npm - @azure/identity-cache-persistence - Versions diffs - 1.1.2-alpha.20241029.1 → 1.1.2-alpha.20241030.1 - Mend

@azure/identity-cache-persistence 1.1.2-alpha.20241029.1 → 1.1.2-alpha.20241030.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

package/dist-esm/identity/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../../../identity/src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGtD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAQ;IACnC,IAAI,EAAE,kBAAkB;IAClB,WAAW;6DAAC,EAAE,QAAQ,EAAE;YAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC/B,GAAG,CAAC,eAAe;gBACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IACK,QAAQ;6DACZ,aAA+B,EAC/B,kBAAmC,EAAE;YAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;YAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;YAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC,8BAChE,QAAQ,EACR,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EACrC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAClD,oCAAoC,KACvC,wBAAwB,EAAE,IAAI,GACM,CAAC,CAAC;YACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtE,CAAC;KAAA;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { WorkloadIdentityCredential } from \"../workloadIdentityCredential\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { WorkloadIdentityCredentialOptions } from \"../workloadIdentityCredentialOptions\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\n/*\n Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n */\nexport const tokenExchangeMsi: MSI = {\n name: \"tokenExchangeMsi\",\n async isAvailable({ clientId }): Promise<boolean> {\n const env = process.env;\n const result = Boolean(\n (clientId \|\| env.AZURE_CLIENT_ID) &&\n env.AZURE_TENANT_ID &&\n process.env.AZURE_FEDERATED_TOKEN_FILE,\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`,\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {},\n ): Promise<AccessToken \| null> {\n const { scopes, clientId } = configuration;\n const identityClientTokenCredentialOptions = {};\n const workloadIdentityCredential = new WorkloadIdentityCredential({\n clientId,\n tenantId: process.env.AZURE_TENANT_ID,\n tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,\n ...identityClientTokenCredentialOptions,\n disableInstanceDiscovery: true,\n } as WorkloadIdentityCredentialOptions);\n return workloadIdentityCredential.getToken(scopes, getTokenOptions);\n },\n};\n"]}
1	+ {"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../../../identity/src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGtD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAQ;IACnC,IAAI,EAAE,kBAAkB;IAClB,WAAW;6DAAC,EAAE,QAAQ,EAAE;YAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC/B,GAAG,CAAC,eAAe;gBACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IACK,QAAQ;6DACZ,aAA+B,EAC/B,kBAAmC,EAAE;YAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;YAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;YAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC,8BAChE,QAAQ,EACR,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EACrC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAClD,oCAAoC,KACvC,wBAAwB,EAAE,IAAI,GACM,CAAC,CAAC;YACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtE,CAAC;KAAA;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { MSI, MSIConfiguration } from \"./models\";\nimport { WorkloadIdentityCredential } from \"../workloadIdentityCredential\";\nimport { credentialLogger } from \"../../util/logging\";\nimport type { WorkloadIdentityCredentialOptions } from \"../workloadIdentityCredentialOptions\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\n/*\n Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n */\nexport const tokenExchangeMsi: MSI = {\n name: \"tokenExchangeMsi\",\n async isAvailable({ clientId }): Promise<boolean> {\n const env = process.env;\n const result = Boolean(\n (clientId \|\| env.AZURE_CLIENT_ID) &&\n env.AZURE_TENANT_ID &&\n process.env.AZURE_FEDERATED_TOKEN_FILE,\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`,\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {},\n ): Promise<AccessToken \| null> {\n const { scopes, clientId } = configuration;\n const identityClientTokenCredentialOptions = {};\n const workloadIdentityCredential = new WorkloadIdentityCredential({\n clientId,\n tenantId: process.env.AZURE_TENANT_ID,\n tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,\n ...identityClientTokenCredentialOptions,\n disableInstanceDiscovery: true,\n } as WorkloadIdentityCredentialOptions);\n return workloadIdentityCredential.getToken(scopes, getTokenOptions);\n },\n};\n"]}

package/dist-esm/identity/src/credentials/multiTenantTokenCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"multiTenantTokenCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/multiTenantTokenCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\n/*\n Options for multi-tenant applications which allows for additionally allowed tenants.\n /\nexport interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {\n /\n For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.\n * Add the wildcard value \"\" to allow the credential to acquire tokens for any tenant the application is installed.\n /\n additionallyAllowedTenants?: string[];\n}\n"]}
1	+ {"version":3,"file":"multiTenantTokenCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/multiTenantTokenCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\n/*\n Options for multi-tenant applications which allows for additionally allowed tenants.\n /\nexport interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {\n /\n For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.\n * Add the wildcard value \"\" to allow the credential to acquire tokens for any tenant the application is installed.\n /\n additionallyAllowedTenants?: string[];\n}\n"]}

