@azure/identity-cache-persistence 1.1.2-alpha.20241112.1 → 1.1.2-alpha.20241114.2

package/dist-esm/identity/src/credentials/azurePipelinesCredentialOptions.js

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=azurePipelinesCredentialOptions.js.map

package/dist-esm/identity/src/credentials/azurePipelinesCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {}\n"]}

package/dist-esm/identity/src/credentials/azurePowerShellCredential.js

@@ -1,238 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { checkTenantId, processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { ensureValidScopeForDevTimeCreds, getScopeResource } from "../util/scopeUtils";
-import { CredentialUnavailableError } from "../errors";
-import { processUtils } from "../util/processUtils";
-import { tracingClient } from "../util/tracing";
-const logger = credentialLogger("AzurePowerShellCredential");
-const isWindows = process.platform === "win32";
-/**
- * Returns a platform-appropriate command name by appending ".exe" on Windows.
- *
- * @internal
- */
-export function formatCommand(commandName) {
-    if (isWindows) {
-        return `${commandName}.exe`;
-    }
-    else {
-        return commandName;
-    }
-}
-/**
- * Receives a list of commands to run, executes them, then returns the outputs.
- * If anything fails, an error is thrown.
- * @internal
- */
-function runCommands(commands, timeout) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const results = [];
-        for (const command of commands) {
-            const [file, ...parameters] = command;
-            const result = (yield processUtils.execFile(file, parameters, {
-                encoding: "utf8",
-                timeout,
-            }));
-            results.push(result);
-        }
-        return results;
-    });
-}
-/**
- * Known PowerShell errors
- * @internal
- */
-export const powerShellErrors = {
-    login: "Run Connect-AzAccount to login",
-    installed: "The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory",
-};
-/**
- * Messages to use when throwing in this credential.
- * @internal
- */
-export const powerShellPublicErrorMessages = {
-    login: "Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
-    installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,
-    troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,
-};
-// PowerShell Azure User not logged in error check.
-const isLoginError = (err) => err.message.match(`(.*)${powerShellErrors.login}(.*)`);
-// Az Module not Installed in Azure PowerShell check.
-const isNotInstalledError = (err) => err.message.match(powerShellErrors.installed);
-/**
- * The PowerShell commands to be tried, in order.
- *
- * @internal
- */
-export const commandStack = [formatCommand("pwsh")];
-if (isWindows) {
-    commandStack.push(formatCommand("powershell"));
-}
-/**
- * This credential will use the currently logged-in user information from the
- * Azure PowerShell module. To do so, it will read the user access token and
- * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
- */
-export class AzurePowerShellCredential {
-    /**
-     * Creates an instance of the {@link AzurePowerShellCredential}.
-     *
-     * To use this credential:
-     * - Install the Azure Az PowerShell module with:
-     *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
-     * - You have already logged in to Azure PowerShell using the command
-     * `Connect-AzAccount` from the command line.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options) {
-        if (options === null || options === void 0 ? void 0 : options.tenantId) {
-            checkTenantId(logger, options === null || options === void 0 ? void 0 : options.tenantId);
-            this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
-        }
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
-    }
-    /**
-     * Gets the access token from Azure PowerShell
-     * @param resource - The resource to use when getting the token
-     */
-    getAzurePowerShellAccessToken(resource, tenantId, timeout) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Clone the stack to avoid mutating it while iterating
-            for (const powerShellCommand of [...commandStack]) {
-                try {
-                    yield runCommands([[powerShellCommand, "/?"]], timeout);
-                }
-                catch (e) {
-                    // Remove this credential from the original stack so that we don't try it again.
-                    commandStack.shift();
-                    continue;
-                }
-                const results = yield runCommands([
-                    [
-                        powerShellCommand,
