npm - @azure/identity-cache-persistence - Versions diffs - 1.1.2-alpha.20241112.1 → 1.1.2-alpha.20241113.2 - Mend

@azure/identity-cache-persistence 1.1.2-alpha.20241112.1 → 1.1.2-alpha.20241113.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sources":["../src/platforms.ts","../src/provider.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable tsdoc/syntax /\n\nimport as path from \"path\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport {\n DataProtectionScope,\n FilePersistence,\n FilePersistenceWithDataProtection,\n KeychainPersistence,\n LibSecretPersistence,\n} from \"@azure/msal-node-extensions\";\nimport type { TokenCachePersistenceOptions } from \"@azure/identity\";\n\n/*\n Local application data folder\n * Expected values:\n * - Darwin: '/Users/user/'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local'\n * - Linux: '/home/user/.local/share'\n * @internal\n /\nconst localApplicationDataFolder =\n process.env.APPDATA?.replace?.(/(.Roaming)$/, \"\\\\Local\") ?? process.env.HOME!;\n\n/*\n Dictionary of values that we use as default as we discover, pick and enable the persistence layer.\n * @internal\n /\nexport const defaultMsalValues = {\n tokenCache: {\n name: \"msal.cache\",\n // Expected values:\n // - Darwin: '/Users/user/.IdentityService'\n // - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService'\n // - Linux: '/home/user/.IdentityService'\n directory: path.join(localApplicationDataFolder, \".IdentityService\"),\n },\n keyRing: {\n label: \"MSALCache\",\n schema: \"msal.cache\",\n collection: \"default\",\n attributes: {\n MsalClientID: \"Microsoft.Developer.IdentityService\",\n \"Microsoft.Developer.IdentityService\": \"1.0.0.0\",\n },\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n keyChain: {\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n};\n\n/\n Options that are used by the underlying MSAL cache provider.\n * @internal\n /\nexport type MsalPersistenceOptions = Omit<TokenCachePersistenceOptions, \"enabled\">;\n\n/\n A function that returns a persistent token cache instance.\n * @internal\n /\ntype MsalPersistenceFactory = (options?: MsalPersistenceOptions) => Promise<Persistence>;\n\n/\n Expected responses:\n * - Darwin: '/Users/user/.IdentityService/<name>'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'\n * - Linux: '/home/user/.IdentityService/<name>'\n * @internal\n /\nfunction getPersistencePath(name: string): string {\n return path.join(defaultMsalValues.tokenCache.directory, name);\n}\n\n/\n Set of the platforms we attempt to deliver persistence on.\n \n - On Windows we use DPAPI.\n * - On OSX (Darwin), we try to use the system's Keychain, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n * - On Linux, we try to use the system's Keyring, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n \n Other platforms _are not supported_ at this time.\n \n @internal\n /\nexport const msalPersistencePlatforms: Partial<Record<NodeJS.Platform, MsalPersistenceFactory>> = {\n win32: ({ name = defaultMsalValues.tokenCache.name } = {}): Promise<Persistence> =>\n FilePersistenceWithDataProtection.create(\n getPersistencePath(name),\n DataProtectionScope.CurrentUser,\n ),\n\n darwin: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyChain;\n const persistencePath = getPersistencePath(name \|\| defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await KeychainPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keychain, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the macOS Keychain.\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n\n linux: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyRing;\n const persistencePath = getPersistencePath(name \|\| defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await LibSecretPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keyring, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the system keyring (libsecret).\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MsalPersistenceOptions } from \"./platforms\";\nimport { msalPersistencePlatforms } from \"./platforms\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport { PersistenceCachePlugin } from \"@azure/msal-node-extensions\";\nimport type { ICachePlugin as CachePlugin } from \"@azure/msal-node\";\n\n/\n This is used to gain access to the underlying Persistence instance, which we use for testing\n \n @returns a raw persistence instance\n * @internal\n /\nexport async function createPersistence(options: MsalPersistenceOptions): Promise<Persistence> {\n const persistence = await msalPersistencePlatforms[process.platform]?.(options);\n\n if (persistence === undefined) {\n throw new Error(\"no persistence providers are available on this platform\");\n }\n\n return persistence;\n}\n\nexport async function createPersistenceCachePlugin(\n options?: MsalPersistenceOptions,\n): Promise<CachePlugin> {\n const persistence = await createPersistence(options ?? {});\n\n return new PersistenceCachePlugin(persistence, {\n retryNumber: 100,\n retryDelay: 50,\n });\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AzurePluginContext } from \"../../identity/src/plugins/provider\";\nimport type { IdentityPlugin } from \"@azure/identity\";\nimport { createPersistenceCachePlugin } from \"./provider\";\n\n/\n A plugin that provides persistent token caching for `@azure/identity`\n * credentials. The plugin API is compatible with `@azure/identity` versions\n * 2.0.0 and later. Load this plugin using the `useIdentityPlugin`\n * function, imported from `@azure/identity`.\n \n In order to enable this functionality, you must also pass\n * `tokenCachePersistenceOptions` to your credential constructors with an\n * `enabled` property set to true.\n \n Example:\n \n ```ts snippet:device_code_credential_example\n * import { DeviceCodeCredential } from \"@azure/identity\";\n \n const credential = new DeviceCodeCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true,\n * },\n * });\n * // We'll use the Microsoft Graph scope as an example\n * const scope = \"https://graph.microsoft.com/.default\";\n * // Print out part of the access token\n * console.log((await credential.getToken(scope)).token.substring(0, 10), \"...