Enhance token management and add Disconnect-AzResourceGraph function

[SimonWahlin]

Improve token handling by refining parameter management and adding a new function to disconnect from Azure Resource Graph, clearing cached tokens.

[github-actions]

Linux Test Results

 1 files  ±0  16 suites  +1   6s ⏱️ +2s
69 tests +7  69 ✅ +7  0 💤 ±0  0 ❌ ±0 
70 runs  +7  70 ✅ +7  0 💤 ±0  0 ❌ ±0 

Results for commit 3aa7730. ± Comparison against base commit 266bb3e.

[github-actions]

Win Test Results

 1 files  ±0  16 suites  +1   4s ⏱️ -2s
69 tests +7  69 ✅ +7  0 💤 ±0  0 ❌ ±0 
70 runs  +7  70 ✅ +7  0 💤 ±0  0 ❌ ±0 

Results for commit 3aa7730. ± Comparison against base commit 266bb3e.

[Copilot]

Pull Request Overview

This PR improves token management and adds a new cmdlet to disconnect from Azure Resource Graph by clearing cached tokens.

• Introduces Disconnect-AzResourceGraph to reset in-memory session state.
• Enhances Connect-AzResourceGraph with a ManagementEndpoint parameter, token cache configuration, and user identity handling.
• Refactors token expiry/scope checks in Test-AzureToken and tweaks the interactive path in Assert-AzureConnection.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/Unit/Public/Disconnect-AzResourceGraph.tests.ps1	Adds tests validating that Disconnect-AzResourceGraph clears session state.
CHANGELOG.md	Updates version history; adds a fixed section and reorganizes releases.
AzResourceGraph/Public/Disconnect-AzResourceGraph.ps1	Implements new Disconnect-AzResourceGraph cmdlet.
AzResourceGraph/Public/Connect-AzResourceGraph.ps1	Adds ManagementEndpoint parameter and enriches token splatting logic.
AzResourceGraph/Private/Test-AzureToken.ps1	Switches to UTC comparisons and includes scope fallback in token checks.
AzResourceGraph/Private/Assert-AzureConnection.ps1	Removes extra parameters on interactive reauthorization.

Comments suppressed due to low confidence (6)

AzResourceGraph/Public/Connect-AzResourceGraph.ps1:96

• The new ManagementEndpoint parameter lacks a type annotation (e.g. [string]) and no Parameter attribute for Mandatory or Position. Consider declaring a [string] type and adding appropriate [Parameter(...)] attributes for each ParameterSet to enforce valid input.

$ManagementEndpoint = 'https://management.azure.com'

AzResourceGraph/Public/Connect-AzResourceGraph.ps1:36

• [nitpick] Consider adding a ValidateSet attribute to the ManagementEndpoint parameter to restrict values to known Azure cloud endpoints (e.g., global, China, USGov). This prevents typos and improves discoverability.

Endpoint used for management. This is used for the Audience claim when authenticating to Azure.

AzResourceGraph/Public/Disconnect-AzResourceGraph.ps1:2

• [nitpick] The synopsis mentions clearing the cached access token in memory but omits that TokenSource is reset to 'Global'. Consider updating the help text to list all module-scoped variables that this cmdlet resets.

.SYNOPSIS

tests/Unit/Public/Disconnect-AzResourceGraph.tests.ps1:23

• Add an assertion to verify that $script:TokenSource is reset (e.g., to 'Global') after calling Disconnect-AzResourceGraph to ensure full state clearance.

$script:TokenSplat.Keys.Count | Should -be 0

CHANGELOG.md:11

• The changelog entry for 0.1.1 omits the new Disconnect-AzResourceGraph addition under 'Added' and reuses the same date as 0.1.0. Please include the new function in the 'Added' section and correct the release date sequencing.

## [0.1.1] - 2025-05-14

AzResourceGraph/Private/Assert-AzureConnection.ps1:68

• Removing ClientId when Interactive is present may drop needed identity info for token renewals. Verify whether this removal is intentional or if a different key (e.g., UserName) should be pruned instead.

$LocalTokenSplat.Remove('ClientId')