npm - @azure/core-client - Versions diffs - 1.6.0-alpha.20220422.1 → 1.6.0-alpha.20220503.1 - Mend

@azure/core-client 1.6.0-alpha.20220422.1 → 1.6.0-alpha.20220503.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +1 -0
package/dist/index.js +100 -0
package/dist/index.js.map +1 -1
package/dist-esm/src/authorizeRequestOnTenantChallenge.js +99 -0
package/dist-esm/src/authorizeRequestOnTenantChallenge.js.map +1 -0
package/dist-esm/src/index.js +1 -0
package/dist-esm/src/index.js.map +1 -1
package/package.json +2 -1
package/types/3.1/core-client.d.ts +6 -0
package/types/latest/core-client.d.ts +7 -0

package/CHANGELOG.md CHANGED Viewed

@@ -6,6 +6,7 @@
 - Added a new property endpoint in ServiceClientOptions and mark the baseUri as deprecated to encourage people to use endpoint. See issue link [here](https://github.com/Azure/autorest.typescript/issues/1337)
 - Upgraded our `@azure/core-tracing` dependency to version 1.0
+- Add callbacks to support Storage challenge authentication [PR#21678](https://github.com/Azure/azure-sdk-for-js/pull/21678)
 ## 1.5.0 (2022-02-03)

package/dist/index.js CHANGED Viewed

@@ -2008,11 +2008,111 @@ async function authorizeRequestOnClaimChallenge(onChallengeOptions) {
     return true;
 }
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * A set of constants used internally when processing requests.
+ */
+const Constants = {
+    DefaultScope: "/.default",
+    /**
+     * Defines constants for use with HTTP headers.
+     */
+    HeaderConstants: {
+        /**
+         * The Authorization header.
+         */
+        AUTHORIZATION: "authorization",
+    },
+};
+/**
+ * Defines a callback to handle auth challenge for Storage APIs.
+ * This implements the bearer challenge process described here: https://docs.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#bearer-challenge
+ * Handling has specific features for storage that departs to the general AAD challenge docs.
+ **/
+const authorizeRequestOnTenantChallenge = async (challengeOptions) => {
+    const requestOptions = requestToOptions(challengeOptions.request);
+    const challenge = getChallenge(challengeOptions.response);
+    if (challenge) {
+        const challengeInfo = parseChallenge(challenge);
+        const challengeScopes = buildScopes(challengeOptions, challengeInfo);
+        const tenantId = extractTenantId(challengeInfo);
+        const accessToken = await challengeOptions.getAccessToken(challengeScopes, Object.assign(Object.assign({}, requestOptions), { tenantId }));
+        if (!accessToken) {
+            return false;
+        }
+        challengeOptions.request.headers.set(Constants.HeaderConstants.AUTHORIZATION, `Bearer ${accessToken.token}`);
+        return true;
+    }
+    return false;
+};
+/**
+ * Extracts the tenant id from the challenge information
+ * The tenant id is contained in the authorization_uri as the first
+ * path part.
+ */
+function extractTenantId(challengeInfo) {
+    const parsedAuthUri = new URL(challengeInfo.authorization_uri);
+    const pathSegments = parsedAuthUri.pathname.split("/");
+    const tenantId = pathSegments[1];
+    return tenantId;
+}
+/**
+ * Builds the authentication scopes based on the information that comes in the
+ * challenge information. Scopes url is present in the resource_id, if it is empty
+ * we keep using the original scopes.
+ */
+function buildScopes(challengeOptions, challengeInfo) {
+    if (!challengeInfo.resource_uri) {
+        return challengeOptions.scopes;
+    }
+    const challengeScopes = new URL(challengeInfo.resource_uri);
+    challengeScopes.pathname = Constants.DefaultScope;
+    return [challengeScopes.toString()];
+}
+/**
+ * We will retrieve the challenge only if the response status code was 401,
+ * and if the response contained the header "WWW-Authenticate" with a non-empty value.
+ */
+function getChallenge(response) {
+    const challenge = response.headers.get("WWW-Authenticate");
+    if (response.status === 401 && challenge) {
+        return challenge;
+    }
+    return;
+}
+/**
+ * Converts: `Bearer a="b" c="d"`.
+ * Into: `[ { a: 'b', c: 'd' }]`.
+ *
+ * @internal
+ */
+function parseChallenge(challenge) {
+    const bearerChallenge = challenge.slice("Bearer ".length);
+    const challengeParts = `${bearerChallenge.trim()} `.split(" ").filter((x) => x);
+    const keyValuePairs = challengeParts.map((keyValue) => (([key, value]) => ({ [key]: value }))(keyValue.trim().split("=")));
+    // Key-value pairs to plain object:
+    return keyValuePairs.reduce((a, b) => (Object.assign(Object.assign({}, a), b)), {});
+}
+/**
+ * Extracts the options form a Pipeline Request for later re-use
+ */
+function requestToOptions(request) {
+    return {
+        abortSignal: request.abortSignal,
+        requestOptions: {
+            timeout: request.timeout,
+        },
+        tracingOptions: request.tracingOptions,
+    };
+}
 exports.MapperTypeNames = MapperTypeNames;
 exports.ServiceClient = ServiceClient;
 exports.XML_ATTRKEY = XML_ATTRKEY;
 exports.XML_CHARKEY = XML_CHARKEY;
 exports.authorizeRequestOnClaimChallenge = authorizeRequestOnClaimChallenge;
+exports.authorizeRequestOnTenantChallenge = authorizeRequestOnTenantChallenge;
 exports.createClientPipeline = createClientPipeline;
 exports.createSerializer = createSerializer;
 exports.deserializationPolicy = deserializationPolicy;