@azure/core-rest-pipeline 1.18.2 → 1.18.3-alpha.20250113.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (217) hide show
  1. package/dist/browser/constants.js +1 -1
  2. package/dist/browser/constants.js.map +1 -1
  3. package/dist/browser/policies/bearerTokenAuthenticationPolicy.d.ts +2 -2
  4. package/dist/browser/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
  5. package/dist/browser/policies/throttlingRetryPolicy.d.ts +3 -3
  6. package/dist/browser/policies/throttlingRetryPolicy.js +3 -3
  7. package/dist/browser/policies/throttlingRetryPolicy.js.map +1 -1
  8. package/dist/commonjs/constants.js +1 -1
  9. package/dist/commonjs/constants.js.map +1 -1
  10. package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.d.ts +2 -2
  11. package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
  12. package/dist/commonjs/policies/throttlingRetryPolicy.d.ts +3 -3
  13. package/dist/commonjs/policies/throttlingRetryPolicy.js +3 -3
  14. package/dist/commonjs/policies/throttlingRetryPolicy.js.map +1 -1
  15. package/dist/esm/constants.js +1 -1
  16. package/dist/esm/constants.js.map +1 -1
  17. package/dist/esm/policies/bearerTokenAuthenticationPolicy.d.ts +2 -2
  18. package/dist/esm/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
  19. package/dist/esm/policies/throttlingRetryPolicy.d.ts +3 -3
  20. package/dist/esm/policies/throttlingRetryPolicy.js +3 -3
  21. package/dist/esm/policies/throttlingRetryPolicy.js.map +1 -1
  22. package/dist/react-native/constants.js +1 -1
  23. package/dist/react-native/constants.js.map +1 -1
  24. package/dist/react-native/policies/bearerTokenAuthenticationPolicy.d.ts +2 -2
  25. package/dist/react-native/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
  26. package/dist/react-native/policies/throttlingRetryPolicy.d.ts +3 -3
  27. package/dist/react-native/policies/throttlingRetryPolicy.js +3 -3
  28. package/dist/react-native/policies/throttlingRetryPolicy.js.map +1 -1
  29. package/package.json +5 -4
  30. package/dist/browser/accessTokenCache.d.ts.map +0 -1
  31. package/dist/browser/constants.d.ts.map +0 -1
  32. package/dist/browser/createPipelineFromOptions.d.ts.map +0 -1
  33. package/dist/browser/defaultHttpClient-browser.d.mts.map +0 -1
  34. package/dist/browser/fetchHttpClient.d.ts.map +0 -1
  35. package/dist/browser/httpHeaders.d.ts.map +0 -1
  36. package/dist/browser/index.d.ts.map +0 -1
  37. package/dist/browser/interfaces.d.ts.map +0 -1
  38. package/dist/browser/log.d.ts.map +0 -1
  39. package/dist/browser/nodeHttpClient.d.ts.map +0 -1
  40. package/dist/browser/pipeline.d.ts.map +0 -1
  41. package/dist/browser/pipelineRequest.d.ts.map +0 -1
  42. package/dist/browser/policies/auxiliaryAuthenticationHeaderPolicy.d.ts.map +0 -1
  43. package/dist/browser/policies/bearerTokenAuthenticationPolicy.d.ts.map +0 -1
  44. package/dist/browser/policies/decompressResponsePolicy-browser.d.mts.map +0 -1
  45. package/dist/browser/policies/defaultRetryPolicy.d.ts.map +0 -1
  46. package/dist/browser/policies/exponentialRetryPolicy.d.ts.map +0 -1
  47. package/dist/browser/policies/formDataPolicy.d.ts.map +0 -1
  48. package/dist/browser/policies/logPolicy.d.ts.map +0 -1
  49. package/dist/browser/policies/multipartPolicy.d.ts.map +0 -1
  50. package/dist/browser/policies/ndJsonPolicy.d.ts.map +0 -1
  51. package/dist/browser/policies/proxyPolicy-browser.d.mts.map +0 -1
  52. package/dist/browser/policies/proxyPolicy.common.d.ts.map +0 -1
