@azure/core-client 1.10.2-alpha.20260311.2 → 1.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (105) hide show
  1. package/dist/browser/authorizeRequestOnTenantChallenge.js +1 -2
  2. package/dist/browser/authorizeRequestOnTenantChallenge.js.map +1 -1
  3. package/dist/browser/base64.d.ts +1 -5
  4. package/dist/browser/base64.js +6 -14
  5. package/dist/browser/base64.js.map +1 -1
  6. package/dist/browser/interfaceHelpers.js +1 -2
  7. package/dist/browser/interfaceHelpers.js.map +1 -1
  8. package/dist/browser/operationHelpers.js +8 -4
  9. package/dist/browser/operationHelpers.js.map +1 -1
  10. package/dist/browser/serializationPolicy.js +1 -1
  11. package/dist/browser/serializationPolicy.js.map +1 -1
  12. package/dist/browser/serializer.js +32 -11
  13. package/dist/browser/serializer.js.map +1 -1
  14. package/dist/browser/serviceClient.js +2 -2
  15. package/dist/browser/serviceClient.js.map +1 -1
  16. package/dist/browser/{state.d.ts → state-web.d.mts} +1 -1
  17. package/dist/browser/{state.js → state-web.mjs} +1 -1
  18. package/dist/browser/state-web.mjs.map +1 -0
  19. package/dist/browser/urlHelpers.js +2 -1
  20. package/dist/browser/urlHelpers.js.map +1 -1
  21. package/dist/commonjs/authorizeRequestOnTenantChallenge.js +1 -2
  22. package/dist/commonjs/authorizeRequestOnTenantChallenge.js.map +1 -1
  23. package/dist/commonjs/base64.d.ts +1 -1
  24. package/dist/commonjs/base64.js +6 -6
  25. package/dist/commonjs/base64.js.map +1 -1
  26. package/dist/commonjs/interfaceHelpers.js +1 -2
  27. package/dist/commonjs/interfaceHelpers.js.map +1 -1
  28. package/dist/commonjs/operationHelpers.js +10 -6
  29. package/dist/commonjs/operationHelpers.js.map +1 -1
  30. package/dist/commonjs/serializationPolicy.js +1 -1
  31. package/dist/commonjs/serializationPolicy.js.map +1 -1
  32. package/dist/commonjs/serializer.js +32 -11
  33. package/dist/commonjs/serializer.js.map +1 -1
  34. package/dist/commonjs/serviceClient.js +2 -2
  35. package/dist/commonjs/serviceClient.js.map +1 -1
  36. package/dist/commonjs/{state.d.ts → state-cjs.d.ts} +1 -1
  37. package/dist/commonjs/{state.js → state-cjs.js} +1 -1
  38. package/dist/commonjs/state-cjs.js.map +1 -0
  39. package/dist/commonjs/tsdoc-metadata.json +1 -1
  40. package/dist/commonjs/urlHelpers.js +2 -1
  41. package/dist/commonjs/urlHelpers.js.map +1 -1
  42. package/dist/esm/authorizeRequestOnClaimChallenge.js +67 -44
  43. package/dist/esm/authorizeRequestOnClaimChallenge.js.map +1 -7
  44. package/dist/esm/authorizeRequestOnTenantChallenge.js +97 -72
  45. package/dist/esm/authorizeRequestOnTenantChallenge.js.map +1 -7
  46. package/dist/esm/base64.d.ts +1 -1
  47. package/dist/esm/base64.js +32 -15
  48. package/dist/esm/base64.js.map +1 -7
  49. package/dist/esm/deserializationPolicy.js +202 -205
  50. package/dist/esm/deserializationPolicy.js.map +1 -7
  51. package/dist/esm/httpClientCache.js +8 -8
  52. package/dist/esm/httpClientCache.js.map +1 -7
  53. package/dist/esm/index.js +11 -31
  54. package/dist/esm/index.js.map +1 -7
  55. package/dist/esm/interfaceHelpers.js +34 -23
  56. package/dist/esm/interfaceHelpers.js.map +1 -7
  57. package/dist/esm/interfaces.js +11 -6
  58. package/dist/esm/interfaces.js.map +1 -7
  59. package/dist/esm/log.js +4 -4
  60. package/dist/esm/log.js.map +1 -7
  61. package/dist/esm/operationHelpers.js +86 -73
  62. package/dist/esm/operationHelpers.js.map +1 -7
  63. package/dist/esm/pipeline.js +23 -22
  64. package/dist/esm/pipeline.js.map +1 -7
  65. package/dist/esm/serializationPolicy.js +134 -163
  66. package/dist/esm/serializationPolicy.js.map +1 -7
  67. package/dist/esm/serializer.js +877 -812
  68. package/dist/esm/serializer.js.map +1 -7
  69. package/dist/esm/serviceClient.js +150 -151
  70. package/dist/esm/serviceClient.js.map +1 -7
  71. package/dist/esm/state-cjs.d.ts +8 -0
  72. package/dist/esm/state-cjs.js +9 -0
  73. package/dist/esm/state-cjs.js.map +1 -0
  74. package/dist/esm/state.js +10 -5
  75. package/dist/esm/state.js.map +1 -7
  76. package/dist/esm/urlHelpers.js +207 -199
  77. package/dist/esm/urlHelpers.js.map +1 -7
  78. package/dist/esm/utils.js +118 -64
  79. package/dist/esm/utils.js.map +1 -7
  80. package/dist/react-native/authorizeRequestOnTenantChallenge.js +1 -2
  81. package/dist/react-native/authorizeRequestOnTenantChallenge.js.map +1 -1
  82. package/dist/react-native/base64.d.ts +1 -1
  83. package/dist/react-native/base64.js +6 -6
  84. package/dist/react-native/base64.js.map +1 -1
  85. package/dist/react-native/interfaceHelpers.js +1 -2
  86. package/dist/react-native/interfaceHelpers.js.map +1 -1
  87. package/dist/react-native/operationHelpers.js +8 -4
  88. package/dist/react-native/operationHelpers.js.map +1 -1
  89. package/dist/react-native/serializationPolicy.js +1 -1
  90. package/dist/react-native/serializationPolicy.js.map +1 -1
  91. package/dist/react-native/serializer.js +32 -11
  92. package/dist/react-native/serializer.js.map +1 -1
  93. package/dist/react-native/serviceClient.js +2 -2
  94. package/dist/react-native/serviceClient.js.map +1 -1
  95. package/dist/react-native/state-web.d.mts +8 -0
  96. package/dist/react-native/state-web.mjs +9 -0
  97. package/dist/react-native/state-web.mjs.map +1 -0
  98. package/dist/react-native/urlHelpers.js +2 -1
  99. package/dist/react-native/urlHelpers.js.map +1 -1
  100. package/package.json +31 -17
  101. package/dist/browser/state.js.map +0 -1
  102. package/dist/commonjs/state.js.map +0 -1
  103. package/dist/react-native/state.d.ts +0 -8
  104. package/dist/react-native/state.js +0 -10
  105. package/dist/react-native/state.js.map +0 -1
package/dist/esm/authorizeRequestOnClaimChallenge.js CHANGED
@@ -1,49 +1,72 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
1
3
  import { logger as coreClientLogger } from "./log.js";
2
4
  import { decodeStringToString } from "./base64.js";
3
- function parseCAEChallenge(challenges) {
4
- const bearerChallenges = `, ${challenges.trim()}`.split(", Bearer ").filter((x) => x);
5
- return bearerChallenges.map((challenge) => {
6
- const challengeParts = `${challenge.trim()}, `.split('", ').filter((x) => x);
7
- const keyValuePairs = challengeParts.map(
8
- (keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split('="'))
9
- );
10
- return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});
11
- });
5
+ /**
6
+ * Converts: `Bearer a="b", c="d", Bearer d="e", f="g"`.