\");\n * ```\n */\n\nexport const cachePersistencePlugin: IdentityPlugin = (context) => {\n const { cachePluginControl } = context as AzurePluginContext;\n\n cachePluginControl.setPersistence(createPersistenceCachePlugin);\n};\n"],"names":["path","FilePersistenceWithDataProtection","DataProtectionScope","__awaiter","KeychainPersistence","FilePersistence","LibSecretPersistence","PersistenceCachePlugin"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;;AAeA;;;;;;;AAOG;AACH,MAAM,0BAA0B,GAC9B,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,MAAA,OAAO,CAAC,GAAG,CAAC,OAAO,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,OAAO,MAAG,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,CAAA,EAAA,EAAA,cAAc,EAAE,SAAS,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,OAAO,CAAC,GAAG,CAAC,IAAK;AAEhF;;;AAGG;AACI,MAAM,iBAAiB,GAAG;AAC/B,IAAA,UAAU,EAAE;AACV,QAAA,IAAI,EAAE,YAAY;;;;;QAKlB,SAAS,EAAEA,eAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,kBAAkB,CAAC;AACrE,KAAA;AACD,IAAA,OAAO,EAAE;AACP,QAAA,KAAK,EAAE,WAAW;AAClB,QAAA,MAAM,EAAE,YAAY;AACpB,QAAA,UAAU,EAAE,SAAS;AACrB,QAAA,UAAU,EAAE;AACV,YAAA,YAAY,EAAE,qCAAqC;AACnD,YAAA,qCAAqC,EAAE,SAAS;AACjD,SAAA;AACD,QAAA,OAAO,EAAE,qCAAqC;AAC9C,QAAA,OAAO,EAAE,WAAW;AACrB,KAAA;AACD,IAAA,QAAQ,EAAE;AACR,QAAA,OAAO,EAAE,qCAAqC;AAC9C,QAAA,OAAO,EAAE,WAAW;AACrB,KAAA;CACF;AAcD;;;;;;AAMG;AACH,SAAS,kBAAkB,CAAC,IAAY,EAAA;AACtC,IAAA,OAAOA,eAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC;AAChE;AAEA;;;;;;;;;;AAUG;AACI,MAAM,wBAAwB,GAA6D;AAChG,IAAA,KAAK,EAAE,CAAC,EAAE,IAAI,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KACvDC,oDAAiC,CAAC,MAAM,CACtC,kBAAkB,CAAC,IAAI,CAAC,EACxBC,sCAAmB,CAAC,WAAW,CAChC;AAEH,IAAA,MAAM,EAAE,CAAA,GAAA,MAAA,KAAqEC,eAAA,CAAA,KAAA,CAAA,EAAA,CAAA,GAAA,MAAA,CAAA,EAAA,KAAA,CAAA,EAAA,WAA9D,UAAkC,EAAE,EAAA;AACjD,QAAA,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO;QACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,QAAQ;AACvD,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;AAErF,QAAA,IAAI;AACF,YAAA,MAAM,WAAW,GAAG,MAAMC,sCAAmB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC;;AAEvF,YAAA,MAAM,WAAW,CAAC,IAAI,EAAE;AACxB,YAAA,OAAO,WAAW;;QAClB,OAAO,CAAM,EAAE;;;YAGf,IAAI,CAAC,6BAA6B,EAAE;AAClC,gBAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC;;AAE5D,YAAA,OAAOC,kCAAe,CAAC,MAAM,CAAC,eAAe,CAAC;;AAElD,KAAC,CAAA;AAED,IAAA,KAAK,EAAE,CAAA,GAAA,MAAA,KAAqEF,eAAA,CAAA,KAAA,CAAA,EAAA,CAAA,GAAA,MAAA,CAAA,EAAA,KAAA,CAAA,EAAA,WAA9D,UAAkC,EAAE,EAAA;AAChD,QAAA,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO;QACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,OAAO;AACtD,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;AAErF,QAAA,IAAI;AACF,YAAA,MAAM,WAAW,GAAG,MAAMG,uCAAoB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC;;AAExF,YAAA,MAAM,WAAW,CAAC,IAAI,EAAE;AACxB,YAAA,OAAO,WAAW;;QAClB,OAAO,CAAM,EAAE;;;YAGf,IAAI,CAAC,6BAA6B,EAAE;AAClC,gBAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;;AAExE,YAAA,OAAOD,kCAAe,CAAC,MAAM,CAAC,eAAe,CAAC;;AAElD,KAAC,CAAA;CACF;;ACzID;AACA;AAQA;;;;;AAKG;AACG,SAAgB,iBAAiB,CAAC,OAA+B,EAAA;;;AACrE,QAAA,MAAM,WAAW,GAAG,OAAM,MAAA,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,CAAA,wBAAA,EAAG,OAAO,CAAC,CAAA;AAE/E,QAAA,IAAI,WAAW,KAAK,SAAS,EAAE;AAC7B,YAAA,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC;;AAG5E,QAAA,OAAO,WAAW;KACnB,CAAA;AAAA;AAEK,SAAgB,4BAA4B,CAChD,OAAgC,EAAA;;AAEhC,QAAA,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,KAAP,IAAA,IAAA,OAAO,KAAP,KAAA,CAAA,GAAA,OAAO,GAAI,EAAE,CAAC;AAE1D,QAAA,OAAO,IAAIE,yCAAsB,CAAC,WAAW,EAAE;AAC7C,YAAA,WAAW,EAAE,GAAG;AAChB,YAAA,UAAU,EAAE,EAAE;AACf,SAAA,CAAC;KACH,CAAA;AAAA;;AClCD;AACA;AAMA;;;;;;;;;;;;;;;;;;;;;;;;;AAyBG;AAEU,MAAA,sBAAsB,GAAmB,CAAC,OAAO,KAAI;AAChE,IAAA,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAA6B;AAE5D,IAAA,kBAAkB,CAAC,cAAc,CAAC,4BAA4B,CAAC;AACjE;;;;"}
1	+ {"version":3,"file":"index.js","sources":["../src/platforms.ts","../src/provider.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable tsdoc/syntax /\n\nimport as path from \"path\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport {\n DataProtectionScope,\n FilePersistence,\n FilePersistenceWithDataProtection,\n KeychainPersistence,\n LibSecretPersistence,\n} from \"@azure/msal-node-extensions\";\nimport type { TokenCachePersistenceOptions } from \"@azure/identity\";\n\n/*\n Local application data folder\n * Expected values:\n * - Darwin: '/Users/user/'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local'\n * - Linux: '/home/user/.local/share'\n * @internal\n /\nconst localApplicationDataFolder =\n process.env.APPDATA?.replace?.(/(.Roaming)$/, \"\\\\Local\") ?? process.env.HOME!;\n\n/*\n Dictionary of values that we use as default as we discover, pick and enable the persistence layer.\n * @internal\n /\nexport const defaultMsalValues = {\n tokenCache: {\n name: \"msal.cache\",\n // Expected values:\n // - Darwin: '/Users/user/.IdentityService'\n // - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService'\n // - Linux: '/home/user/.IdentityService'\n directory: path.join(localApplicationDataFolder, \".IdentityService\"),\n },\n keyRing: {\n label: \"MSALCache\",\n schema: \"msal.cache\",\n collection: \"default\",\n attributes: {\n MsalClientID: \"Microsoft.Developer.IdentityService\",\n \"Microsoft.Developer.IdentityService\": \"1.0.0.0\",\n },\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n keyChain: {\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n};\n\n/\n Options that are used by the underlying MSAL cache provider.\n * @internal\n /\nexport type MsalPersistenceOptions = Omit<TokenCachePersistenceOptions, \"enabled\">;\n\n/\n A function that returns a persistent token cache instance.\n * @internal\n /\ntype MsalPersistenceFactory = (options?: MsalPersistenceOptions) => Promise<Persistence>;\n\n/\n Expected responses:\n * - Darwin: '/Users/user/.IdentityService/<name>'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'\n * - Linux: '/home/user/.IdentityService/<name>'\n * @internal\n /\nfunction getPersistencePath(name: string): string {\n return path.join(defaultMsalValues.tokenCache.directory, name);\n}\n\n/\n Set of the platforms we attempt to deliver persistence on.\n \n - On Windows we use DPAPI.\n * - On OSX (Darwin), we try to use the system's Keychain, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n * - On Linux, we try to use the system's Keyring, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n \n Other platforms _are not supported_ at this time.\n \n @internal\n /\nexport const msalPersistencePlatforms: Partial<Record<NodeJS.Platform, MsalPersistenceFactory>> = {\n win32: ({ name = defaultMsalValues.tokenCache.name } = {}): Promise<Persistence> =>\n FilePersistenceWithDataProtection.create(\n getPersistencePath(name),\n DataProtectionScope.CurrentUser,\n ),\n\n darwin: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyChain;\n const persistencePath = getPersistencePath(name \|\| defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await KeychainPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keychain, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the macOS Keychain.