  53. package/dist/browser/policies/redirectPolicy.d.ts.map +0 -1
  54. package/dist/browser/policies/retryPolicy.d.ts.map +0 -1
  55. package/dist/browser/policies/setClientRequestIdPolicy.d.ts.map +0 -1
  56. package/dist/browser/policies/systemErrorRetryPolicy.d.ts.map +0 -1
  57. package/dist/browser/policies/throttlingRetryPolicy.d.ts.map +0 -1
  58. package/dist/browser/policies/tlsPolicy.d.ts.map +0 -1
  59. package/dist/browser/policies/tracingPolicy.d.ts.map +0 -1
  60. package/dist/browser/policies/userAgentPolicy.d.ts.map +0 -1
  61. package/dist/browser/restError.d.ts.map +0 -1
  62. package/dist/browser/retryStrategies/exponentialRetryStrategy.d.ts.map +0 -1
  63. package/dist/browser/retryStrategies/retryStrategy.d.ts.map +0 -1
  64. package/dist/browser/retryStrategies/throttlingRetryStrategy.d.ts.map +0 -1
  65. package/dist/browser/util/concat-browser.d.mts.map +0 -1
  66. package/dist/browser/util/concat.common.d.ts.map +0 -1
  67. package/dist/browser/util/file.d.ts.map +0 -1
  68. package/dist/browser/util/helpers.d.ts.map +0 -1
  69. package/dist/browser/util/inspect-browser.d.mts.map +0 -1
  70. package/dist/browser/util/inspect.common.d.ts.map +0 -1
  71. package/dist/browser/util/sanitizer.d.ts.map +0 -1
  72. package/dist/browser/util/tokenCycler.d.ts.map +0 -1
  73. package/dist/browser/util/typeGuards.d.ts.map +0 -1
  74. package/dist/browser/util/userAgent.d.ts.map +0 -1
  75. package/dist/browser/util/userAgentPlatform-browser.d.mts.map +0 -1
  76. package/dist/browser/xhrHttpClient.d.ts.map +0 -1
  77. package/dist/commonjs/accessTokenCache.d.ts.map +0 -1
  78. package/dist/commonjs/constants.d.ts.map +0 -1
  79. package/dist/commonjs/createPipelineFromOptions.d.ts.map +0 -1
  80. package/dist/commonjs/defaultHttpClient.d.ts.map +0 -1
  81. package/dist/commonjs/fetchHttpClient.d.ts.map +0 -1
  82. package/dist/commonjs/httpHeaders.d.ts.map +0 -1
  83. package/dist/commonjs/index.d.ts.map +0 -1
  84. package/dist/commonjs/interfaces.d.ts.map +0 -1
  85. package/dist/commonjs/log.d.ts.map +0 -1
  86. package/dist/commonjs/nodeHttpClient.d.ts.map +0 -1
  87. package/dist/commonjs/pipeline.d.ts.map +0 -1
  88. package/dist/commonjs/pipelineRequest.d.ts.map +0 -1
  89. package/dist/commonjs/policies/auxiliaryAuthenticationHeaderPolicy.d.ts.map +0 -1
  90. package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.d.ts.map +0 -1
  91. package/dist/commonjs/policies/decompressResponsePolicy.d.ts.map +0 -1
  92. package/dist/commonjs/policies/defaultRetryPolicy.d.ts.map +0 -1
  93. package/dist/commonjs/policies/exponentialRetryPolicy.d.ts.map +0 -1
  94. package/dist/commonjs/policies/formDataPolicy.d.ts.map +0 -1
  95. package/dist/commonjs/policies/logPolicy.d.ts.map +0 -1
  96. package/dist/commonjs/policies/multipartPolicy.d.ts.map +0 -1
  97. package/dist/commonjs/policies/ndJsonPolicy.d.ts.map +0 -1
  98. package/dist/commonjs/policies/proxyPolicy.common.d.ts.map +0 -1
  99. package/dist/commonjs/policies/proxyPolicy.d.ts.map +0 -1
  100. package/dist/commonjs/policies/redirectPolicy.d.ts.map +0 -1
  101. package/dist/commonjs/policies/retryPolicy.d.ts.map +0 -1
  102. package/dist/commonjs/policies/setClientRequestIdPolicy.d.ts.map +0 -1
  103. package/dist/commonjs/policies/systemErrorRetryPolicy.d.ts.map +0 -1
  104. package/dist/commonjs/policies/throttlingRetryPolicy.d.ts.map +0 -1
  105. package/dist/commonjs/policies/tlsPolicy.d.ts.map +0 -1
