@azure/identity-cache-persistence 1.0.0-beta.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/dist-esm/identity/src/client/identityClient.js +2 -2
  3. package/dist-esm/identity/src/client/identityClient.js.map +1 -1
  4. package/dist-esm/identity/src/credentials/azureCliCredential.js +9 -9
  5. package/dist-esm/identity/src/credentials/azureCliCredential.js.map +1 -1
  6. package/dist-esm/identity/src/credentials/azurePowerShellCredential.js +13 -13
  7. package/dist-esm/identity/src/credentials/azurePowerShellCredential.js.map +1 -1
  8. package/dist-esm/identity/src/credentials/chainedTokenCredential.js +2 -2
  9. package/dist-esm/identity/src/credentials/chainedTokenCredential.js.map +1 -1
  10. package/dist-esm/identity/src/credentials/clientCertificateCredential.js +18 -15
  11. package/dist-esm/identity/src/credentials/clientCertificateCredential.js.map +1 -1
  12. package/dist-esm/identity/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  13. package/dist-esm/identity/src/credentials/clientSecretCredential.js +1 -1
  14. package/dist-esm/identity/src/credentials/clientSecretCredential.js.map +1 -1
  15. package/dist-esm/identity/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  16. package/dist-esm/identity/src/credentials/defaultAzureCredential.js +16 -12
  17. package/dist-esm/identity/src/credentials/defaultAzureCredential.js.map +1 -1
  18. package/dist-esm/identity/src/credentials/deviceCodeCredential.js +14 -0
  19. package/dist-esm/identity/src/credentials/deviceCodeCredential.js.map +1 -1
  20. package/dist-esm/identity/src/credentials/environmentCredential.js +5 -21
  21. package/dist-esm/identity/src/credentials/environmentCredential.js.map +1 -1
  22. package/dist-esm/identity/src/credentials/interactiveBrowserCredential.js +7 -7
  23. package/dist-esm/identity/src/credentials/interactiveBrowserCredential.js.map +1 -1
  24. package/dist-esm/identity/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  25. package/dist-esm/identity/src/credentials/managedIdentityCredential/arcMsi.js +1 -1
  26. package/dist-esm/identity/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  27. package/dist-esm/identity/src/credentials/managedIdentityCredential/imdsMsi.js +32 -23
  28. package/dist-esm/identity/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  29. package/dist-esm/identity/src/credentials/managedIdentityCredential/index.js +2 -2
  30. package/dist-esm/identity/src/credentials/managedIdentityCredential/index.js.map +1 -1
  31. package/dist-esm/identity/src/credentials/onBehalfOfCredential.js +6 -11
  32. package/dist-esm/identity/src/credentials/onBehalfOfCredential.js.map +1 -1
  33. package/dist-esm/identity/src/credentials/onBehalfOfCredentialOptions.js.map +1 -1
  34. package/dist-esm/identity/src/credentials/usernamePasswordCredential.js +1 -3
  35. package/dist-esm/identity/src/credentials/usernamePasswordCredential.js.map +1 -1
  36. package/dist-esm/identity/src/credentials/visualStudioCodeCredential.js +5 -7
  37. package/dist-esm/identity/src/credentials/visualStudioCodeCredential.js.map +1 -1
  38. package/dist-esm/identity/src/{client/errors.js → errors.js} +15 -0
  39. package/dist-esm/identity/src/errors.js.map +1 -0
  40. package/dist-esm/identity/src/index.js +1 -4
  41. package/dist-esm/identity/src/index.js.map +1 -1
  42. package/dist-esm/identity/src/msal/nodeFlows/msalAuthorizationCode.js +1 -1
  43. package/dist-esm/identity/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -1
  44. package/dist-esm/identity/src/msal/nodeFlows/msalClientCertificate.js +6 -5
  45. package/dist-esm/identity/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  46. package/dist-esm/identity/src/msal/nodeFlows/msalOnBehalfOf.js +1 -1
  47. package/dist-esm/identity/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -1
  48. package/dist-esm/identity/src/msal/nodeFlows/msalOpenBrowser.js +1 -1
  49. package/dist-esm/identity/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  50. package/dist-esm/identity/src/msal/nodeFlows/nodeCommon.js +13 -7
  51. package/dist-esm/identity/src/msal/nodeFlows/nodeCommon.js.map +1 -1
  52. package/dist-esm/identity/src/msal/utils.js +7 -4
  53. package/dist-esm/identity/src/msal/utils.js.map +1 -1
  54. package/dist-esm/identity/src/util/tracing.js +1 -1
  55. package/dist-esm/identity/src/util/tracing.js.map +1 -1
  56. package/dist-esm/identity/src/util/validateMultiTenant.js +17 -12