\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n\n linux: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyRing;\n const persistencePath = getPersistencePath(name \|\| defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await LibSecretPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keyring, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the system keyring (libsecret).\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MsalPersistenceOptions } from \"./platforms\";\nimport { msalPersistencePlatforms } from \"./platforms\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport { PersistenceCachePlugin } from \"@azure/msal-node-extensions\";\nimport type { ICachePlugin as CachePlugin } from \"@azure/msal-node\";\n\n/\n This is used to gain access to the underlying Persistence instance, which we use for testing\n \n @returns a raw persistence instance\n * @internal\n /\nexport async function createPersistence(options: MsalPersistenceOptions): Promise<Persistence> {\n const persistence = await msalPersistencePlatforms[process.platform]?.(options);\n\n if (persistence === undefined) {\n throw new Error(\"no persistence providers are available on this platform\");\n }\n\n return persistence;\n}\n\nexport async function createPersistenceCachePlugin(\n options?: MsalPersistenceOptions,\n): Promise<CachePlugin> {\n const persistence = await createPersistence(options ?? {});\n\n return new PersistenceCachePlugin(persistence, {\n retryNumber: 100,\n retryDelay: 50,\n });\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { IdentityPlugin, TokenCachePersistenceOptions } from \"@azure/identity\";\nimport { createPersistenceCachePlugin } from \"./provider\";\n\n/\n Plugin context entries for controlling cache plugins.\n /\ninterface CachePluginControl {\n setPersistence(\n persistenceFactory: (\n options?: TokenCachePersistenceOptions,\n ) => Promise<import(\"@azure/msal-node\").ICachePlugin>,\n ): void;\n}\n/\n Context options passed to a plugin during initialization.\n \n Represents a subset of the context defined in `@azure/identity`\n \n /\ninterface AzurePluginContext {\n cachePluginControl: CachePluginControl;\n}\n\n/*\n A plugin that provides persistent token caching for `@azure/identity`\n * credentials. The plugin API is compatible with `@azure/identity` versions\n * 2.0.0 and later. Load this plugin using the `useIdentityPlugin`\n * function, imported from `@azure/identity`.\n \n In order to enable this functionality, you must also pass\n * `tokenCachePersistenceOptions` to your credential constructors with an\n * `enabled` property set to true.\n \n Example:\n \n ```ts snippet:device_code_credential_example\n * import { DeviceCodeCredential } from \"@azure/identity\";\n \n const credential = new DeviceCodeCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true,\n * },\n * });\n * // We'll use the Microsoft Graph scope as an example\n * const scope = \"https://graph.microsoft.com/.default\";\n * // Print out part of the access token\n * console.log((await credential.getToken(scope)).token.substring(0, 10), \"...\");\n * ```\n */\n\nexport const cachePersistencePlugin: IdentityPlugin = (context) => {\n const { cachePluginControl } = context as AzurePluginContext;\n\n cachePluginControl.setPersistence(createPersistenceCachePlugin);\n};\n"],"names":["path","FilePersistenceWithDataProtection","DataProtectionScope","__awaiter","KeychainPersistence","FilePersistence","LibSecretPersistence","PersistenceCachePlugin"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;;AAeA;;;;;;;AAOG;AACH,MAAM,0BAA0B,GAC9B,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,MAAA,OAAO,CAAC,GAAG,CAAC,OAAO,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,OAAO,MAAG,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,CAAA,EAAA,EAAA,cAAc,EAAE,SAAS,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,OAAO,CAAC,GAAG,CAAC,IAAK;AAEhF;;;AAGG;AACI,MAAM,iBAAiB,GAAG;AAC/B,IAAA,UAAU,EAAE;AACV,QAAA,IAAI,EAAE,YAAY;;;;;QAKlB,SAAS,EAAEA,eAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,kBAAkB,CAAC;AACrE,KAAA;AACD,IAAA,OAAO,EAAE;AACP,QAAA,KAAK,EAAE,WAAW;AAClB,QAAA,MAAM,EAAE,YAAY;AACpB,QAAA,UAAU,EAAE,SAAS;AACrB,QAAA,UAAU,EAAE;AACV,YAAA,YAAY,EAAE,qCAAqC;AACnD,YAAA,qCAAqC,EAAE,SAAS;AACjD,SAAA;AACD,QAAA,OAAO,EAAE,qCAAqC;AAC9C,QAAA,OAAO,EAAE,WAAW;AACrB,KAAA;AACD,IAAA,QAAQ,EAAE;AACR,QAAA,OAAO,EAAE,qCAAqC;AAC9C,QAAA,OAAO,EAAE,WAAW;AACrB,KAAA;CACF;AAcD;;;;;;AAMG;AACH,SAAS,kBAAkB,CAAC,IAAY,EAAA;AACtC,IAAA,OAAOA,eAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC;AAChE;AAEA;;;;;;;;;;AAUG;AACI,MAAM,wBAAwB,GAA6D;AAChG,IAAA,KAAK,EAAE,CAAC,EAAE,IAAI,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KACvDC,oDAAiC,CAAC,MAAM,CACtC,kBAAkB,CAAC,IAAI,CAAC,EACxBC,sCAAmB,CAAC,WAAW,CAChC;AAEH,IAAA,MAAM,EAAE,CAAA,GAAA,MAAA,KAAqEC,eAAA,CAAA,KAAA,CAAA,EAAA,CAAA,GAAA,MAAA,CAAA,EAAA,KAAA,CAAA,EAAA,WAA9D,UAAkC,EAAE,EAAA;AACjD,QAAA,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO;QACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,QAAQ;AACvD,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;AAErF,QAAA,IAAI;AACF,YAAA,MAAM,WAAW,GAAG,MAAMC,sCAAmB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC;;AAEvF,YAAA,MAAM,WAAW,CAAC,IAAI,EAAE;AACxB,YAAA,OAAO,WAAW;;QAClB,OAAO,CAAM,EAAE;;;YAGf,IAAI,CAAC,6BAA6B,EAAE;AAClC,gBAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC;;AAE5D,YAAA,OAAOC,kCAAe,CAAC,MAAM,CAAC,eAAe,CAAC;;AAElD,KAAC,CAAA;AAED,IAAA,KAAK,EAAE,CAAA,GAAA,MAAA,KAAqEF,eAAA,CAAA,KAAA,CAAA,EAAA,CAAA,GAAA,MAAA,CAAA,EAAA,KAAA,CAAA,EAAA,WAA9D,UAAkC,EAAE,EAAA;AAChD,QAAA,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO;QACvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,OAAO;AACtD,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;AAErF,QAAA,IAAI;AACF,YAAA,MAAM,WAAW,GAAG,MAAMG,uCAAoB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC;;AAExF,YAAA,MAAM,WAAW,CAAC,IAAI,EAAE;AACxB,YAAA,OAAO,WAAW;;QAClB,OAAO,CAAM,EAAE;;;YAGf,IAAI,CAAC,6BAA6B,EAAE;AAClC,gBAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;;AAExE,YAAA,OAAOD,kCAAe,CAAC,MAAM,CAAC,eAAe,CAAC;;AAElD,KAAC,CAAA;CACF;;ACzID;AACA;AAQA;;;;;AAKG;AACG,SAAgB,iBAAiB,CAAC,OAA+B,EAAA;;;AACrE,QAAA,MAAM,WAAW,GAAG,OAAM,MAAA,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,IAAA,CAAA,wBAAA,EAAG,OAAO,CAAC,CAAA;AAE/E,QAAA,IAAI,WAAW,KAAK,SAAS,EAAE;AAC7B,YAAA,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC;;AAG5E,QAAA,OAAO,WAAW;KACnB,CAAA;AAAA;AAEK,SAAgB,4BAA4B,CAChD,OAAgC,EAAA;;AAEhC,QAAA,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,KAAP,IAAA,IAAA,OAAO,KAAP,KAAA,CAAA,GAAA,OAAO,GAAI,EAAE,CAAC;AAE1D,QAAA,OAAO,IAAIE,yCAAsB,CAAC,WAAW,EAAE;AAC7C,YAAA,WAAW,EAAE,GAAG;AAChB,YAAA,UAAU,EAAE,EAAE;AACf,SAAA,CAAC;KACH,CAAA;AAAA;;AClCD;AACA;AAyBA;;;;;;;;;;;;;;;;;;;;;;;;;AAyBG;AAEU,MAAA,sBAAsB,GAAmB,CAAC,OAAO,KAAI;AAChE,IAAA,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAA6B;AAE5D,IAAA,kBAAkB,CAAC,cAAc,CAAC,4BAA4B,CAAC;AACjE;;;;"}