  106. package/dist/commonjs/policies/tracingPolicy.d.ts.map +0 -1
  107. package/dist/commonjs/policies/userAgentPolicy.d.ts.map +0 -1
  108. package/dist/commonjs/restError.d.ts.map +0 -1
  109. package/dist/commonjs/retryStrategies/exponentialRetryStrategy.d.ts.map +0 -1
  110. package/dist/commonjs/retryStrategies/retryStrategy.d.ts.map +0 -1
  111. package/dist/commonjs/retryStrategies/throttlingRetryStrategy.d.ts.map +0 -1
  112. package/dist/commonjs/util/concat.common.d.ts.map +0 -1
  113. package/dist/commonjs/util/concat.d.ts.map +0 -1
  114. package/dist/commonjs/util/file.d.ts.map +0 -1
  115. package/dist/commonjs/util/helpers.d.ts.map +0 -1
  116. package/dist/commonjs/util/inspect.common.d.ts.map +0 -1
  117. package/dist/commonjs/util/inspect.d.ts.map +0 -1
  118. package/dist/commonjs/util/sanitizer.d.ts.map +0 -1
  119. package/dist/commonjs/util/tokenCycler.d.ts.map +0 -1
  120. package/dist/commonjs/util/typeGuards.d.ts.map +0 -1
  121. package/dist/commonjs/util/userAgent.d.ts.map +0 -1
  122. package/dist/commonjs/util/userAgentPlatform.d.ts.map +0 -1
  123. package/dist/commonjs/xhrHttpClient.d.ts.map +0 -1
  124. package/dist/esm/accessTokenCache.d.ts.map +0 -1
  125. package/dist/esm/constants.d.ts.map +0 -1
  126. package/dist/esm/createPipelineFromOptions.d.ts.map +0 -1
  127. package/dist/esm/defaultHttpClient.d.ts.map +0 -1
  128. package/dist/esm/fetchHttpClient.d.ts.map +0 -1
  129. package/dist/esm/httpHeaders.d.ts.map +0 -1
  130. package/dist/esm/index.d.ts.map +0 -1
  131. package/dist/esm/interfaces.d.ts.map +0 -1
  132. package/dist/esm/log.d.ts.map +0 -1
  133. package/dist/esm/nodeHttpClient.d.ts.map +0 -1
  134. package/dist/esm/pipeline.d.ts.map +0 -1
  135. package/dist/esm/pipelineRequest.d.ts.map +0 -1
  136. package/dist/esm/policies/auxiliaryAuthenticationHeaderPolicy.d.ts.map +0 -1
  137. package/dist/esm/policies/bearerTokenAuthenticationPolicy.d.ts.map +0 -1
  138. package/dist/esm/policies/decompressResponsePolicy.d.ts.map +0 -1
  139. package/dist/esm/policies/defaultRetryPolicy.d.ts.map +0 -1
  140. package/dist/esm/policies/exponentialRetryPolicy.d.ts.map +0 -1
  141. package/dist/esm/policies/formDataPolicy.d.ts.map +0 -1
  142. package/dist/esm/policies/logPolicy.d.ts.map +0 -1
  143. package/dist/esm/policies/multipartPolicy.d.ts.map +0 -1
  144. package/dist/esm/policies/ndJsonPolicy.d.ts.map +0 -1
  145. package/dist/esm/policies/proxyPolicy.common.d.ts.map +0 -1
  146. package/dist/esm/policies/proxyPolicy.d.ts.map +0 -1
  147. package/dist/esm/policies/redirectPolicy.d.ts.map +0 -1
  148. package/dist/esm/policies/retryPolicy.d.ts.map +0 -1
  149. package/dist/esm/policies/setClientRequestIdPolicy.d.ts.map +0 -1
  150. package/dist/esm/policies/systemErrorRetryPolicy.d.ts.map +0 -1
  151. package/dist/esm/policies/throttlingRetryPolicy.d.ts.map +0 -1
  152. package/dist/esm/policies/tlsPolicy.d.ts.map +0 -1
  153. package/dist/esm/policies/tracingPolicy.d.ts.map +0 -1
  154. package/dist/esm/policies/userAgentPolicy.d.ts.map +0 -1
  155. package/dist/esm/restError.d.ts.map +0 -1
  156. package/dist/esm/retryStrategies/exponentialRetryStrategy.d.ts.map +0 -1
  157. package/dist/esm/retryStrategies/retryStrategy.d.ts.map +0 -1
  158. package/dist/esm/retryStrategies/throttlingRetryStrategy.d.ts.map +0 -1
  159. package/dist/esm/util/concat.common.d.ts.map +0 -1
  160. package/dist/esm/util/concat.d.ts.map +0 -1
  161. package/dist/esm/util/file.d.ts.map +0 -1