  57. package/dist-esm/identity/src/util/validateMultiTenant.js.map +1 -1
  58. package/package.json +3 -3
  59. package/dist-esm/identity/src/client/errors.js.map +0 -1
  60. package/dist-esm/identity/src/credentials/applicationCredential.js +0 -34
  61. package/dist-esm/identity/src/credentials/applicationCredential.js.map +0 -1
  62. package/dist-esm/identity/src/msal/errors.js +0 -22
  63. package/dist-esm/identity/src/msal/errors.js.map +0 -1
package/dist-esm/identity/src/msal/nodeFlows/msalOpenBrowser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../../../identity/src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAK7C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAYjE;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEa,kBAAkB,CAC9B,OAA0C;;YAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOa,eAAe,CAC3B,UAAoB,EACpB,OAAuC;;YAEvC,qCAAqC;YACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrD,6DAA6D;YAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;YAE1D,MAAM,qBAAqB,GAAqC;gBAC9D,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;gBACvC,mBAAmB,EAAE,MAAM,CAAC,uBAAuB;aACpD,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAE7E,IAAI;gBACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;aACjE;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aAC9F;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialUnavailableError } from \"../../client/errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\" // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../../../identity/src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAK7C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAYxC;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEa,kBAAkB,CAC9B,OAA0C;;YAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOa,eAAe,CAC3B,UAAoB,EACpB,OAAuC;;YAEvC,qCAAqC;YACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrD,6DAA6D;YAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;YAE1D,MAAM,qBAAqB,GAAqC;gBAC9D,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;gBACvC,mBAAmB,EAAE,MAAM,CAAC,uBAAuB;aACpD,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAE7E,IAAI;gBACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;aACjE;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aAC9F;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { CredentialUnavailableError } from \"../../errors\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\" // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}
package/dist-esm/identity/src/msal/nodeFlows/nodeCommon.js CHANGED
@@ -5,10 +5,10 @@ import * as msalNode from "@azure/msal-node";
5
5
  import { DeveloperSignOnClientId } from "../../constants";
6
6
  import { IdentityClient } from "../../client/identityClient";
7
7
  import { resolveTenantId } from "../../util/resolveTenantId";
8
- import { AuthenticationRequiredError } from "../errors";
8
+ import { AuthenticationRequiredError } from "../../errors";
9
9
  import { defaultLoggerCallback, getAuthority, getKnownAuthorities, MsalBaseUtilities, msalToPublic, publicToMsal } from "../utils";
10
- import { RegionalAuthority } from "../../regionalAuthority";
11
10
  import { processMultiTenantRequest } from "../../util/validateMultiTenant";
11
+ import { RegionalAuthority } from "../../regionalAuthority";
12
12
  /**
13
13
  * The current persistence provider, undefined by default.
14
14
  * @internal
@@ -39,7 +39,6 @@ export class MsalNode extends MsalBaseUtilities {
39
39
  this.requiresConfidential = false;
40
40
  this.msalConfig = this.defaultNodeMsalConfig(options);
41
41
  this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
42
- this.allowMultiTenantAuthentication = options === null || options === void 0 ? void 0 : options.allowMultiTenantAuthentication;
43
42
  this.clientId = this.msalConfig.auth.clientId;
44
43
  // If persistence has been configured
45
44
  if (persistenceProvider !== undefined && ((_a = options.tokenCachePersistenceOptions) === null || _a === void 0 ? void 0 : _a.enabled)) {
@@ -175,7 +174,11 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
175
174
  return __awaiter(this, void 0, void 0, function* () {
176
175
  yield this.getActiveAccount();
177
176
  if (!this.account) {
178
- throw new AuthenticationRequiredError(scopes, options);
177
+ throw new AuthenticationRequiredError({
178
+ scopes,
179
+ getTokenOptions: options,
180
+ message: "Silent authentication failed. We couldn't retrieve an active account from the cache."