package/dist-esm/src/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAsB1D;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAmB,CAAC,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAA6B,CAAC;IAE7D,kBAAkB,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAClE,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { IdentityPlugin, TokenCachePersistenceOptions } from \"@azure/identity\";\nimport { createPersistenceCachePlugin } from \"./provider\";\n\n/**\n * Plugin context entries for controlling cache plugins.\n */\ninterface CachePluginControl {\n setPersistence(\n persistenceFactory: (\n options?: TokenCachePersistenceOptions,\n ) => Promise<import(\"@azure/msal-node\").ICachePlugin>,\n ): void;\n}\n/**\n * Context options passed to a plugin during initialization.\n *\n * Represents a subset of the context defined in `@azure/identity`\n *\n */\ninterface AzurePluginContext {\n cachePluginControl: CachePluginControl;\n}\n\n/**\n * A plugin that provides persistent token caching for `@azure/identity`\n * credentials. The plugin API is compatible with `@azure/identity` versions\n * 2.0.0 and later. Load this plugin using the `useIdentityPlugin`\n * function, imported from `@azure/identity`.\n *\n * In order to enable this functionality, you must also pass\n * `tokenCachePersistenceOptions` to your credential constructors with an\n * `enabled` property set to true.\n *\n * Example:\n *\n * ```ts snippet:device_code_credential_example\n * import { DeviceCodeCredential } from \"@azure/identity\";\n *\n * const credential = new DeviceCodeCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true,\n * },\n * });\n * // We'll use the Microsoft Graph scope as an example\n * const scope = \"https://graph.microsoft.com/.default\";\n * // Print out part of the access token\n * console.log((await credential.getToken(scope)).token.substring(0, 10), \"...\");\n * ```\n */\n\nexport const cachePersistencePlugin: IdentityPlugin = (context) => {\n const { cachePluginControl } = context as AzurePluginContext;\n\n cachePluginControl.setPersistence(createPersistenceCachePlugin);\n};\n"]}