  162. package/dist/esm/util/helpers.d.ts.map +0 -1
  163. package/dist/esm/util/inspect.common.d.ts.map +0 -1
  164. package/dist/esm/util/inspect.d.ts.map +0 -1
  165. package/dist/esm/util/sanitizer.d.ts.map +0 -1
  166. package/dist/esm/util/tokenCycler.d.ts.map +0 -1
  167. package/dist/esm/util/typeGuards.d.ts.map +0 -1
  168. package/dist/esm/util/userAgent.d.ts.map +0 -1
  169. package/dist/esm/util/userAgentPlatform.d.ts.map +0 -1
  170. package/dist/esm/xhrHttpClient.d.ts.map +0 -1
  171. package/dist/react-native/accessTokenCache.d.ts.map +0 -1
  172. package/dist/react-native/constants.d.ts.map +0 -1
  173. package/dist/react-native/createPipelineFromOptions.d.ts.map +0 -1
  174. package/dist/react-native/defaultHttpClient-react-native.d.mts.map +0 -1
  175. package/dist/react-native/fetchHttpClient.d.ts.map +0 -1
  176. package/dist/react-native/httpHeaders.d.ts.map +0 -1
  177. package/dist/react-native/index.d.ts.map +0 -1
  178. package/dist/react-native/interfaces.d.ts.map +0 -1
  179. package/dist/react-native/log.d.ts.map +0 -1
  180. package/dist/react-native/nodeHttpClient.d.ts.map +0 -1
  181. package/dist/react-native/pipeline.d.ts.map +0 -1
  182. package/dist/react-native/pipelineRequest.d.ts.map +0 -1
  183. package/dist/react-native/policies/auxiliaryAuthenticationHeaderPolicy.d.ts.map +0 -1
  184. package/dist/react-native/policies/bearerTokenAuthenticationPolicy.d.ts.map +0 -1
  185. package/dist/react-native/policies/decompressResponsePolicy.d.ts.map +0 -1
  186. package/dist/react-native/policies/defaultRetryPolicy.d.ts.map +0 -1
  187. package/dist/react-native/policies/exponentialRetryPolicy.d.ts.map +0 -1
  188. package/dist/react-native/policies/formDataPolicy.d.ts.map +0 -1
  189. package/dist/react-native/policies/logPolicy.d.ts.map +0 -1
  190. package/dist/react-native/policies/multipartPolicy.d.ts.map +0 -1
  191. package/dist/react-native/policies/ndJsonPolicy.d.ts.map +0 -1
  192. package/dist/react-native/policies/proxyPolicy-react-native.d.mts.map +0 -1
  193. package/dist/react-native/policies/proxyPolicy.common.d.ts.map +0 -1
  194. package/dist/react-native/policies/redirectPolicy.d.ts.map +0 -1
  195. package/dist/react-native/policies/retryPolicy.d.ts.map +0 -1
  196. package/dist/react-native/policies/setClientRequestIdPolicy.d.ts.map +0 -1
  197. package/dist/react-native/policies/systemErrorRetryPolicy.d.ts.map +0 -1
  198. package/dist/react-native/policies/throttlingRetryPolicy.d.ts.map +0 -1
  199. package/dist/react-native/policies/tlsPolicy.d.ts.map +0 -1
  200. package/dist/react-native/policies/tracingPolicy.d.ts.map +0 -1
  201. package/dist/react-native/policies/userAgentPolicy.d.ts.map +0 -1
  202. package/dist/react-native/restError.d.ts.map +0 -1
  203. package/dist/react-native/retryStrategies/exponentialRetryStrategy.d.ts.map +0 -1
  204. package/dist/react-native/retryStrategies/retryStrategy.d.ts.map +0 -1
  205. package/dist/react-native/retryStrategies/throttlingRetryStrategy.d.ts.map +0 -1
  206. package/dist/react-native/util/concat-react-native.d.mts.map +0 -1
  207. package/dist/react-native/util/concat.common.d.ts.map +0 -1
  208. package/dist/react-native/util/file.d.ts.map +0 -1
  209. package/dist/react-native/util/helpers.d.ts.map +0 -1
  210. package/dist/react-native/util/inspect-react-native.d.mts.map +0 -1
  211. package/dist/react-native/util/inspect.common.d.ts.map +0 -1
  212. package/dist/react-native/util/sanitizer.d.ts.map +0 -1