7
+ * Into: `[ { a: 'b', c: 'd' }, { d: 'e', f: 'g' } ]`.
8
+ *
9
+ * @internal
10
+ */
11
+ export function parseCAEChallenge(challenges) {
12
+ const bearerChallenges = `, ${challenges.trim()}`.split(", Bearer ").filter((x) => x);
13
+ return bearerChallenges.map((challenge) => {
14
+ const challengeParts = `${challenge.trim()}, `.split('", ').filter((x) => x);
15
+ const keyValuePairs = challengeParts.map((keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split('="')));
16
+ // Key-value pairs to plain object:
17
+ return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});
18
+ });
12
19
  }
13
- async function authorizeRequestOnClaimChallenge(onChallengeOptions) {
14
- const { scopes, response } = onChallengeOptions;
15
- const logger = onChallengeOptions.logger || coreClientLogger;
16
- const challenge = response.headers.get("WWW-Authenticate");
17
- if (!challenge) {
18
- logger.info(
19
- `The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`
20
- );
21
- return false;
22
- }
23
- const challenges = parseCAEChallenge(challenge) || [];
24
- const parsedChallenge = challenges.find((x) => x.claims);
25
- if (!parsedChallenge) {
26
- logger.info(
27
- `The WWW-Authenticate header was missing the necessary "claims" to perform the Continuous Access Evaluation authentication flow.`
28
- );
29
- return false;
30
- }
31
- const accessToken = await onChallengeOptions.getAccessToken(
32
- parsedChallenge.scope ? [parsedChallenge.scope] : scopes,
33
- {
34
- claims: decodeStringToString(parsedChallenge.claims)
20
+ /**
21
+ * This function can be used as a callback for the `bearerTokenAuthenticationPolicy` of `@azure/core-rest-pipeline`, to support CAE challenges:
22
+ * [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
23
+ *
24
+ * Call the `bearerTokenAuthenticationPolicy` with the following options:
25
+ *
26
+ * ```ts snippet:AuthorizeRequestOnClaimChallenge
27
+ * import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
28
+ * import { authorizeRequestOnClaimChallenge } from "@azure/core-client";
29
+ *
30
+ * const policy = bearerTokenAuthenticationPolicy({
31
+ * challengeCallbacks: {
32
+ * authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge,
33
+ * },
34
+ * scopes: ["https://service/.default"],
35
+ * });
36
+ * ```
37
+ *
38
+ * Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges.
39
+ * When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.
40
+ *
41
+ * Example challenge with claims:
42
+ *
43
+ * ```
44
+ * Bearer authorization_uri="https://login.windows-ppe.net/", error="invalid_token",
45
+ * error_description="User session has been revoked",
46
+ * claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0="
47
+ * ```
48
+ */
49
+ export async function authorizeRequestOnClaimChallenge(onChallengeOptions) {
50
+ const { scopes, response } = onChallengeOptions;
51
+ const logger = onChallengeOptions.logger || coreClientLogger;
52
+ const challenge = response.headers.get("WWW-Authenticate");
53
+ if (!challenge) {
54
+ logger.info(`The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`);
55
+ return false;
35
56
  }
36
- );
37
- if (!accessToken) {
38
- return false;
39
- }
40
- onChallengeOptions.request.headers.set(
41
- "Authorization",
42
- `${accessToken.tokenType ?? "Bearer"} ${accessToken.token}`
43
- );
44
- return true;
57
+ const challenges = parseCAEChallenge(challenge) || [];
58
+ const parsedChallenge = challenges.find((x) => x.claims);
59
+ if (!parsedChallenge) {
60
+ logger.info(`The WWW-Authenticate header was missing the necessary "claims" to perform the Continuous Access Evaluation authentication flow.`);
61
+ return false;
62
+ }
63
+ const accessToken = await onChallengeOptions.getAccessToken(parsedChallenge.scope ? [parsedChallenge.scope] : scopes, {
64
+ claims: decodeStringToString(parsedChallenge.claims),
65
+ });
66
+ if (!accessToken) {
67
+ return false;
68
+ }
69
+ onChallengeOptions.request.headers.set("Authorization", `${accessToken.tokenType ?? "Bearer"} ${accessToken.token}`);
70
+ return true;
45
71
  }
46
- export {
47
- authorizeRequestOnClaimChallenge,
48
- parseCAEChallenge
49
- };
72
+ //# sourceMappingURL=authorizeRequestOnClaimChallenge.js.map
package/dist/esm/authorizeRequestOnClaimChallenge.js.map CHANGED
@@ -1,7 +1 @@
1
- {
2
- "version": 3,
3
- "sources": ["/mnt/vss/_work/1/s/sdk/core/core-client/src/authorizeRequestOnClaimChallenge.ts"],
4
- "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorizeRequestOnChallengeOptions } from \"@azure/core-rest-pipeline\";\nimport { logger as coreClientLogger } from \"./log.js\";\nimport { decodeStringToString } from \"./base64.js\";\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Bearer d=\"e\", f=\"g\"`.\n * Into: `[ { a: 'b', c: 'd' }, { d: 'e', f: 'g' } ]`.\n *\n * @internal\n */\nexport function parseCAEChallenge(challenges: string): any[] {\n const bearerChallenges = `, ${challenges.trim()}`.split(\", Bearer \").filter((x) => x);\n return bearerChallenges.map((challenge) => {\n const challengeParts = `${challenge.trim()}, `.split('\", ').filter((x) => x);\n const keyValuePairs = challengeParts.map((keyValue) =>\n (([key, value]) => ({ [key]: value }))(keyValue.trim().split('=\"')),\n );\n // Key-value pairs to plain object:\n return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});\n });\n}\n\n/**\n * CAE Challenge structure\n */\nexport interface CAEChallenge {\n scope: string;\n claims: string;\n}\n\n/**\n * This function can be used as a callback for the `bearerTokenAuthenticationPolicy` of `@azure/core-rest-pipeline`, to support CAE challenges:\n * [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).