@azure/core-rest-pipeline 1.22.1-alpha.20250716.3 → 1.22.1-alpha.20250722.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/createPipelineFromOptions.js +2 -3
- package/dist/browser/createPipelineFromOptions.js.map +1 -1
- package/dist/browser/defaultHttpClient.js +1 -1
- package/dist/browser/defaultHttpClient.js.map +1 -1
- package/dist/browser/policies/auxiliaryAuthenticationHeaderPolicy.js +1 -2
- package/dist/browser/policies/auxiliaryAuthenticationHeaderPolicy.js.map +1 -1
- package/dist/browser/policies/bearerTokenAuthenticationPolicy.js +4 -7
- package/dist/browser/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
- package/dist/browser/policies/logPolicy.js +4 -1
- package/dist/browser/policies/logPolicy.js.map +1 -1
- package/dist/browser/policies/retryPolicy.js +4 -1
- package/dist/browser/policies/retryPolicy.js.map +1 -1
- package/dist/browser/policies/tracingPolicy.js +1 -2
- package/dist/browser/policies/tracingPolicy.js.map +1 -1
- package/dist/browser/policies/wrapAbortSignalLikePolicy.js +1 -1
- package/dist/browser/policies/wrapAbortSignalLikePolicy.js.map +1 -1
- package/dist/browser/util/file.js +22 -5
- package/dist/browser/util/file.js.map +1 -1
- package/dist/browser/util/tokenCycler.js +8 -7
- package/dist/browser/util/tokenCycler.js.map +1 -1
- package/dist/browser/util/userAgentPlatform-browser.mjs.map +1 -1
- package/dist/browser/util/userAgentPlatform.js +2 -2
- package/dist/commonjs/createPipelineFromOptions.js +2 -3
- package/dist/commonjs/createPipelineFromOptions.js.map +1 -1
- package/dist/commonjs/defaultHttpClient.js +1 -1
- package/dist/commonjs/defaultHttpClient.js.map +1 -1
- package/dist/commonjs/policies/auxiliaryAuthenticationHeaderPolicy.js +1 -2
- package/dist/commonjs/policies/auxiliaryAuthenticationHeaderPolicy.js.map +1 -1
- package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js +4 -7
- package/dist/commonjs/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
- package/dist/commonjs/policies/logPolicy.js +4 -1
- package/dist/commonjs/policies/logPolicy.js.map +1 -1
- package/dist/commonjs/policies/retryPolicy.js +4 -1
- package/dist/commonjs/policies/retryPolicy.js.map +1 -1
- package/dist/commonjs/policies/tracingPolicy.js +1 -2
- package/dist/commonjs/policies/tracingPolicy.js.map +1 -1
- package/dist/commonjs/policies/wrapAbortSignalLikePolicy.js +1 -1
- package/dist/commonjs/policies/wrapAbortSignalLikePolicy.js.map +1 -1
- package/dist/commonjs/tsdoc-metadata.json +11 -11
- package/dist/commonjs/util/file.js +22 -5
- package/dist/commonjs/util/file.js.map +1 -1
- package/dist/commonjs/util/tokenCycler.js +8 -7
- package/dist/commonjs/util/tokenCycler.js.map +1 -1
- package/dist/esm/createPipelineFromOptions.js +2 -3
- package/dist/esm/createPipelineFromOptions.js.map +1 -1
- package/dist/esm/defaultHttpClient.js +1 -1
- package/dist/esm/defaultHttpClient.js.map +1 -1
- package/dist/esm/policies/auxiliaryAuthenticationHeaderPolicy.js +1 -2
- package/dist/esm/policies/auxiliaryAuthenticationHeaderPolicy.js.map +1 -1
- package/dist/esm/policies/bearerTokenAuthenticationPolicy.js +4 -7
- package/dist/esm/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
- package/dist/esm/policies/logPolicy.js +4 -1
- package/dist/esm/policies/logPolicy.js.map +1 -1
- package/dist/esm/policies/retryPolicy.js +4 -1
- package/dist/esm/policies/retryPolicy.js.map +1 -1
- package/dist/esm/policies/tracingPolicy.js +1 -2
- package/dist/esm/policies/tracingPolicy.js.map +1 -1
- package/dist/esm/policies/wrapAbortSignalLikePolicy.js +1 -1
- package/dist/esm/policies/wrapAbortSignalLikePolicy.js.map +1 -1
- package/dist/esm/util/file.js +22 -5
- package/dist/esm/util/file.js.map +1 -1
- package/dist/esm/util/tokenCycler.js +8 -7
- package/dist/esm/util/tokenCycler.js.map +1 -1
- package/dist/react-native/createPipelineFromOptions.js +2 -3
- package/dist/react-native/createPipelineFromOptions.js.map +1 -1
- package/dist/react-native/defaultHttpClient.js +1 -1
- package/dist/react-native/defaultHttpClient.js.map +1 -1
- package/dist/react-native/policies/auxiliaryAuthenticationHeaderPolicy.js +1 -2
- package/dist/react-native/policies/auxiliaryAuthenticationHeaderPolicy.js.map +1 -1
- package/dist/react-native/policies/bearerTokenAuthenticationPolicy.js +4 -7
- package/dist/react-native/policies/bearerTokenAuthenticationPolicy.js.map +1 -1
- package/dist/react-native/policies/logPolicy.js +4 -1
- package/dist/react-native/policies/logPolicy.js.map +1 -1
- package/dist/react-native/policies/retryPolicy.js +4 -1
- package/dist/react-native/policies/retryPolicy.js.map +1 -1
- package/dist/react-native/policies/tracingPolicy.js +1 -2
- package/dist/react-native/policies/tracingPolicy.js.map +1 -1
- package/dist/react-native/policies/wrapAbortSignalLikePolicy.js +1 -1
- package/dist/react-native/policies/wrapAbortSignalLikePolicy.js.map +1 -1
- package/dist/react-native/util/file.js +22 -5
- package/dist/react-native/util/file.js.map +1 -1
- package/dist/react-native/util/tokenCycler.js +8 -7
- package/dist/react-native/util/tokenCycler.js.map +1 -1
- package/dist/react-native/util/userAgentPlatform-react-native.mjs.map +1 -1
- package/dist/react-native/util/userAgentPlatform.js +1 -2
- package/package.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tracingPolicy.js","sourceRoot":"","sources":["../../../src/policies/tracingPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAIL,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAmBjD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,UAAgC,EAAE;IAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;QAC9B,gCAAgC,EAAE,OAAO,CAAC,gCAAgC;KAC3E,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,sBAAsB,EAAE,CAAC;IAE/C,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB
|
|
1
|
+
{"version":3,"file":"tracingPolicy.js","sourceRoot":"","sources":["../../../src/policies/tracingPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAIL,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAmBjD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,UAAgC,EAAE;IAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC;QAC9B,gCAAgC,EAAE,OAAO,CAAC,gCAAgC;KAC3E,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,sBAAsB,EAAE,CAAC;IAE/C,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC;YAEzC,MAAM,cAAc,GAAG;gBACrB,UAAU,EAAE,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,aAAa,EAAE,OAAO,CAAC,MAAM;gBAC7B,iBAAiB,EAAE,SAAS;gBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC;YACF,IAAI,SAAS,EAAE,CAAC;gBACd,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;YAChD,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC,aAAa,EAAE,OAAO,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YAE7F,IAAI,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,cAAc,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAChF,kBAAkB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBACnC,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC3B,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,IAAI,CAAC;QACH,OAAO,mBAAmB,CAAC;YACzB,SAAS,EAAE,EAAE;YACb,WAAW,EAAE,2BAA2B;YACxC,cAAc,EAAE,WAAW;SAC5B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,MAAM,CAAC,OAAO,CAAC,0CAA0C,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/E,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,aAA4B,EAC5B,OAAwB,EACxB,cAAuC;IAEvC,IAAI,CAAC;QACH,oFAAoF;QACpF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC,SAAS,CACtD,QAAQ,OAAO,CAAC,MAAM,EAAE,EACxB,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,EAC1C;YACE,QAAQ,EAAE,QAAQ;YAClB,cAAc;SACf,CACF,CAAC;QAEF,wDAAwD;QACxD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,cAAc;QACd,MAAM,OAAO,GAAG,aAAa,CAAC,oBAAoB,CAChD,cAAc,CAAC,cAAc,CAAC,cAAc,CAC7C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,cAAc,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;IAChF,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,OAAO,CAAC,qDAAqD,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1F,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,IAAiB,EAAE,KAAc;IACxD,IAAI,CAAC;QACH,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SAC1C,CAAC,CAAC;QACH,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC3C,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,GAAG,EAAE,CAAC;IACb,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,OAAO,CAAC,qDAAqD,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAiB,EAAE,QAA0B;IACvE,IAAI,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACjE,IAAI,gBAAgB,EAAE,CAAC;YACrB,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;QAC1D,CAAC;QACD,2FAA2F;QAC3F,2CAA2C;QAC3C,sEAAsE;QACtE,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC3B,IAAI,CAAC,SAAS,CAAC;gBACb,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,EAAE,CAAC;IACb,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,OAAO,CAAC,qDAAqD,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n type TracingClient,\n type TracingContext,\n type TracingSpan,\n createTracingClient,\n} from \"@azure/core-tracing\";\nimport { SDK_VERSION } from \"../constants.js\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { getUserAgentValue } from \"../util/userAgent.js\";\nimport { logger } from \"../log.js\";\nimport { getErrorMessage, isError } from \"@azure/core-util\";\nimport { isRestError } from \"../restError.js\";\nimport { Sanitizer } from \"@typespec/ts-http-runtime/internal/util\";\n\n/**\n * The programmatic identifier of the tracingPolicy.\n */\nexport const tracingPolicyName = \"tracingPolicy\";\n\n/**\n * Options to configure the tracing policy.\n */\nexport interface TracingPolicyOptions {\n /**\n * String prefix to add to the user agent logged as metadata\n * on the generated Span.\n * Defaults to an empty string.\n */\n userAgentPrefix?: string;\n /**\n * Query string names whose values will be logged when logging is enabled. By default no\n * query string values are logged.\n */\n additionalAllowedQueryParameters?: string[];\n}\n\n/**\n * A simple policy to create OpenTelemetry Spans for each request made by the pipeline\n * that has SpanOptions with a parent.