@azure/core-auth 1.8.1-alpha.20241015.2 → 1.9.0

package/dist/browser/index.d.ts

@@ -1,3 +1,4 @@
+export { HttpMethods } from "@azure/core-util";
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { KeyCredential, isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, NamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/browser/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/browser/index.js

@@ -1,5 +1,3 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/browser/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nexport { HttpMethods } from \"@azure/core-util\";\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}

package/dist/browser/tokenCredential.d.ts

@@ -1,5 +1,6 @@
 import { AbortSignalLike } from "@azure/abort-controller";
 import { TracingContext } from "./tracing.js";
+import { HttpMethods } from "@azure/core-util";
 /**
  * Represents a credential capable of providing an authentication token.
  */
@@ -54,6 +55,27 @@ export interface GetTokenOptions {
      * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
      */
     tenantId?: string;
+    /**
+     * Options for Proof of Possession token requests
+     */
+    proofOfPossessionOptions?: {
+        /**
+         * The nonce value required for PoP token requests.
+         * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.
+         * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.
+         */
+        nonce: string;
+        /**
+         * The HTTP method of the request.
+         * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestMethod: HttpMethods;
+        /**
+         * The URL of the request.
+         * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestUrl: string;
+    };
 }
 /**
  * Represents an access token with an expiration time.
@@ -71,7 +93,21 @@ export interface AccessToken {
      * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
      */
     refreshAfterTimestamp?: number;
+    /** Type of token - `Bearer` or `pop` */
+    tokenType?: "Bearer" | "pop";
 }
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export declare function isBearerToken(accessToken: AccessToken): boolean;
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export declare function isPopToken(accessToken: AccessToken): boolean;
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/browser/tokenCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}
+{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,wBAAwB,CAAC,EAAE;QACzB;;;;WAIG;QACH,KAAK,EAAE,MAAM,CAAC;QACd;;;WAGG;QACH,qBAAqB,EAAE,WAAW,CAAC;QACnC;;;WAGG;QACH,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,wCAAwC;IACxC,SAAS,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}

package/dist/browser/tokenCredential.js

@@ -1,5 +1,21 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export function isBearerToken(accessToken) {
+    return !accessToken.tokenType || accessToken.tokenType === "Bearer";
+}
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export function isPopToken(accessToken) {
+    return accessToken.tokenType === "pop";
+}
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/browser/tokenCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAkFlC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}
+{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AA4GlC;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAwB;IACpD,OAAO,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,SAAS,KAAK,QAAQ,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,WAAwB;IACjD,OAAO,WAAW,CAAC,SAAS,KAAK,KAAK,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\nimport { HttpMethods } from \"@azure/core-util\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n\n  /**\n   * Options for Proof of Possession token requests\n   */\n  proofOfPossessionOptions?: {\n    /**\n     * The nonce value required for PoP token requests.\n     * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.\n     * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.\n     */\n    nonce: string;\n    /**\n     * The HTTP method of the request.\n     * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestMethod: HttpMethods;\n    /**\n     * The URL of the request.\n     * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestUrl: string;\n  };\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n\n  /** Type of token - `Bearer` or `pop` */\n  tokenType?: \"Bearer\" | \"pop\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is bearer type or not\n */\nexport function isBearerToken(accessToken: AccessToken): boolean {\n  return !accessToken.tokenType || accessToken.tokenType === \"Bearer\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is Pop token or not\n */\nexport function isPopToken(accessToken: AccessToken): boolean {\n  return accessToken.tokenType === \"pop\";\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}

package/dist/commonjs/index.d.ts

@@ -1,3 +1,4 @@
+export { HttpMethods } from "@azure/core-util";
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { KeyCredential, isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, NamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/commonjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/commonjs/index.js

@@ -1,6 +1,4 @@
 "use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isTokenCredential = exports.isSASCredential = exports.AzureSASCredential = exports.isNamedKeyCredential = exports.AzureNamedKeyCredential = exports.isKeyCredential = exports.AzureKeyCredential = void 0;
 var azureKeyCredential_js_1 = require("./azureKeyCredential.js");