  213. package/dist/react-native/util/tokenCycler.d.ts.map +0 -1
  214. package/dist/react-native/util/typeGuards.d.ts.map +0 -1
  215. package/dist/react-native/util/userAgent.d.ts.map +0 -1
  216. package/dist/react-native/util/userAgentPlatform-react-native.d.mts.map +0 -1
  217. package/dist/react-native/xhrHttpClient.d.ts.map +0 -1
package/dist/browser/constants.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- export const SDK_VERSION = "1.18.2";
3
+ export const SDK_VERSION = "1.18.3";
4
4
  export const DEFAULT_RETRY_POLICY_COUNT = 3;
5
5
  //# sourceMappingURL=constants.js.map
package/dist/browser/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.2\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.3\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
package/dist/browser/policies/bearerTokenAuthenticationPolicy.d.ts CHANGED
@@ -53,7 +53,7 @@ export interface AuthorizeRequestOnChallengeOptions {
53
53
  logger?: AzureLogger;
54
54
  }
55
55
  /**
56
- * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
56
+ * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
57
57
  */
58
58
  export interface ChallengeCallbacks {
59
59
  /**
@@ -81,7 +81,7 @@ export interface BearerTokenAuthenticationPolicyOptions {
81
81
  */
82
82
  scopes: string | string[];
83
83
  /**
84
- * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
84
+ * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
85
85
  * If provided, it must contain at least the `authorizeRequestOnChallenge` method.
86
86
  * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.
87
87
  */
package/dist/browser/policies/bearerTokenAuthenticationPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
1
+ {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
package/dist/browser/policies/throttlingRetryPolicy.d.ts CHANGED
@@ -16,9 +16,9 @@ export interface ThrottlingRetryPolicyOptions {
16
16
  * A policy that retries when the server sends a 429 response with a Retry-After header.
17
17
  *
18
18
  * To learn more, please refer to
19
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
19
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
22
22
  *
23
23
  * @param options - Options that configure retry logic.
24
24
  */
package/dist/browser/policies/throttlingRetryPolicy.js CHANGED
@@ -11,9 +11,9 @@ export const throttlingRetryPolicyName = "throttlingRetryPolicy";
11
11
  * A policy that retries when the server sends a 429 response with a Retry-After header.
12
12
  *
13
13
  * To learn more, please refer to
14
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
15
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
16
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
14
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
15
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
16
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
17
17
  *
18
18
  * @param options - Options that configure retry logic.
19
19
  */
package/dist/browser/policies/throttlingRetryPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,WAAW,CAAC,CAAC,uBAAuB,EAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,0BAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
1
+ {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,WAAW,CAAC,CAAC,uBAAuB,EAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,0BAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
package/dist/commonjs/constants.js CHANGED
@@ -3,6 +3,6 @@
3
3
  // Licensed under the MIT License.