package/dist-esm/identity/src/credentials/onBehalfOfCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"onBehalfOfCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/onBehalfOfCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAc,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAO5E,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAK/B,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,OAAO,oBAAoB;IAkG/B,YAAY,OAAoC;QAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,OAA4C,CAAC;QACtE,MAAM,EAAE,eAAe,EAAE,oBAAoB,EAAE,GAC7C,OAAiD,CAAC;QACpD,MAAM,EAAE,YAAY,EAAE,GAAG,OAA+C,CAAC;QACzE,MAAM,EACJ,QAAQ,EACR,QAAQ,EACR,kBAAkB,EAClB,0BAA0B,EAAE,4BAA4B,GACzD,GAAG,OAAO,CAAC;QACZ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,EAAE,CAAC;YACvD,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,kNAAkN,CACpO,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,oJAAoJ,CACtK,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,eAAe,GAAG,YAAY,CAAC;QAEpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,4BAA4B,CAC7B,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,CAAO,UAAU,EAAE,EAAE;gBACxF,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;gBAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;oBACzB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBAElF,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,iBAAiB,EACjB,UAAU,CACX,CAAC;gBACJ,CAAC;qBAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,YAAY,EACjB,OAAO,CACR,CAAC;gBACJ,CAAC;qBAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;oBAChC,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,eAAe,EACpB,OAAO,CACR,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,yKAAyK;oBACzK,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;gBACJ,CAAC;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;IAEa,sBAAsB,CAAC,eAAuB;;YAC1D,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,eAAe,EAAE,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBAC1F,OAAO;oBACL,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;YACJ,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;IAEa,gBAAgB,CAC5B,aAAkD,EAClD,oBAA8B;;YAE9B,MAAM,eAAe,GAAG,aAAa,CAAC,eAAe,CAAC;YACtD,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YAEnE,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;YAClG,MAAM,UAAU,GAAa,EAAE,CAAC;YAEhC,qHAAqH;YACrH,IAAI,KAAK,CAAC;YACV,GAAG,CAAC;gBACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACrD,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC,QAAQ,KAAK,EAAE;YAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;iBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;iBAC5C,MAAM,CAAC,KAAK,CAAC;iBACb,WAAW,EAAE,CAAC;YAEjB,OAAO;gBACL,mBAAmB;gBACnB,UAAU;gBACV,GAAG;aACJ,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { MsalClient, createMsalClient } from \"../msal/nodeFlows/msalClient\";\nimport {\n OnBehalfOfCredentialAssertionOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n} from \"./onBehalfOfCredentialOptions\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport { CertificateParts } from \"../msal/types\";\nimport { ClientCertificatePEMCertificatePath } from \"./clientCertificateCredential\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\nimport { createHash } from \"node:crypto\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { readFile } from \"node:fs/promises\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/*\n Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).\n /\nexport class OnBehalfOfCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private sendCertificateChain?: boolean;\n private certificatePath?: string;\n private clientSecret?: string;\n private userAssertionToken: string;\n private clientAssertion?: () => Promise<string>;\n\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,\n * and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_pem_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * certificatePath: \"/path/to/certificate.pem\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialCertificateOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * secret and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_secret_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * clientSecret: \"client-secret\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialSecretOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client `getAssertion`\n * and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_assertion_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * getAssertion: () => {\n * return Promise.resolve(\"my-jwt\");\n * },\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialAssertionOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n constructor(options: OnBehalfOfCredentialOptions) {\n const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n const { certificatePath, sendCertificateChain } =\n options as OnBehalfOfCredentialCertificateOptions;\n const { getAssertion } = options as OnBehalfOfCredentialAssertionOptions;\n const {\n tenantId,\n clientId,\n userAssertionToken,\n additionallyAllowedTenants: additionallyAllowedTenantIds,\n } = options;\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientSecret && !certificatePath && !getAssertion) {\n throw new CredentialUnavailableError(\n `${credentialName}: You must provide one of clientSecret, certificatePath, or a getAssertion callback but none were provided. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!userAssertionToken) {\n throw new CredentialUnavailableError(\n `${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n this.certificatePath = certificatePath;\n this.clientSecret = clientSecret;\n this.userAssertionToken = userAssertionToken;\n this.sendCertificateChain = sendCertificateChain;\n this.clientAssertion = getAssertion;\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n additionallyAllowedTenantIds,\n );\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the underlying network requests.\n /\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n if (this.certificatePath) {\n const clientCertificate = await this.buildClientCertificate(this.certificatePath);\n\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n clientCertificate,\n newOptions,\n );\n } else if (this.clientSecret) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientSecret,\n options,\n );\n } else if (this.clientAssertion) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientAssertion,\n options,\n );\n } else {\n // this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided\n throw new Error(\n \"Expected either clientSecret or certificatePath or clientAssertion to be defined.\",\n );\n }\n });\n }\n\n private async buildClientCertificate(certificatePath: string): Promise<CertificateParts> {\n try {\n const parts = await this.parseCertificate({ certificatePath }, this.sendCertificateChain);\n return {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n logger.info(formatError(\"\", error));\n throw error;\n }\n }\n\n private async parseCertificate(\n configuration: ClientCertificatePEMCertificatePath,\n sendCertificateChain?: boolean,\n ): Promise<Omit<CertificateParts, \"privateKey\"> & { certificateContents: string }> {\n const certificatePath = configuration.certificatePath;\n const certificateContents = await readFile(certificatePath, \"utf8\");\n const x5c = sendCertificateChain ? certificateContents : undefined;\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n const thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return {\n certificateContents,\n thumbprint,\n x5c,\n };\n }\n}\n"]}