package/dist/commonjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,iEAA6D;AAApD,2HAAA,kBAAkB,OAAA;AAC3B,uDAAoE;AAA5C,mHAAA,eAAe,OAAA;AACvC,2EAIsC;AAHpC,qIAAA,uBAAuB,OAAA;AAEvB,kIAAA,oBAAoB,OAAA;AAEtB,iEAA6F;AAApF,2HAAA,kBAAkB,OAAA;AAAiB,wHAAA,eAAe,OAAA;AAE3D,2DAK8B;AAD5B,uHAAA,iBAAiB,OAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,iEAA6D;AAApD,2HAAA,kBAAkB,OAAA;AAC3B,uDAAoE;AAA5C,mHAAA,eAAe,OAAA;AACvC,2EAIsC;AAHpC,qIAAA,uBAAuB,OAAA;AAEvB,kIAAA,oBAAoB,OAAA;AAEtB,iEAA6F;AAApF,2HAAA,kBAAkB,OAAA;AAAiB,wHAAA,eAAe,OAAA;AAE3D,2DAK8B;AAD5B,uHAAA,iBAAiB,OAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nexport { HttpMethods } from \"@azure/core-util\";\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}

package/dist/commonjs/tokenCredential.d.ts

@@ -1,5 +1,6 @@
 import { AbortSignalLike } from "@azure/abort-controller";
 import { TracingContext } from "./tracing.js";
+import { HttpMethods } from "@azure/core-util";
 /**
  * Represents a credential capable of providing an authentication token.
  */
@@ -54,6 +55,27 @@ export interface GetTokenOptions {
      * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
      */
     tenantId?: string;
+    /**
+     * Options for Proof of Possession token requests
+     */
+    proofOfPossessionOptions?: {
+        /**
+         * The nonce value required for PoP token requests.
+         * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.
+         * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.
+         */
+        nonce: string;
+        /**
+         * The HTTP method of the request.
+         * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestMethod: HttpMethods;
+        /**
+         * The URL of the request.
+         * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestUrl: string;
+    };
 }
 /**
  * Represents an access token with an expiration time.
@@ -71,7 +93,21 @@ export interface AccessToken {
      * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
      */
     refreshAfterTimestamp?: number;
+    /** Type of token - `Bearer` or `pop` */
+    tokenType?: "Bearer" | "pop";
 }
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export declare function isBearerToken(accessToken: AccessToken): boolean;
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export declare function isPopToken(accessToken: AccessToken): boolean;
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/commonjs/tokenCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}
+{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,wBAAwB,CAAC,EAAE;QACzB;;;;WAIG;QACH,KAAK,EAAE,MAAM,CAAC;QACd;;;WAGG;QACH,qBAAqB,EAAE,WAAW,CAAC;QACnC;;;WAGG;QACH,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,wCAAwC;IACxC,SAAS,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}

package/dist/commonjs/tokenCredential.js

@@ -2,7 +2,25 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.isBearerToken = isBearerToken;
+exports.isPopToken = isPopToken;
 exports.isTokenCredential = isTokenCredential;
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+function isBearerToken(accessToken) {
+    return !accessToken.tokenType || accessToken.tokenType === "Bearer";
+}
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+function isPopToken(accessToken) {
+    return accessToken.tokenType === "pop";
+}
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/commonjs/tokenCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAuFlC,8CAeC;AApBD;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}
+{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAiHlC,sCAEC;AAOD,gCAEC;AAOD,8CAeC;AAtCD;;;;GAIG;AACH,SAAgB,aAAa,CAAC,WAAwB;IACpD,OAAO,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,SAAS,KAAK,QAAQ,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CAAC,WAAwB;IACjD,OAAO,WAAW,CAAC,SAAS,KAAK,KAAK,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\nimport { HttpMethods } from \"@azure/core-util\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n\n  /**\n   * Options for Proof of Possession token requests\n   */\n  proofOfPossessionOptions?: {\n    /**\n     * The nonce value required for PoP token requests.\n     * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.\n     * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.\n     */\n    nonce: string;\n    /**\n     * The HTTP method of the request.\n     * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestMethod: HttpMethods;\n    /**\n     * The URL of the request.\n     * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestUrl: string;\n  };\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n\n  /** Type of token - `Bearer` or `pop` */\n  tokenType?: \"Bearer\" | \"pop\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is bearer type or not\n */\nexport function isBearerToken(accessToken: AccessToken): boolean {\n  return !accessToken.tokenType || accessToken.tokenType === \"Bearer\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is Pop token or not\n */\nexport function isPopToken(accessToken: AccessToken): boolean {\n  return accessToken.tokenType === \"pop\";\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}

package/dist/core-auth.d.ts

@@ -1,4 +1,5 @@
 import { AbortSignalLike } from '@azure/abort-controller';
+import { HttpMethods } from '@azure/core-util';
 