\n *\n * Call the `bearerTokenAuthenticationPolicy` with the following options:\n *\n * ```ts snippet:AuthorizeRequestOnClaimChallenge\n * import { bearerTokenAuthenticationPolicy } from \"@azure/core-rest-pipeline\";\n * import { authorizeRequestOnClaimChallenge } from \"@azure/core-client\";\n *\n * const policy = bearerTokenAuthenticationPolicy({\n * challengeCallbacks: {\n * authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge,\n * },\n * scopes: [\"https://service/.default\"],\n * });\n * ```\n *\n * Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges.\n * When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.\n *\n * Example challenge with claims:\n *\n * ```\n * Bearer authorization_uri=\"https://login.windows-ppe.net/\", error=\"invalid_token\",\n * error_description=\"User session has been revoked\",\n * claims=\"eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0=\"\n * ```\n */\nexport async function authorizeRequestOnClaimChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n): Promise<boolean> {\n const { scopes, response } = onChallengeOptions;\n const logger = onChallengeOptions.logger || coreClientLogger;\n\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (!challenge) {\n logger.info(\n `The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`,\n );\n return false;\n }\n const challenges: CAEChallenge[] = parseCAEChallenge(challenge) || [];\n\n const parsedChallenge = challenges.find((x) => x.claims);\n if (!parsedChallenge) {\n logger.info(\n `The WWW-Authenticate header was missing the necessary \"claims\" to perform the Continuous Access Evaluation authentication flow.`,\n );\n return false;\n }\n\n const accessToken = await onChallengeOptions.getAccessToken(\n parsedChallenge.scope ? [parsedChallenge.scope] : scopes,\n {\n claims: decodeStringToString(parsedChallenge.claims),\n },\n );\n\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n"],
5
- "mappings": "AAIA,SAAS,UAAU,wBAAwB;AAC3C,SAAS,4BAA4B;AAQ9B,SAAS,kBAAkB,YAA2B;AAC3D,QAAM,mBAAmB,KAAK,WAAW,KAAK,CAAC,GAAG,MAAM,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC;AACpF,SAAO,iBAAiB,IAAI,CAAC,cAAc;AACzC,UAAM,iBAAiB,GAAG,UAAU,KAAK,CAAC,KAAK,MAAM,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC;AAC3E,UAAM,gBAAgB,eAAe;AAAA,MAAI,CAAC,cACvC,CAAC,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC,GAAG,GAAG,MAAM,IAAI,SAAS,KAAK,EAAE,MAAM,IAAI,CAAC;AAAA,IACpE;AAEA,WAAO,cAAc,OAAO,CAAC,GAAG,OAAO,EAAE,GAAG,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC;AAAA,EAC5D,CAAC;AACH;AAuCA,eAAsB,iCACpB,oBACkB;AAClB,QAAM,EAAE,QAAQ,SAAS,IAAI;AAC7B,QAAM,SAAS,mBAAmB,UAAU;AAE5C,QAAM,YAAY,SAAS,QAAQ,IAAI,kBAAkB;AACzD,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,QAAM,aAA6B,kBAAkB,SAAS,KAAK,CAAC;AAEpE,QAAM,kBAAkB,WAAW,KAAK,CAAC,MAAM,EAAE,MAAM;AACvD,MAAI,CAAC,iBAAiB;AACpB,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,MAAM,mBAAmB;AAAA,IAC3C,gBAAgB,QAAQ,CAAC,gBAAgB,KAAK,IAAI;AAAA,IAClD;AAAA,MACE,QAAQ,qBAAqB,gBAAgB,MAAM;AAAA,IACrD;AAAA,EACF;AAEA,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,EACT;AAEA,qBAAmB,QAAQ,QAAQ;AAAA,IACjC;AAAA,IACA,GAAG,YAAY,aAAa,QAAQ,IAAI,YAAY,KAAK;AAAA,EAC3D;AACA,SAAO;AACT;",
6
- "names": []
7
- }
1
+ {"version":3,"file":"authorizeRequestOnClaimChallenge.js","sourceRoot":"","sources":["../../src/authorizeRequestOnClaimChallenge.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEnD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,MAAM,gBAAgB,GAAG,KAAK,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACtF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QACxC,MAAM,cAAc,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7E,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CACpD,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CACpE,CAAC;QACF,mCAAmC;QACnC,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,kBAAsD;IAEtD,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,kBAAkB,CAAC;IAChD,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,IAAI,gBAAgB,CAAC;IAE7D,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAC3D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CACT,kHAAkH,CACnH,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,UAAU,GAAmB,iBAAiB,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAEtE,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CACT,iIAAiI,CAClI,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CACzD,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EACxD;QACE,MAAM,EAAE,oBAAoB,CAAC,eAAe,CAAC,MAAM,CAAC;KACrD,CACF,CAAC;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,WAAW,CAAC,SAAS,IAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorizeRequestOnChallengeOptions } from \"@azure/core-rest-pipeline\";\nimport { logger as coreClientLogger } from \"./log.js\";\nimport { decodeStringToString } from \"./base64.js\";\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Bearer d=\"e\", f=\"g\"`.\n * Into: `[ { a: 'b', c: 'd' }, { d: 'e', f: 'g' } ]`.\n *\n * @internal\n */\nexport function parseCAEChallenge(challenges: string): any[] {\n const bearerChallenges = `, ${challenges.trim()}`.split(\", Bearer \").filter((x) => x);\n return bearerChallenges.map((challenge) => {\n const challengeParts = `${challenge.trim()}, `.split('\", ').filter((x) => x);\n const keyValuePairs = challengeParts.map((keyValue) =>\n (([key, value]) => ({ [key]: value }))(keyValue.trim().split('=\"')),\n );\n // Key-value pairs to plain object:\n return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});\n });\n}\n\n/**\n * CAE Challenge structure\n */\nexport interface CAEChallenge {\n scope: string;\n claims: string;\n}\n\n/**\n * This function can be used as a callback for the `bearerTokenAuthenticationPolicy` of `@azure/core-rest-pipeline`, to support CAE challenges:\n * [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation).\n *\n * Call the `bearerTokenAuthenticationPolicy` with the following options:\n *\n * ```ts snippet:AuthorizeRequestOnClaimChallenge\n * import { bearerTokenAuthenticationPolicy } from \"@azure/core-rest-pipeline\";\n * import { authorizeRequestOnClaimChallenge } from \"@azure/core-client\";\n *\n * const policy = bearerTokenAuthenticationPolicy({\n * challengeCallbacks: {\n * authorizeRequestOnChallenge: authorizeRequestOnClaimChallenge,\n * },\n * scopes: [\"https://service/.default\"],\n * });\n * ```\n *\n * Once provided, the `bearerTokenAuthenticationPolicy` policy will internally handle Continuous Access Evaluation (CAE) challenges.\n * When it can't complete a challenge it will return the 401 (unauthorized) response from ARM.\n *\n * Example challenge with claims:\n *\n * ```\n * Bearer authorization_uri=\"https://login.windows-ppe.net/\", error=\"invalid_token\",\n * error_description=\"User session has been revoked\",\n * claims=\"eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0=\"\n * ```\n */\nexport async function authorizeRequestOnClaimChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n): Promise<boolean> {\n const { scopes, response } = onChallengeOptions;\n const logger = onChallengeOptions.logger || coreClientLogger;\n\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (!challenge) {\n logger.info(\n `The WWW-Authenticate header was missing. Failed to perform the Continuous Access Evaluation authentication flow.`,\n );\n return false;\n }\n const challenges: CAEChallenge[] = parseCAEChallenge(challenge) || [];\n\n const parsedChallenge = challenges.find((x) => x.claims);\n if (!parsedChallenge) {\n logger.info(\n `The WWW-Authenticate header was missing the necessary \"claims\" to perform the Continuous Access Evaluation authentication flow.`,\n );\n return false;\n }\n\n const accessToken = await onChallengeOptions.getAccessToken(\n parsedChallenge.scope ? [parsedChallenge.scope] : scopes,\n {\n claims: decodeStringToString(parsedChallenge.claims),\n },\n );\n\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n"]}
package/dist/esm/authorizeRequestOnTenantChallenge.js CHANGED
@@ -1,90 +1,115 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
3
+ /**
4
+ * A set of constants used internally when processing requests.
5
+ */
1
6
  const Constants = {
2
- DefaultScope: "/.default",
3
- /**
4
- * Defines constants for use with HTTP headers.
5
- */
6
- HeaderConstants: {
7
+ DefaultScope: "/.default",
7
8
  /**
8
- * The Authorization header.
9
+ * Defines constants for use with HTTP headers.
9
10
  */
10
- AUTHORIZATION: "authorization"
11
- }
11
+ HeaderConstants: {
12
+ /**
13
+ * The Authorization header.
14
+ */
15
+ AUTHORIZATION: "authorization",
16
+ },
12
17
  };
13
18
  function isUuid(text) {
14
- return /^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$/.test(
15
- text
16
- );
19
+ return /^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$/.test(text);
17
20
  }
18
- const authorizeRequestOnTenantChallenge = async (challengeOptions) => {
19
- const requestOptions = requestToOptions(challengeOptions.request);
20
- const challenge = getChallenge(challengeOptions.response);
21
- if (challenge) {
22
- const challengeInfo = parseChallenge(challenge);
23
- const challengeScopes = buildScopes(challengeOptions, challengeInfo);
24
- const tenantId = extractTenantId(challengeInfo);
25
- if (!tenantId) {
26
- return false;
27
- }
28
- const accessToken = await challengeOptions.getAccessToken(challengeScopes, {
29
- ...requestOptions,
30
- tenantId
31
- });
32
- if (!accessToken) {
33
- return false;
21
+ /**
22
+ * Defines a callback to handle auth challenge for Storage APIs.
23
+ * This implements the bearer challenge process described here: https://learn.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#bearer-challenge
24
+ * Handling has specific features for storage that departs to the general AAD challenge docs.
25
+ **/
26
+ export const authorizeRequestOnTenantChallenge = async (challengeOptions) => {
27
+ const requestOptions = requestToOptions(challengeOptions.request);
28
+ const challenge = getChallenge(challengeOptions.response);
29
+ if (challenge) {
30
+ const challengeInfo = parseChallenge(challenge);
31
+ const challengeScopes = buildScopes(challengeOptions, challengeInfo);
32
+ const tenantId = extractTenantId(challengeInfo);
33
+ if (!tenantId) {
34
+ return false;
35
+ }
36
+ const accessToken = await challengeOptions.getAccessToken(challengeScopes, {
37
+ ...requestOptions,
38
+ tenantId,
39
+ });
40
+ if (!accessToken) {
41
+ return false;
42
+ }
43
+ challengeOptions.request.headers.set(Constants.HeaderConstants.AUTHORIZATION, `${accessToken.tokenType ?? "Bearer"} ${accessToken.token}`);
44
+ return true;
34
45
  }
35
- challengeOptions.request.headers.set(
36
- Constants.HeaderConstants.AUTHORIZATION,
37
- `${accessToken.tokenType ?? "Bearer"} ${accessToken.token}`
38
- );
39
- return true;
40
- }
41
- return false;
46
+ return false;
42
47
  };
48
+ /**
49
+ * Extracts the tenant id from the challenge information
50
+ * The tenant id is contained in the authorization_uri as the first
51
+ * path part.