package/dist-esm/src/platforms.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"platforms.js","sourceRoot":"","sources":["../../src/platforms.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,iCAAiC;AAEjC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,iCAAiC,EACjC,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,6BAA6B,CAAC;AAGrC;;;;;;;GAOG;AACH,MAAM,0BAA0B,GAC9B,MAAA,MAAA,MAAA,OAAO,CAAC,GAAG,CAAC,OAAO,0CAAE,OAAO,mDAAG,cAAc,EAAE,SAAS,CAAC,mCAAI,OAAO,CAAC,GAAG,CAAC,IAAK,CAAC;AAEjF;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;QAClB,mBAAmB;QACnB,2CAA2C;QAC3C,+DAA+D;QAC/D,yCAAyC;QACzC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,kBAAkB,CAAC;KACrE;IACD,OAAO,EAAE;QACP,KAAK,EAAE,WAAW;QAClB,MAAM,EAAE,YAAY;QACpB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE;YACV,YAAY,EAAE,qCAAqC;YACnD,qCAAqC,EAAE,SAAS;SACjD;QACD,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE,WAAW;KACrB;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE,WAAW;KACrB;CACF,CAAC;AAcF;;;;;;GAMG;AACH,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAA6D;IAChG,KAAK,EAAE,CAAC,EAAE,IAAI,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,EAAwB,EAAE,CACjF,iCAAiC,CAAC,MAAM,CACtC,kBAAkB,CAAC,IAAI,CAAC,EACxB,mBAAmB,CAAC,WAAW,CAChC;IAEH,MAAM,EAAE,YAAmE,EAAE,mDAA9D,UAAkC,EAAE;QACjD,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO,CAAC;QACxD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,QAAQ,CAAC;QACxD,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtF,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACxF,sGAAsG;YACtG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,4DAA4D;YAC5D,sFAAsF;YACtF,IAAI,CAAC,6BAA6B,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAA;IAED,KAAK,EAAE,YAAmE,EAAE,mDAA9D,UAAkC,EAAE;QAChD,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,OAAO,CAAC;QACxD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAAC,OAAO,CAAC;QACvD,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,IAAI,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtF,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACzF,qGAAqG;YACrG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,4DAA4D;YAC5D,sFAAsF;YACtF,IAAI,CAAC,6BAA6B,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAA;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable tsdoc/syntax */\n\nimport * as path from \"path\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport {\n DataProtectionScope,\n FilePersistence,\n FilePersistenceWithDataProtection,\n KeychainPersistence,\n LibSecretPersistence,\n} from \"@azure/msal-node-extensions\";\nimport type { TokenCachePersistenceOptions } from \"@azure/identity\";\n\n/**\n * Local application data folder\n * Expected values:\n * - Darwin: '/Users/user/'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local'\n * - Linux: '/home/user/.local/share'\n * @internal\n */\nconst localApplicationDataFolder =\n process.env.APPDATA?.replace?.(/(.Roaming)*$/, \"\\\\Local\") ?? process.env.HOME!;\n\n/**\n * Dictionary of values that we use as default as we discover, pick and enable the persistence layer.\n * @internal\n */\nexport const defaultMsalValues = {\n tokenCache: {\n name: \"msal.cache\",\n // Expected values:\n // - Darwin: '/Users/user/.IdentityService'\n // - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService'\n // - Linux: '/home/user/.IdentityService'\n directory: path.join(localApplicationDataFolder, \".IdentityService\"),\n },\n keyRing: {\n label: \"MSALCache\",\n schema: \"msal.cache\",\n collection: \"default\",\n attributes: {\n MsalClientID: \"Microsoft.Developer.IdentityService\",\n \"Microsoft.Developer.IdentityService\": \"1.0.0.0\",\n },\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n keyChain: {\n service: \"Microsoft.Developer.IdentityService\",\n account: \"MSALCache\",\n },\n};\n\n/**\n * Options that are used by the underlying MSAL cache provider.\n * @internal\n */\nexport type MsalPersistenceOptions = Omit<TokenCachePersistenceOptions, \"enabled\">;\n\n/**\n * A function that returns a persistent token cache instance.\n * @internal\n */\ntype MsalPersistenceFactory = (options?: MsalPersistenceOptions) => Promise<Persistence>;\n\n/**\n * Expected responses:\n * - Darwin: '/Users/user/.IdentityService/<name>'\n * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'\n * - Linux: '/home/user/.IdentityService/<name>'\n * @internal\n */\nfunction getPersistencePath(name: string): string {\n return path.join(defaultMsalValues.tokenCache.directory, name);\n}\n\n/**\n * Set of the platforms we attempt to deliver persistence on.\n *\n * - On Windows we use DPAPI.\n * - On OSX (Darwin), we try to use the system's Keychain, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n * - On Linux, we try to use the system's Keyring, otherwise if the property `unsafeAllowUnencryptedStorage` is set to true, we use an unencrypted file.\n *\n * Other platforms _are not supported_ at this time.\n *\n * @internal\n */\nexport const msalPersistencePlatforms: Partial<Record<NodeJS.Platform, MsalPersistenceFactory>> = {\n win32: ({ name = defaultMsalValues.tokenCache.name } = {}): Promise<Persistence> =>\n FilePersistenceWithDataProtection.create(\n getPersistencePath(name),\n DataProtectionScope.CurrentUser,\n ),\n\n darwin: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyChain;\n const persistencePath = getPersistencePath(name || defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await KeychainPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keychain, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the macOS Keychain.\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n\n linux: async (options: MsalPersistenceOptions = {}): Promise<Persistence> => {\n const { name, unsafeAllowUnencryptedStorage } = options;\n const { service, account } = defaultMsalValues.keyRing;\n const persistencePath = getPersistencePath(name || defaultMsalValues.tokenCache.name);\n\n try {\n const persistence = await LibSecretPersistence.create(persistencePath, service, account);\n // If we don't encounter an error when trying to read from the keyring, then we should be good to go.\n await persistence.load();\n return persistence;\n } catch (e: any) {\n // If we got an error while trying to read from the keyring,\n // we will proceed only if the user has specified that unencrypted storage is allowed.\n if (!unsafeAllowUnencryptedStorage) {\n throw new Error(\"Unable to read from the system keyring (libsecret).\");\n }\n return FilePersistence.create(persistencePath);\n }\n },\n};\n"]}