181
+ });
179
182
  }
180
183
  const silentRequest = {
181
184
  // To be able to re-use the account, the Token Cache must also have been provided.
@@ -200,8 +203,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
200
203
  */
201
204
  getToken(scopes, options = {}) {
202
205
  return __awaiter(this, void 0, void 0, function* () {
203
- const tenantId = processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||
204
- this.tenantId;
206
+ const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;
205
207
  options.authority = getAuthority(tenantId, this.authorityHost);
206
208
  options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
207
209
  yield this.init(options);
@@ -213,7 +215,11 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
213
215
  throw err;
214
216
  }
215
217
  if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
216
- throw new AuthenticationRequiredError(scopes, options, "Automatic authentication has been disabled. You may call the authentication() method.");
218
+ throw new AuthenticationRequiredError({
219
+ scopes,
220
+ getTokenOptions: options,
221
+ message: "Automatic authentication has been disabled. You may call the authentication() method."
222
+ });
217
223
  }
218
224
  this.logger.info(`Silent authentication failed, falling back to interactive method.`);
219
225
  return this.doGetToken(scopes, options);
package/dist-esm/identity/src/msal/nodeFlows/nodeCommon.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"nodeCommon.js","sourceRoot":"","sources":["../../../../../../identity/src/msal/nodeFlows/nodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAM7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAA0B,MAAM,6BAA6B,CAAC;AACrF,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAG7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AAExD,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAkB3E;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAatD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QALP,yBAAoB,GAAY,KAAK,CAAC;QAM9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;QAC9E,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAE9C,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,IACxB,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACG,IAAI,CAAC,OAAuC;;YAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,6DAA6D;oBAC7D,mDAAmD;oBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;aACJ;YAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;gBAC1C,OAAO;aACR;YAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;gBACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;oBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;iBAC5C,CAAC;aACH;YAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvE,8EAA8E;YAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;gBACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;gBACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;gBACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACpF;iBAAM;gBACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;oBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;iBACH;aACF;QACH,CAAC;KAAA;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACG,gBAAgB;;;YACpB,IAAI,IAAI,CAAC,OAAO,EAAE;gBAChB,OAAO,IAAI,CAAC,OAAO,CAAC;aACrB;YACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;YACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;YAEvD,IAAI,CAAC,gBAAgB,EAAE;gBACrB,OAAO;aACR;YAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;gBACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;aACjE;iBAAM;gBACL,IAAI,CAAC,MAAM;qBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;gBACzK,OAAO;aACR;YAED,OAAO,IAAI,CAAC,OAAO,CAAC;;KACrB;IAED;;OAEG;IACG,cAAc,CAClB,MAAgB,EAChB,OAAuC;;;YAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;gBACjB,MAAM,IAAI,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACxD;YAED,MAAM,aAAa,GAA+B;gBAChD,kFAAkF;gBAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;gBACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,MAAM;gBACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YAEF,IAAI;gBACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;gBAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;aAC9C;;KACF;IAOD;;;OAGG;IACU,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;;YAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,8BAA8B,EAAE,OAAO,CAAC;gBACtF,IAAI,CAAC,QAAQ,CAAC;YAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzB,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACnD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;oBAC9C,MAAM,GAAG,CAAC;iBACX;gBACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;oBAC3C,MAAM,IAAI,2BAA2B,CACnC,MAAM,EACN,OAAO,EACP,uFAAuF,CACxF,CAAC;iBACH;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;gBACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACzC;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\n\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRequiredError } from \"../errors\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n MsalBaseUtilities,\n msalToPublic,\n publicToMsal\n} from \"../utils\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { processMultiTenantRequest } from \"../../util/validateMultiTenant\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n allowMultiTenantAuthentication?: boolean;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n persistenceProvider = pluginProvider;\n }\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected allowMultiTenantAuthentication?: boolean;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.allowMultiTenantAuthentication = options?.allowMultiTenantAuthentication;\n this.clientId = this.msalConfig.auth.clientId;\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\"\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority\n });\n\n let clientCapabilities: string[] = [\"CP1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger)\n }\n }\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin()\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError(scopes, options);\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||\n this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n return await this.getTokenSilent(scopes, options);\n } catch (err) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError(\n scopes,\n options,\n \"Automatic authentication has been disabled. You may call the authentication() method.\"\n );\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"nodeCommon.js","sourceRoot":"","sources":["../../../../../../identity/src/msal/nodeFlows/nodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAM7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAA0B,MAAM,6BAA6B,CAAC;AACrF,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAI3D,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAiB5D;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAYtD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QALP,yBAAoB,GAAY,KAAK,CAAC;QAM9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAE9C,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,IACxB,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACG,IAAI,CAAC,OAAuC;;YAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,6DAA6D;oBAC7D,mDAAmD;oBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;aACJ;YAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;gBAC1C,OAAO;aACR;YAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;gBACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;oBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;iBAC5C,CAAC;aACH;YAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvE,8EAA8E;YAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;gBACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;gBACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;gBACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACpF;iBAAM;gBACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;oBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;iBACH;aACF;QACH,CAAC;KAAA;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACG,gBAAgB;;;YACpB,IAAI,IAAI,CAAC,OAAO,EAAE;gBAChB,OAAO,IAAI,CAAC,OAAO,CAAC;aACrB;YACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;YACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;YAEvD,IAAI,CAAC,gBAAgB,EAAE;gBACrB,OAAO;aACR;YAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;gBACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;aACjE;iBAAM;gBACL,IAAI,CAAC,MAAM;qBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;gBACzK,OAAO;aACR;YAED,OAAO,IAAI,CAAC,OAAO,CAAC;;KACrB;IAED;;OAEG;IACG,cAAc,CAClB,MAAgB,EAChB,OAAuC;;;YAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;gBACjB,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,sFAAsF;iBACzF,CAAC,CAAC;aACJ;YAED,MAAM,aAAa,GAA+B;gBAChD,kFAAkF;gBAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;gBACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,MAAM;gBACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YAEF,IAAI;gBACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;gBAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;aAC9C;;KACF;IAOD;;;OAGG;IACU,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;;YAE3C,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;YAEpF,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzB,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACnD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;oBAC9C,MAAM,GAAG,CAAC;iBACX;gBACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;oBAC3C,MAAM,IAAI,2BAA2B,CAAC;wBACpC,MAAM;wBACN,eAAe,EAAE,OAAO;wBACxB,OAAO,EACL,uFAAuF;qBAC1F,CAAC,CAAC;iBACJ;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;gBACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACzC;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\n\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n MsalBaseUtilities,\n msalToPublic,\n publicToMsal\n} from \"../utils\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { processMultiTenantRequest } from \"../../util/validateMultiTenant\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n persistenceProvider = pluginProvider;\n }\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.clientId = this.msalConfig.auth.clientId;\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\"\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority\n });\n\n let clientCapabilities: string[] = [\"CP1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger)\n }\n }\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin()\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\"\n });\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n return await this.getTokenSilent(scopes, options);\n } catch (err) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\"\n });\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n"]}
package/dist-esm/identity/src/msal/utils.js CHANGED
@@ -5,9 +5,8 @@ import { isNode } from "@azure/core-util";
5
5
  import { AbortError } from "@azure/abort-controller";