1	+ {"version":3,"file":"onBehalfOfCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/onBehalfOfCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAOhE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAK/B,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,OAAO,oBAAoB;IAkG/B,YAAY,OAAoC;QAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,OAA4C,CAAC;QACtE,MAAM,EAAE,eAAe,EAAE,oBAAoB,EAAE,GAC7C,OAAiD,CAAC;QACpD,MAAM,EAAE,YAAY,EAAE,GAAG,OAA+C,CAAC;QACzE,MAAM,EACJ,QAAQ,EACR,QAAQ,EACR,kBAAkB,EAClB,0BAA0B,EAAE,4BAA4B,GACzD,GAAG,OAAO,CAAC;QACZ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,EAAE,CAAC;YACvD,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,kNAAkN,CACpO,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,oJAAoJ,CACtK,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,eAAe,GAAG,YAAY,CAAC;QAEpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,4BAA4B,CAC7B,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,CAAO,UAAU,EAAE,EAAE;gBACxF,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;gBAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;oBACzB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBAElF,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,iBAAiB,EACjB,UAAU,CACX,CAAC;gBACJ,CAAC;qBAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,YAAY,EACjB,OAAO,CACR,CAAC;gBACJ,CAAC;qBAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;oBAChC,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,eAAe,EACpB,OAAO,CACR,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,yKAAyK;oBACzK,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;gBACJ,CAAC;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;IAEa,sBAAsB,CAAC,eAAuB;;YAC1D,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,eAAe,EAAE,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBAC1F,OAAO;oBACL,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;YACJ,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;IAEa,gBAAgB,CAC5B,aAAkD,EAClD,oBAA8B;;YAE9B,MAAM,eAAe,GAAG,aAAa,CAAC,eAAe,CAAC;YACtD,MAAM,mBAAmB,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YAEnE,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;YAClG,MAAM,UAAU,GAAa,EAAE,CAAC;YAEhC,qHAAqH;YACrH,IAAI,KAAK,CAAC;YACV,GAAG,CAAC;gBACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACrD,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC,QAAQ,KAAK,EAAE;YAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;iBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;iBAC5C,MAAM,CAAC,KAAK,CAAC;iBACb,WAAW,EAAE,CAAC;YAEjB,OAAO;gBACL,mBAAmB;gBACnB,UAAU;gBACV,GAAG;aACJ,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient\";\nimport type {\n OnBehalfOfCredentialAssertionOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n} from \"./onBehalfOfCredentialOptions\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport type { CertificateParts } from \"../msal/types\";\nimport type { ClientCertificatePEMCertificatePath } from \"./clientCertificateCredential\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\nimport { createHash } from \"node:crypto\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { readFile } from \"node:fs/promises\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/*\n Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).\n /\nexport class OnBehalfOfCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private sendCertificateChain?: boolean;\n private certificatePath?: string;\n private clientSecret?: string;\n private userAssertionToken: string;\n private clientAssertion?: () => Promise<string>;\n\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,\n * and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_pem_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * certificatePath: \"/path/to/certificate.pem\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialCertificateOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * secret and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_secret_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * clientSecret: \"client-secret\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialSecretOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n /\n Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client `getAssertion`\n * and an user assertion.\n \n Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n \n ```ts snippet:on_behalf_of_credential_assertion_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n \n const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * getAssertion: () => {\n * return Promise.resolve(\"my-jwt\");\n * },\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n * await client.getKey(\"key-name\");\n * ```\n \n @param options - Optional parameters, generally common across credentials.\n /\n constructor(\n options: OnBehalfOfCredentialAssertionOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n constructor(options: OnBehalfOfCredentialOptions) {\n const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n const { certificatePath, sendCertificateChain } =\n options as OnBehalfOfCredentialCertificateOptions;\n const { getAssertion } = options as OnBehalfOfCredentialAssertionOptions;\n const {\n tenantId,\n clientId,\n userAssertionToken,\n additionallyAllowedTenants: additionallyAllowedTenantIds,\n } = options;\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientSecret && !certificatePath && !getAssertion) {\n throw new CredentialUnavailableError(\n `${credentialName}: You must provide one of clientSecret, certificatePath, or a getAssertion callback but none were provided. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!userAssertionToken) {\n throw new CredentialUnavailableError(\n `${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n this.certificatePath = certificatePath;\n this.clientSecret = clientSecret;\n this.userAssertionToken = userAssertionToken;\n this.sendCertificateChain = sendCertificateChain;\n this.clientAssertion = getAssertion;\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n additionallyAllowedTenantIds,\n );\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the underlying network requests.\n /\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n if (this.certificatePath) {\n const clientCertificate = await this.buildClientCertificate(this.certificatePath);\n\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n clientCertificate,\n newOptions,\n );\n } else if (this.clientSecret) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientSecret,\n options,\n );\n } else if (this.clientAssertion) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientAssertion,\n options,\n );\n } else {\n // this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided\n throw new Error(\n \"Expected either clientSecret or certificatePath or clientAssertion to be defined.\",\n );\n }\n });\n }\n\n private async buildClientCertificate(certificatePath: string): Promise<CertificateParts> {\n try {\n const parts = await this.parseCertificate({ certificatePath }, this.sendCertificateChain);\n return {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n logger.info(formatError(\"\", error));\n throw error;\n }\n }\n\n private async parseCertificate(\n configuration: ClientCertificatePEMCertificatePath,\n sendCertificateChain?: boolean,\n ): Promise<Omit<CertificateParts, \"privateKey\"> & { certificateContents: string }> {\n const certificatePath = configuration.certificatePath;\n const certificateContents = await readFile(certificatePath, \"utf8\");\n const x5c = sendCertificateChain ? certificateContents : undefined;\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n const thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return {\n certificateContents,\n thumbprint,\n x5c,\n };\n }\n}\n"]}