package/dist-esm/src/provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/provider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAEvD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAGrE;;;;;GAKG;AACH,MAAM,UAAgB,iBAAiB,CAAC,OAA+B;;;QACrE,MAAM,WAAW,GAAG,MAAM,CAAA,MAAA,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,yEAAG,OAAO,CAAC,CAAA,CAAC;QAEhF,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CAAA;AAED,MAAM,UAAgB,4BAA4B,CAChD,OAAgC;;QAEhC,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC,CAAC;QAE3D,OAAO,IAAI,sBAAsB,CAAC,WAAW,EAAE;YAC7C,WAAW,EAAE,GAAG;YAChB,UAAU,EAAE,EAAE;SACf,CAAC,CAAC;IACL,CAAC;CAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MsalPersistenceOptions } from \"./platforms\";\nimport { msalPersistencePlatforms } from \"./platforms\";\nimport type { IPersistence as Persistence } from \"@azure/msal-node-extensions\";\nimport { PersistenceCachePlugin } from \"@azure/msal-node-extensions\";\nimport type { ICachePlugin as CachePlugin } from \"@azure/msal-node\";\n\n/**\n * This is used to gain access to the underlying Persistence instance, which we use for testing\n *\n * @returns a raw persistence instance\n * @internal\n */\nexport async function createPersistence(options: MsalPersistenceOptions): Promise<Persistence> {\n const persistence = await msalPersistencePlatforms[process.platform]?.(options);\n\n if (persistence === undefined) {\n throw new Error(\"no persistence providers are available on this platform\");\n }\n\n return persistence;\n}\n\nexport async function createPersistenceCachePlugin(\n options?: MsalPersistenceOptions,\n): Promise<CachePlugin> {\n const persistence = await createPersistence(options ?? {});\n\n return new PersistenceCachePlugin(persistence, {\n retryNumber: 100,\n retryDelay: 50,\n });\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "name": "@azure/identity-cache-persistence",
-  "version": "1.1.2-alpha.20241112.1",
+  "version": "1.1.2-alpha.20241113.2",
   "sdk-type": "client",
   "description": "A secure, persistent token cache for Azure Identity credentials that uses the OS secret-management API",
   "main": "dist/index.js",
-  "module": "dist-esm/identity-cache-persistence/src/index.js",
+  "module": "dist-esm/src/index.js",
   "types": "./types/identity-cache-persistence.d.ts",
   "scripts": {
     "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
@@ -31,8 +31,7 @@
   },
   "files": [
     "dist/",
-    "dist-esm/identity/src",
-    "dist-esm/identity-cache-persistence/src",
+    "dist-esm/src",
     "types/identity-cache-persistence.d.ts",
     "README.md",
     "LICENSE"