6
6
  import { v4 as uuidv4 } from "uuid";
7
7
  import { formatError, formatSuccess } from "../util/logging";
8
- import { CredentialUnavailableError } from "../client/errors";
8
+ import { CredentialUnavailableError, AuthenticationRequiredError } from "../errors";
9
9
  import { DefaultAuthorityHost, DefaultTenantId } from "../constants";
10
- import { AuthenticationRequiredError } from "./errors";
11
10
  /**
12
11
  * Latest AuthenticationRecord version
13
12
  * @internal
@@ -20,7 +19,11 @@ const LatestAuthenticationRecordVersion = "1.0";
20
19
  export function ensureValidMsalToken(scopes, logger, msalToken, getTokenOptions) {
21
20
  const error = (message) => {
22
21
  logger.getToken.info(message);
23
- return new AuthenticationRequiredError(Array.isArray(scopes) ? scopes : [scopes], getTokenOptions, message);
22
+ return new AuthenticationRequiredError({
23
+ scopes: Array.isArray(scopes) ? scopes : [scopes],
24
+ getTokenOptions,
25
+ message
26
+ });
24
27
  };
25
28
  if (!msalToken) {
26
29
  throw error("No response");
@@ -148,7 +151,7 @@ export class MsalBaseUtilities {
148
151
  error.name === "AbortError") {
149
152
  return error;
150
153
  }
151
- return new AuthenticationRequiredError(scopes, getTokenOptions, error.message);
154
+ return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });
152
155
  }
153
156
  }
154
157
  // transformations.ts
package/dist-esm/identity/src/msal/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../../identity/src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,2BAA2B,EAAE,MAAM,UAAU,CAAC;AAGvD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CACpC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EACzC,eAAe,EACf,OAAO,CACR,CAAC;IACJ,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;KAC7B;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAGA,CAChC,MAAwB,EACxB,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAC1D,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACzC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO;KACV;AACH,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;YAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS,EAAE;gBAC3B,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,+BAA+B;oBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;gBAC9E,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;YAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;YACA,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACjF,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport { isNode } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortError } from \"@azure/abort-controller\";\n\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { AuthenticationRequiredError } from \"./errors\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError(\n Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message\n );\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback = (\n logger: CredentialLogger,\n platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\"\n) => (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n};\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime()\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError(scopes, getTokenOptions, error.message);\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
1
+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../../identity/src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAIrE;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;KAC7B;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAGA,CAChC,MAAwB,EACxB,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAC1D,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACzC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO;KACV;AACH,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;YAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS,EAAE;gBAC3B,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,+BAA+B;oBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;gBAC9E,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;YAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;YACA,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9F,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport { isNode } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortError } from \"@azure/abort-controller\";\n\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { CredentialUnavailableError, AuthenticationRequiredError } from \"../errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback = (\n logger: CredentialLogger,\n platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\"\n) => (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n};\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime()\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
package/dist-esm/identity/src/util/tracing.js CHANGED
@@ -7,7 +7,7 @@ import { createSpanFunction, SpanStatusCode } from "@azure/core-tracing";
7
7
  * @internal
8
8
  */
9
9
  export const createSpan = createSpanFunction({
10
- packagePrefix: "Azure.Identity",
10
+ packagePrefix: "",
11
11
  namespace: "Microsoft.AAD"
12
12
  });
13
13
  /**