-                        "-NoProfile",
-                        "-NonInteractive",
-                        "-Command",
-                        `
-          $tenantId = "${tenantId !== null && tenantId !== void 0 ? tenantId : ""}"
-          $m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru
-          $useSecureString = $m.Version -ge [version]'2.17.0'
-
-          $params = @{
-            ResourceUrl = "${resource}"
-          }
-
-          if ($tenantId.Length -gt 0) {
-            $params["TenantId"] = $tenantId
-          }
-
-          if ($useSecureString) {
-            $params["AsSecureString"] = $true
-          }
-
-          $token = Get-AzAccessToken @params
-
-          $result = New-Object -TypeName PSObject
-          $result | Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn
-          if ($useSecureString) {
-            $result | Add-Member -MemberType NoteProperty -Name Token -Value (ConvertFrom-SecureString -AsPlainText $token.Token)
-          } else {
-            $result | Add-Member -MemberType NoteProperty -Name Token -Value $token.Token
-          }
-
-          Write-Output (ConvertTo-Json $result)
-          `,
-                    ],
-                ]);
-                const result = results[0];
-                return parseJsonToken(result);
-            }
-            throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
-        });
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this TokenCredential implementation might make.
-     */
-    getToken(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, () => __awaiter(this, void 0, void 0, function* () {
-                const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds);
-                const scope = typeof scopes === "string" ? scopes : scopes[0];
-                if (tenantId) {
-                    checkTenantId(logger, tenantId);
-                }
-                try {
-                    ensureValidScopeForDevTimeCreds(scope, logger);
-                    logger.getToken.info(`Using the scope ${scope}`);
-                    const resource = getScopeResource(scope);
-                    const response = yield this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);
-                    logger.getToken.info(formatSuccess(scopes));
-                    return {
-                        token: response.Token,
-                        expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),
-                        tokenType: "Bearer",
-                    };
-                }
-                catch (err) {
-                    if (isNotInstalledError(err)) {
-                        const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
-                        logger.getToken.info(formatError(scope, error));
-                        throw error;
-                    }
-                    else if (isLoginError(err)) {
-                        const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
-                        logger.getToken.info(formatError(scope, error));
-                        throw error;
-                    }
-                    const error = new CredentialUnavailableError(`${err}. ${powerShellPublicErrorMessages.troubleshoot}`);
-                    logger.getToken.info(formatError(scope, error));
-                    throw error;
-                }
-            }));
-        });
-    }
-}
-/**
- *
- * @internal
- */
-export function parseJsonToken(result) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const jsonRegex = /{[^{}]*}/g;
-        const matches = result.match(jsonRegex);
-        let resultWithoutToken = result;
-        if (matches) {
-            try {
-                for (const item of matches) {
-                    try {
-                        const jsonContent = JSON.parse(item);
-                        if (jsonContent === null || jsonContent === void 0 ? void 0 : jsonContent.Token) {
-                            resultWithoutToken = resultWithoutToken.replace(item, "");
-                            if (resultWithoutToken) {
-                                logger.getToken.warning(resultWithoutToken);
-                            }
-                            return jsonContent;
-                        }
-                    }
-                    catch (e) {
-                        continue;
-                    }
-                }
-            }
-            catch (e) {
-                throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
-            }
-        }
-        throw new Error(`No access token found in the output. Received output: ${result}`);
-    });
-}
-//# sourceMappingURL=azurePowerShellCredential.js.map