52
+ */
43
53
  function extractTenantId(challengeInfo) {
44
- const parsedAuthUri = new URL(challengeInfo.authorization_uri);
45
- const pathSegments = parsedAuthUri.pathname.split("/");
46
- const tenantId = pathSegments[1];
47
- if (tenantId && isUuid(tenantId)) {
48
- return tenantId;
49
- }
50
- return void 0;
54
+ const parsedAuthUri = new URL(challengeInfo.authorization_uri);
55
+ const pathSegments = parsedAuthUri.pathname.split("/");
56
+ const tenantId = pathSegments[1];
57
+ if (tenantId && isUuid(tenantId)) {
58
+ return tenantId;
59
+ }
60
+ return undefined;
51
61
  }
62
+ /**
63
+ * Builds the authentication scopes based on the information that comes in the
64
+ * challenge information. Scopes url is present in the resource_id, if it is empty
65
+ * we keep using the original scopes.
66
+ */
52
67
  function buildScopes(challengeOptions, challengeInfo) {
53
- if (!challengeInfo.resource_id) {
54
- return challengeOptions.scopes;
55
- }
56
- const challengeScopes = new URL(challengeInfo.resource_id);
57
- challengeScopes.pathname = Constants.DefaultScope;
58
- let scope = challengeScopes.toString();
59
- if (scope === "https://disk.azure.com/.default") {
60
- scope = "https://disk.azure.com//.default";
61
- }
62
- return [scope];
68
+ if (!challengeInfo.resource_id) {
69
+ return challengeOptions.scopes;
70
+ }
71
+ const challengeScopes = new URL(challengeInfo.resource_id);
72
+ let scope = new URL(Constants.DefaultScope, challengeScopes.origin).toString();
73
+ if (scope === "https://disk.azure.com/.default") {
74
+ // the extra slash is required by the service
75
+ scope = "https://disk.azure.com//.default";
76
+ }
77
+ return [scope];
63
78
  }
79
+ /**
80
+ * We will retrieve the challenge only if the response status code was 401,
81
+ * and if the response contained the header "WWW-Authenticate" with a non-empty value.
82
+ */
64
83
  function getChallenge(response) {
65
- const challenge = response.headers.get("WWW-Authenticate");
66
- if (response.status === 401 && challenge) {
67
- return challenge;
68
- }
69
- return;
84
+ const challenge = response.headers.get("WWW-Authenticate");
85
+ if (response.status === 401 && challenge) {
86
+ return challenge;
87
+ }
88
+ return;
70
89
  }
90
+ /**
91
+ * Converts: `Bearer a="b" c="d"`.
92
+ * Into: `[ { a: 'b', c: 'd' }]`.
93
+ *
94
+ * @internal
95
+ */
71
96
  function parseChallenge(challenge) {
72
- const bearerChallenge = challenge.slice("Bearer ".length);
73
- const challengeParts = `${bearerChallenge.trim()} `.split(" ").filter((x) => x);
74
- const keyValuePairs = challengeParts.map(
75
- (keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split("="))
76
- );
77
- return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});
97
+ const bearerChallenge = challenge.slice("Bearer ".length);
98
+ const challengeParts = `${bearerChallenge.trim()} `.split(" ").filter((x) => x);
99
+ const keyValuePairs = challengeParts.map((keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split("=")));
100
+ // Key-value pairs to plain object:
101
+ return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {});
78
102
  }
103
+ /**
104
+ * Extracts the options form a Pipeline Request for later re-use
105
+ */
79
106
  function requestToOptions(request) {
80
- return {
81
- abortSignal: request.abortSignal,
82
- requestOptions: {
83
- timeout: request.timeout
84
- },
85
- tracingOptions: request.tracingOptions
86
- };
107
+ return {
108
+ abortSignal: request.abortSignal,
109
+ requestOptions: {
110
+ timeout: request.timeout,
111
+ },
112
+ tracingOptions: request.tracingOptions,
113
+ };
87
114
  }
88
- export {
89
- authorizeRequestOnTenantChallenge
90
- };
115
+ //# sourceMappingURL=authorizeRequestOnTenantChallenge.js.map
package/dist/esm/authorizeRequestOnTenantChallenge.js.map CHANGED
@@ -1,7 +1 @@
1
- {
2
- "version": 3,
3
- "sources": ["/mnt/vss/_work/1/s/sdk/core/core-client/src/authorizeRequestOnTenantChallenge.ts"],
4
- "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n AuthorizeRequestOnChallengeOptions,\n PipelineRequest,\n PipelineResponse,\n} from \"@azure/core-rest-pipeline\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * A set of constants used internally when processing requests.\n */\nconst Constants = {\n DefaultScope: \"/.default\",\n /**\n * Defines constants for use with HTTP headers.\n */\n HeaderConstants: {\n /**\n * The Authorization header.\n */\n AUTHORIZATION: \"authorization\",\n },\n};\n\nfunction isUuid(text: string): boolean {\n return /^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$/.test(\n text,\n );\n}\n\n/**\n * Defines a callback to handle auth challenge for Storage APIs.\n * This implements the bearer challenge process described here: https://learn.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#bearer-challenge\n * Handling has specific features for storage that departs to the general AAD challenge docs.\n **/\nexport const authorizeRequestOnTenantChallenge: (\n challengeOptions: AuthorizeRequestOnChallengeOptions,\n) => Promise<boolean> = async (challengeOptions) => {\n const requestOptions = requestToOptions(challengeOptions.request);\n const challenge = getChallenge(challengeOptions.response);\n if (challenge) {\n const challengeInfo: Challenge = parseChallenge(challenge);\n const challengeScopes = buildScopes(challengeOptions, challengeInfo);\n const tenantId = extractTenantId(challengeInfo);\n if (!tenantId) {\n return false;\n }\n const accessToken = await challengeOptions.getAccessToken(challengeScopes, {\n ...requestOptions,\n tenantId,\n });\n\n if (!accessToken) {\n return false;\n }\n\n challengeOptions.request.headers.set(\n Constants.HeaderConstants.AUTHORIZATION,\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n }\n return false;\n};\n\n/**\n * Extracts the tenant id from the challenge information\n * The tenant id is contained in the authorization_uri as the first\n * path part.