package/dist-esm/identity/src/client/identityClient.js DELETED Viewed

@@ -1,257 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { ServiceClient } from "@azure/core-client";
-import { isNode } from "@azure/core-util";
-import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
-import { AuthenticationError, AuthenticationErrorName } from "../errors";
-import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
-import { DefaultAuthorityHost, SDK_VERSION } from "../constants";
-import { tracingClient } from "../util/tracing";
-import { logger } from "../util/logging";
-import { parseExpirationTimestamp, parseRefreshTimestamp, } from "../credentials/managedIdentityCredential/utils";
-const noCorrelationId = "noCorrelationId";
-/**
- * @internal
- */
-export function getIdentityClientAuthorityHost(options) {
-    // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
-    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
-    // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
-    if (isNode) {
-        authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
-    }
-    // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
-    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
-}
-/**
- * The network module used by the Identity credentials.
- *
- * It allows for credentials to abort any pending request independently of the MSAL flow,
- * by calling to the `abortRequests()` method.
- *
- */
-export class IdentityClient extends ServiceClient {
-    constructor(options) {
-        var _a, _b;
-        const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
-        const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
-            ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
-            : `${packageDetails}`;
-        const baseUri = getIdentityClientAuthorityHost(options);
-        if (!baseUri.startsWith("https:")) {
-            throw new Error("The authorityHost address must use the 'https' protocol.");
-        }
-        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
-                maxRetries: 3,
-            } }, options), { userAgentOptions: {
-                userAgentPrefix,
-            }, baseUri }));
-        this.allowInsecureConnection = false;
-        this.authorityHost = baseUri;
-        this.abortControllers = new Map();
-        this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
-        // used for WorkloadIdentity
-        this.tokenCredentialOptions = Object.assign({}, options);
-        // used for ManagedIdentity
-        if (options === null || options === void 0 ? void 0 : options.allowInsecureConnection) {
-            this.allowInsecureConnection = options.allowInsecureConnection;
-        }
-    }
-    sendTokenRequest(request) {
-        return __awaiter(this, void 0, void 0, function* () {
-            logger.info(`IdentityClient: sending token request to [${request.url}]`);
-            const response = yield this.sendRequest(request);
-            if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
-                const parsedBody = JSON.parse(response.bodyAsText);
-                if (!parsedBody.access_token) {
-                    return null;
-                }
-                this.logIdentifiers(response);
-                const token = {
-                    accessToken: {
-                        token: parsedBody.access_token,
-                        expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
-                        refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),
-                        tokenType: "Bearer",
-                    },
-                    refreshToken: parsedBody.refresh_token,
-                };
-                logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
-                return token;
-            }
-            else {
-                const error = new AuthenticationError(response.status, response.bodyAsText);
-                logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
-                throw error;
-            }
-        });
-    }
-    refreshAccessToken(tenantId_1, clientId_1, scopes_1, refreshToken_1, clientSecret_1) {
-        return __awaiter(this, arguments, void 0, function* (tenantId, clientId, scopes, refreshToken, clientSecret, options = {}) {
-            if (refreshToken === undefined) {
-                return null;
-            }
-            logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
-            const refreshParams = {
-                grant_type: "refresh_token",
-                client_id: clientId,
-                refresh_token: refreshToken,
-                scope: scopes,
-            };
-            if (clientSecret !== undefined) {
-                refreshParams.client_secret = clientSecret;
-            }
-            const query = new URLSearchParams(refreshParams);
-            return tracingClient.withSpan("IdentityClient.refreshAccessToken", options, (updatedOptions) => __awaiter(this, void 0, void 0, function* () {
-                try {
-                    const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
-                    const request = createPipelineRequest({
-                        url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
-                        method: "POST",
-                        body: query.toString(),
-                        abortSignal: options.abortSignal,
-                        headers: createHttpHeaders({
-                            Accept: "application/json",
-                            "Content-Type": "application/x-www-form-urlencoded",
-                        }),
-                        tracingOptions: updatedOptions.tracingOptions,
-                    });
-                    const response = yield this.sendTokenRequest(request);
-                    logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
-                    return response;
-                }
-                catch (err) {
-                    if (err.name === AuthenticationErrorName &&
-                        err.errorResponse.error === "interaction_required") {
-                        // It's likely that the refresh token has expired, so
-                        // return null so that the credential implementation will
-                        // initiate the authentication flow again.
-                        logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
-                        return null;
-                    }
-                    else {
-                        logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
-                        throw err;
-                    }
-                }
-            }));
-        });
-    }
-    // Here is a custom layer that allows us to abort requests that go through MSAL,
-    // since MSAL doesn't allow us to pass options all the way through.
-    generateAbortSignal(correlationId) {
-        const controller = new AbortController();
-        const controllers = this.abortControllers.get(correlationId) || [];
-        controllers.push(controller);
-        this.abortControllers.set(correlationId, controllers);
-        const existingOnAbort = controller.signal.onabort;
-        controller.signal.onabort = (...params) => {
-            this.abortControllers.set(correlationId, undefined);
-            if (existingOnAbort) {
-                existingOnAbort.apply(controller.signal, params);
-            }
-        };
-        return controller.signal;
-    }
-    abortRequests(correlationId) {
-        const key = correlationId || noCorrelationId;
-        const controllers = [
-            ...(this.abortControllers.get(key) || []),
-            // MSAL passes no correlation ID to the get requests...
-            ...(this.abortControllers.get(noCorrelationId) || []),
-        ];
-        if (!controllers.length) {
-            return;
-        }
-        for (const controller of controllers) {
-            controller.abort();
-        }
-        this.abortControllers.set(key, undefined);
-    }
-    getCorrelationId(options) {
-        var _a;
-        const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
-        return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
-    }
-    // The MSAL network module methods follow
-    sendGetRequestAsync(url, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const request = createPipelineRequest({
-                url,
-                method: "GET",
-                body: options === null || options === void 0 ? void 0 : options.body,
-                allowInsecureConnection: this.allowInsecureConnection,
-                headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
-                abortSignal: this.generateAbortSignal(noCorrelationId),
-            });
-            const response = yield this.sendRequest(request);
-            this.logIdentifiers(response);
-            return {
-                body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
-                headers: response.headers.toJSON(),
-                status: response.status,
-            };
-        });
-    }
-    sendPostRequestAsync(url, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const request = createPipelineRequest({
-                url,
-                method: "POST",
-                body: options === null || options === void 0 ? void 0 : options.body,
-                headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
-                allowInsecureConnection: this.allowInsecureConnection,
-                // MSAL doesn't send the correlation ID on the get requests.
-                abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),
-            });
-            const response = yield this.sendRequest(request);
-            this.logIdentifiers(response);
-            return {
-                body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
-                headers: response.headers.toJSON(),
-                status: response.status,
-            };
-        });
-    }
-    /**
-     *
-     * @internal
-     */
-    getTokenCredentialOptions() {
-        return this.tokenCredentialOptions;
-    }
-    /**
-     * If allowLoggingAccountIdentifiers was set on the constructor options
-     * we try to log the account identifiers by parsing the received access token.
-     *
-     * The account identifiers we try to log are:
-     * - `appid`: The application or Client Identifier.
-     * - `upn`: User Principal Name.
-     *   - It might not be available in some authentication scenarios.
-     *   - If it's not available, we put a placeholder: "No User Principal Name available".
-     * - `tid`: Tenant Identifier.
-     * - `oid`: Object Identifier of the authenticated user.
-     */
-    logIdentifiers(response) {
-        if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {
-            return;
-        }
-        const unavailableUpn = "No User Principal Name available";
-        try {
-            const parsed = response.parsedBody || JSON.parse(response.bodyAsText);
-            const accessToken = parsed.access_token;
-            if (!accessToken) {
-                // Without an access token allowLoggingAccountIdentifiers isn't useful.
-                return;
-            }
-            const base64Metadata = accessToken.split(".")[1];
-            const { appid, upn, tid, oid } = JSON.parse(Buffer.from(base64Metadata, "base64").toString("utf8"));
-            logger.info(`[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || unavailableUpn}. Object ID (user): ${oid}`);
-        }
-        catch (e) {
-            logger.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
-        }
-    }
-}
-//# sourceMappingURL=identityClient.js.map