\n * Requests made without a parent Span will not be recorded.\n * @param options - Options to configure the telemetry logged by the tracing policy.\n */\nexport function tracingPolicy(options: TracingPolicyOptions = {}): PipelinePolicy {\n const userAgentPromise = getUserAgentValue(options.userAgentPrefix);\n const sanitizer = new Sanitizer({\n additionalAllowedQueryParameters: options.additionalAllowedQueryParameters,\n });\n const tracingClient = tryCreateTracingClient();\n\n return {\n name: tracingPolicyName,\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!tracingClient) {\n return next(request);\n }\n\n const userAgent = await userAgentPromise;\n\n const spanAttributes = {\n \"http.url\": sanitizer.sanitizeUrl(request.url),\n \"http.method\": request.method,\n \"http.user_agent\": userAgent,\n requestId: request.requestId,\n };\n if (userAgent) {\n spanAttributes[\"http.user_agent\"] = userAgent;\n }\n\n const { span, tracingContext } = tryCreateSpan(tracingClient, request, spanAttributes) ?? {};\n\n if (!span || !tracingContext) {\n return next(request);\n }\n\n try {\n const response = await tracingClient.withContext(tracingContext, next, request);\n tryProcessResponse(span, response);\n return response;\n } catch (err: any) {\n tryProcessError(span, err);\n throw err;\n }\n },\n };\n}\n\nfunction tryCreateTracingClient(): TracingClient | undefined {\n try {\n return createTracingClient({\n namespace: \"\",\n packageName: \"@azure/core-rest-pipeline\",\n packageVersion: SDK_VERSION,\n });\n } catch (e: unknown) {\n logger.warning(`Error when creating the TracingClient: ${getErrorMessage(e)}`);\n return undefined;\n }\n}\n\nfunction tryCreateSpan(\n tracingClient: TracingClient,\n request: PipelineRequest,\n spanAttributes: Record<string, unknown>,\n): { span: TracingSpan; tracingContext: TracingContext } | undefined {\n try {\n // As per spec, we do not need to differentiate between HTTP and HTTPS in span name.\n const { span, updatedOptions } = tracingClient.startSpan(\n `HTTP ${request.method}`,\n { tracingOptions: request.tracingOptions },\n {\n spanKind: \"client\",\n spanAttributes,\n },\n );\n\n // If the span is not recording, don't do any more work.\n if (!span.isRecording()) {\n span.end();\n return undefined;\n }\n\n // set headers\n const headers = tracingClient.createRequestHeaders(\n updatedOptions.tracingOptions.tracingContext,\n );\n for (const [key, value] of Object.entries(headers)) {\n request.headers.set(key, value);\n }\n return { span, tracingContext: updatedOptions.tracingOptions.tracingContext };\n } catch (e: any) {\n logger.warning(`Skipping creating a tracing span due to an error: ${getErrorMessage(e)}`);\n return undefined;\n }\n}\n\nfunction tryProcessError(span: TracingSpan, error: unknown): void {\n try {\n span.setStatus({\n status: \"error\",\n error: isError(error) ? error : undefined,\n });\n if (isRestError(error) && error.statusCode) {\n span.setAttribute(\"http.status_code\", error.statusCode);\n }\n span.end();\n } catch (e: any) {\n logger.warning(`Skipping tracing span processing due to an error: ${getErrorMessage(e)}`);\n }\n}\n\nfunction tryProcessResponse(span: TracingSpan, response: PipelineResponse): void {\n try {\n span.setAttribute(\"http.status_code\", response.status);\n const serviceRequestId = response.headers.get(\"x-ms-request-id\");\n if (serviceRequestId) {\n span.setAttribute(\"serviceRequestId\", serviceRequestId);\n }\n // Per semantic conventions, only set the status to error if the status code is 4xx or 5xx.\n // Otherwise, the status MUST remain unset.\n // https://opentelemetry.io/docs/specs/semconv/http/http-spans/#status\n if (response.status >= 400) {\n span.setStatus({\n status: \"error\",\n });\n }\n span.end();\n } catch (e: any) {\n logger.warning(`Skipping tracing span processing due to an error: ${getErrorMessage(e)}`);\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wrapAbortSignalLikePolicy.js","sourceRoot":"","sources":["../../../src/policies/wrapAbortSignalLikePolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,CAAC,MAAM,6BAA6B,GAAG,2BAA2B,CAAC;AAEzE;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO;QACL,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YACnC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC1E,6CAA6C;YAC7C,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;YAClC,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;oBAAS,CAAC;gBACT,OAAO,
|
|
1
|
+
{"version":3,"file":"wrapAbortSignalLikePolicy.js","sourceRoot":"","sources":["../../../src/policies/wrapAbortSignalLikePolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,CAAC,MAAM,6BAA6B,GAAG,2BAA2B,CAAC;AAEzE;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO;QACL,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YACnC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC1E,6CAA6C;YAC7C,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;YAClC,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,EAAE,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { type PipelinePolicy } from \"../pipeline.js\";\nimport { wrapAbortSignalLike } from \"../util/wrapAbortSignal.js\";\n\nexport const wrapAbortSignalLikePolicyName = \"wrapAbortSignalLikePolicy\";\n\n/**\n * Policy that ensure that any AbortSignalLike is wrapped in a native AbortSignal for processing by the pipeline.\n * Since the ts-http-runtime expects a native AbortSignal, this policy is used to ensure that any AbortSignalLike is wrapped in a native AbortSignal.\n *\n * @returns - created policy\n */\nexport function wrapAbortSignalLikePolicy(): PipelinePolicy {\n return {\n name: wrapAbortSignalLikePolicyName,\n sendRequest: async (request, next) => {\n if (!request.abortSignal) {\n return next(request);\n }\n\n const { abortSignal, cleanup } = wrapAbortSignalLike(request.abortSignal);\n // eslint-disable-next-line no-param-reassign\n request.abortSignal = abortSignal;\n try {\n return await next(request);\n } finally {\n cleanup?.();\n }\n },\n };\n}\n"]}
|
package/dist/esm/util/file.js
CHANGED
|
@@ -72,14 +72,22 @@ export function getRawContent(blob) {
|
|
|
72
72
|
* @param options - optional metadata about the file, e.g. file name, file size, MIME type.
|
|
73
73
|
*/
|
|
74
74
|
export function createFileFromStream(stream, name, options = {}) {
|
|
75
|
-
|
|
76
|
-
|
|
75
|
+
return {
|
|
76
|
+
...unimplementedMethods,
|
|
77
|
+
type: options.type ?? "",
|
|
78
|
+
lastModified: options.lastModified ?? new Date().getTime(),
|
|
79
|
+
webkitRelativePath: options.webkitRelativePath ?? "",
|
|
80
|
+
size: options.size ?? -1,
|
|
81
|
+
name,
|
|
82
|
+
stream: () => {
|
|
77
83
|
const s = stream();
|
|
78
84
|
if (isNodeReadableStream(s)) {
|
|
79
85
|
throw new Error("Not supported: a Node stream was provided as input to createFileFromStream.");
|
|
80
86
|
}
|
|
81
87
|
return s;
|
|
82
|
-
},
|
|
88
|
+
},
|
|
89
|
+
[rawContent]: stream,
|
|
90
|
+
};
|
|
83
91
|
}
|
|
84
92
|
/**
|
|
85
93
|
* Create an object that implements the File interface. This object is intended to be
|
|
@@ -93,9 +101,18 @@ export function createFileFromStream(stream, name, options = {}) {
|
|
|
93
101
|
* @param options - optional metadata about the file, e.g. file name, file size, MIME type.
|
|
94
102
|
*/
|
|
95
103
|
export function createFile(content, name, options = {}) {
|
|
96
|
-
var _a, _b, _c;
|
|
97
104
|
if (isNodeLike) {
|
|
98
|
-
return
|
|
105
|
+
return {
|
|
106
|
+
...unimplementedMethods,
|
|
107
|
+
type: options.type ?? "",
|
|
108
|
+
lastModified: options.lastModified ?? new Date().getTime(),
|
|
109
|
+
webkitRelativePath: options.webkitRelativePath ?? "",
|
|
110
|
+
size: content.byteLength,
|
|
111
|
+
name,
|
|
112
|
+
arrayBuffer: async () => content.buffer,
|
|
113
|
+
stream: () => new Blob([content]).stream(),
|
|
114
|
+
[rawContent]: () => content,
|
|
115
|
+
};
|
|
99
116
|
}
|
|
100
117
|
else {
|
|
101
118
|
return new File([content], name, options);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../../src/util/file.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,SAAS,oBAAoB,CAAC,CAAU;IACtC,OAAO,OAAO,CAAC,CAAC,IAAI,OAAQ,CAA2B,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC,CAAC;AAClF,CAAC;AAoCD,MAAM,oBAAoB,GAAG;IAC3B,WAAW,EAAE,GAAG,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,KAAK,EAAE,GAAG,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,KAAK,EAAE,GAAG,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,EAAE,GAAG,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,GAAkB,MAAM,CAAC,YAAY,CAAC,CAAC;AASvD;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,CAAU;IACtC,OAAO,OAAQ,CAAgB,CAAC,UAAU,CAAC,KAAK,UAAU,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAU;IAEV,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAgE,EAChE,IAAY,EACZ,UAAuC,EAAE
|
|
1
|
+