 /**
  * Represents an access token with an expiration time.
@@ -16,6 +17,8 @@ export declare interface AccessToken {
      * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
      */
     refreshAfterTimestamp?: number;
+    /** Type of token - `Bearer` or `pop` */
+    tokenType?: "Bearer" | "pop";
 }
 
 /**
@@ -147,8 +150,31 @@ export declare interface GetTokenOptions {
      * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
      */
     tenantId?: string;
+    /**
+     * Options for Proof of Possession token requests
+     */
+    proofOfPossessionOptions?: {
+        /**
+         * The nonce value required for PoP token requests.
+         * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.
+         * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.
+         */
+        nonce: string;
+        /**
+         * The HTTP method of the request.
+         * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestMethod: HttpMethods;
+        /**
+         * The URL of the request.
+         * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestUrl: string;
+    };
 }
 
+export { HttpMethods }
+
 /**
  * Tests an object to determine whether it implements KeyCredential.
  *

package/dist/esm/index.d.ts

@@ -1,3 +1,4 @@
+export { HttpMethods } from "@azure/core-util";
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { KeyCredential, isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, NamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/esm/index.js

@@ -1,5 +1,3 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nexport { HttpMethods } from \"@azure/core-util\";\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}

package/dist/esm/tokenCredential.d.ts

@@ -1,5 +1,6 @@
 import { AbortSignalLike } from "@azure/abort-controller";
 import { TracingContext } from "./tracing.js";
+import { HttpMethods } from "@azure/core-util";
 /**
  * Represents a credential capable of providing an authentication token.
  */
@@ -54,6 +55,27 @@ export interface GetTokenOptions {
      * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
      */
     tenantId?: string;
+    /**
+     * Options for Proof of Possession token requests
+     */
+    proofOfPossessionOptions?: {
+        /**
+         * The nonce value required for PoP token requests.
+         * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.
+         * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.
+         */
+        nonce: string;
+        /**
+         * The HTTP method of the request.
+         * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestMethod: HttpMethods;
+        /**
+         * The URL of the request.
+         * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestUrl: string;
+    };
 }
 /**
  * Represents an access token with an expiration time.
@@ -71,7 +93,21 @@ export interface AccessToken {
      * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
      */
     refreshAfterTimestamp?: number;
+    /** Type of token - `Bearer` or `pop` */
+    tokenType?: "Bearer" | "pop";
 }
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export declare function isBearerToken(accessToken: AccessToken): boolean;
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export declare function isPopToken(accessToken: AccessToken): boolean;
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/esm/tokenCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}
+{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,wBAAwB,CAAC,EAAE;QACzB;;;;WAIG;QACH,KAAK,EAAE,MAAM,CAAC;QACd;;;WAGG;QACH,qBAAqB,EAAE,WAAW,CAAC;QACnC;;;WAGG;QACH,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,wCAAwC;IACxC,SAAS,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}

package/dist/esm/tokenCredential.js

@@ -1,5 +1,21 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export function isBearerToken(accessToken) {
+    return !accessToken.tokenType || accessToken.tokenType === "Bearer";
+}
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export function isPopToken(accessToken) {
+    return accessToken.tokenType === "pop";
+}
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/esm/tokenCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAkFlC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}
+{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AA4GlC;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAwB;IACpD,OAAO,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,SAAS,KAAK,QAAQ,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,WAAwB;IACjD,OAAO,WAAW,CAAC,SAAS,KAAK,KAAK,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\nimport { HttpMethods } from \"@azure/core-util\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n\n  /**\n   * Options for Proof of Possession token requests\n   */\n  proofOfPossessionOptions?: {\n    /**\n     * The nonce value required for PoP token requests.\n     * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.\n     * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.\n     */\n    nonce: string;\n    /**\n     * The HTTP method of the request.\n     * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestMethod: HttpMethods;\n    /**\n     * The URL of the request.\n     * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestUrl: string;\n  };\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n\n  /** Type of token - `Bearer` or `pop` */\n  tokenType?: \"Bearer\" | \"pop\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is bearer type or not\n */\nexport function isBearerToken(accessToken: AccessToken): boolean {\n  return !accessToken.tokenType || accessToken.tokenType === \"Bearer\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is Pop token or not\n */\nexport function isPopToken(accessToken: AccessToken): boolean {\n  return accessToken.tokenType === \"pop\";\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}

package/dist/react-native/index.d.ts

@@ -1,3 +1,4 @@
+export { HttpMethods } from "@azure/core-util";
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { KeyCredential, isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, NamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/react-native/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EACL,eAAe,EACf,eAAe,EACf,WAAW,EACX,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/react-native/index.js