package/dist-esm/identity/src/credentials/azurePowerShellCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,GAAG,WAAW,MAAM,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAe,WAAW,CAAC,QAAoB,EAAE,OAAgB;;QAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;YACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;gBAC5D,QAAQ,EAAE,MAAM;gBAChB,OAAO;aACR,CAAC,CAAW,CAAC;YAEd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CAAA;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAA4C,CAAC,GAAU,EAAE,EAAE,CAC3E,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAEzD,qDAAqD;AACrD,MAAM,mBAAmB,GAA4C,CAAC,GAAU,EAAE,EAAE,CAClF,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE,CAAC;IACd,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAKpC;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACW,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EACjB,OAAgB;;YAEhB,uDAAuD;YACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE,CAAC;gBAClD,IAAI,CAAC;oBACH,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC1D,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,gFAAgF;oBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;oBACrB,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;oBAChC;wBACE,iBAAiB;wBACjB,YAAY;wBACZ,iBAAiB;wBACjB,UAAU;wBACV;yBACe,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,EAAE;;;;;6BAKV,QAAQ;;;;;;;;;;;;;;;;;;;;;;WAsB1B;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1B,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;KAAA;IAED;;;;;;OAMG;IACU,QAAQ;6DACnB,MAAyB,EACzB,UAA2B,EAAE;YAE7B,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,GAAS,EAAE;gBACrF,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;gBACF,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9D,IAAI,QAAQ,EAAE,CAAC;oBACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAClC,CAAC;gBACD,IAAI,CAAC;oBACH,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;oBACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;oBACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;oBAC5F,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;wBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBAC1D,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;wBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBAChD,MAAM,KAAK,CAAC;oBACd,CAAC;yBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC7B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;wBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBAChD,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;CACF;AAED;;;GAGG;AACH,MAAM,UAAgB,cAAc,CAClC,MAAc;;QAEd,MAAM,SAAS,GAAG,WAAW,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,kBAAkB,GAAG,MAAM,CAAC;QAChC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;oBAC3B,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACrC,IAAI,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK,EAAE,CAAC;4BACvB,kBAAkB,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;4BAC1D,IAAI,kBAAkB,EAAE,CAAC;gCACvB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;4BAC9C,CAAC;4BACD,OAAO,WAAW,CAAC;wBACrB,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,SAAS;oBACX,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,MAAM,EAAE,CAAC,CAAC;IACrF,CAAC;CAAA","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  checkTenantId,\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils\";\n\nimport type { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { processUtils } from \"../util/processUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/**\n * Returns a platform-appropriate command name by appending \".exe\" on Windows.\n *\n * @internal\n */\nexport function formatCommand(commandName: string): string {\n  if (isWindows) {\n    return `${commandName}.exe`;\n  } else {\n    return commandName;\n  }\n}\n\n/**\n * Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n */\nasync function runCommands(commands: string[][], timeout?: number): Promise<string[]> {\n  const results: string[] = [];\n\n  for (const command of commands) {\n    const [file, ...parameters] = command;\n    const result = (await processUtils.execFile(file, parameters, {\n      encoding: \"utf8\",\n      timeout,\n    })) as string;\n\n    results.push(result);\n  }\n\n  return results;\n}\n\n/**\n * Known PowerShell errors\n * @internal\n */\nexport const powerShellErrors = {\n  login: \"Run Connect-AzAccount to login\",\n  installed:\n    \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/**\n * Messages to use when throwing in this credential.\n * @internal\n */\nexport const powerShellPublicErrorMessages = {\n  login:\n    \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n  installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n  troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError: (err: Error) => RegExpMatchArray | null = (err: Error) =>\n  err.message.match(`(.*)${powerShellErrors.login}(.*)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError: (err: Error) => RegExpMatchArray | null = (err: Error) =>\n  err.message.match(powerShellErrors.installed);\n\n/**\n * The PowerShell commands to be tried, in order.