package/dist-esm/identity/src/util/tracing.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../../../../identity/src/util/tracing.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAQ,MAAM,qBAAqB,CAAC;AAG/E;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAC3C,aAAa,EAAE,gBAAgB;IAC/B,SAAS,EAAE,eAAe;CAC3B,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,UAAgB,KAAK,CACzB,aAAqB,EACrB,OAAyB,EACzB,EAA+D,EAC/D,YAAY,GAAG,UAAU;;QAEzB,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAEtE,IAAI;YACF,6GAA6G;YAC7G,kBAAkB;YAClB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YAE9C,oEAAoE;YACpE,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,EAAE;aACxB,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;SACf;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createSpanFunction, SpanStatusCode, Span } from \"@azure/core-tracing\";\nimport { OperationOptions } from \"@azure/core-client\";\n\n/**\n * Creates a span using the global tracer.\n * @internal\n */\nexport const createSpan = createSpanFunction({\n packagePrefix: \"Azure.Identity\",\n namespace: \"Microsoft.AAD\"\n});\n\n/**\n * From: https://github.com/Azure/azure-sdk-for-js/blob/46139daa3317a0d12e8b55b02b9d9cdf1b2e762a/sdk/appconfiguration/app-configuration/src/internal/tracingHelpers.ts\n * Traces an operation and properly handles reporting start, end and errors for a given span\n *\n * @param operationName - Name of a method in the TClient type\n * @param options - An options class, typically derived from \\@azure/core-rest-pipeline/RequestOptionsBase\n * @param fn - The function to call with an options class that properly propagates the span context\n *\n * @internal\n */\nexport async function trace<ReturnT>(\n operationName: string,\n options: OperationOptions,\n fn: (options: OperationOptions, span: Span) => Promise<ReturnT>,\n createSpanFn = createSpan\n): Promise<ReturnT> {\n const { updatedOptions, span } = createSpanFn(operationName, options);\n\n try {\n // NOTE: we really do need to await on this function here so we can handle any exceptions thrown and properly\n // close the span.\n const result = await fn(updatedOptions, span);\n\n // otel 0.16+ needs this or else the code ends up being set as UNSET\n span.setStatus({\n code: SpanStatusCode.OK\n });\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n}\n"]}
1
+ {"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../../../../identity/src/util/tracing.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAQ,MAAM,qBAAqB,CAAC;AAG/E;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,kBAAkB,CAAC;IAC3C,aAAa,EAAE,EAAE;IACjB,SAAS,EAAE,eAAe;CAC3B,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,UAAgB,KAAK,CACzB,aAAqB,EACrB,OAAyB,EACzB,EAA+D,EAC/D,YAAY,GAAG,UAAU;;QAEzB,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAEtE,IAAI;YACF,6GAA6G;YAC7G,kBAAkB;YAClB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YAE9C,oEAAoE;YACpE,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,EAAE;aACxB,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;SACf;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createSpanFunction, SpanStatusCode, Span } from \"@azure/core-tracing\";\nimport { OperationOptions } from \"@azure/core-client\";\n\n/**\n * Creates a span using the global tracer.\n * @internal\n */\nexport const createSpan = createSpanFunction({\n packagePrefix: \"\",\n namespace: \"Microsoft.AAD\"\n});\n\n/**\n * From: https://github.com/Azure/azure-sdk-for-js/blob/46139daa3317a0d12e8b55b02b9d9cdf1b2e762a/sdk/appconfiguration/app-configuration/src/internal/tracingHelpers.ts\n * Traces an operation and properly handles reporting start, end and errors for a given span\n *\n * @param operationName - Name of a method in the TClient type\n * @param options - An options class, typically derived from \\@azure/core-rest-pipeline/RequestOptionsBase\n * @param fn - The function to call with an options class that properly propagates the span context\n *\n * @internal\n */\nexport async function trace<ReturnT>(\n operationName: string,\n options: OperationOptions,\n fn: (options: OperationOptions, span: Span) => Promise<ReturnT>,\n createSpanFn = createSpan\n): Promise<ReturnT> {\n const { updatedOptions, span } = createSpanFn(operationName, options);\n\n try {\n // NOTE: we really do need to await on this function here so we can handle any exceptions thrown and properly\n // close the span.\n const result = await fn(updatedOptions, span);\n\n // otel 0.16+ needs this or else the code ends up being set as UNSET\n span.setStatus({\n code: SpanStatusCode.OK\n });\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n}\n"]}
package/dist-esm/identity/src/util/validateMultiTenant.js CHANGED
@@ -3,22 +3,27 @@
3
3
  /**
4
4
  * @internal
5
5
  */
6
- export const multiTenantErrorMessage = "A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication was not enabled in this credential instance.";
6
+ export const multiTenantDisabledErrorMessage = "A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.";
7
7
  /**
8
- * Verifies whether locally assigned tenants are equal to tenants received through getToken.
9
- * Returns the appropriate tenant.
10
8
  * @internal
11
9
  */
12
- export function processMultiTenantRequest(tenantId, allowMultiTenantAuthentication, getTokenOptions) {
13
- if (!allowMultiTenantAuthentication &&
14
- (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) &&
15
- tenantId &&
16
- getTokenOptions.tenantId !== tenantId) {
17
- throw new Error(multiTenantErrorMessage);
10
+ export const multiTenantADFSErrorMessage = "A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.";
11
+ /**
12
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
13
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
14
+ * or unless the original tenant Id is `adfs`.