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../../src/util/file.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,SAAS,oBAAoB,CAAC,CAAU;IACtC,OAAO,OAAO,CAAC,CAAC,IAAI,OAAQ,CAA2B,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC,CAAC;AAClF,CAAC;AAoCD,MAAM,oBAAoB,GAAG;IAC3B,WAAW,EAAE,GAAG,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,KAAK,EAAE,GAAG,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,KAAK,EAAE,GAAG,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,EAAE,GAAG,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,GAAkB,MAAM,CAAC,YAAY,CAAC,CAAC;AASvD;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,CAAU;IACtC,OAAO,OAAQ,CAAgB,CAAC,UAAU,CAAC,KAAK,UAAU,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAU;IAEV,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAgE,EAChE,IAAY,EACZ,UAAuC,EAAE;IAEzC,OAAO;QACL,GAAG,oBAAoB;QACvB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE;QACxB,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;QAC1D,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE;QACpD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;QACxB,IAAI;QACJ,MAAM,EAAE,GAAG,EAAE;YACX,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC;YACnB,IAAI,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,6EAA6E,CAC9E,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,CAAC;QACX,CAAC;QACD,CAAC,UAAU,CAAC,EAAE,MAAM;KACA,CAAC;AACzB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU,CACxB,OAAmB,EACnB,IAAY,EACZ,UAA6B,EAAE;IAE/B,IAAI,UAAU,EAAE,CAAC;QACf,OAAO;YACL,GAAG,oBAAoB;YACvB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE;YACxB,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;YAC1D,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE;YACpD,IAAI,EAAE,OAAO,CAAC,UAAU;YACxB,IAAI;YACJ,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM;YACvC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE;YAC1C,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO;SACP,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { isNodeLike } from \"@azure/core-util\";\n\nfunction isNodeReadableStream(x: unknown): x is NodeJS.ReadableStream {\n return Boolean(x && typeof (x as NodeJS.ReadableStream)[\"pipe\"] === \"function\");\n}\n\n/**\n * Options passed into createFile specifying metadata about the file.\n */\nexport interface CreateFileOptions {\n /**\n * The MIME type of the file.\n */\n type?: string;\n\n /**\n * Last modified time of the file as a UNIX timestamp.\n * This will default to the current date.\n */\n lastModified?: number;\n\n /**\n * relative path of this file when uploading a directory.\n */\n webkitRelativePath?: string;\n}\n\n/**\n * Extra options for createFile when a stream is being passed in.\n */\nexport interface CreateFileFromStreamOptions extends CreateFileOptions {\n /**\n * Size of the file represented by the stream in bytes.\n *\n * This will be used by the pipeline when calculating the Content-Length header\n * for the overall request.\n */\n size?: number;\n}\n\nconst unimplementedMethods = {\n arrayBuffer: () => {\n throw new Error(\"Not implemented\");\n },\n bytes: () => {\n throw new Error(\"Not implemented\");\n },\n slice: () => {\n throw new Error(\"Not implemented\");\n },\n text: () => {\n throw new Error(\"Not implemented\");\n },\n};\n\n/**\n * Private symbol used as key on objects created using createFile containing the\n * original source of the file object.\n *\n * This is used in Node to access the original Node stream without using Blob#stream, which\n * returns a web stream. This is done to avoid a couple of bugs to do with Blob#stream and\n * Readable#to/fromWeb in Node versions we support:\n * - https://github.com/nodejs/node/issues/42694 (fixed in Node 18.14)\n * - https://github.com/nodejs/node/issues/48916 (fixed in Node 20.6)\n *\n * Once these versions are no longer supported, we may be able to stop doing this.\n *\n * @internal\n */\nconst rawContent: unique symbol = Symbol(\"rawContent\");\n\n/**\n * Type signature of a blob-like object with a raw content property.\n */\nexport interface RawContent extends Blob {\n [rawContent](): Uint8Array | NodeJS.ReadableStream | ReadableStream<Uint8Array>;\n}\n\n/**\n * Type guard to check if a given object is a blob-like object with a raw content property.\n */\nexport function hasRawContent(x: unknown): x is RawContent {\n return typeof (x as RawContent)[rawContent] === \"function\";\n}\n\n/**\n * Extract the raw content from a given blob-like object. If the input was created using createFile\n * or createFileFromStream, the exact content passed into createFile/createFileFromStream will be used.\n * For true instances of Blob and File, returns the actual blob.\n *\n * @internal\n */\nexport function getRawContent(\n blob: Blob,\n): Blob | NodeJS.ReadableStream | ReadableStream<Uint8Array> | Uint8Array {\n if (hasRawContent(blob)) {\n return blob[rawContent]();\n } else {\n return blob;\n }\n}\n\n/**\n * Create an object that implements the File interface. This object is intended to be\n * passed into RequestBodyType.formData, and is not guaranteed to work as expected in\n * other situations.\n *\n * Use this function to:\n * - Create a File object for use in RequestBodyType.formData in environments where the\n * global File object is unavailable.\n * - Create a File-like object from a readable stream without reading the stream into memory.\n *\n * @param stream - the content of the file as a callback returning a stream. When a File object made using createFile is\n * passed in a request's form data map, the stream will not be read into memory\n * and instead will be streamed when the request is made. In the event of a retry, the\n * stream needs to be read again, so this callback SHOULD return a fresh stream if possible.\n * @param name - the name of the file.\n * @param options - optional metadata about the file, e.g. file name, file size, MIME type.\n */\nexport function createFileFromStream(\n stream: () => ReadableStream<Uint8Array> | NodeJS.ReadableStream,\n name: string,\n options: CreateFileFromStreamOptions = {},\n): File {\n return {\n ...unimplementedMethods,\n type: options.type ?? \"\",\n lastModified: options.lastModified ?? new Date().getTime(),\n webkitRelativePath: options.webkitRelativePath ?? \"\",\n size: options.size ?? -1,\n name,\n stream: () => {\n const s = stream();\n if (isNodeReadableStream(s)) {\n throw new Error(\n \"Not supported: a Node stream was provided as input to createFileFromStream.\",\n );\n }\n\n return s;\n },\n [rawContent]: stream,\n } as File & RawContent;\n}\n\n/**\n * Create an object that implements the File interface. This object is intended to be\n * passed into RequestBodyType.formData, and is not guaranteed to work as expected in\n * other situations.\n *\n * Use this function create a File object for use in RequestBodyType.formData in environments where the global File object is unavailable.\n *\n * @param content - the content of the file as a Uint8Array in memory.\n * @param name - the name of the file.\n * @param options - optional metadata about the file, e.g. file name, file size, MIME type.\n */\nexport function createFile(\n content: Uint8Array,\n name: string,\n options: CreateFileOptions = {},\n): File {\n if (isNodeLike) {\n return {\n ...unimplementedMethods,\n type: options.type ?? \"\",\n lastModified: options.lastModified ?? new Date().getTime(),\n webkitRelativePath: options.webkitRelativePath ?? \"\",\n size: content.byteLength,\n name,\n arrayBuffer: async () => content.buffer,\n stream: () => new Blob([content]).stream(),\n [rawContent]: () => content,\n } as File & RawContent;\n } else {\n return new File([content], name, options);\n }\n}\n"]}
|
|
@@ -25,7 +25,7 @@ async function beginRefresh(getAccessToken, retryIntervalInMs, refreshTimeout) {
|
|
|
25
25
|
try {
|
|
26
26
|
return await getAccessToken();
|
|
27
27
|
}
|
|
28
|
-
catch
|
|
28
|
+
catch {
|
|
29
29
|
return null;
|
|
30
30
|
}
|
|
31
31
|
}
|
|
@@ -63,7 +63,10 @@ export function createTokenCycler(credential, tokenCyclerOptions) {
|
|
|
63
63
|
let refreshWorker = null;
|
|
64
64
|
let token = null;
|
|
65
65
|
let tenantId;
|
|
66
|
-
const options =
|
|
66
|
+
const options = {
|
|
67
|
+
...DEFAULT_CYCLER_OPTIONS,
|
|
68
|
+
...tokenCyclerOptions,
|
|
69
|
+
};
|
|
67
70
|
/**
|
|
68
71
|
* This little holder defines several predicates that we use to construct
|
|
69
72
|
* the rules of refreshing the token.
|
|
@@ -80,14 +83,13 @@ export function createTokenCycler(credential, tokenCyclerOptions) {
|
|
|
80
83
|
* window and not already refreshing)
|
|
81
84
|
*/
|
|
82
85
|
get shouldRefresh() {
|
|
83
|
-
var _a;
|
|
84
86
|
if (cycler.isRefreshing) {
|
|
85
87
|
return false;
|
|
86
88
|
}
|
|
87
|
-
if (
|
|
89
|
+
if (token?.refreshAfterTimestamp && token.refreshAfterTimestamp < Date.now()) {
|
|
88
90
|
return true;
|
|
89
91
|
}
|
|
90
|
-
return (
|
|
92
|
+
return (token?.expiresOnTimestamp ?? 0) - options.refreshWindowInMs < Date.now();
|
|
91
93
|
},
|
|
92
94
|
/**
|
|
93
95
|
* Produces true if the cycler MUST refresh (null or nearly-expired
|
|
@@ -102,7 +104,6 @@ export function createTokenCycler(credential, tokenCyclerOptions) {
|
|
|
102
104
|
* running.
|
|
103
105
|
*/
|
|
104
106
|
function refresh(scopes, getTokenOptions) {
|
|
105
|
-
var _a;
|
|
106
107
|
if (!cycler.isRefreshing) {
|
|
107
108
|
// We bind `scopes` here to avoid passing it around a lot
|
|
108
109
|
const tryGetAccessToken = () => credential.getToken(scopes, getTokenOptions);
|
|
@@ -110,7 +111,7 @@ export function createTokenCycler(credential, tokenCyclerOptions) {
|
|
|
110
111
|
// before the refresh can be considered done.
|
|
111
112
|
refreshWorker = beginRefresh(tryGetAccessToken, options.retryIntervalInMs,
|
|
112
113
|
// If we don't have a token, then we should timeout immediately
|
|
113
|
-
|
|
114
|
+
token?.expiresOnTimestamp ?? Date.now())
|
|
114
115
|
.then((_token) => {
|
|
115
116
|
refreshWorker = null;
|
|
116
117
|