4
4
  Object.defineProperty(exports, "__esModule", { value: true });
5
5
  exports.DEFAULT_RETRY_POLICY_COUNT = exports.SDK_VERSION = void 0;
6
- exports.SDK_VERSION = "1.18.2";
6
+ exports.SDK_VERSION = "1.18.3";
7
7
  exports.DEFAULT_RETRY_POLICY_COUNT = 3;
8
8
  //# sourceMappingURL=constants.js.map
package/dist/commonjs/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAErB,QAAA,WAAW,GAAW,QAAQ,CAAC;AAE/B,QAAA,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.2\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAErB,QAAA,WAAW,GAAW,QAAQ,CAAC;AAE/B,QAAA,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.3\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.d.ts CHANGED
@@ -53,7 +53,7 @@ export interface AuthorizeRequestOnChallengeOptions {
53
53
  logger?: AzureLogger;
54
54
  }
55
55
  /**
56
- * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
56
+ * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
57
57
  */
58
58
  export interface ChallengeCallbacks {
59
59
  /**
@@ -81,7 +81,7 @@ export interface BearerTokenAuthenticationPolicyOptions {
81
81
  */
82
82
  scopes: string | string[];
83
83
  /**
84
- * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
84
+ * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
85
85
  * If provided, it must contain at least the `authorizeRequestOnChallenge` method.
86
86
  * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.
87
87
  */
package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAwLlC,0EAyIC;AAmBD,0CA0BC;AAxWD,2DAA2D;AAC3D,sCAAiD;AAEjD,kDAA8C;AAE9C;;GAEG;AACU,QAAA,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,IAAA,0BAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,eAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,IAAA,kCAAiB,EAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,2CAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
1
+ {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAwLlC,0EAyIC;AAmBD,0CA0BC;AAxWD,2DAA2D;AAC3D,sCAAiD;AAEjD,kDAA8C;AAE9C;;GAEG;AACU,QAAA,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,IAAA,0BAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,eAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,IAAA,kCAAiB,EAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,2CAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
package/dist/commonjs/policies/throttlingRetryPolicy.d.ts CHANGED
@@ -16,9 +16,9 @@ export interface ThrottlingRetryPolicyOptions {
16
16
  * A policy that retries when the server sends a 429 response with a Retry-After header.
17
17
  *
18
18
  * To learn more, please refer to
19
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
19
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
22
22
  *
23
23
  * @param options - Options that configure retry logic.
24
24
  */
package/dist/commonjs/policies/throttlingRetryPolicy.js CHANGED
@@ -15,9 +15,9 @@ exports.throttlingRetryPolicyName = "throttlingRetryPolicy";
15
15
  * A policy that retries when the server sends a 429 response with a Retry-After header.
16
16
  *
17
17
  * To learn more, please refer to
18
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
19
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
20
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
18
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
19
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
20
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
21
21
  *
22
22
  * @param options - Options that configure retry logic.
23
23
  */
package/dist/commonjs/policies/throttlingRetryPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAgClC,sDAOC;AApCD,8FAAwF;AACxF,qDAA+C;AAC/C,kDAA6D;AAE7D;;GAEG;AACU,QAAA,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,iCAAyB;QAC/B,WAAW,EAAE,IAAA,4BAAW,EAAC,CAAC,IAAA,oDAAuB,GAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,yCAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
1
+ {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAgClC,sDAOC;AApCD,8FAAwF;AACxF,qDAA+C;AAC/C,kDAA6D;AAE7D;;GAEG;AACU,QAAA,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,iCAAyB;QAC/B,WAAW,EAAE,IAAA,4BAAW,EAAC,CAAC,IAAA,oDAAuB,GAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,yCAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
package/dist/esm/constants.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- export const SDK_VERSION = "1.18.2";
3
+ export const SDK_VERSION = "1.18.3";
4
4
  export const DEFAULT_RETRY_POLICY_COUNT = 3;
5
5
  //# sourceMappingURL=constants.js.map
package/dist/esm/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.2\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.3\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
package/dist/esm/policies/bearerTokenAuthenticationPolicy.d.ts CHANGED
@@ -53,7 +53,7 @@ export interface AuthorizeRequestOnChallengeOptions {
53
53
  logger?: AzureLogger;
54
54
  }
55
55
  /**
56
- * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
56
+ * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
57
57
  */
58
58
  export interface ChallengeCallbacks {
59
59
  /**
@@ -81,7 +81,7 @@ export interface BearerTokenAuthenticationPolicyOptions {
81
81
  */
82
82
  scopes: string | string[];
83
83
  /**
84
- * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
84
+ * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
85
85
  * If provided, it must contain at least the `authorizeRequestOnChallenge` method.
86
86
  * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.