15
+ * @internal
16
+ */
17
+ export function processMultiTenantRequest(tenantId, getTokenOptions) {
18
+ if (!(getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
19
+ return tenantId;
20
+ }
21
+ if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
22
+ throw new Error(multiTenantDisabledErrorMessage);
18
23
  }
19
- if (allowMultiTenantAuthentication && (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
20
- return getTokenOptions.tenantId;
24
+ if (tenantId === "adfs") {
25
+ throw new Error(multiTenantADFSErrorMessage);
21
26
  }
22
- return tenantId;
27
+ return getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId;
23
28
  }
24
29
  //# sourceMappingURL=validateMultiTenant.js.map
package/dist-esm/identity/src/util/validateMultiTenant.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validateMultiTenant.js","sourceRoot":"","sources":["../../../../../identity/src/util/validateMultiTenant.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAClC,2MAA2M,CAAC;AAE9M;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,8BAAwC,EACxC,eAAiC;IAEjC,IACE,CAAC,8BAA8B;SAC/B,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA;QACzB,QAAQ;QACR,eAAe,CAAC,QAAQ,KAAK,QAAQ,EACrC;QACA,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IACD,IAAI,8BAA8B,KAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC/D,OAAO,eAAe,CAAC,QAAQ,CAAC;KACjC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantErrorMessage =\n \"A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication was not enabled in this credential instance.\";\n\n/**\n * Verifies whether locally assigned tenants are equal to tenants received through getToken.\n * Returns the appropriate tenant.\n * @internal\n */\nexport function processMultiTenantRequest(\n tenantId?: string,\n allowMultiTenantAuthentication?: boolean,\n getTokenOptions?: GetTokenOptions\n): string | undefined {\n if (\n !allowMultiTenantAuthentication &&\n getTokenOptions?.tenantId &&\n tenantId &&\n getTokenOptions.tenantId !== tenantId\n ) {\n throw new Error(multiTenantErrorMessage);\n }\n if (allowMultiTenantAuthentication && getTokenOptions?.tenantId) {\n return getTokenOptions.tenantId;\n }\n return tenantId;\n}\n"]}
1
+ {"version":3,"file":"validateMultiTenant.js","sourceRoot":"","sources":["../../../../../identity/src/util/validateMultiTenant.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAC1C,oPAAoP,CAAC;AAEvP;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC;IAEjC,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;KAC9C;IACD,OAAO,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantDisabledErrorMessage =\n \"A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions\n): string | undefined {\n if (!getTokenOptions?.tenantId) {\n return tenantId;\n }\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n throw new Error(multiTenantDisabledErrorMessage);\n }\n if (tenantId === \"adfs\") {\n throw new Error(multiTenantADFSErrorMessage);\n }\n return getTokenOptions?.tenantId;\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@azure/identity-cache-persistence",
3
- "version": "1.0.0-beta.2",
3
+ "version": "1.0.0",
4
4
  "sdk-type": "client",
5
5
  "description": "A secure, persistent token cache for Azure Identity credentials that uses the OS secret-management API",
6
6
  "main": "dist/index.js",
@@ -61,7 +61,7 @@
61
61
  "sideEffects": false,
62
62
  "dependencies": {
63
63
  "@azure/core-auth": "^1.3.0",
64
- "@azure/identity": "^2.0.0-beta.6",
64
+ "@azure/identity": "^2.0.0",
65
65
  "@azure/msal-node": "^1.3.0",
66
66
  "@azure/msal-node-extensions": "1.0.0-alpha.9",
67
67
  "keytar": "^7.6.0",
@@ -71,7 +71,7 @@
71
71
  "@azure/eslint-plugin-azure-sdk": "^3.0.0",
72
72
  "@azure/dev-tool": "^1.0.0",
73
73
  "@azure-tools/test-recorder": "^1.0.0",
74
- "@microsoft/api-extractor": "7.7.11",
74
+ "@microsoft/api-extractor": "^7.18.11",
75
75
  "@types/jws": "^3.2.2",
76
76
  "@types/mocha": "^7.0.2",
77
77
  "@types/node": "^12.0.0",
package/dist-esm/identity/src/client/errors.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../../identity/src/client/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAuDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,wDAAwD;IACxD,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,gBAAgB,UAAU,sBAAsB,aAAa,CAAC,gBAAgB,EAAE,CACvG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string) {\n super(message);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n // eslint-disable-next-line @typescript-eslint/ban-types\n constructor(statusCode: number, errorBody: object | string | undefined | null) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"authority_not_found\",\n errorDescription: \"The specified authority URL was not found.\"\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n }\n\n super(\n `${errorResponse.error}(status code ${statusCode}).\\nMore details:\\n${errorResponse.errorDescription}`\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id\n };\n}\n"]}
package/dist-esm/identity/src/credentials/applicationCredential.js DELETED
@@ -1,34 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- import { ChainedTokenCredential } from "./chainedTokenCredential";
4
- import { EnvironmentCredential } from "./environmentCredential";
5
- import { DefaultManagedIdentityCredential } from "./defaultAzureCredential";
6
- export const ApplicationCredentials = [
7
- EnvironmentCredential,
8
- DefaultManagedIdentityCredential
9
- ];
10
- /**
11
- * Provides a default {@link ChainedTokenCredential} configuration that should
12
- * work for most applications that use the Azure SDK. The following credential
13
- * types will be tried, in order:
14
- *
15
- * - {@link EnvironmentCredential}
16
- * - {@link ManagedIdentityCredential}
17
-
18
- *
19
- * Consult the documentation of these credential types for more information
20
- * on how they attempt authentication.