token = _token;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenCycler.js","sourceRoot":"","sources":["../../../src/util/tokenCycler.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAkCzC,sDAAsD;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAuB;IACxD,uBAAuB,EAAE,IAAI,EAAE,0DAA0D;IACzF,iBAAiB,EAAE,IAAI,EAAE,kCAAkC;IAC3D,iBAAiB,EAAE,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,oCAAoC;CACvE,CAAC;AAEF;;;;;;;;;GASG;AACH,KAAK,UAAU,YAAY,CACzB,cAAiD,EACjD,iBAAyB,EACzB,cAAsB;IAEtB,4EAA4E;IAC5E,eAAe;IACf,KAAK,UAAU,iBAAiB;QAC9B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,OAAO,MAAM,cAAc,EAAE,CAAC;YAChC,CAAC;YAAC,WAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,cAAc,EAAE,CAAC;YAE1C,6CAA6C;YAC7C,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAED,IAAI,KAAK,GAAuB,MAAM,iBAAiB,EAAE,CAAC;IAE1D,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAE/B,KAAK,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAA2B,EAC3B,kBAAgD;IAEhD,IAAI,aAAa,GAAgC,IAAI,CAAC;IACtD,IAAI,KAAK,GAAuB,IAAI,CAAC;IACrC,IAAI,QAA4B,CAAC;IAEjC,MAAM,OAAO,mCACR,sBAAsB,GACtB,kBAAkB,CACtB,CAAC;IAEF;;;OAGG;IACH,MAAM,MAAM,GAAG;QACb;;WAEG;QACH,IAAI,YAAY;YACd,OAAO,aAAa,KAAK,IAAI,CAAC;QAChC,CAAC;QACD;;;WAGG;QACH,IAAI,aAAa;;YACf,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,qBAAqB,KAAI,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC7E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,CAAC,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,kBAAkB,mCAAI,CAAC,CAAC,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnF,CAAC;QACD;;;WAGG;QACH,IAAI,WAAW;YACb,OAAO,CACL,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,kBAAkB,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,GAAG,EAAE,CAC1F,CAAC;QACJ,CAAC;KACF,CAAC;IAEF;;;OAGG;IACH,SAAS,OAAO,CACd,MAAyB,EACzB,eAAgC;;QAEhC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,yDAAyD;YACzD,MAAM,iBAAiB,GAAG,GAAgC,EAAE,CAC1D,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;YAE/C,wEAAwE;YACxE,6CAA6C;YAC7C,aAAa,GAAG,YAAY,CAC1B,iBAAiB,EACjB,OAAO,CAAC,iBAAiB;YACzB,+DAA+D;YAC/D,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,kBAAkB,mCAAI,IAAI,CAAC,GAAG,EAAE,CACxC;iBACE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,aAAa,GAAG,IAAI,CAAC;gBACrB,KAAK,GAAG,MAAM,CAAC;gBACf,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC;gBACpC,OAAO,KAAK,CAAC;YACf,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;gBAChB,sEAAsE;gBACtE,qEAAqE;gBACrE,mBAAmB;gBACnB,aAAa,GAAG,IAAI,CAAC;gBACrB,KAAK,GAAG,IAAI,CAAC;gBACb,QAAQ,GAAG,SAAS,CAAC;gBACrB,MAAM,MAAM,CAAC;YACf,CAAC,CAAC,CAAC;QACP,CAAC;QAED,OAAO,aAAqC,CAAC;IAC/C,CAAC;IAED,OAAO,KAAK,EAAE,MAAyB,EAAE,YAA6B,EAAwB,EAAE;QAC9F,EAAE;QACF,gBAAgB;QAChB,+DAA+D;QAC/D,6CAA6C;QAC7C,+DAA+D;QAC/D,yCAAyC;QACzC,6DAA6D;QAC7D,YAAY;QACZ,EAAE;QAEF,MAAM,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,eAAe,GAAG,QAAQ,KAAK,YAAY,CAAC,QAAQ,CAAC;QAE3D,IAAI,iBAAiB,EAAE,CAAC;YACtB,oEAAoE;YACpE,iGAAiG;YACjG,KAAK,GAAG,IAAI,CAAC;QACf,CAAC;QAED,0EAA0E;QAC1E,kHAAkH;QAClH,oDAAoD;QACpD,MAAM,WAAW,GAAG,eAAe,IAAI,iBAAiB,IAAI,MAAM,CAAC,WAAW,CAAC;QAE/E,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,KAAoB,CAAC;IAC9B,CAAC,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { delay } from \"@azure/core-util\";\n\n/**\n * A function that gets a promise of an access token and allows providing\n * options.\n *\n * @param options - the options to pass to the underlying token provider\n */\nexport type AccessTokenGetter = (\n scopes: string | string[],\n options: GetTokenOptions,\n) => Promise<AccessToken>;\n\nexport interface TokenCyclerOptions {\n /**\n * The window of time before token expiration during which the token will be\n * considered unusable due to risk of the token expiring before sending the\n * request.\n *\n * This will only become meaningful if the refresh fails for over\n * (refreshWindow - forcedRefreshWindow) milliseconds.\n */\n forcedRefreshWindowInMs: number;\n /**\n * Interval in milliseconds to retry failed token refreshes.\n */\n retryIntervalInMs: number;\n /**\n * The window of time before token expiration during which\n * we will attempt to refresh the token.\n */\n refreshWindowInMs: number;\n}\n\n// Default options for the cycler if none are provided\nexport const DEFAULT_CYCLER_OPTIONS: TokenCyclerOptions = {\n forcedRefreshWindowInMs: 1000, // Force waiting for a refresh 1s before the token expires\n retryIntervalInMs: 3000, // Allow refresh attempts every 3s\n refreshWindowInMs: 1000 * 60 * 2, // Start refreshing 2m before expiry\n};\n\n/**\n * Converts an an unreliable access token getter (which may resolve with null)\n * into an AccessTokenGetter by retrying the unreliable getter in a regular\n * interval.\n *\n * @param getAccessToken - A function that produces a promise of an access token that may fail by returning null.\n * @param retryIntervalInMs - The time (in milliseconds) to wait between retry attempts.\n * @param refreshTimeout - The timestamp after which the refresh attempt will fail, throwing an exception.\n * @returns - A promise that, if it resolves, will resolve with an access token.\n */\nasync function beginRefresh(\n getAccessToken: () => Promise<AccessToken | null>,\n retryIntervalInMs: number,\n refreshTimeout: number,\n): Promise<AccessToken> {\n // This wrapper handles exceptions gracefully as long as we haven't exceeded\n // the timeout.\n async function tryGetAccessToken(): Promise<AccessToken | null> {\n if (Date.now() < refreshTimeout) {\n try {\n return await getAccessToken();\n } catch {\n return null;\n }\n } else {\n const finalToken = await getAccessToken();\n\n // Timeout is up, so throw if it's still null\n if (finalToken === null) {\n throw new Error(\"Failed to refresh access token.\");\n }\n\n return finalToken;\n }\n }\n\n let token: AccessToken | null = await tryGetAccessToken();\n\n while (token === null) {\n await delay(retryIntervalInMs);\n\n token = await tryGetAccessToken();\n }\n\n return token;\n}\n\n/**\n * Creates a token cycler from a credential, scopes, and optional settings.\n *\n * A token cycler represents a way to reliably retrieve a valid access token\n * from a TokenCredential. It will handle initializing the token, refreshing it\n * when it nears expiration, and synchronizes refresh attempts to avoid\n * concurrency hazards.\n *\n * @param credential - the underlying TokenCredential that provides the access\n * token\n * @param tokenCyclerOptions - optionally override default settings for the cycler\n *\n * @returns - a function that reliably produces a valid access token\n */\nexport function createTokenCycler(\n credential: TokenCredential,\n tokenCyclerOptions?: Partial<TokenCyclerOptions>,\n): AccessTokenGetter {\n let refreshWorker: Promise<AccessToken> | null = null;\n let token: AccessToken | null = null;\n let tenantId: string | undefined;\n\n const options = {\n ...DEFAULT_CYCLER_OPTIONS,\n ...tokenCyclerOptions,\n };\n\n /**\n * This little holder defines several predicates that we use to construct\n * the rules of refreshing the token.\n */\n const cycler = {\n /**\n * Produces true if a refresh job is currently in progress.\n */\n get isRefreshing(): boolean {\n return refreshWorker !== null;\n },\n /**\n * Produces true if the cycler SHOULD refresh (we are within the refresh\n * window and not already refreshing)\n */\n get shouldRefresh(): boolean {\n if (cycler.isRefreshing) {\n return false;\n }\n if (token?.refreshAfterTimestamp && token.refreshAfterTimestamp < Date.now()) {\n return true;\n }\n\n return (token?.expiresOnTimestamp ?? 0) - options.refreshWindowInMs < Date.now();\n },\n /**\n * Produces true if the cycler MUST refresh (null or nearly-expired\n * token).\n */\n get mustRefresh(): boolean {\n return (\n token === null || token.expiresOnTimestamp - options.forcedRefreshWindowInMs < Date.now()\n );\n },\n };\n\n /**\n * Starts a refresh job or returns the existing job if one is already\n * running.\n */\n function refresh(\n scopes: string | string[],\n getTokenOptions: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!cycler.isRefreshing) {\n // We bind `scopes` here to avoid passing it around a lot\n const tryGetAccessToken = (): Promise<AccessToken | null> =>\n credential.getToken(scopes, getTokenOptions);\n\n // Take advantage of promise chaining to insert an assignment to `token`\n // before the refresh can be considered done.\n refreshWorker = beginRefresh(\n tryGetAccessToken,\n options.retryIntervalInMs,\n // If we don't have a token, then we should timeout immediately\n token?.expiresOnTimestamp ?? Date.now(),\n )\n .then((_token) => {\n refreshWorker = null;\n token = _token;\n tenantId = getTokenOptions.tenantId;\n return token;\n })\n .catch((reason) => {\n // We also should reset the refresher if we enter a failed state. All\n // existing awaiters will throw, but subsequent requests will start a\n // new retry chain.\n refreshWorker = null;\n token = null;\n tenantId = undefined;\n throw reason;\n });\n }\n\n return refreshWorker as Promise<AccessToken>;\n }\n\n return async (scopes: string | string[], tokenOptions: GetTokenOptions): Promise<AccessToken> => {\n //\n // Simple rules:\n // - If we MUST refresh, then return the refresh task, blocking\n // the pipeline until a token is available.\n // - If we SHOULD refresh, then run refresh but don't return it\n // (we can still use the cached token).\n // - Return the token, since it's fine if we didn't return in\n // step 1.\n //\n\n const hasClaimChallenge = Boolean(tokenOptions.claims);\n const tenantIdChanged = tenantId !== tokenOptions.tenantId;\n\n if (hasClaimChallenge) {\n // If we've received a claim, we know the existing token isn't valid\n // We want to clear it so that that refresh worker won't use the old expiration time as a timeout\n token = null;\n }\n\n // If the tenantId passed in token options is different to the one we have\n // Or if we are in claim challenge and the token was rejected and a new access token need to be issued, we need to\n // refresh the token with the new tenantId or token.\n const mustRefresh = tenantIdChanged || hasClaimChallenge || cycler.mustRefresh;\n\n if (mustRefresh) {\n return refresh(scopes, tokenOptions);\n }\n\n if (cycler.shouldRefresh) {\n refresh(scopes, tokenOptions);\n }\n\n return token as AccessToken;\n };\n}\n"]}
|
|
1
|
+