package/dist-esm/identity/src/credentials/onBehalfOfCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"onBehalfOfCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/onBehalfOfCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.\n /\nexport interface OnBehalfOfCredentialSecretOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n A client secret that was generated for the App Registration.\n /\n clientSecret: string;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n}\n\n/\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.\n /\nexport interface OnBehalfOfCredentialCertificateOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n The path to a PEM-encoded public/private key certificate on the filesystem.\n /\n certificatePath: string;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n /\n sendCertificateChain?: boolean;\n}\n\n/\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with an assertion.\n /\nexport interface OnBehalfOfCredentialAssertionOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n A function that retrieves the client assertion for the credential to use\n /\n getAssertion: () => Promise<string>;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n}\n/\n Optional parameters for the {@link OnBehalfOfCredential} class.\n */\nexport type OnBehalfOfCredentialOptions = (\n \| OnBehalfOfCredentialSecretOptions\n \| OnBehalfOfCredentialCertificateOptions\n \| OnBehalfOfCredentialAssertionOptions\n) &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions &\n AuthorityValidationOptions;\n"]}
1	+ {"version":3,"file":"onBehalfOfCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/onBehalfOfCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.\n /\nexport interface OnBehalfOfCredentialSecretOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n A client secret that was generated for the App Registration.\n /\n clientSecret: string;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n}\n\n/\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.\n /\nexport interface OnBehalfOfCredentialCertificateOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n The path to a PEM-encoded public/private key certificate on the filesystem.\n /\n certificatePath: string;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n /\n sendCertificateChain?: boolean;\n}\n\n/\n Defines the parameters to authenticate the {@link OnBehalfOfCredential} with an assertion.\n /\nexport interface OnBehalfOfCredentialAssertionOptions {\n /\n The Microsoft Entra tenant (directory) ID.\n /\n tenantId: string;\n /\n The client (application) ID of an App Registration in the tenant.\n /\n clientId: string;\n /\n A function that retrieves the client assertion for the credential to use\n /\n getAssertion: () => Promise<string>;\n /\n The user assertion for the On-Behalf-Of flow.\n /\n userAssertionToken: string;\n}\n/\n Optional parameters for the {@link OnBehalfOfCredential} class.\n */\nexport type OnBehalfOfCredentialOptions = (\n \| OnBehalfOfCredentialSecretOptions\n \| OnBehalfOfCredentialCertificateOptions\n \| OnBehalfOfCredentialAssertionOptions\n) &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions &\n AuthorityValidationOptions;\n"]}

package/dist-esm/identity/src/credentials/usernamePasswordCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;~~AAGlC~~,OAAO,~~EAAc~~,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;~~AAC5E~~,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,CAAO,UAAU,EAAE,EAAE;gBACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;gBAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;YACJ,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { MsalClient, createMsalClient } from \"../msal/nodeFlows/msalClient\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport { CredentialUnavailableError } from \"../errors\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n \n @param tenantId - The Microsoft Entra tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!username) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!password) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.username = username;\n this.password = password;\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByUsernamePassword(\n arrayScopes,\n this.username,\n this.password,\n newOptions,\n );\n },\n );\n }\n}\n"]}
1	+ {"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,kCACrD,OAAO,KACV,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,CAAO,UAAU,EAAE,EAAE;gBACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;gBAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;YACJ,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport { CredentialUnavailableError } from \"../errors\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n \n @param tenantId - The Microsoft Entra tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!username) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!password) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.username = username;\n this.password = password;\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByUsernamePassword(\n arrayScopes,\n this.username,\n this.password,\n newOptions,\n );\n },\n );\n }\n}\n"]}

package/dist-esm/identity/src/credentials/usernamePasswordCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"usernamePasswordCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Defines options for the {@link UsernamePasswordCredential} class.\n */\nexport interface UsernamePasswordCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}
1	+ {"version":3,"file":"usernamePasswordCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Defines options for the {@link UsernamePasswordCredential} class.\n */\nexport interface UsernamePasswordCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