@@ -1,5 +1,3 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
 export { AzureKeyCredential } from "./azureKeyCredential.js";
 export { isKeyCredential } from "./keyCredential.js";
 export { AzureNamedKeyCredential, isNamedKeyCredential, } from "./azureNamedKeyCredential.js";

package/dist/react-native/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAiB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EACL,uBAAuB,EAEvB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAiB,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE7F,OAAO,EAIL,iBAAiB,GAClB,MAAM,sBAAsB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nexport { HttpMethods } from \"@azure/core-util\";\nexport { AzureKeyCredential } from \"./azureKeyCredential.js\";\nexport { KeyCredential, isKeyCredential } from \"./keyCredential.js\";\nexport {\n  AzureNamedKeyCredential,\n  NamedKeyCredential,\n  isNamedKeyCredential,\n} from \"./azureNamedKeyCredential.js\";\nexport { AzureSASCredential, SASCredential, isSASCredential } from \"./azureSASCredential.js\";\n\nexport {\n  TokenCredential,\n  GetTokenOptions,\n  AccessToken,\n  isTokenCredential,\n} from \"./tokenCredential.js\";\n\nexport { TracingContext } from \"./tracing.js\";\n"]}

package/dist/react-native/tokenCredential.d.ts

@@ -1,5 +1,6 @@
 import { AbortSignalLike } from "@azure/abort-controller";
 import { TracingContext } from "./tracing.js";
+import { HttpMethods } from "@azure/core-util";
 /**
  * Represents a credential capable of providing an authentication token.
  */
@@ -54,6 +55,27 @@ export interface GetTokenOptions {
      * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.
      */
     tenantId?: string;
+    /**
+     * Options for Proof of Possession token requests
+     */
+    proofOfPossessionOptions?: {
+        /**
+         * The nonce value required for PoP token requests.
+         * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.
+         * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.
+         */
+        nonce: string;
+        /**
+         * The HTTP method of the request.
+         * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestMethod: HttpMethods;
+        /**
+         * The URL of the request.
+         * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.
+         */
+        resourceRequestUrl: string;
+    };
 }
 /**
  * Represents an access token with an expiration time.
@@ -71,7 +93,21 @@ export interface AccessToken {
      * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.
      */
     refreshAfterTimestamp?: number;
+    /** Type of token - `Bearer` or `pop` */
+    tokenType?: "Bearer" | "pop";
 }
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export declare function isBearerToken(accessToken: AccessToken): boolean;
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export declare function isPopToken(accessToken: AccessToken): boolean;
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/react-native/tokenCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}
+{"version":3,"file":"tokenCredential.d.ts","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CAC7F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,wBAAwB,CAAC,EAAE;QACzB;;;;WAIG;QACH,KAAK,EAAE,MAAM,CAAC;QACd;;;WAGG;QACH,qBAAqB,EAAE,WAAW,CAAC;QACnC;;;WAGG;QACH,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,wCAAwC;IACxC,SAAS,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,UAAU,IAAI,eAAe,CAepF"}

package/dist/react-native/tokenCredential.js

@@ -1,5 +1,21 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is bearer type or not
+ */
+export function isBearerToken(accessToken) {
+    return !accessToken.tokenType || accessToken.tokenType === "Bearer";
+}
+/**
+ * @internal
+ * @param accessToken - Access token
+ * @returns Whether a token is Pop token or not
+ */
+export function isPopToken(accessToken) {
+    return accessToken.tokenType === "pop";
+}
 /**
  * Tests an object to determine whether it implements TokenCredential.
  *