{"version":3,"file":"tokenCycler.js","sourceRoot":"","sources":["../../../src/util/tokenCycler.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAkCzC,sDAAsD;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAuB;IACxD,uBAAuB,EAAE,IAAI,EAAE,0DAA0D;IACzF,iBAAiB,EAAE,IAAI,EAAE,kCAAkC;IAC3D,iBAAiB,EAAE,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,oCAAoC;CACvE,CAAC;AAEF;;;;;;;;;GASG;AACH,KAAK,UAAU,YAAY,CACzB,cAAiD,EACjD,iBAAyB,EACzB,cAAsB;IAEtB,4EAA4E;IAC5E,eAAe;IACf,KAAK,UAAU,iBAAiB;QAC9B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,OAAO,MAAM,cAAc,EAAE,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,cAAc,EAAE,CAAC;YAE1C,6CAA6C;YAC7C,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAED,IAAI,KAAK,GAAuB,MAAM,iBAAiB,EAAE,CAAC;IAE1D,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAE/B,KAAK,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAA2B,EAC3B,kBAAgD;IAEhD,IAAI,aAAa,GAAgC,IAAI,CAAC;IACtD,IAAI,KAAK,GAAuB,IAAI,CAAC;IACrC,IAAI,QAA4B,CAAC;IAEjC,MAAM,OAAO,GAAG;QACd,GAAG,sBAAsB;QACzB,GAAG,kBAAkB;KACtB,CAAC;IAEF;;;OAGG;IACH,MAAM,MAAM,GAAG;QACb;;WAEG;QACH,IAAI,YAAY;YACd,OAAO,aAAa,KAAK,IAAI,CAAC;QAChC,CAAC;QACD;;;WAGG;QACH,IAAI,aAAa;YACf,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,KAAK,EAAE,qBAAqB,IAAI,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC7E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,CAAC,KAAK,EAAE,kBAAkB,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnF,CAAC;QACD;;;WAGG;QACH,IAAI,WAAW;YACb,OAAO,CACL,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,kBAAkB,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,GAAG,EAAE,CAC1F,CAAC;QACJ,CAAC;KACF,CAAC;IAEF;;;OAGG;IACH,SAAS,OAAO,CACd,MAAyB,EACzB,eAAgC;QAEhC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,yDAAyD;YACzD,MAAM,iBAAiB,GAAG,GAAgC,EAAE,CAC1D,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;YAE/C,wEAAwE;YACxE,6CAA6C;YAC7C,aAAa,GAAG,YAAY,CAC1B,iBAAiB,EACjB,OAAO,CAAC,iBAAiB;YACzB,+DAA+D;YAC/D,KAAK,EAAE,kBAAkB,IAAI,IAAI,CAAC,GAAG,EAAE,CACxC;iBACE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,aAAa,GAAG,IAAI,CAAC;gBACrB,KAAK,GAAG,MAAM,CAAC;gBACf,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC;gBACpC,OAAO,KAAK,CAAC;YACf,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;gBAChB,sEAAsE;gBACtE,qEAAqE;gBACrE,mBAAmB;gBACnB,aAAa,GAAG,IAAI,CAAC;gBACrB,KAAK,GAAG,IAAI,CAAC;gBACb,QAAQ,GAAG,SAAS,CAAC;gBACrB,MAAM,MAAM,CAAC;YACf,CAAC,CAAC,CAAC;QACP,CAAC;QAED,OAAO,aAAqC,CAAC;IAC/C,CAAC;IAED,OAAO,KAAK,EAAE,MAAyB,EAAE,YAA6B,EAAwB,EAAE;QAC9F,EAAE;QACF,gBAAgB;QAChB,+DAA+D;QAC/D,6CAA6C;QAC7C,+DAA+D;QAC/D,yCAAyC;QACzC,6DAA6D;QAC7D,YAAY;QACZ,EAAE;QAEF,MAAM,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,eAAe,GAAG,QAAQ,KAAK,YAAY,CAAC,QAAQ,CAAC;QAE3D,IAAI,iBAAiB,EAAE,CAAC;YACtB,oEAAoE;YACpE,iGAAiG;YACjG,KAAK,GAAG,IAAI,CAAC;QACf,CAAC;QAED,0EAA0E;QAC1E,kHAAkH;QAClH,oDAAoD;QACpD,MAAM,WAAW,GAAG,eAAe,IAAI,iBAAiB,IAAI,MAAM,CAAC,WAAW,CAAC;QAE/E,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,KAAoB,CAAC;IAC9B,CAAC,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { delay } from \"@azure/core-util\";\n\n/**\n * A function that gets a promise of an access token and allows providing\n * options.\n *\n * @param options - the options to pass to the underlying token provider\n */\nexport type AccessTokenGetter = (\n scopes: string | string[],\n options: GetTokenOptions,\n) => Promise<AccessToken>;\n\nexport interface TokenCyclerOptions {\n /**\n * The window of time before token expiration during which the token will be\n * considered unusable due to risk of the token expiring before sending the\n * request.\n *\n * This will only become meaningful if the refresh fails for over\n * (refreshWindow - forcedRefreshWindow) milliseconds.\n */\n forcedRefreshWindowInMs: number;\n /**\n * Interval in milliseconds to retry failed token refreshes.\n */\n retryIntervalInMs: number;\n /**\n * The window of time before token expiration during which\n * we will attempt to refresh the token.\n */\n refreshWindowInMs: number;\n}\n\n// Default options for the cycler if none are provided\nexport const DEFAULT_CYCLER_OPTIONS: TokenCyclerOptions = {\n forcedRefreshWindowInMs: 1000, // Force waiting for a refresh 1s before the token expires\n retryIntervalInMs: 3000, // Allow refresh attempts every 3s\n refreshWindowInMs: 1000 * 60 * 2, // Start refreshing 2m before expiry\n};\n\n/**\n * Converts an an unreliable access token getter (which may resolve with null)\n * into an AccessTokenGetter by retrying the unreliable getter in a regular\n * interval.\n *\n * @param getAccessToken - A function that produces a promise of an access token that may fail by returning null.\n * @param retryIntervalInMs - The time (in milliseconds) to wait between retry attempts.\n * @param refreshTimeout - The timestamp after which the refresh attempt will fail, throwing an exception.\n * @returns - A promise that, if it resolves, will resolve with an access token.\n */\nasync function beginRefresh(\n getAccessToken: () => Promise<AccessToken | null>,\n retryIntervalInMs: number,\n refreshTimeout: number,\n): Promise<AccessToken> {\n // This wrapper handles exceptions gracefully as long as we haven't exceeded\n // the timeout.\n async function tryGetAccessToken(): Promise<AccessToken | null> {\n if (Date.now() < refreshTimeout) {\n try {\n return await getAccessToken();\n } catch {\n return null;\n }\n } else {\n const finalToken = await getAccessToken();\n\n // Timeout is up, so throw if it's still null\n if (finalToken === null) {\n throw new Error(\"Failed to refresh access token.\");\n }\n\n return finalToken;\n }\n }\n\n let token: AccessToken | null = await tryGetAccessToken();\n\n while (token === null) {\n await delay(retryIntervalInMs);\n\n token = await tryGetAccessToken();\n }\n\n return token;\n}\n\n/**\n * Creates a token cycler from a credential, scopes, and optional settings.\n *\n * A token cycler represents a way to reliably retrieve a valid access token\n * from a TokenCredential. It will handle initializing the token, refreshing it\n * when it nears expiration, and synchronizes refresh attempts to avoid\n * concurrency hazards.\n *\n * @param credential - the underlying TokenCredential that provides the access\n * token\n * @param tokenCyclerOptions - optionally override default settings for the cycler\n *\n * @returns - a function that reliably produces a valid access token\n */\nexport function createTokenCycler(\n credential: TokenCredential,\n tokenCyclerOptions?: Partial<TokenCyclerOptions>,\n): AccessTokenGetter {\n let refreshWorker: Promise<AccessToken> | null = null;\n let token: AccessToken | null = null;\n let tenantId: string | undefined;\n\n const options = {\n ...DEFAULT_CYCLER_OPTIONS,\n ...tokenCyclerOptions,\n };\n\n /**\n * This little holder defines several predicates that we use to construct\n * the rules of refreshing the token.\n */\n const cycler = {\n /**\n * Produces true if a refresh job is currently in progress.\n */\n get isRefreshing(): boolean {\n return refreshWorker !== null;\n },\n /**\n * Produces true if the cycler SHOULD refresh (we are within the refresh\n * window and not already refreshing)\n */\n get shouldRefresh(): boolean {\n if (cycler.isRefreshing) {\n return false;\n }\n if (token?.refreshAfterTimestamp && token.refreshAfterTimestamp < Date.now()) {\n return true;\n }\n\n return (token?.expiresOnTimestamp ?? 0) - options.refreshWindowInMs < Date.now();\n },\n /**\n * Produces true if the cycler MUST refresh (null or nearly-expired\n * token).\n */\n get mustRefresh(): boolean {\n return (\n token === null || token.expiresOnTimestamp - options.forcedRefreshWindowInMs < Date.now()\n );\n },\n };\n\n /**\n * Starts a refresh job or returns the existing job if one is already\n * running.\n */\n function refresh(\n scopes: string | string[],\n getTokenOptions: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!cycler.isRefreshing) {\n // We bind `scopes` here to avoid passing it around a lot\n const tryGetAccessToken = (): Promise<AccessToken | null> =>\n credential.getToken(scopes, getTokenOptions);\n\n // Take advantage of promise chaining to insert an assignment to `token`\n // before the refresh can be considered done.\n refreshWorker = beginRefresh(\n tryGetAccessToken,\n options.retryIntervalInMs,\n // If we don't have a token, then we should timeout immediately\n token?.expiresOnTimestamp ?? Date.now(),\n )\n .then((_token) => {\n refreshWorker = null;\n token = _token;\n tenantId = getTokenOptions.tenantId;\n return token;\n })\n .catch((reason) => {\n // We also should reset the refresher if we enter a failed state. All\n // existing awaiters will throw, but subsequent requests will start a\n // new retry chain.\n refreshWorker = null;\n token = null;\n tenantId = undefined;\n throw reason;\n });\n }\n\n return refreshWorker as Promise<AccessToken>;\n }\n\n return async (scopes: string | string[], tokenOptions: GetTokenOptions): Promise<AccessToken> => {\n //\n // Simple rules:\n // - If we MUST refresh, then return the refresh task, blocking\n // the pipeline until a token is available.\n // - If we SHOULD refresh, then run refresh but don't return it\n // (we can still use the cached token).\n // - Return the token, since it's fine if we didn't return in\n // step 1.\n //\n\n const hasClaimChallenge = Boolean(tokenOptions.claims);\n const tenantIdChanged = tenantId !== tokenOptions.tenantId;\n\n if (hasClaimChallenge) {\n // If we've received a claim, we know the existing token isn't valid\n // We want to clear it so that that refresh worker won't use the old expiration time as a timeout\n token = null;\n }\n\n // If the tenantId passed in token options is different to the one we have\n // Or if we are in claim challenge and the token was rejected and a new access token need to be issued, we need to\n // refresh the token with the new tenantId or token.\n const mustRefresh = tenantIdChanged || hasClaimChallenge || cycler.mustRefresh;\n\n if (mustRefresh) {\n return refresh(scopes, tokenOptions);\n }\n\n if (cycler.shouldRefresh) {\n refresh(scopes, tokenOptions);\n }\n\n return token as AccessToken;\n };\n}\n"]}
|
|
@@ -20,7 +20,6 @@ import { wrapAbortSignalLikePolicy } from "./policies/wrapAbortSignalLikePolicy.
|
|
|
20
20
|
* @param options - Options to configure a custom pipeline.
|
|
21
21
|
*/
|
|
22
22
|
export function createPipelineFromOptions(options) {
|
|
23
|
-
var _a;
|
|
24
23
|
const pipeline = createEmptyPipeline();
|
|
25
24
|
if (isNodeLike) {
|
|
26
25
|
if (options.agent) {
|
|
@@ -35,13 +34,13 @@ export function createPipelineFromOptions(options) {
|
|
|
35
34
|
pipeline.addPolicy(wrapAbortSignalLikePolicy());
|
|
36
35
|
pipeline.addPolicy(formDataPolicy(), { beforePolicies: [multipartPolicyName] });
|
|
37
36
|
pipeline.addPolicy(userAgentPolicy(options.userAgentOptions));
|
|
38
|
-
pipeline.addPolicy(setClientRequestIdPolicy(
|
|
37
|
+
pipeline.addPolicy(setClientRequestIdPolicy(options.telemetryOptions?.clientRequestIdHeaderName));
|
|
39
38
|
// The multipart policy is added after policies with no phase, so that
|
|
40
39
|
// policies can be added between it and formDataPolicy to modify
|
|
41
40
|
// properties (e.g., making the boundary constant in recorded tests).