package/dist-esm/identity/src/client/identityClient.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../../../identity/src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAErF,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAGzC,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,gDAAgD,CAAC;AAExD,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACpE,CAAC;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAQ/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,EACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd,IACE,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAzBG,4BAAuB,GAAY,KAAK,CAAC;QA2B/C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,0CAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,qBAAQ,OAAO,CAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,uBAAuB,EAAE,CAAC;YACrC,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QACjE,CAAC;IACH,CAAC;IAEK,gBAAgB,CAAC,OAAwB;;YAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,CAAC;gBAChF,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBAE9B,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,EAAE,UAAU,CAAC,YAAY;wBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;wBACxD,qBAAqB,EAAE,qBAAqB,CAAC,UAAU,CAAC;wBACxD,SAAS,EAAE,QAAQ;qBACL;oBAChB,YAAY,EAAE,UAAU,CAAC,aAAa;iBACvC,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;gBACF,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;IAEK,kBAAkB;6DACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;YAE7B,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;gBAC9B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;YACtD,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;YAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,CAAO,cAAc,EAAE,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;oBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;wBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;wBACrD,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;wBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,OAAO,EAAE,iBAAiB,CAAC;4BACzB,MAAM,EAAE,kBAAkB;4BAC1B,cAAc,EAAE,mCAAmC;yBACpD,CAAC;wBACF,cAAc,EAAE,cAAc,CAAC,cAAc;qBAC9C,CAAC,CAAC;oBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;oBAC1E,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;wBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD,CAAC;wBACD,qDAAqD;wBACrD,yDAAyD;wBACzD,0CAA0C;wBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;wBAC/E,OAAO,IAAI,CAAC;oBACd,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;wBACF,MAAM,GAAG,CAAC;oBACZ,CAAC;gBACH,CAAC;YACH,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE,CAAC;gBACpB,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEnC,mBAAmB,CACvB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;gBACrD,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;gBAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;aACvD,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;gBACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;KAAA;IAEK,oBAAoB,CACxB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;gBAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;gBACrD,4DAA4D;gBAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;aACtE,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;gBACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;KAAA;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,uEAAuE;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport type { PipelineRequest, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport type { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants\";\nimport { tracingClient } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport type { TokenResponseParsedBody } from \"../credentials/managedIdentityCredential/utils\";\nimport {\n parseExpirationTimestamp,\n parseRefreshTimestamp,\n} from \"../credentials/managedIdentityCredential/utils\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map<string, AbortController[] | undefined>;\n private allowInsecureConnection: boolean = false;\n // used for WorkloadIdentity\n private tokenCredentialOptions: TokenCredentialOptions;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n // used for WorkloadIdentity\n this.tokenCredentialOptions = { ...options };\n\n // used for ManagedIdentity\n if (options?.allowInsecureConnection) {\n this.allowInsecureConnection = options.allowInsecureConnection;\n }\n }\n\n async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),\n tokenType: \"Bearer\",\n } as AccessToken,\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n options: GetTokenOptions = {},\n ): Promise<TokenResponse | null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n );\n throw err;\n }\n }\n },\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) || [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort.apply(controller.signal, params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId || noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) || []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) || []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n allowInsecureConnection: this.allowInsecureConnection,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n allowInsecureConnection: this.allowInsecureConnection,\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /**\n *\n * @internal\n */\n getTokenCredentialOptions(): TokenCredentialOptions {\n return this.tokenCredentialOptions;\n }\n /**\n * If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n *\n * The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n */\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody || JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn || unavailableUpn\n }. Object ID (user): ${oid}`,\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message,\n );\n }\n }\n}\n"]}

package/dist-esm/identity/src/constants.js DELETED Viewed

@@ -1,70 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * Current version of the `@azure/identity` package.
- */
-export const SDK_VERSION = `4.5.1`;
-/**
- * The default client ID for authentication
- * @internal
- */
-// TODO: temporary - this is the Azure CLI clientID - we'll replace it when
-// Developer Sign On application is available
-// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
-export const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
-/**
- * The default tenant for authentication
- * @internal
- */
-export const DefaultTenantId = "common";
-/**
- * A list of known Azure authority hosts
- */
-export var AzureAuthorityHosts;
-(function (AzureAuthorityHosts) {
-    /**
-     * China-based Azure Authority Host
-     */
-    AzureAuthorityHosts["AzureChina"] = "https://login.chinacloudapi.cn";
-    /**
-     * Germany-based Azure Authority Host
-     *
-     * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
-     *
-     * */
-    AzureAuthorityHosts["AzureGermany"] = "https://login.microsoftonline.de";
-    /**
-     * US Government Azure Authority Host
-     */
-    AzureAuthorityHosts["AzureGovernment"] = "https://login.microsoftonline.us";
-    /**
-     * Public Cloud Azure Authority Host
-     */
-    AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
-})(AzureAuthorityHosts || (AzureAuthorityHosts = {}));
-/**
- * @internal
- * The default authority host.
- */
-export const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
-/**
- * @internal
- * Allow acquiring tokens for any tenant for multi-tentant auth.
- */
-export const ALL_TENANTS = ["*"];
-/**
- * @internal
- */
-export const CACHE_CAE_SUFFIX = "cae";
-/**
- * @internal
- */
-export const CACHE_NON_CAE_SUFFIX = "nocae";
-/**
- * @internal
- *
- * The default name for the cache persistence plugin.
- * Matches the constant defined in the cache persistence package.
- */
-export const DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
-//# sourceMappingURL=constants.js.map

package/dist-esm/identity/src/constants.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../identity/src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.5.1`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n *\n * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n *\n * */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist-esm/identity/src/credentials/authorityValidationOptions.js DELETED Viewed

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=authorityValidationOptions.js.map

package/dist-esm/identity/src/credentials/authorityValidationOptions.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}

package/dist-esm/identity/src/credentials/authorizationCodeCredential.js DELETED Viewed

@@ -1,63 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
-import { checkTenantId } from "../util/tenantIdUtils";
-import { credentialLogger } from "../util/logging";
-import { ensureScopes } from "../util/scopeUtils";
-import { tracingClient } from "../util/tracing";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-const logger = credentialLogger("AuthorizationCodeCredential");
-/**
- * Enables authentication to Microsoft Entra ID using an authorization code
- * that was obtained through the authorization code flow, described in more detail
- * in the Microsoft Entra ID documentation:
- *
- * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
- */
-export class AuthorizationCodeCredential {
-    /**
-     * @hidden
-     * @internal
-     */
-    constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
-        checkTenantId(logger, tenantId);
-        this.clientSecret = clientSecretOrAuthorizationCode;
-        if (typeof redirectUriOrOptions === "string") {
-            // the clientId+clientSecret constructor
-            this.authorizationCode = authorizationCodeOrRedirectUri;
-            this.redirectUri = redirectUriOrOptions;
-            // in this case, options are good as they come
-        }
-        else {
-            // clientId only
-            this.authorizationCode = clientSecretOrAuthorizationCode;
-            this.redirectUri = authorizationCodeOrRedirectUri;
-            this.clientSecret = undefined;
-            options = redirectUriOrOptions;
-        }
-        // TODO: Validate tenant if provided
-        this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
-                newOptions.tenantId = tenantId;
-                const arrayScopes = ensureScopes(scopes);
-                return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
-            }));
-        });
-    }
-}
-//# sourceMappingURL=authorizationCodeCredential.js.map

package/dist-esm/identity/src/credentials/authorizationCodeCredential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,CAAO,UAAU,EAAE,EAAE;gBACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;gBACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,kCAEZ,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IAEtE,CAAC;YACJ,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n *\n * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | AuthorizationCodeCredentialOptions | undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}

package/dist-esm/identity/src/credentials/authorizationCodeCredentialOptions.js DELETED Viewed

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=authorizationCodeCredentialOptions.js.map

package/dist-esm/identity/src/credentials/authorizationCodeCredentialOptions.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}