package/dist-esm/identity/src/credentials/visualStudioCodeCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG1D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;QACX,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAChC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACW,OAAO;;YACnB,kEAAkE;YAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,cAAc,EAAE,CAAC;gBACnB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;YACjC,CAAC;YACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;KAAA;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;;YAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YAEzB,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;YAErB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,IAAI,0BAA0B,CAClC;oBACE,iEAAiE;oBACjE,uGAAuG;oBACvG,mFAAmF;oBACnF,mFAAmF;oBACnF,wFAAwF;iBACzF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;YACJ,CAAC;YAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEzE,4DAA4D;YAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC7C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9C,WAAW,IAAI,iBAAiB,CAAC;YACnC,CAAC;YAED,+CAA+C;YAC/C,IAAI;YACJ,MAAM;YACN,mBAAmB;YACnB,oBAAoB;YACpB,OAAO;YACP,cAAc;YACd,IAAI;YACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;YAE5C,yFAAyF;YACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;YAExF,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;gBAEF,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;gBACnC,CAAC;qBAAM,CAAC;oBACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder \| undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n findCredentials = finder;\n },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailableError(unsupportedTenantError);\n }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" \| \"AzureChina\" \| \"AzureGermanCloud\" \| \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n AzureChina: AzureAuthorityHosts.AzureChina,\n AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/*\n Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n /\nexport function getPropertyFromVSCode(property: string): string \| undefined {\n const settingsPath = [\"User\", \"settings.json\"];\n // Eventually we can add more folders for more versions of VSCode.\n const vsCodeFolder = \"Code\";\n const homedir = os.homedir();\n\n function loadProperty(...pathSegments: string[]): string \| undefined {\n const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n return settings[property];\n }\n\n try {\n let appData: string;\n switch (process.platform) {\n case \"win32\":\n appData = process.env.APPDATA!;\n return appData ? loadProperty(appData) : undefined;\n case \"darwin\":\n return loadProperty(homedir, \"Library\", \"Application Support\");\n case \"linux\":\n return loadProperty(homedir, \".config\");\n default:\n return;\n }\n } catch (e: any) {\n logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n return;\n }\n}\n\n/\n Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n \n It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't\n * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)\n * versions newer than 0.9.11. A long-term fix to this problem is in progress. In the meantime, consider\n * authenticating with {@link AzureCliCredential}.\n /\nexport class VisualStudioCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private cloudName: VSCodeCloudNames;\n\n /\n Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n \n Note: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: VisualStudioCodeCredentialOptions) {\n // We want to make sure we use the one assigned by the user on the VSCode settings.\n // Or just `AzureCloud` by default.\n this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") \|\| \"AzureCloud\") as VSCodeCloudNames;\n\n // Picking an authority host based on the cloud name.\n const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n this.identityClient = new IdentityClient({\n authorityHost,\n ...options,\n });\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n Runs preparations for any further getToken request.\n /\n private async prepare(): Promise<void> {\n // Attempts to load the tenant from the VSCode configuration file.\n const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n if (settingsTenant) {\n this.tenantId = settingsTenant;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n /\n private preparePromise: Promise<void> \| undefined;\n\n /\n Runs preparations for any further getToken, but only once.\n /\n private prepareOnce(): Promise<void> \| undefined {\n if (!this.preparePromise) {\n this.preparePromise = this.prepare();\n }\n return this.preparePromise;\n }\n\n /\n Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n await this.prepareOnce();\n\n const tenantId =\n processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n logger,\n ) \|\| this.tenantId;\n\n if (findCredentials === undefined) {\n throw new CredentialUnavailableError(\n [\n \"No implementation of `VisualStudioCodeCredential` is available.\",\n \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n \"To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n ].join(\" \"),\n );\n }\n\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // findCredentials returns an array similar to:\n // [\n // {\n // account: \"\",\n // password: \"\",\n // },\n // / ... */\n // ]\n const credentials = await findCredentials();\n\n // If we can't find the credential based on the name, we'll pick the first one available.\n const { password: refreshToken } =\n credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n if (refreshToken) {\n const tokenResponse = await this.identityClient.refreshAccessToken(\n tenantId,\n AzureAccountClientId,\n scopeString,\n refreshToken,\n undefined,\n );\n\n if (tokenResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return tokenResponse.accessToken;\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n }\n}\n"]}
1	+ {"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG1D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;QACX,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAChC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACW,OAAO;;YACnB,kEAAkE;YAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,cAAc,EAAE,CAAC;gBACnB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;YACjC,CAAC;YACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;KAAA;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;;YAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YAEzB,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;YAErB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,IAAI,0BAA0B,CAClC;oBACE,iEAAiE;oBACjE,uGAAuG;oBACvG,mFAAmF;oBACnF,mFAAmF;oBACnF,wFAAwF;iBACzF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;YACJ,CAAC;YAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEzE,4DAA4D;YAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC7C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9C,WAAW,IAAI,iBAAiB,CAAC;YACnC,CAAC;YAED,+CAA+C;YAC/C,IAAI;YACJ,MAAM;YACN,mBAAmB;YACnB,oBAAoB;YACpB,OAAO;YACP,cAAc;YACd,IAAI;YACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;YAE5C,yFAAyF;YACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;YAExF,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;gBAEF,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;gBACnC,CAAC;qBAAM,CAAC;oBACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport type { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions\";\nimport type { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder \| undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n findCredentials = finder;\n },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailableError(unsupportedTenantError);\n }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" \| \"AzureChina\" \| \"AzureGermanCloud\" \| \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n AzureChina: AzureAuthorityHosts.AzureChina,\n AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/*\n Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n /\nexport function getPropertyFromVSCode(property: string): string \| undefined {\n const settingsPath = [\"User\", \"settings.json\"];\n // Eventually we can add more folders for more versions of VSCode.\n const vsCodeFolder = \"Code\";\n const homedir = os.homedir();\n\n function loadProperty(...pathSegments: string[]): string \| undefined {\n const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n return settings[property];\n }\n\n try {\n let appData: string;\n switch (process.platform) {\n case \"win32\":\n appData = process.env.APPDATA!;\n return appData ? loadProperty(appData) : undefined;\n case \"darwin\":\n return loadProperty(homedir, \"Library\", \"Application Support\");\n case \"linux\":\n return loadProperty(homedir, \".config\");\n default:\n return;\n }\n } catch (e: any) {\n logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n return;\n }\n}\n\n/\n Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n \n It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't\n * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)\n * versions newer than 0.9.11. A long-term fix to this problem is in progress. In the meantime, consider\n * authenticating with {@link AzureCliCredential}.\n /\nexport class VisualStudioCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private cloudName: VSCodeCloudNames;\n\n /\n Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n \n Note: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed and registered\n * using the plugin API (`useIdentityPlugin`), then authentication using\n * `VisualStudioCodeCredential` will not be available.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: VisualStudioCodeCredentialOptions) {\n // We want to make sure we use the one assigned by the user on the VSCode settings.\n // Or just `AzureCloud` by default.\n this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") \|\| \"AzureCloud\") as VSCodeCloudNames;\n\n // Picking an authority host based on the cloud name.\n const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n this.identityClient = new IdentityClient({\n authorityHost,\n ...options,\n });\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n Runs preparations for any further getToken request.\n /\n private async prepare(): Promise<void> {\n // Attempts to load the tenant from the VSCode configuration file.\n const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n if (settingsTenant) {\n this.tenantId = settingsTenant;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n /\n private preparePromise: Promise<void> \| undefined;\n\n /\n Runs preparations for any further getToken, but only once.\n /\n private prepareOnce(): Promise<void> \| undefined {\n if (!this.preparePromise) {\n this.preparePromise = this.prepare();\n }\n return this.preparePromise;\n }\n\n /\n Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n await this.prepareOnce();\n\n const tenantId =\n processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n logger,\n ) \|\| this.tenantId;\n\n if (findCredentials === undefined) {\n throw new CredentialUnavailableError(\n [\n \"No implementation of `VisualStudioCodeCredential` is available.\",\n \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n \"To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n ].join(\" \"),\n );\n }\n\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // findCredentials returns an array similar to:\n // [\n // {\n // account: \"\",\n // password: \"\",\n // },\n // / ... */\n // ]\n const credentials = await findCredentials();\n\n // If we can't find the credential based on the name, we'll pick the first one available.\n const { password: refreshToken } =\n credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n if (refreshToken) {\n const tokenResponse = await this.identityClient.refreshAccessToken(\n tenantId,\n AzureAccountClientId,\n scopeString,\n refreshToken,\n undefined,\n );\n\n if (tokenResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return tokenResponse.accessToken;\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n } else {\n const error = new CredentialUnavailableError(\n \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n }\n}\n"]}

package/dist-esm/identity/src/credentials/visualStudioCodeCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Provides options to configure the Visual Studio Code credential.\n /\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n"]}
1	+ {"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Provides options to configure the Visual Studio Code credential.\n /\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n"]}

package/dist-esm/identity/src/credentials/workloadIdentityCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;iKAIqH,CAAC;gBAC5J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/C,CAAC;KAAA;IAEa,gBAAgB;;YAC5B,2CAA2C;YAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;gBACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;YAClD,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;gBACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;oBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC9B,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;QAC7C,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport { readFile } from \"fs/promises\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/*\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/\n Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n /\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential \| undefined;\n private azureFederatedTokenFileContent: string \| undefined = undefined;\n private cacheDate: number \| undefined = undefined;\n private federatedTokenFilePath: string \| undefined;\n\n /\n WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n \n @param options - The identity client options to use for authentication.\n /\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId \|\| process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId \|\| process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath \|\| process.env.AZURE_FEDERATED_TOKEN_FILE;\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n options,\n );\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken \| null> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}