|
|
42
41
|
pipeline.addPolicy(multipartPolicy(), { afterPhase: "Deserialize" });
|
|
43
42
|
pipeline.addPolicy(defaultRetryPolicy(options.retryOptions), { phase: "Retry" });
|
|
44
|
-
pipeline.addPolicy(tracingPolicy(
|
|
43
|
+
pipeline.addPolicy(tracingPolicy({ ...options.userAgentOptions, ...options.loggingOptions }), {
|
|
45
44
|
afterPhase: "Retry",
|
|
46
45
|
});
|
|
47
46
|
if (isNodeLike) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createPipelineFromOptions.js","sourceRoot":"","sources":["../../src/createPipelineFromOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAyB,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAiB,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEnE,OAAO,EAA8B,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC1F,OAAO,EAA+B,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAC7F,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACrF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AA4DpF;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgC
|
|
1
|
+
{"version":3,"file":"createPipelineFromOptions.js","sourceRoot":"","sources":["../../src/createPipelineFromOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAyB,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAiB,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEnE,OAAO,EAA8B,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC1F,OAAO,EAA+B,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAC7F,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACrF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AA4DpF;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgC;IACxE,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IAEvC,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QACtD,QAAQ,CAAC,SAAS,CAAC,wBAAwB,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,QAAQ,CAAC,SAAS,CAAC,yBAAyB,EAAE,CAAC,CAAC;IAEhD,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;IAChF,QAAQ,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9D,QAAQ,CAAC,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,gBAAgB,EAAE,yBAAyB,CAAC,CAAC,CAAC;IAClG,sEAAsE;IACtE,gEAAgE;IAChE,qEAAqE;IACrE,QAAQ,CAAC,SAAS,CAAC,eAAe,EAAE,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;IACrE,QAAQ,CAAC,SAAS,CAAC,kBAAkB,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACjF,QAAQ,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,GAAG,OAAO,CAAC,gBAAgB,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,EAAE;QAC5F,UAAU,EAAE,OAAO;KACpB,CAAC,CAAC;IACH,IAAI,UAAU,EAAE,CAAC;QACf,+DAA+D;QAC/D,kDAAkD;QAClD,QAAQ,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;IAE9E,OAAO,QAAQ,CAAC;AAClB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { type LogPolicyOptions, logPolicy } from \"./policies/logPolicy.js\";\nimport { type Pipeline, createEmptyPipeline } from \"./pipeline.js\";\nimport type { Agent, PipelineRetryOptions, ProxySettings, TlsSettings } from \"./interfaces.js\";\nimport { type RedirectPolicyOptions, redirectPolicy } from \"./policies/redirectPolicy.js\";\nimport { type UserAgentPolicyOptions, userAgentPolicy } from \"./policies/userAgentPolicy.js\";\nimport { multipartPolicy, multipartPolicyName } from \"./policies/multipartPolicy.js\";\nimport { decompressResponsePolicy } from \"./policies/decompressResponsePolicy.js\";\nimport { defaultRetryPolicy } from \"./policies/defaultRetryPolicy.js\";\nimport { formDataPolicy } from \"./policies/formDataPolicy.js\";\nimport { isNodeLike } from \"@azure/core-util\";\nimport { proxyPolicy } from \"./policies/proxyPolicy.js\";\nimport { setClientRequestIdPolicy } from \"./policies/setClientRequestIdPolicy.js\";\nimport { agentPolicy } from \"./policies/agentPolicy.js\";\nimport { tlsPolicy } from \"./policies/tlsPolicy.js\";\nimport { tracingPolicy } from \"./policies/tracingPolicy.js\";\nimport { wrapAbortSignalLikePolicy } from \"./policies/wrapAbortSignalLikePolicy.js\";\n\n/**\n * Defines options that are used to configure the HTTP pipeline for\n * an SDK client.\n */\nexport interface PipelineOptions {\n /**\n * Options that control how to retry failed requests.\n */\n retryOptions?: PipelineRetryOptions;\n\n /**\n * Options to configure a proxy for outgoing requests.\n */\n proxyOptions?: ProxySettings;\n\n /** Options for configuring Agent instance for outgoing requests */\n agent?: Agent;\n\n /** Options for configuring TLS authentication */\n tlsOptions?: TlsSettings;\n\n /**\n * Options for how redirect responses are handled.\n */\n redirectOptions?: RedirectPolicyOptions;\n\n /**\n * Options for adding user agent details to outgoing requests.\n */\n userAgentOptions?: UserAgentPolicyOptions;\n\n /**\n * Options for setting common telemetry and tracing info to outgoing requests.\n */\n telemetryOptions?: TelemetryOptions;\n}\n\n/**\n * Defines options that are used to configure common telemetry and tracing info\n */\nexport interface TelemetryOptions {\n /**\n * The name of the header to pass the request ID to.\n */\n clientRequestIdHeaderName?: string;\n}\n\n/**\n * Defines options that are used to configure internal options of\n * the HTTP pipeline for an SDK client.\n */\nexport interface InternalPipelineOptions extends PipelineOptions {\n /**\n * Options to configure request/response logging.\n */\n loggingOptions?: LogPolicyOptions;\n}\n\n/**\n * Create a new pipeline with a default set of customizable policies.\n * @param options - Options to configure a custom pipeline.\n */\nexport function createPipelineFromOptions(options: InternalPipelineOptions): Pipeline {\n const pipeline = createEmptyPipeline();\n\n if (isNodeLike) {\n if (options.agent) {\n pipeline.addPolicy(agentPolicy(options.agent));\n }\n if (options.tlsOptions) {\n pipeline.addPolicy(tlsPolicy(options.tlsOptions));\n }\n pipeline.addPolicy(proxyPolicy(options.proxyOptions));\n pipeline.addPolicy(decompressResponsePolicy());\n }\n\n pipeline.addPolicy(wrapAbortSignalLikePolicy());\n\n pipeline.addPolicy(formDataPolicy(), { beforePolicies: [multipartPolicyName] });\n pipeline.addPolicy(userAgentPolicy(options.userAgentOptions));\n pipeline.addPolicy(setClientRequestIdPolicy(options.telemetryOptions?.clientRequestIdHeaderName));\n // The multipart policy is added after policies with no phase, so that\n // policies can be added between it and formDataPolicy to modify\n // properties (e.g., making the boundary constant in recorded tests).\n pipeline.addPolicy(multipartPolicy(), { afterPhase: \"Deserialize\" });\n pipeline.addPolicy(defaultRetryPolicy(options.retryOptions), { phase: \"Retry\" });\n pipeline.addPolicy(tracingPolicy({ ...options.userAgentOptions, ...options.loggingOptions }), {\n afterPhase: \"Retry\",\n });\n if (isNodeLike) {\n // Both XHR and Fetch expect to handle redirects automatically,\n // so only include this policy when we're in Node.\n pipeline.addPolicy(redirectPolicy(options.redirectOptions), { afterPhase: \"Retry\" });\n }\n pipeline.addPolicy(logPolicy(options.loggingOptions), { afterPhase: \"Sign\" });\n\n return pipeline;\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultHttpClient.js","sourceRoot":"","sources":["../../src/defaultHttpClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,IAAI,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;IAC5C,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,OAAO;YACvB,4FAA4F;YAC5F,mFAAmF;YACnF,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,WAAW;gBAClD,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC1C,CAAC,CAAC,EAAE,CAAC;YACP,IAAI,CAAC;gBACH,6CAA6C;gBAC7C,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;gBAClC,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,OAA6B,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,OAAO,
|
|
1
|
+
{"version":3,"file":"defaultHttpClient.js","sourceRoot":"","sources":["../../src/defaultHttpClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,uBAAuB,IAAI,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;IAC5C,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,OAAO;YACvB,4FAA4F;YAC5F,mFAAmF;YACnF,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,WAAW;gBAClD,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC1C,CAAC,CAAC,EAAE,CAAC;YACP,IAAI,CAAC;gBACH,6CAA6C;gBAC7C,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;gBAClC,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,OAA6B,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,EAAE,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { HttpClient } from \"./interfaces.js\";\nimport { createDefaultHttpClient as tspCreateDefaultHttpClient } from \"@typespec/ts-http-runtime\";\nimport { wrapAbortSignalLike } from \"./util/wrapAbortSignal.js\";\nimport { type PipelineRequest as TspPipelineRequest } from \"@typespec/ts-http-runtime\";\n\n/**\n * Create the correct HttpClient for the current environment.\n */\nexport function createDefaultHttpClient(): HttpClient {\n const client = tspCreateDefaultHttpClient();\n return {\n async sendRequest(request) {\n // we wrap any AbortSignalLike here since the TypeSpec runtime expects a native AbortSignal.\n // 99% of the time, this should be a no-op since a native AbortSignal is passed in.\n const { abortSignal, cleanup } = request.abortSignal\n ? wrapAbortSignalLike(request.abortSignal)\n : {};\n try {\n // eslint-disable-next-line no-param-reassign\n request.abortSignal = abortSignal;\n return await client.sendRequest(request as TspPipelineRequest);\n } finally {\n cleanup?.();\n }\n },\n };\n}\n"]}
|
|
@@ -8,13 +8,12 @@ import { logger as coreLogger } from "../log.js";
|
|
|
8
8
|
export const auxiliaryAuthenticationHeaderPolicyName = "auxiliaryAuthenticationHeaderPolicy";
|
|
9
9
|
const AUTHORIZATION_AUXILIARY_HEADER = "x-ms-authorization-auxiliary";
|
|
10
10
|
async function sendAuthorizeRequest(options) {
|
|
11
|
-
var _a, _b;
|
|
12
11
|
const { scopes, getAccessToken, request } = options;
|
|
13
12
|
const getTokenOptions = {
|
|
14
13
|
abortSignal: request.abortSignal,
|
|
15
14
|
tracingOptions: request.tracingOptions,
|
|
16
15
|
};
|
|
17
|
-
return (
|
|
16
|
+
return (await getAccessToken(scopes, getTokenOptions))?.token ?? "";
|
|
18
17
|
}
|
|
19
18
|
/**
|
|
20
19
|
* A policy for external tokens to `x-ms-authorization-auxiliary` header.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auxiliaryAuthenticationHeaderPolicy.js","sourceRoot":"","sources":["../../../src/policies/auxiliaryAuthenticationHeaderPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAA0B,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACnF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAGjD;;GAEG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,qCAAqC,CAAC;AAC7F,MAAM,8BAA8B,GAAG,8BAA8B,CAAC;AAqBtE,KAAK,UAAU,oBAAoB,CAAC,OAAgC
|
|
1
|
+
{"version":3,"file":"auxiliaryAuthenticationHeaderPolicy.js","sourceRoot":"","sources":["../../../src/policies/auxiliaryAuthenticationHeaderPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAA0B,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACnF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAGjD;;GAEG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAG,qCAAqC,CAAC;AAC7F,MAAM,8BAA8B,GAAG,8BAA8B,CAAC;AAqBtE,KAAK,UAAU,oBAAoB,CAAC,OAAgC;IAClE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,CAAC;IAEF,OAAO,CAAC,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;AACtE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mCAAmC,CACjD,OAAmD;IAEnD,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,cAAc,GAAG,IAAI,OAAO,EAAsC,CAAC;IAEzE,OAAO;QACL,IAAI,EAAE,uCAAuC;QAC7C,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,2GAA2G,CAC5G,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,IAAI,CACT,GAAG,uCAAuC,mDAAmD,CAC9F,CAAC;gBACF,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,MAAM,aAAa,GAAsB,EAAE,CAAC;YAC5C,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,IAAI,cAAc,GAAG,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACpD,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,cAAc,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;oBAC/C,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjD,CAAC;gBACD,aAAa,CAAC,IAAI,CAChB,oBAAoB,CAAC;oBACnB,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;oBACjD,OAAO;oBACP,cAAc;oBACd,MAAM;iBACP,CAAC,CACH,CAAC;YACJ,CAAC;YACD,MAAM,eAAe,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;YAC7F,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,OAAO,CACZ,2CAA2C,8BAA8B,0BAA0B,CACpG,CAAC;gBACF,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YACD,OAAO,CAAC,OAAO,CAAC,GAAG,CACjB,8BAA8B,EAC9B,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAC7D,CAAC;YAEF,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { type AccessTokenGetter, createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { AuthorizeRequestOptions } from \"./bearerTokenAuthenticationPolicy.js\";\n\n/**\n * The programmatic identifier of the auxiliaryAuthenticationHeaderPolicy.\n */\nexport const auxiliaryAuthenticationHeaderPolicyName = \"auxiliaryAuthenticationHeaderPolicy\";\nconst AUTHORIZATION_AUXILIARY_HEADER = \"x-ms-authorization-auxiliary\";\n\n/**\n * Options to configure the auxiliaryAuthenticationHeaderPolicy\n */\nexport interface AuxiliaryAuthenticationHeaderPolicyOptions {\n /**\n * TokenCredential list used to get token from auxiliary tenants and\n * one credential for each tenant the client may need to access\n */\n credentials?: TokenCredential[];\n /**\n * Scopes depend on the cloud your application runs in\n */\n scopes: string | string[];\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n\nasync function sendAuthorizeRequest(options: AuthorizeRequestOptions): Promise<string> {\n const { scopes, getAccessToken, request } = options;\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n };\n\n return (await getAccessToken(scopes, getTokenOptions))?.token ?? \"\";\n}\n\n/**\n * A policy for external tokens to `x-ms-authorization-auxiliary` header.\n * This header will be used when creating a cross-tenant application we may need to handle authentication requests\n * for resources that are in different tenants.\n * You could see [ARM docs](https://learn.microsoft.com/azure/azure-resource-manager/management/authenticate-multi-tenant) for a rundown of how this feature works\n */\nexport function auxiliaryAuthenticationHeaderPolicy(\n options: AuxiliaryAuthenticationHeaderPolicyOptions,\n): PipelinePolicy {\n const { credentials, scopes } = options;\n const logger = options.logger || coreLogger;\n const tokenCyclerMap = new WeakMap<TokenCredential, AccessTokenGetter>();\n\n return {\n name: auxiliaryAuthenticationHeaderPolicyName,\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication for auxiliary header is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n if (!credentials || credentials.length === 0) {\n logger.info(\n `${auxiliaryAuthenticationHeaderPolicyName} header will not be set due to empty credentials.`,\n );\n return next(request);\n }\n\n const tokenPromises: Promise<string>[] = [];\n for (const credential of credentials) {\n let getAccessToken = tokenCyclerMap.get(credential);\n if (!getAccessToken) {\n getAccessToken = createTokenCycler(credential);\n tokenCyclerMap.set(credential, getAccessToken);\n }\n tokenPromises.push(\n sendAuthorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n }),\n );\n }\n const auxiliaryTokens = (await Promise.all(tokenPromises)).filter((token) => Boolean(token));\n if (auxiliaryTokens.length === 0) {\n logger.warning(\n `None of the auxiliary tokens are valid. ${AUTHORIZATION_AUXILIARY_HEADER} header will not be set.`,\n );\n return next(request);\n }\n request.headers.set(\n AUTHORIZATION_AUXILIARY_HEADER,\n auxiliaryTokens.map((token) => `Bearer ${token}`).join(\", \"),\n );\n\n return next(request);\n },\n };\n}\n"]}
|
|
@@ -58,7 +58,6 @@ function isChallengeResponse(response) {
|
|
|
58
58
|
* If this method returns true, the underlying request will be sent once again.