\n */\nfunction extractTenantId(challengeInfo: Challenge): string | undefined {\n const parsedAuthUri = new URL(challengeInfo.authorization_uri);\n const pathSegments = parsedAuthUri.pathname.split(\"/\");\n const tenantId = pathSegments[1];\n if (tenantId && isUuid(tenantId)) {\n return tenantId;\n }\n return undefined;\n}\n\n/**\n * Builds the authentication scopes based on the information that comes in the\n * challenge information. Scopes url is present in the resource_id, if it is empty\n * we keep using the original scopes.\n */\nfunction buildScopes(\n challengeOptions: AuthorizeRequestOnChallengeOptions,\n challengeInfo: Challenge,\n): string[] {\n if (!challengeInfo.resource_id) {\n return challengeOptions.scopes;\n }\n\n const challengeScopes = new URL(challengeInfo.resource_id);\n challengeScopes.pathname = Constants.DefaultScope;\n let scope = challengeScopes.toString();\n if (scope === \"https://disk.azure.com/.default\") {\n // the extra slash is required by the service\n scope = \"https://disk.azure.com//.default\";\n }\n return [scope];\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction getChallenge(response: PipelineResponse): string | undefined {\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (response.status === 401 && challenge) {\n return challenge;\n }\n return;\n}\n\n/**\n * Challenge structure\n */\ninterface Challenge {\n authorization_uri: string;\n resource_id?: string;\n}\n\n/**\n * Converts: `Bearer a=\"b\" c=\"d\"`.\n * Into: `[ { a: 'b', c: 'd' }]`.\n *\n * @internal\n */\nfunction parseChallenge(challenge: string): Challenge {\n const bearerChallenge = challenge.slice(\"Bearer \".length);\n const challengeParts = `${bearerChallenge.trim()} `.split(\" \").filter((x) => x);\n const keyValuePairs = challengeParts.map((keyValue) =>\n (([key, value]) => ({ [key]: value }))(keyValue.trim().split(\"=\")),\n );\n // Key-value pairs to plain object:\n return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {} as Challenge);\n}\n\n/**\n * Extracts the options form a Pipeline Request for later re-use\n */\nfunction requestToOptions(request: PipelineRequest): GetTokenOptions {\n return {\n abortSignal: request.abortSignal,\n requestOptions: {\n timeout: request.timeout,\n },\n tracingOptions: request.tracingOptions,\n };\n}\n"],
5
- "mappings": "AAcA,MAAM,YAAY;AAAA,EAChB,cAAc;AAAA;AAAA;AAAA;AAAA,EAId,iBAAiB;AAAA;AAAA;AAAA;AAAA,IAIf,eAAe;AAAA,EACjB;AACF;AAEA,SAAS,OAAO,MAAuB;AACrC,SAAO,wFAAwF;AAAA,IAC7F;AAAA,EACF;AACF;AAOO,MAAM,oCAEW,OAAO,qBAAqB;AAClD,QAAM,iBAAiB,iBAAiB,iBAAiB,OAAO;AAChE,QAAM,YAAY,aAAa,iBAAiB,QAAQ;AACxD,MAAI,WAAW;AACb,UAAM,gBAA2B,eAAe,SAAS;AACzD,UAAM,kBAAkB,YAAY,kBAAkB,aAAa;AACnE,UAAM,WAAW,gBAAgB,aAAa;AAC9C,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,IACT;AACA,UAAM,cAAc,MAAM,iBAAiB,eAAe,iBAAiB;AAAA,MACzE,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAED,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,IACT;AAEA,qBAAiB,QAAQ,QAAQ;AAAA,MAC/B,UAAU,gBAAgB;AAAA,MAC1B,GAAG,YAAY,aAAa,QAAQ,IAAI,YAAY,KAAK;AAAA,IAC3D;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAOA,SAAS,gBAAgB,eAA8C;AACrE,QAAM,gBAAgB,IAAI,IAAI,cAAc,iBAAiB;AAC7D,QAAM,eAAe,cAAc,SAAS,MAAM,GAAG;AACrD,QAAM,WAAW,aAAa,CAAC;AAC/B,MAAI,YAAY,OAAO,QAAQ,GAAG;AAChC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAOA,SAAS,YACP,kBACA,eACU;AACV,MAAI,CAAC,cAAc,aAAa;AAC9B,WAAO,iBAAiB;AAAA,EAC1B;AAEA,QAAM,kBAAkB,IAAI,IAAI,cAAc,WAAW;AACzD,kBAAgB,WAAW,UAAU;AACrC,MAAI,QAAQ,gBAAgB,SAAS;AACrC,MAAI,UAAU,mCAAmC;AAE/C,YAAQ;AAAA,EACV;AACA,SAAO,CAAC,KAAK;AACf;AAMA,SAAS,aAAa,UAAgD;AACpE,QAAM,YAAY,SAAS,QAAQ,IAAI,kBAAkB;AACzD,MAAI,SAAS,WAAW,OAAO,WAAW;AACxC,WAAO;AAAA,EACT;AACA;AACF;AAgBA,SAAS,eAAe,WAA8B;AACpD,QAAM,kBAAkB,UAAU,MAAM,UAAU,MAAM;AACxD,QAAM,iBAAiB,GAAG,gBAAgB,KAAK,CAAC,IAAI,MAAM,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC;AAC9E,QAAM,gBAAgB,eAAe;AAAA,IAAI,CAAC,cACvC,CAAC,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC,GAAG,GAAG,MAAM,IAAI,SAAS,KAAK,EAAE,MAAM,GAAG,CAAC;AAAA,EACnE;AAEA,SAAO,cAAc,OAAO,CAAC,GAAG,OAAO,EAAE,GAAG,GAAG,GAAG,EAAE,IAAI,CAAC,CAAc;AACzE;AAKA,SAAS,iBAAiB,SAA2C;AACnE,SAAO;AAAA,IACL,aAAa,QAAQ;AAAA,IACrB,gBAAgB;AAAA,MACd,SAAS,QAAQ;AAAA,IACnB;AAAA,IACA,gBAAgB,QAAQ;AAAA,EAC1B;AACF;",
6
- "names": []
7
- }
1
+ {"version":3,"file":"authorizeRequestOnTenantChallenge.js","sourceRoot":"","sources":["../../src/authorizeRequestOnTenantChallenge.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAUlC;;GAEG;AACH,MAAM,SAAS,GAAG;IAChB,YAAY,EAAE,WAAW;IACzB;;OAEG;IACH,eAAe,EAAE;QACf;;WAEG;QACH,aAAa,EAAE,eAAe;KAC/B;CACF,CAAC;AAEF,SAAS,MAAM,CAAC,IAAY;IAC1B,OAAO,uFAAuF,CAAC,IAAI,CACjG,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;IAII;AACJ,MAAM,CAAC,MAAM,iCAAiC,GAEtB,KAAK,EAAE,gBAAgB,EAAE,EAAE;IACjD,MAAM,cAAc,GAAG,gBAAgB,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,YAAY,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,aAAa,GAAc,cAAc,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAG,WAAW,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAAC,eAAe,EAAE;YACzE,GAAG,cAAc;YACjB,QAAQ;SACT,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAClC,SAAS,CAAC,eAAe,CAAC,aAAa,EACvC,GAAG,WAAW,CAAC,SAAS,IAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;;;;GAIG;AACH,SAAS,eAAe,CAAC,aAAwB;IAC/C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IACjC,IAAI,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAClB,gBAAoD,EACpD,aAAwB;IAExB,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,gBAAgB,CAAC,MAAM,CAAC;IACjC,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAC3D,IAAI,KAAK,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC/E,IAAI,KAAK,KAAK,iCAAiC,EAAE,CAAC;QAChD,6CAA6C;QAC7C,KAAK,GAAG,kCAAkC,CAAC;IAC7C,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,QAA0B;IAC9C,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;QACzC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;AACT,CAAC;AAUD;;;;;GAKG;AACH,SAAS,cAAc,CAAC,SAAiB;IACvC,MAAM,eAAe,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAG,GAAG,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAChF,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CACpD,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CACnE,CAAC;IACF,mCAAmC;IACnC,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,EAAe,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAwB;IAChD,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB;QACD,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n AuthorizeRequestOnChallengeOptions,\n PipelineRequest,\n PipelineResponse,\n} from \"@azure/core-rest-pipeline\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * A set of constants used internally when processing requests.\n */\nconst Constants = {\n DefaultScope: \"/.default\",\n /**\n * Defines constants for use with HTTP headers.\n */\n HeaderConstants: {\n /**\n * The Authorization header.\n */\n AUTHORIZATION: \"authorization\",\n },\n};\n\nfunction isUuid(text: string): boolean {\n return /^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$/.test(\n text,\n );\n}\n\n/**\n * Defines a callback to handle auth challenge for Storage APIs.\n * This implements the bearer challenge process described here: https://learn.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#bearer-challenge\n * Handling has specific features for storage that departs to the general AAD challenge docs.\n **/\nexport const authorizeRequestOnTenantChallenge: (\n challengeOptions: AuthorizeRequestOnChallengeOptions,\n) => Promise<boolean> = async (challengeOptions) => {\n const requestOptions = requestToOptions(challengeOptions.request);\n const challenge = getChallenge(challengeOptions.response);\n if (challenge) {\n const challengeInfo: Challenge = parseChallenge(challenge);\n const challengeScopes = buildScopes(challengeOptions, challengeInfo);\n const tenantId = extractTenantId(challengeInfo);\n if (!tenantId) {\n return false;\n }\n const accessToken = await challengeOptions.getAccessToken(challengeScopes, {\n ...requestOptions,\n tenantId,\n });\n\n if (!accessToken) {\n return false;\n }\n\n challengeOptions.request.headers.set(\n Constants.HeaderConstants.AUTHORIZATION,\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n }\n return false;\n};\n\n/**\n * Extracts the tenant id from the challenge information\n * The tenant id is contained in the authorization_uri as the first\n * path part.\n */\nfunction extractTenantId(challengeInfo: Challenge): string | undefined {\n const parsedAuthUri = new URL(challengeInfo.authorization_uri);\n const pathSegments = parsedAuthUri.pathname.split(\"/\");\n const tenantId = pathSegments[1];\n if (tenantId && isUuid(tenantId)) {\n return tenantId;\n }\n return undefined;\n}\n\n/**\n * Builds the authentication scopes based on the information that comes in the\n * challenge information. Scopes url is present in the resource_id, if it is empty\n * we keep using the original scopes.\n */\nfunction buildScopes(\n challengeOptions: AuthorizeRequestOnChallengeOptions,\n challengeInfo: Challenge,\n): string[] {\n if (!challengeInfo.resource_id) {\n return challengeOptions.scopes;\n }\n\n const challengeScopes = new URL(challengeInfo.resource_id);\n let scope = new URL(Constants.DefaultScope, challengeScopes.origin).toString();\n if (scope === \"https://disk.azure.com/.default\") {\n // the extra slash is required by the service\n scope = \"https://disk.azure.com//.default\";\n }\n return [scope];\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction getChallenge(response: PipelineResponse): string | undefined {\n const challenge = response.headers.get(\"WWW-Authenticate\");\n if (response.status === 401 && challenge) {\n return challenge;\n }\n return;\n}\n\n/**\n * Challenge structure\n */\ninterface Challenge {\n authorization_uri: string;\n resource_id?: string;\n}\n\n/**\n * Converts: `Bearer a=\"b\" c=\"d\"`.\n * Into: `[ { a: 'b', c: 'd' }]`.\n *\n * @internal\n */\nfunction parseChallenge(challenge: string): Challenge {\n const bearerChallenge = challenge.slice(\"Bearer \".length);\n const challengeParts = `${bearerChallenge.trim()} `.split(\" \").filter((x) => x);\n const keyValuePairs = challengeParts.map((keyValue) =>\n (([key, value]) => ({ [key]: value }))(keyValue.trim().split(\"=\")),\n );\n // Key-value pairs to plain object:\n return keyValuePairs.reduce((a, b) => ({ ...a, ...b }), {} as Challenge);\n}\n\n/**\n * Extracts the options form a Pipeline Request for later re-use\n */\nfunction requestToOptions(request: PipelineRequest): GetTokenOptions {\n return {\n abortSignal: request.abortSignal,\n requestOptions: {\n timeout: request.timeout,\n },\n tracingOptions: request.tracingOptions,\n };\n}\n"]}
package/dist/esm/base64.d.ts CHANGED
@@ -6,7 +6,7 @@
6
6
  export declare function encodeString(value: string): string;
7
7
  /**
8
8
  * Encodes a byte array in base64 format.
