Fix runspace issues in threading

adityapatwardhan · adityapatwardhan · commit 0d82ebdaf4ca · 2026-03-13T10:47:26.000-07:00
diff --git a/src/code/PSResourceGetCredentialProvider.cs b/src/code/PSResourceGetCredentialProvider.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
+using System.Management.Automation.Runspaces;
 using System.Net.Http;
 using System.Text.Json;
 using System.Threading;
@@ -24,6 +25,7 @@ internal class PSResourceGetCredentialProvider : ICredentialProvider
     {
         private readonly PSRepositoryInfo _repository;
         private readonly PSCmdlet _cmdletPassedIn;
+        private readonly Runspace _callerRunspace;
         private readonly string _registryHost;
         private readonly HttpClient _httpClient;
         private Credential _cachedCredential;
@@ -38,6 +40,7 @@ internal PSResourceGetCredentialProvider(PSRepositoryInfo repository, PSCmdlet c
         {
             _repository = repository;
             _cmdletPassedIn = cmdletPassedIn;
+            _callerRunspace = Runspace.DefaultRunspace;
             _registryHost = repository.Uri.Host;
             _httpClient = httpClient ?? new HttpClient();
             _cachedCredential = new Credential();
@@ -50,6 +53,25 @@ public async Task<Credential> ResolveCredentialAsync(string hostname, Cancellati
                 throw new ArgumentException("Hostname cannot be null or empty.", nameof(hostname));
             }
 
+            // ORAS invokes this callback on a thread pool thread which has no
+            // PowerShell Runspace.  Restore the caller's Runspace so that
+            // InvokeCommand.InvokeScript, WriteVerbose, WriteWarning and any
+            // nested PowerShell script invocations (SecretManagement, etc.) work.
+            var previousRunspace = Runspace.DefaultRunspace;
+            Runspace.DefaultRunspace = _callerRunspace;
+
+            try
+            {
+                return await ResolveCredentialCoreAsync(hostname, cancellationToken).ConfigureAwait(false);
+            }
+            finally
+            {
+                Runspace.DefaultRunspace = previousRunspace;
+            }
+        }
+
+        private async Task<Credential> ResolveCredentialCoreAsync(string hostname, CancellationToken cancellationToken)
+        {
             // Return cached credential if still valid
             if (!string.IsNullOrEmpty(_cachedCredential.RefreshToken) && DateTimeOffset.UtcNow < _tokenExpiry)
             {