package/dist/react-native/tokenCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAkFlC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}
+{"version":3,"file":"tokenCredential.js","sourceRoot":"","sources":["../../src/tokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AA4GlC;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAwB;IACpD,OAAO,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,SAAS,KAAK,QAAQ,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,WAAwB;IACjD,OAAO,WAAW,CAAC,SAAS,KAAK,KAAK,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,cAAc,GAAG,UAGtB,CAAC;IACF,OAAO,CACL,cAAc;QACd,OAAO,cAAc,CAAC,QAAQ,KAAK,UAAU;QAC7C,CAAC,cAAc,CAAC,WAAW,KAAK,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACjF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { TracingContext } from \"./tracing.js\";\nimport { HttpMethods } from \"@azure/core-util\";\n\n/**\n * Represents a credential capable of providing an authentication token.\n */\nexport interface TokenCredential {\n  /**\n   * Gets the token provided by this credential.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;\n}\n\n/**\n * Defines options for TokenCredential.getToken.\n */\nexport interface GetTokenOptions {\n  /**\n   * The signal which can be used to abort requests.\n   */\n  abortSignal?: AbortSignalLike;\n  /**\n   * Options used when creating and sending HTTP requests for this operation.\n   */\n  requestOptions?: {\n    /**\n     * The number of milliseconds a request can take before automatically being terminated.\n     */\n    timeout?: number;\n  };\n  /**\n   * Options used when tracing is enabled.\n   */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request.\n     */\n    tracingContext?: TracingContext;\n  };\n  /**\n   * Claim details to perform the Continuous Access Evaluation authentication flow\n   */\n  claims?: string;\n  /**\n   * Indicates whether to enable the Continuous Access Evaluation authentication flow\n   */\n  enableCae?: boolean;\n  /**\n   * Allows specifying a tenantId. Useful to handle challenges that provide tenant Id hints.\n   */\n  tenantId?: string;\n\n  /**\n   * Options for Proof of Possession token requests\n   */\n  proofOfPossessionOptions?: {\n    /**\n     * The nonce value required for PoP token requests.\n     * This is typically retrieved from the WWW-Authenticate header of a 401 challenge response.\n     * This is used in combination with {@link resourceRequestUrl} and {@link resourceRequestMethod} to generate the PoP token.\n     */\n    nonce: string;\n    /**\n     * The HTTP method of the request.\n     * This is used in combination with {@link resourceRequestUrl} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestMethod: HttpMethods;\n    /**\n     * The URL of the request.\n     * This is used in combination with {@link resourceRequestMethod} and {@link nonce} to generate the PoP token.\n     */\n    resourceRequestUrl: string;\n  };\n}\n\n/**\n * Represents an access token with an expiration time.\n */\nexport interface AccessToken {\n  /**\n   * The access token returned by the authentication service.\n   */\n  token: string;\n\n  /**\n   * The access token's expiration timestamp in milliseconds, UNIX epoch time.\n   */\n  expiresOnTimestamp: number;\n\n  /**\n   * The timestamp when the access token should be refreshed, in milliseconds, UNIX epoch time.\n   */\n  refreshAfterTimestamp?: number;\n\n  /** Type of token - `Bearer` or `pop` */\n  tokenType?: \"Bearer\" | \"pop\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is bearer type or not\n */\nexport function isBearerToken(accessToken: AccessToken): boolean {\n  return !accessToken.tokenType || accessToken.tokenType === \"Bearer\";\n}\n\n/**\n * @internal\n * @param accessToken - Access token\n * @returns Whether a token is Pop token or not\n */\nexport function isPopToken(accessToken: AccessToken): boolean {\n  return accessToken.tokenType === \"pop\";\n}\n\n/**\n * Tests an object to determine whether it implements TokenCredential.\n *\n * @param credential - The assumed TokenCredential to be tested.\n */\nexport function isTokenCredential(credential: unknown): credential is TokenCredential {\n  // Check for an object with a 'getToken' function and possibly with\n  // a 'signRequest' function.  We do this check to make sure that\n  // a ServiceClientCredentials implementor (like TokenClientCredentials\n  // in ms-rest-nodeauth) doesn't get mistaken for a TokenCredential if\n  // it doesn't actually implement TokenCredential also.\n  const castCredential = credential as {\n    getToken: unknown;\n    signRequest: unknown;\n  };\n  return (\n    castCredential &&\n    typeof castCredential.getToken === \"function\" &&\n    (castCredential.signRequest === undefined || castCredential.getToken.length > 0)\n  );\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@azure/core-auth",
-  "version": "1.8.1-alpha.20241015.2",
+  "version": "1.9.0",
   "description": "Provides low-level interfaces and helper methods for authentication in Azure SDK",
   "sdk-type": "client",
   "type": "module",
@@ -75,12 +75,12 @@
   },
   "dependencies": {
     "@azure/abort-controller": "^2.0.0",
-    "@azure/core-util": "^1.1.0",
+    "@azure/core-util": "^1.11.0",
     "tslib": "^2.6.2"
   },
   "devDependencies": {
-    "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
-    "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
+    "@azure/dev-tool": "^1.0.0",
+    "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@microsoft/api-extractor": "^7.40.3",
     "@types/node": "^18.0.0",
     "@vitest/browser": "^2.0.5",