.AcquireTokenOptions.ForceRefresh);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.LongRunningWebApiSessionKey, downstreamApiClone.AcquireTokenOptions.LongRunningWebApiSessionKey);
-            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.ManagedIdentityType, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.ManagedIdentityType);
-            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.ClientId, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.ClientId);
+            Assert.Equal(downstreamApiOptions.AcquireTokenOptions.ManagedIdentity.UserAssignedClientId, downstreamApiClone.AcquireTokenOptions.ManagedIdentity?.UserAssignedClientId);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.PopPublicKey, downstreamApiClone.AcquireTokenOptions.PopPublicKey);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.PopClaim, downstreamApiClone.AcquireTokenOptions.PopClaim);
             Assert.Equal(downstreamApiOptions.AcquireTokenOptions.Tenant, downstreamApiClone.AcquireTokenOptions.Tenant);