\n *\n * @internal\n */\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n  commandStack.push(formatCommand(\"powershell\"));\n}\n\n/**\n * This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n */\nexport class AzurePowerShellCredential implements TokenCredential {\n  private tenantId?: string;\n  private additionallyAllowedTenantIds: string[];\n  private timeout?: number;\n\n  /**\n   * Creates an instance of the {@link AzurePowerShellCredential}.\n   *\n   * To use this credential:\n   * - Install the Azure Az PowerShell module with:\n   *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n   * - You have already logged in to Azure PowerShell using the command\n   * `Connect-AzAccount` from the command line.\n   *\n   * @param options - Options, to optionally allow multi-tenant requests.\n   */\n  constructor(options?: AzurePowerShellCredentialOptions) {\n    if (options?.tenantId) {\n      checkTenantId(logger, options?.tenantId);\n      this.tenantId = options?.tenantId;\n    }\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n    this.timeout = options?.processTimeoutInMs;\n  }\n\n  /**\n   * Gets the access token from Azure PowerShell\n   * @param resource - The resource to use when getting the token\n   */\n  private async getAzurePowerShellAccessToken(\n    resource: string,\n    tenantId?: string,\n    timeout?: number,\n  ): Promise<{ Token: string; ExpiresOn: string }> {\n    // Clone the stack to avoid mutating it while iterating\n    for (const powerShellCommand of [...commandStack]) {\n      try {\n        await runCommands([[powerShellCommand, \"/?\"]], timeout);\n      } catch (e: any) {\n        // Remove this credential from the original stack so that we don't try it again.\n        commandStack.shift();\n        continue;\n      }\n\n      const results = await runCommands([\n        [\n          powerShellCommand,\n          \"-NoProfile\",\n          \"-NonInteractive\",\n          \"-Command\",\n          `\n          $tenantId = \"${tenantId ?? \"\"}\"\n          $m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\n          $useSecureString = $m.Version -ge [version]'2.17.0'\n\n          $params = @{\n            ResourceUrl = \"${resource}\"\n          }\n\n          if ($tenantId.Length -gt 0) {\n            $params[\"TenantId\"] = $tenantId\n          }\n\n          if ($useSecureString) {\n            $params[\"AsSecureString\"] = $true\n          }\n\n          $token = Get-AzAccessToken @params\n\n          $result = New-Object -TypeName PSObject\n          $result | Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn\n          if ($useSecureString) {\n            $result | Add-Member -MemberType NoteProperty -Name Token -Value (ConvertFrom-SecureString -AsPlainText $token.Token)\n          } else {\n            $result | Add-Member -MemberType NoteProperty -Name Token -Value $token.Token\n          }\n\n          Write-Output (ConvertTo-Json $result)\n          `,\n        ],\n      ]);\n\n      const result = results[0];\n      return parseJsonToken(result);\n    }\n    throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n      const tenantId = processMultiTenantRequest(\n        this.tenantId,\n        options,\n        this.additionallyAllowedTenantIds,\n      );\n      const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n      if (tenantId) {\n        checkTenantId(logger, tenantId);\n      }\n      try {\n        ensureValidScopeForDevTimeCreds(scope, logger);\n        logger.getToken.info(`Using the scope ${scope}`);\n        const resource = getScopeResource(scope);\n        const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);\n        logger.getToken.info(formatSuccess(scopes));\n        return {\n          token: response.Token,\n          expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n          tokenType: \"Bearer\",\n        } as AccessToken;\n      } catch (err: any) {\n        if (isNotInstalledError(err)) {\n          const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n          logger.getToken.info(formatError(scope, error));\n          throw error;\n        } else if (isLoginError(err)) {\n          const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n          logger.getToken.info(formatError(scope, error));\n          throw error;\n        }\n        const error = new CredentialUnavailableError(\n          `${err}. ${powerShellPublicErrorMessages.troubleshoot}`,\n        );\n        logger.getToken.info(formatError(scope, error));\n        throw error;\n      }\n    });\n  }\n}\n\n/**\n *\n * @internal\n */\nexport async function parseJsonToken(\n  result: string,\n): Promise<{ Token: string; ExpiresOn: string }> {\n  const jsonRegex = /{[^{}]*}/g;\n  const matches = result.match(jsonRegex);\n  let resultWithoutToken = result;\n  if (matches) {\n    try {\n      for (const item of matches) {\n        try {\n          const jsonContent = JSON.parse(item);\n          if (jsonContent?.Token) {\n            resultWithoutToken = resultWithoutToken.replace(item, \"\");\n            if (resultWithoutToken) {\n              logger.getToken.warning(resultWithoutToken);\n            }\n            return jsonContent;\n          }\n        } catch (e) {\n          continue;\n        }\n      }\n    } catch (e: any) {\n      throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n    }\n  }\n  throw new Error(`No access token found in the output. Received output: ${result}`);\n}\n"]}