9
- * @param value - the Uint8Aray to encode
9
+ * @param value - the Uint8Array to encode
10
10
  * @internal
11
11
  */
12
12
  export declare function encodeByteArray(value: Uint8Array): string;
package/dist/esm/base64.js CHANGED
@@ -1,19 +1,36 @@
1
- function encodeString(value) {
2
- return Buffer.from(value).toString("base64");
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
3
+ import { stringToUint8Array, uint8ArrayToString } from "@azure/core-util";
4
+ /**
5
+ * Encodes a string in base64 format.
6
+ * @param value - the string to encode
7
+ * @internal
8
+ */
9
+ export function encodeString(value) {
10
+ return uint8ArrayToString(stringToUint8Array(value, "utf-8"), "base64");
3
11
  }
4
- function encodeByteArray(value) {
5
- const bufferValue = value instanceof Buffer ? value : Buffer.from(value.buffer);
6
- return bufferValue.toString("base64");
12
+ /**
13
+ * Encodes a byte array in base64 format.
14
+ * @param value - the Uint8Array to encode
15
+ * @internal
16
+ */
17
+ export function encodeByteArray(value) {
18
+ return uint8ArrayToString(value, "base64");
7
19
  }
8
- function decodeString(value) {
9
- return Buffer.from(value, "base64");
20
+ /**
21
+ * Decodes a base64 string into a byte array.
22
+ * @param value - the base64 string to decode
23
+ * @internal
24
+ */
25
+ export function decodeString(value) {
26
+ return stringToUint8Array(value, "base64");
10
27
  }
11
- function decodeStringToString(value) {
12
- return Buffer.from(value, "base64").toString();
28
+ /**
29
+ * Decodes a base64 string into a string.
30
+ * @param value - the base64 string to decode
31
+ * @internal
32
+ */
33
+ export function decodeStringToString(value) {
34
+ return uint8ArrayToString(stringToUint8Array(value, "base64"), "utf-8");
13
35
  }
14
- export {
15
- decodeString,
16
- decodeStringToString,
17
- encodeByteArray,
18
- encodeString
19
- };
36
+ //# sourceMappingURL=base64.js.map
package/dist/esm/base64.js.map CHANGED
@@ -1,7 +1 @@
1
- {
2
- "version": 3,
3
- "sources": ["/mnt/vss/_work/1/s/sdk/core/core-client/src/base64.ts"],
4
- "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Encodes a string in base64 format.\n * @param value - the string to encode\n * @internal\n */\nexport function encodeString(value: string): string {\n return Buffer.from(value).toString(\"base64\");\n}\n\n/**\n * Encodes a byte array in base64 format.\n * @param value - the Uint8Aray to encode\n * @internal\n */\nexport function encodeByteArray(value: Uint8Array): string {\n const bufferValue = value instanceof Buffer ? value : Buffer.from(value.buffer as ArrayBuffer);\n return bufferValue.toString(\"base64\");\n}\n\n/**\n * Decodes a base64 string into a byte array.\n * @param value - the base64 string to decode\n * @internal\n */\nexport function decodeString(value: string): Uint8Array {\n return Buffer.from(value, \"base64\");\n}\n\n/**\n * Decodes a base64 string into a string.\n * @param value - the base64 string to decode\n * @internal\n */\nexport function decodeStringToString(value: string): string {\n return Buffer.from(value, \"base64\").toString();\n}\n"],
5
- "mappings": "AAQO,SAAS,aAAa,OAAuB;AAClD,SAAO,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC7C;AAOO,SAAS,gBAAgB,OAA2B;AACzD,QAAM,cAAc,iBAAiB,SAAS,QAAQ,OAAO,KAAK,MAAM,MAAqB;AAC7F,SAAO,YAAY,SAAS,QAAQ;AACtC;AAOO,SAAS,aAAa,OAA2B;AACtD,SAAO,OAAO,KAAK,OAAO,QAAQ;AACpC;AAOO,SAAS,qBAAqB,OAAuB;AAC1D,SAAO,OAAO,KAAK,OAAO,QAAQ,EAAE,SAAS;AAC/C;",
6
- "names": []
7
- }
1
+ {"version":3,"file":"base64.js","sourceRoot":"","sources":["../../src/base64.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAE1E;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,OAAO,kBAAkB,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC1E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,KAAiB;IAC/C,OAAO,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,OAAO,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,OAAO,kBAAkB,CAAC,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;AAC1E,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { stringToUint8Array, uint8ArrayToString } from \"@azure/core-util\";\n\n/**\n * Encodes a string in base64 format.\n * @param value - the string to encode\n * @internal\n */\nexport function encodeString(value: string): string {\n return uint8ArrayToString(stringToUint8Array(value, \"utf-8\"), \"base64\");\n}\n\n/**\n * Encodes a byte array in base64 format.\n * @param value - the Uint8Array to encode\n * @internal\n */\nexport function encodeByteArray(value: Uint8Array): string {\n return uint8ArrayToString(value, \"base64\");\n}\n\n/**\n * Decodes a base64 string into a byte array.\n * @param value - the base64 string to decode\n * @internal\n */\nexport function decodeString(value: string): Uint8Array {\n return stringToUint8Array(value, \"base64\");\n}\n\n/**\n * Decodes a base64 string into a string.\n * @param value - the base64 string to decode\n * @internal\n */\nexport function decodeStringToString(value: string): string {\n return uint8ArrayToString(stringToUint8Array(value, \"base64\"), \"utf-8\");\n}\n"]}