1	+ {"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;iKAIqH,CAAC;gBAC5J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/C,CAAC;KAAA;IAEa,gBAAgB;;YAC5B,2CAA2C;YAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;gBACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;YAClD,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;gBACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;oBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC9B,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;QAC7C,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport { readFile } from \"fs/promises\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/*\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/\n Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n /\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential \| undefined;\n private azureFederatedTokenFileContent: string \| undefined = undefined;\n private cacheDate: number \| undefined = undefined;\n private federatedTokenFilePath: string \| undefined;\n\n /\n WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n \n @param options - The identity client options to use for authentication.\n /\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId \|\| process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId \|\| process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath \|\| process.env.AZURE_FEDERATED_TOKEN_FILE;\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n options,\n );\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken \| null> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}

package/dist-esm/identity/src/credentials/workloadIdentityCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Options for the {@link WorkloadIdentityCredential}\n /\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {\n /\n ID of the application's Microsoft Entra tenant. Also called its directory ID.\n /\n tenantId?: string;\n /\n The client ID of a Microsoft Entra app registration.\n /\n clientId?: string;\n /\n The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n tokenFilePath?: string;\n}\n"]}
1	+ {"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/*\n Options for the {@link WorkloadIdentityCredential}\n /\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {\n /\n ID of the application's Microsoft Entra tenant. Also called its directory ID.\n /\n tenantId?: string;\n /\n The client ID of a Microsoft Entra app registration.\n /\n clientId?: string;\n /\n The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n tokenFilePath?: string;\n}\n"]}

package/dist-esm/identity/src/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../identity/src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/*\n See the official documentation for more details:\n \n https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n \n NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n /\nexport interface ErrorResponse {\n /\n The string identifier for the error.\n /\n error: string;\n\n /\n The error's description.\n /\n errorDescription: string;\n\n /\n An array of codes pertaining to the error(s) that occurred.\n /\n errorCodes?: number[];\n\n /\n The timestamp at which the error occurred.\n /\n timestamp?: string;\n\n /\n The trace identifier for this error occurrence.\n /\n traceId?: string;\n\n /\n The correlation ID to be used for tracking the source of the error.\n /\n correlationId?: string;\n}\n\n/\n Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n /\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/\n The Error.name value of an CredentialUnavailable\n /\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/\n This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n /\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/\n The Error.name value of an AuthenticationError\n /\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/\n Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n /\nexport class AuthenticationError extends Error {\n /\n The HTTP status code returned from the authentication request.\n /\n public readonly statusCode: number;\n\n /\n The error response details.\n /\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object \| string \| undefined \| null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/\n The Error.name value of an AggregateAuthenticationError\n /\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/\n Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n /\nexport class AggregateAuthenticationError extends Error {\n /\n The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n /\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/\n Optional parameters to the {@link AuthenticationRequiredError}\n /\nexport interface AuthenticationRequiredErrorOptions {\n /\n The list of scopes for which the token will have access.\n /\n scopes: string[];\n /\n The options passed to the getToken request.\n /\n getTokenOptions?: GetTokenOptions;\n /\n The message of the error.\n /\n message?: string;\n /\n The underlying cause, if any, that caused the authentication to fail.\n /\n cause?: unknown;\n}\n\n/\n Error used to enforce authentication after trying to retrieve a token silently.\n /\nexport class AuthenticationRequiredError extends Error {\n /\n The list of scopes for which the token will have access.\n /\n public scopes: string[];\n /\n The options passed to the getToken request.\n /\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /\n Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(\n options.message,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options.cause ? { cause: options.cause } : undefined,\n );\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}