87
87
  */
package/dist/esm/policies/bearerTokenAuthenticationPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
1
+ {"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
package/dist/esm/policies/throttlingRetryPolicy.d.ts CHANGED
@@ -16,9 +16,9 @@ export interface ThrottlingRetryPolicyOptions {
16
16
  * A policy that retries when the server sends a 429 response with a Retry-After header.
17
17
  *
18
18
  * To learn more, please refer to
19
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
19
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
20
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
21
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
22
22
  *
23
23
  * @param options - Options that configure retry logic.
24
24
  */
package/dist/esm/policies/throttlingRetryPolicy.js CHANGED
@@ -11,9 +11,9 @@ export const throttlingRetryPolicyName = "throttlingRetryPolicy";
11
11
  * A policy that retries when the server sends a 429 response with a Retry-After header.
12
12
  *
13
13
  * To learn more, please refer to
14
- * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
15
- * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and
16
- * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
14
+ * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,
15
+ * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and
16
+ * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors
17
17
  *
18
18
  * @param options - Options that configure retry logic.
19
19
  */
package/dist/esm/policies/throttlingRetryPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,WAAW,CAAC,CAAC,uBAAuB,EAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,0BAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
1
+ {"version":3,"file":"throttlingRetryPolicy.js","sourceRoot":"","sources":["../../../src/policies/throttlingRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,uBAAuB,CAAC;AAYjE;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;;IAC9E,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,WAAW,CAAC,CAAC,uBAAuB,EAAE,CAAC,EAAE;YACpD,UAAU,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,0BAA0B;SAC7D,CAAC,CAAC,WAAW;KACf,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { throttlingRetryStrategy } from \"../retryStrategies/throttlingRetryStrategy.js\";\nimport { retryPolicy } from \"./retryPolicy.js\";\nimport { DEFAULT_RETRY_POLICY_COUNT } from \"../constants.js\";\n\n/**\n * Name of the {@link throttlingRetryPolicy}\n */\nexport const throttlingRetryPolicyName = \"throttlingRetryPolicy\";\n\n/**\n * Options that control how to retry failed requests.\n */\nexport interface ThrottlingRetryPolicyOptions {\n /**\n * The maximum number of retry attempts. Defaults to 3.\n */\n maxRetries?: number;\n}\n\n/**\n * A policy that retries when the server sends a 429 response with a Retry-After header.\n *\n * To learn more, please refer to\n * https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits,\n * https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits and\n * https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshooting-throttling-errors\n *\n * @param options - Options that configure retry logic.\n */\nexport function throttlingRetryPolicy(options: ThrottlingRetryPolicyOptions = {}): PipelinePolicy {\n return {\n name: throttlingRetryPolicyName,\n sendRequest: retryPolicy([throttlingRetryStrategy()], {\n maxRetries: options.maxRetries ?? DEFAULT_RETRY_POLICY_COUNT,\n }).sendRequest,\n };\n}\n"]}
package/dist/react-native/constants.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- export const SDK_VERSION = "1.18.2";
3
+ export const SDK_VERSION = "1.18.3";
4
4
  export const DEFAULT_RETRY_POLICY_COUNT = 3;
5
5
  //# sourceMappingURL=constants.js.map
package/dist/react-native/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.2\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,QAAQ,CAAC;AAE5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport const SDK_VERSION: string = \"1.18.3\";\n\nexport const DEFAULT_RETRY_POLICY_COUNT = 3;\n"]}
package/dist/react-native/policies/bearerTokenAuthenticationPolicy.d.ts CHANGED
@@ -53,7 +53,7 @@ export interface AuthorizeRequestOnChallengeOptions {
53
53
  logger?: AzureLogger;
54
54
  }
55
55
  /**
56
- * Options to override the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
56
+ * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
57
57
  */
58
58
  export interface ChallengeCallbacks {
59
59
  /**
@@ -81,7 +81,7 @@ export interface BearerTokenAuthenticationPolicyOptions {
81
81
  */
82
82
  scopes: string | string[];
83
83
  /**
84
- * Allows for the processing of [Continuous Access Evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
84
+ * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.
85
85
  * If provided, it must contain at least the `authorizeRequestOnChallenge` method.
86
86
  * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.
87
87
  */