Add azd auth status command

cli/azd/cmd/auth.go

@@ -41,5 +41,13 @@ func authActions(root *actions.ActionDescriptor) *actions.ActionDescriptor {
 		ActionResolver: newLogoutAction,
 	})
 
+	group.Add("status", &actions.ActionDescriptorOptions{
+		Command:        newAuthStatusCmd(),
+		FlagsResolver:  newAuthStatusFlags,
+		ActionResolver: newAuthStatusAction,
+		OutputFormats:  []output.Format{output.JsonFormat, output.NoneFormat},
+		DefaultFormat:  output.NoneFormat,
+	})
+
 	return group
 }

cli/azd/cmd/auth_status.go

@@ -0,0 +1,163 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/azure/azure-dev/cli/azd/cmd/actions"
+	"github.com/azure/azure-dev/cli/azd/internal"
+	"github.com/azure/azure-dev/cli/azd/pkg/auth"
+	"github.com/azure/azure-dev/cli/azd/pkg/contracts"
+	"github.com/azure/azure-dev/cli/azd/pkg/input"
+	"github.com/azure/azure-dev/cli/azd/pkg/output"
+	"github.com/azure/azure-dev/cli/azd/pkg/output/ux"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type authStatusFlags struct {
+	tenantID string
+	scopes   []string
+	global   *internal.GlobalCommandOptions
+}
+
+func newAuthStatusFlags(cmd *cobra.Command, global *internal.GlobalCommandOptions) *authStatusFlags {
+	flags := &authStatusFlags{}
+	flags.Bind(cmd.Flags(), global)
+	return flags
+}
+
+func (f *authStatusFlags) Bind(local *pflag.FlagSet, global *internal.GlobalCommandOptions) {
+	local.StringVar(
+		&f.tenantID,
+		"tenant-id",
+		"",
+		"The tenant id or domain name to authenticate with.")
+	local.StringArrayVar(
+		&f.scopes,
+		"scope",
+		nil,
+		"The scope to use when verifying authentication status")
+	_ = local.MarkHidden("scope")
+	f.global = global
+}
+
+func newAuthStatusCmd() *cobra.Command {
+	return &cobra.Command{
+		Use:   "status",
+		Short: "Check the authentication status.",
+		Long:  "Check the authentication status. Returns information about the logged-in user and when credentials expire.",
+	}
+}
+
+type authStatusAction struct {
+	formatter   output.Formatter
+	writer      io.Writer
+	console     input.Console
+	authManager *auth.Manager
+	flags       *authStatusFlags
+}
+
+func newAuthStatusAction(
+	formatter output.Formatter,
+	writer io.Writer,
+	authManager *auth.Manager,
+	flags *authStatusFlags,
+	console input.Console,
+) actions.Action {
+	return &authStatusAction{
+		formatter:   formatter,
+		writer:      writer,
+		console:     console,
+		authManager: authManager,
+		flags:       flags,
+	}
+}
+
+func (a *authStatusAction) Run(ctx context.Context) (*actions.ActionResult, error) {
+	if len(a.flags.scopes) == 0 {
+		a.flags.scopes = a.authManager.LoginScopes()
+	}
+
+	// In check status mode, we always print the final status to stdout.
+	// We print any non-setup related errors to stderr.
+	// We always return a zero exit code.
+	token, err := a.verifyLoggedIn(ctx)
+	var loginExpiryError *auth.ReLoginRequiredError
+	if err != nil &&
+		!errors.Is(err, auth.ErrNoCurrentUser) &&
+		!errors.As(err, &loginExpiryError) {
+		fmt.Fprintln(a.console.Handles().Stderr, err.Error())
+	}
+
+	res := contracts.LoginResult{}
+	if err != nil {
+		res.Status = contracts.LoginStatusUnauthenticated
+	} else {
+		res.Status = contracts.LoginStatusSuccess
+		res.ExpiresOn = &token.ExpiresOn
+	}
+
+	if a.formatter.Kind() != output.NoneFormat {
+		return nil, a.formatter.Format(res, a.writer, nil)
+	} else {
+		var msg string
+		switch res.Status {
+		case contracts.LoginStatusSuccess:
+			msg = "Logged in to Azure"
+		case contracts.LoginStatusUnauthenticated:
+			msg = "Not logged in, run `azd auth login` to login to Azure"
+		default:
+			panic("Unhandled login status")
+		}
+
+		// get user account information
+		details, err := a.authManager.LogInDetails(ctx)
+
+		// error getting user account or not logged in
+		if err != nil {
+			log.Printf("error: getting signed in account: %v", err)
+			fmt.Fprintln(a.console.Handles().Stdout, msg)
+			return nil, nil
+		}
+
+		// only print the message if the user is logged in
+		a.console.MessageUxItem(ctx, &ux.LoggedIn{
+			LoggedInAs: details.Account,
+			LoginType:  ux.LoginType(details.LoginType),
+		})
+		return nil, nil
+	}
+}
+
+// Verifies that the user has credentials stored,
+// and that the credentials stored is accepted by the identity server (can be exchanged for access token).
+func (a *authStatusAction) verifyLoggedIn(ctx context.Context) (*azcore.AccessToken, error) {
+	credOptions := auth.CredentialForCurrentUserOptions{
+		TenantID: a.flags.tenantID,
+	}
+
+	cred, err := a.authManager.CredentialForCurrentUser(ctx, &credOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	// Ensure credential is valid, and can be exchanged for an access token
+	token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
+		Scopes: a.flags.scopes,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &token, nil
+}

cli/azd/cmd/testdata/TestFigSpec.ts

@@ -277,6 +277,21 @@ const completionSpec: Fig.Spec = {
 					name: ['logout'],
 					description: 'Log out of Azure.',
 				},
+				{
+					name: ['status'],
+					description: 'Check the authentication status.',
+					options: [
+						{
+							name: ['--tenant-id'],
+							description: 'The tenant id or domain name to authenticate with.',
+							args: [
+							{
+								name: 'tenant-id',
+							},
+							],
+						},
+					],
+				},
 			],
 		},
 		{
@@ -1540,6 +1555,10 @@ const completionSpec: Fig.Spec = {
 							name: ['logout'],
 							description: 'Log out of Azure.',
 						},
+						{
+							name: ['status'],
+							description: 'Check the authentication status.',
+						},
 					],
 				},
 				{

cli/azd/cmd/testdata/TestUsage-azd-auth-status.snap

@@ -0,0 +1,19 @@
+
+Check the authentication status.
+
+Usage
+  azd auth status [flags]
+
+Flags
+        --tenant-id string 	: The tenant id or domain name to authenticate with.
+
+Global Flags
+    -C, --cwd string 	: Sets the current working directory.
+        --debug      	: Enables debugging and diagnostics logging.
+        --docs       	: Opens the documentation for azd auth status in your web browser.
+    -h, --help       	: Gets help for status.
+        --no-prompt  	: Accepts the default value instead of prompting, or it fails if there is no default.
+
+Find a bug? Want to let us know how we're doing? Fill out this brief survey: https://aka.ms/azure-dev/hats.
+
+

cli/azd/cmd/testdata/TestUsage-azd-auth.snap

@@ -7,6 +7,7 @@ Usage
 Available Commands
   login 	: Log in to Azure.
   logout	: Log out of Azure.
+  status	: Check the authentication status.
 
 Global Flags
     -C, --cwd string 	: Sets the current working directory.