|
|
59
59
|
*/
|
|
60
60
|
async function authorizeRequestOnCaeChallenge(onChallengeOptions, caeClaims) {
|
|
61
|
-
var _a;
|
|
62
61
|
const { scopes } = onChallengeOptions;
|
|
63
62
|
const accessToken = await onChallengeOptions.getAccessToken(scopes, {
|
|
64
63
|
enableCae: true,
|
|
@@ -67,7 +66,7 @@ async function authorizeRequestOnCaeChallenge(onChallengeOptions, caeClaims) {
|
|
|
67
66
|
if (!accessToken) {
|
|
68
67
|
return false;
|
|
69
68
|
}
|
|
70
|
-
onChallengeOptions.request.headers.set("Authorization", `${
|
|
69
|
+
onChallengeOptions.request.headers.set("Authorization", `${accessToken.tokenType ?? "Bearer"} ${accessToken.token}`);
|
|
71
70
|
return true;
|
|
72
71
|
}
|
|
73
72
|
/**
|
|
@@ -75,12 +74,11 @@ async function authorizeRequestOnCaeChallenge(onChallengeOptions, caeClaims) {
|
|
|
75
74
|
* then apply it to the Authorization header of a request as a Bearer token.
|
|
76
75
|
*/
|
|
77
76
|
export function bearerTokenAuthenticationPolicy(options) {
|
|
78
|
-
var _a, _b, _c;
|
|
79
77
|
const { credential, scopes, challengeCallbacks } = options;
|
|
80
78
|
const logger = options.logger || coreLogger;
|
|
81
79
|
const callbacks = {
|
|
82
|
-
authorizeRequest:
|
|
83
|
-
authorizeRequestOnChallenge:
|
|
80
|
+
authorizeRequest: challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,
|
|
81
|
+
authorizeRequestOnChallenge: challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),
|
|
84
82
|
};
|
|
85
83
|
// This function encapsulates the entire process of reliably retrieving the token
|
|
86
84
|
// The options are left out of the public API until there's demand to configure this.
|
|
@@ -227,12 +225,11 @@ export function parseChallenges(challenges) {
|
|
|
227
225
|
* @internal
|
|
228
226
|
*/
|
|
229
227
|
function getCaeChallengeClaims(challenges) {
|
|
230
|
-
var _a;
|
|
231
228
|
if (!challenges) {
|
|
232
229
|
return;
|
|
233
230
|
}
|
|
234
231
|
// Find all challenges present in the header
|
|
235
232
|
const parsedChallenges = parseChallenges(challenges);
|
|
236
|
-
return
|
|
233
|
+
return parsedChallenges.find((x) => x.scheme === "Bearer" && x.params.claims && x.params.error === "insufficient_claims")?.params.claims;
|
|
237
234
|
}
|
|
238
235
|
//# sourceMappingURL=bearerTokenAuthenticationPolicy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,MAAA,WAAW,CAAC,SAAS,mCAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,MAAA,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,gBAAgB,0CAAE,IAAI,CAAC,kBAAkB,CAAC,mCAAI,uBAAuB;QAC3F,2BAA2B,EACzB,MAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,2BAA2B,0CAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,MAAA,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,0CAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
|
|
1
|
+
{"version":3,"file":"bearerTokenAuthenticationPolicy.js","sourceRoot":"","sources":["../../../src/policies/bearerTokenAuthenticationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,iCAAiC,CAAC;AA0FrF;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAwB,EACxB,IAAiB;IAEjB,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;AACH,CAAC;AACD;;GAEG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAgC;IACrE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACpD,6BAA6B;IAC7B,MAAM,eAAe,GAAoB;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAElE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAA0B;IACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,8BAA8B,CAC3C,kBAAsD,EACtD,SAAiB;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAEtC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE;QAClE,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CACpC,eAAe,EACf,GAAG,WAAW,CAAC,SAAS,IAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,EAAE,CAC5D,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAA+C;IAE/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;IAC5C,MAAM,SAAS,GAAG;QAChB,gBAAgB,EACd,kBAAkB,EAAE,gBAAgB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,uBAAuB;QAC3F,2BAA2B,EACzB,kBAAkB,EAAE,2BAA2B,EAAE,IAAI,CAAC,kBAAkB,CAAC;KAC5E,CAAC;IAEF,iFAAiF;IACjF,qFAAqF;IACrF,wFAAwF;IACxF,iDAAiD;IACjD,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC;;;;;;;;;;;;WAYG;QACH,KAAK,CAAC,WAAW,CAAC,OAAwB,EAAE,IAAiB;YAC3D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,OAAO;gBACP,cAAc;gBACd,MAAM;aACP,CAAC,CAAC;YAEH,IAAI,QAA0B,CAAC;YAC/B,IAAI,KAAwB,CAAC;YAC7B,IAAI,iBAA0B,CAAC;YAC/B,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAC7E,+CAA+C;gBAC/C,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,WAAmB,CAAC;oBACxB,iFAAiF;oBACjF,IAAI,CAAC;wBACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;wBACF,OAAO,QAAQ,CAAC;oBAClB,CAAC;oBACD,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;wBACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,QAAQ;wBACR,OAAO;wBACP,cAAc;wBACd,MAAM;qBACP,EACD,WAAW,CACZ,CAAC;oBACF,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,CAAC;oBACjD,gEAAgE;oBAChE,iBAAiB,GAAG,MAAM,SAAS,CAAC,2BAA2B,CAAC;wBAC9D,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBACjD,OAAO;wBACP,QAAQ;wBACR,cAAc;wBACd,MAAM;qBACP,CAAC,CAAC;oBAEH,yDAAyD;oBACzD,IAAI,iBAAiB,EAAE,CAAC;wBACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1D,CAAC;oBAED,0GAA0G;oBAC1G,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAW,CAAC,CAAC;wBACnF,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,WAAmB,CAAC;4BACxB,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;4BAC7B,CAAC;4BAAC,OAAO,CAAC,EAAE,CAAC;gCACX,MAAM,CAAC,OAAO,CACZ,mKAAmK,MAAM,EAAE,CAC5K,CAAC;gCACF,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,iBAAiB,GAAG,MAAM,8BAA8B,CACtD;gCACE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gCACjD,QAAQ;gCACR,OAAO;gCACP,cAAc;gCACd,MAAM;6BACP,EACD,WAAW,CACZ,CAAC;4BACF,yDAAyD;4BACzD,IAAI,iBAAiB,EAAE,CAAC;gCACtB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;4BAC1D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,yHAAyH;IACzH,wFAAwF;IACxF,MAAM,cAAc,GAAG,4CAA4C,CAAC;IACpE,sGAAsG;IACtG,wIAAwI;IACxI,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAEtC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,KAAK,CAAC;IAEV,oCAAoC;IACpC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,UAAU,CAAC;QAEf,oCAAoC;QACpC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,UAA8B;IAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,4CAA4C;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,gBAAgB,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,KAAK,qBAAqB,CAC5F,EAAE,MAAM,CAAC,MAAM,CAAC;AACnB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { AzureLogger } from \"@azure/logger\";\nimport type { PipelineRequest, PipelineResponse, SendRequest } from \"../interfaces.js\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { createTokenCycler } from \"../util/tokenCycler.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport type { RestError } from \"../restError.js\";\nimport { isRestError } from \"../restError.js\";\n\n/**\n * The programmatic identifier of the bearerTokenAuthenticationPolicy.\n */\nexport const bearerTokenAuthenticationPolicyName = \"bearerTokenAuthenticationPolicy\";\n\n/**\n * Options sent to the authorizeRequest callback\n */\nexport interface AuthorizeRequestOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options sent to the authorizeRequestOnChallenge callback\n */\nexport interface AuthorizeRequestOnChallengeOptions {\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string[];\n /**\n * Function that retrieves either a cached access token or a new access token.\n */\n getAccessToken: (scopes: string[], options: GetTokenOptions) => Promise<AccessToken | null>;\n /**\n * Request that the policy is trying to fulfill.\n */\n request: PipelineRequest;\n /**\n * Response containing the challenge.\n */\n response: PipelineResponse;\n /**\n * A logger, if one was sent through the HTTP pipeline.\n */\n logger?: AzureLogger;\n}\n\n/**\n * Options to override the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n */\nexport interface ChallengeCallbacks {\n /**\n * Allows for the authorization of the main request of this policy before it's sent.\n */\n authorizeRequest?(options: AuthorizeRequestOptions): Promise<void>;\n /**\n * Allows to handle authentication challenges and to re-authorize the request.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n * The request may be modified before being sent.\n */\n authorizeRequestOnChallenge?(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;\n}\n\n/**\n * Options to configure the bearerTokenAuthenticationPolicy\n */\nexport interface BearerTokenAuthenticationPolicyOptions {\n /**\n * The TokenCredential implementation that can supply the bearer token.\n */\n credential?: TokenCredential;\n /**\n * The scopes for which the bearer token applies.\n */\n scopes: string | string[];\n /**\n * Allows for the processing of [Continuous Access Evaluation](https://learn.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation) challenges.\n * If provided, it must contain at least the `authorizeRequestOnChallenge` method.\n * If provided, after a request is sent, if it has a challenge, it can be processed to re-send the original request with the relevant challenge information.\n */\n challengeCallbacks?: ChallengeCallbacks;\n /**\n * A logger can be sent for debugging purposes.\n */\n logger?: AzureLogger;\n}\n/**\n * Try to send the given request.\n *\n * When a response is received, returns a tuple of the response received and, if the response was received\n * inside a thrown RestError, the RestError that was thrown.\n *\n * Otherwise, if an error was thrown while sending the request that did not provide an underlying response, it\n * will be rethrown.\n */\nasync function trySendRequest(\n request: PipelineRequest,\n next: SendRequest,\n): Promise<[PipelineResponse, RestError | undefined]> {\n try {\n return [await next(request), undefined];\n } catch (e: any) {\n if (isRestError(e) && e.response) {\n return [e.response, e];\n } else {\n throw e;\n }\n }\n}\n/**\n * Default authorize request handler\n */\nasync function defaultAuthorizeRequest(options: AuthorizeRequestOptions): Promise<void> {\n const { scopes, getAccessToken, request } = options;\n // Enable CAE true by default\n const getTokenOptions: GetTokenOptions = {\n abortSignal: request.abortSignal,\n tracingOptions: request.tracingOptions,\n enableCae: true,\n };\n\n const accessToken = await getAccessToken(scopes, getTokenOptions);\n\n if (accessToken) {\n options.request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n }\n}\n\n/**\n * We will retrieve the challenge only if the response status code was 401,\n * and if the response contained the header \"WWW-Authenticate\" with a non-empty value.