21
- */
22
- export class ApplicationCredential extends ChainedTokenCredential {
23
- /**
24
- * Creates an instance of the ApplicationCredential class.
25
- *
26
- * @param options - Optional parameters. See {@link ApplicationCredentialOptions}.
27
- */
28
- constructor(options) {
29
- super(...ApplicationCredentials.map((ctor) => new ctor(options)));
30
- this.UnavailableMessage =
31
- "ApplicationCredential => failed to retrieve a token from the included credentials";
32
- }
33
- }
34
- //# sourceMappingURL=applicationCredential.js.map
package/dist-esm/identity/src/credentials/applicationCredential.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"applicationCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/applicationCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,EAAE,gCAAgC,EAAE,MAAM,0BAA0B,CAAC;AAuB5E,MAAM,CAAC,MAAM,sBAAsB,GAAuC;IACxE,qBAAqB;IACrB,gCAAgC;CACjC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAsB,SAAQ,sBAAsB;IAC/D;;;;OAIG;IACH,YAAY,OAAsC;QAChD,KAAK,CAAC,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,kBAAkB;YACrB,mFAAmF,CAAC;IACxF,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { DefaultManagedIdentityCredential } from \"./defaultAzureCredential\";\n\n/**\n * Provides options to configure the {@link ApplicationCredential} class.\n */\nexport interface ApplicationCredentialOptions\n extends TokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n\n/**\n * The type of a class that implements TokenCredential and accepts\n * `ApplicationCredentialOptions`.\n */\ninterface ApplicationCredentialConstructor {\n new (options?: ApplicationCredentialOptions): TokenCredential;\n}\n\nexport const ApplicationCredentials: ApplicationCredentialConstructor[] = [\n EnvironmentCredential,\n DefaultManagedIdentityCredential\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK. The following credential\n * types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class ApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the ApplicationCredential class.\n *\n * @param options - Optional parameters. See {@link ApplicationCredentialOptions}.\n */\n constructor(options?: ApplicationCredentialOptions) {\n super(...ApplicationCredentials.map((ctor) => new ctor(options)));\n this.UnavailableMessage =\n \"ApplicationCredential => failed to retrieve a token from the included credentials\";\n }\n}\n"]}
package/dist-esm/identity/src/msal/errors.js DELETED
@@ -1,22 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- /**
4
- * Error used to enforce authentication after trying to retrieve a token silently.
5
- */
6
- export class AuthenticationRequiredError extends Error {
7
- constructor(
8
- /**
9
- * The list of scopes for which the token will have access.
10
- */
11
- scopes,
12
- /**
13
- * The options used to configure the getToken request.
14
- */
15
- getTokenOptions = {}, message) {
16
- super(message);
17
- this.scopes = scopes;
18
- this.getTokenOptions = getTokenOptions;
19
- this.name = "AuthenticationRequiredError";
20
- }
21
- }
22
- //# sourceMappingURL=errors.js.map
package/dist-esm/identity/src/msal/errors.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../../identity/src/msal/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACpD;IACE;;OAEG;IACI,MAAgB;IACvB;;OAEG;IACI,kBAAmC,EAAE,EAC5C,OAAgB;QAEhB,KAAK,CAAC,OAAO,CAAC,CAAC;QAPR,WAAM,GAAN,MAAM,CAAU;QAIhB,oBAAe,GAAf,eAAe,CAAsB;QAI5C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n constructor(\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[],\n /**\n * The options used to configure the getToken request.\n */\n public getTokenOptions: GetTokenOptions = {},\n message?: string\n ) {\n super(message);\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}