1	+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../identity/src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/*\n See the official documentation for more details:\n \n https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n \n NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n /\nexport interface ErrorResponse {\n /\n The string identifier for the error.\n /\n error: string;\n\n /\n The error's description.\n /\n errorDescription: string;\n\n /\n An array of codes pertaining to the error(s) that occurred.\n /\n errorCodes?: number[];\n\n /\n The timestamp at which the error occurred.\n /\n timestamp?: string;\n\n /\n The trace identifier for this error occurrence.\n /\n traceId?: string;\n\n /\n The correlation ID to be used for tracking the source of the error.\n /\n correlationId?: string;\n}\n\n/\n Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n /\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/\n The Error.name value of an CredentialUnavailable\n /\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/\n This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n /\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/\n The Error.name value of an AuthenticationError\n /\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/\n Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n /\nexport class AuthenticationError extends Error {\n /\n The HTTP status code returned from the authentication request.\n /\n public readonly statusCode: number;\n\n /\n The error response details.\n /\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object \| string \| undefined \| null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/\n The Error.name value of an AggregateAuthenticationError\n /\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/\n Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n /\nexport class AggregateAuthenticationError extends Error {\n /\n The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n /\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/\n Optional parameters to the {@link AuthenticationRequiredError}\n /\nexport interface AuthenticationRequiredErrorOptions {\n /\n The list of scopes for which the token will have access.\n /\n scopes: string[];\n /\n The options passed to the getToken request.\n /\n getTokenOptions?: GetTokenOptions;\n /\n The message of the error.\n /\n message?: string;\n /\n The underlying cause, if any, that caused the authentication to fail.\n /\n cause?: unknown;\n}\n\n/\n Error used to enforce authentication after trying to retrieve a token silently.\n /\nexport class AuthenticationRequiredError extends Error {\n /\n The list of scopes for which the token will have access.\n /\n public scopes: string[];\n /\n The options passed to the getToken request.\n /\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /\n Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(\n options.message,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options.cause ? { cause: options.cause } : undefined,\n );\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}

package/dist-esm/identity/src/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../identity/src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAe9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAI1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAM1E,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAE9G,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAQpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;AAED,OAAO,EAAE,sBAAsB,EAAiC,MAAM,iBAAiB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n AuthenticationError,\n ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailableError,\n CredentialUnavailableErrorName,\n AuthenticationRequiredError,\n AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { BrokerAuthOptions } from \"./credentials/brokerAuthOptions\";\nexport {\n BrokerOptions,\n BrokerEnabledOptions,\n BrokerDisabledOptions,\n} from \"./msal/nodeFlows/brokerOptions\";\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n ClientCertificateCredential,\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificatePath,\n ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential\";\nexport { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n InteractiveBrowserCredentialNodeOptions,\n InteractiveBrowserCredentialInBrowserOptions,\n BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n ManagedIdentityCredential,\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n ManagedIdentityCredentialObjectIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n DeviceCodePromptCallback,\n DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\nexport { AzurePipelinesCredential as AzurePipelinesCredential } from \"./credentials/azurePipelinesCredential\";\nexport { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from \"./credentials/azurePipelinesCredentialOptions\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialAssertionOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions\";\nexport { BrowserCustomizationOptions } from \"./credentials/browserCustomizationOptions\";\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/*\n Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n\nexport { getBearerTokenProvider, GetBearerTokenProviderOptions } from \"./tokenProvider\";\n"]}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../identity/src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAe9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAI1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAM1E,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAE9G,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAQpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;AAED,OAAO,EAAE,sBAAsB,EAAiC,MAAM,iBAAiB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n AuthenticationError,\n ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailableError,\n CredentialUnavailableErrorName,\n AuthenticationRequiredError,\n AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { BrokerAuthOptions } from \"./credentials/brokerAuthOptions\";\nexport {\n BrokerOptions,\n BrokerEnabledOptions,\n BrokerDisabledOptions,\n} from \"./msal/nodeFlows/brokerOptions\";\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n ClientCertificateCredential,\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificatePath,\n ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential\";\nexport { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n InteractiveBrowserCredentialNodeOptions,\n InteractiveBrowserCredentialInBrowserOptions,\n BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n ManagedIdentityCredential,\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n ManagedIdentityCredentialObjectIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n DeviceCodePromptCallback,\n DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\nexport { AzurePipelinesCredential as AzurePipelinesCredential } from \"./credentials/azurePipelinesCredential\";\nexport { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from \"./credentials/azurePipelinesCredentialOptions\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialAssertionOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions\";\nexport { BrowserCustomizationOptions } from \"./credentials/browserCustomizationOptions\";\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/*\n Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n\nexport { getBearerTokenProvider, GetBearerTokenProviderOptions } from \"./tokenProvider\";\n"]}