\n */\nfunction isChallengeResponse(response: PipelineResponse): boolean {\n return response.status === 401 && response.headers.has(\"WWW-Authenticate\");\n}\n\n/**\n * Re-authorize the request for CAE challenge.\n * The response containing the challenge is `options.response`.\n * If this method returns true, the underlying request will be sent once again.\n */\nasync function authorizeRequestOnCaeChallenge(\n onChallengeOptions: AuthorizeRequestOnChallengeOptions,\n caeClaims: string,\n): Promise<boolean> {\n const { scopes } = onChallengeOptions;\n\n const accessToken = await onChallengeOptions.getAccessToken(scopes, {\n enableCae: true,\n claims: caeClaims,\n });\n if (!accessToken) {\n return false;\n }\n\n onChallengeOptions.request.headers.set(\n \"Authorization\",\n `${accessToken.tokenType ?? \"Bearer\"} ${accessToken.token}`,\n );\n return true;\n}\n\n/**\n * A policy that can request a token from a TokenCredential implementation and\n * then apply it to the Authorization header of a request as a Bearer token.\n */\nexport function bearerTokenAuthenticationPolicy(\n options: BearerTokenAuthenticationPolicyOptions,\n): PipelinePolicy {\n const { credential, scopes, challengeCallbacks } = options;\n const logger = options.logger || coreLogger;\n const callbacks = {\n authorizeRequest:\n challengeCallbacks?.authorizeRequest?.bind(challengeCallbacks) ?? defaultAuthorizeRequest,\n authorizeRequestOnChallenge:\n challengeCallbacks?.authorizeRequestOnChallenge?.bind(challengeCallbacks),\n };\n\n // This function encapsulates the entire process of reliably retrieving the token\n // The options are left out of the public API until there's demand to configure this.\n // Remember to extend `BearerTokenAuthenticationPolicyOptions` with `TokenCyclerOptions`\n // in order to pass through the `options` object.\n const getAccessToken = credential\n ? createTokenCycler(credential /* , options */)\n : () => Promise.resolve(null);\n\n return {\n name: bearerTokenAuthenticationPolicyName,\n /**\n * If there's no challenge parameter:\n * - It will try to retrieve the token using the cache, or the credential's getToken.\n * - Then it will try the next policy with or without the retrieved token.\n *\n * It uses the challenge parameters to:\n * - Skip a first attempt to get the token from the credential if there's no cached token,\n * since it expects the token to be retrievable only after the challenge.\n * - Prepare the outgoing request if the `prepareRequest` method has been provided.\n * - Send an initial request to receive the challenge if it fails.\n * - Process a challenge if the response contains it.\n * - Retrieve a token with the challenge information, then re-send the request.\n */\n async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {\n if (!request.url.toLowerCase().startsWith(\"https://\")) {\n throw new Error(\n \"Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.\",\n );\n }\n\n await callbacks.authorizeRequest({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n getAccessToken,\n logger,\n });\n\n let response: PipelineResponse;\n let error: Error | undefined;\n let shouldSendRequest: boolean;\n [response, error] = await trySendRequest(request, next);\n\n if (isChallengeResponse(response)) {\n let claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\"));\n // Handle CAE by default when receive CAE claim\n if (claims) {\n let parsedClaim: string;\n // Return the response immediately if claims is not a valid base64 encoded string\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n } else if (callbacks.authorizeRequestOnChallenge) {\n // Handle custom challenges when client provides custom callback\n shouldSendRequest = await callbacks.authorizeRequestOnChallenge({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n request,\n response,\n getAccessToken,\n logger,\n });\n\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n\n // If we get another CAE Claim, we will handle it by default and return whatever value we receive for this\n if (isChallengeResponse(response)) {\n claims = getCaeChallengeClaims(response.headers.get(\"WWW-Authenticate\") as string);\n if (claims) {\n let parsedClaim: string;\n try {\n parsedClaim = atob(claims);\n } catch (e) {\n logger.warning(\n `The WWW-Authenticate header contains \"claims\" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${claims}`,\n );\n return response;\n }\n\n shouldSendRequest = await authorizeRequestOnCaeChallenge(\n {\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n response,\n request,\n getAccessToken,\n logger,\n },\n parsedClaim,\n );\n // Send updated request and handle response for RestError\n if (shouldSendRequest) {\n [response, error] = await trySendRequest(request, next);\n }\n }\n }\n }\n }\n\n if (error) {\n throw error;\n } else {\n return response;\n }\n },\n };\n}\n\n/**\n *\n * Interface to represent a parsed challenge.\n *\n * @internal\n */\ninterface AuthChallenge {\n scheme: string;\n params: Record<string, string>;\n}\n\n/**\n * Converts: `Bearer a=\"b\", c=\"d\", Pop e=\"f\", g=\"h\"`.\n * Into: `[ { scheme: 'Bearer', params: { a: 'b', c: 'd' } }, { scheme: 'Pop', params: { e: 'f', g: 'h' } } ]`.\n *\n * @internal\n */\nexport function parseChallenges(challenges: string): AuthChallenge[] {\n // Challenge regex seperates the string to individual challenges with different schemes in the format `Scheme a=\"b\", c=d`\n // The challenge regex captures parameteres with either quotes values or unquoted values\n const challengeRegex = /(\\w+)\\s+((?:\\w+=(?:\"[^\"]*\"|[^,]*),?\\s*)+)/g;\n // Parameter regex captures the claims group removed from the scheme in the format `a=\"b\"` and `c=\"d\"`\n // CAE challenge always have quoted parameters. For more reference, https://learn.microsoft.com/entra/identity-platform/claims-challenge\n const paramRegex = /(\\w+)=\"([^\"]*)\"/g;\n\n const parsedChallenges: AuthChallenge[] = [];\n let match;\n\n // Iterate over each challenge match\n while ((match = challengeRegex.exec(challenges)) !== null) {\n const scheme = match[1];\n const paramsString = match[2];\n const params: Record<string, string> = {};\n let paramMatch;\n\n // Iterate over each parameter match\n while ((paramMatch = paramRegex.exec(paramsString)) !== null) {\n params[paramMatch[1]] = paramMatch[2];\n }\n\n parsedChallenges.push({ scheme, params });\n }\n return parsedChallenges;\n}\n\n/**\n * Parse a pipeline response and look for a CAE challenge with \"Bearer\" scheme\n * Return the value in the header without parsing the challenge\n * @internal\n */\nfunction getCaeChallengeClaims(challenges: string | undefined): string | undefined {\n if (!challenges) {\n return;\n }\n // Find all challenges present in the header\n const parsedChallenges = parseChallenges(challenges);\n return parsedChallenges.find(\n (x) => x.scheme === \"Bearer\" && x.params.claims && x.params.error === \"insufficient_claims\",\n )?.params.claims;\n}\n"]}
|
|
@@ -11,6 +11,9 @@ export const logPolicyName = tspLogPolicyName;
|
|
|
11
11
|
* @param options - Options to configure logPolicy.
|
|
12
12
|
*/
|
|
13
13
|
export function logPolicy(options = {}) {
|
|
14
|
-
return tspLogPolicy(
|
|
14
|
+
return tspLogPolicy({
|
|
15
|
+
logger: coreLogger.info,
|
|
16
|
+
...options,
|
|
17
|
+
});
|
|
15
18
|
}
|
|
16
19
|
//# sourceMappingURL=logPolicy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logPolicy.js","sourceRoot":"","sources":["../../../src/policies/logPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EACL,aAAa,IAAI,gBAAgB,EACjC,SAAS,IAAI,YAAY,GAC1B,MAAM,6CAA6C,CAAC;AAErD;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AA4B9C;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,UAA4B,EAAE;IACtD,OAAO,YAAY,
|
|
1
|
+
{"version":3,"file":"logPolicy.js","sourceRoot":"","sources":["../../../src/policies/logPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EACL,aAAa,IAAI,gBAAgB,EACjC,SAAS,IAAI,YAAY,GAC1B,MAAM,6CAA6C,CAAC;AAErD;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AA4B9C;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,UAA4B,EAAE;IACtD,OAAO,YAAY,CAAC;QAClB,MAAM,EAAE,UAAU,CAAC,IAAI;QACvB,GAAG,OAAO;KACX,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { Debugger } from \"@azure/logger\";\nimport type { PipelinePolicy } from \"../pipeline.js\";\nimport { logger as coreLogger } from \"../log.js\";\nimport {\n logPolicyName as tspLogPolicyName,\n logPolicy as tspLogPolicy,\n} from \"@typespec/ts-http-runtime/internal/policies\";\n\n/**\n * The programmatic identifier of the logPolicy.\n */\nexport const logPolicyName = tspLogPolicyName;\n\n/**\n * Options to configure the logPolicy.\n */\nexport interface LogPolicyOptions {\n /**\n * Header names whose values will be logged when logging is enabled.\n * Defaults include a list of well-known safe headers. Any headers\n * specified in this field will be added to that list. Any other values will\n * be written to logs as \"REDACTED\".\n */\n additionalAllowedHeaderNames?: string[];\n\n /**\n * Query string names whose values will be logged when logging is enabled. By default no\n * query string values are logged.\n */\n additionalAllowedQueryParameters?: string[];\n\n /**\n * The log function to use for writing pipeline logs.\n * Defaults to core-http's built-in logger.\n * Compatible with the `debug` library.\n */\n logger?: Debugger;\n}\n\n/**\n * A policy that logs all requests and responses.\n * @param options - Options to configure logPolicy.\n */\nexport function logPolicy(options: LogPolicyOptions = {}): PipelinePolicy {\n return tspLogPolicy({\n logger: coreLogger.info,\n ...options,\n });\n}\n"]}
|
|
@@ -11,6 +11,9 @@ export function retryPolicy(strategies, options = { maxRetries: DEFAULT_RETRY_PO
|
|
|
11
11
|
// Cast is required since the TSP runtime retry strategy type is slightly different
|
|
12
12
|
// very deep down (using real AbortSignal vs. AbortSignalLike in RestError).
|
|
13
13
|
// In practice the difference doesn't actually matter.
|
|
14
|
-
return tspRetryPolicy(strategies,
|
|
14
|
+
return tspRetryPolicy(strategies, {
|
|
15
|
+
logger: retryPolicyLogger,
|
|
16
|
+
...options,
|
|
17
|
+
});
|
|
15
18
|
}
|
|
16
19
|
//# sourceMappingURL=retryPolicy.js.map
|