package/dist-esm/identity/src/credentials/azurePowerShellCredentialOptions.js

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=azurePowerShellCredentialOptions.js.map

package/dist-esm/identity/src/credentials/azurePowerShellCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {\n  /**\n   * Allows specifying a tenant ID\n   */\n  tenantId?: string;\n  /**\n   * Process timeout configurable for making token requests, provided in milliseconds\n   */\n  processTimeoutInMs?: number;\n}\n"]}

package/dist-esm/identity/src/credentials/brokerAuthOptions.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=brokerAuthOptions.js.map

package/dist-esm/identity/src/credentials/brokerAuthOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"brokerAuthOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/brokerAuthOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport type { BrokerOptions } from \"../msal/nodeFlows/brokerOptions\";\n\n/**\n * Configuration options for InteractiveBrowserCredential\n * to support WAM Broker Authentication.\n */\n\nexport interface BrokerAuthOptions {\n  /**\n   * Options to allow broker authentication when using InteractiveBrowserCredential\n   *\n   */\n  brokerOptions?: BrokerOptions;\n}\n"]}

package/dist-esm/identity/src/credentials/browserCustomizationOptions.js

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=browserCustomizationOptions.js.map

package/dist-esm/identity/src/credentials/browserCustomizationOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"browserCustomizationOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/browserCustomizationOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Shared configuration options for browser customization\n */\nexport interface BrowserCustomizationOptions {\n  /**\n   * Shared configuration options for browser customization\n   */\n  browserCustomizationOptions?: {\n    /**\n     * Format for error messages for display in browser\n     */\n    errorMessage?: string;\n    /**\n     * Format for success messages for display in browser\n     */\n    successMessage?: string;\n  };\n}\n"]}

package/dist-esm/identity/src/credentials/chainedTokenCredential.js

@@ -1,95 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors";
-import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { tracingClient } from "../util/tracing";
-/**
- * @internal
- */
-export const logger = credentialLogger("ChainedTokenCredential");
-/**
- * Enables multiple `TokenCredential` implementations to be tried in order until
- * one of the getToken methods returns an access token. For more information, see
- * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
- */
-export class ChainedTokenCredential {
-    /**
-     * Creates an instance of ChainedTokenCredential using the given credentials.
-     *
-     * @param sources - `TokenCredential` implementations to be tried in order.
-     *
-     * Example usage:
-     * ```ts snippet:chained_token_credential_example
-     * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
-     *
-     * const tenantId = "<tenant-id>";
-     * const clientId = "<client-id>";
-     * const clientSecret = "<client-secret>";
-     * const anotherClientId = "<another-client-id>";
-     * const anotherSecret = "<another-client-secret>";
-     * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
-     * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
-     * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
-     * ```
-     */
-    constructor(...sources) {
-        this._sources = [];
-        this._sources = sources;
-    }
-    /**
-     * Returns the first access token returned by one of the chained
-     * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}
-     * when one or more credentials throws an {@link AuthenticationError} and
-     * no credentials have returned an access token.
-     *
-     * This method is called automatically by Azure SDK client libraries. You may call this method
-     * directly, but you must also handle token caching and token refreshing.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                `TokenCredential` implementation might make.
-     */
-    getToken(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            const { token } = yield this.getTokenInternal(scopes, options);
-            return token;
-        });
-    }
-    getTokenInternal(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            let token = null;
-            let successfulCredential;
-            const errors = [];
-            return tracingClient.withSpan("ChainedTokenCredential.getToken", options, (updatedOptions) => __awaiter(this, void 0, void 0, function* () {
-                for (let i = 0; i < this._sources.length && token === null; i++) {
-                    try {
-                        token = yield this._sources[i].getToken(scopes, updatedOptions);
-                        successfulCredential = this._sources[i];
-                    }
-                    catch (err) {
-                        if (err.name === "CredentialUnavailableError" ||
-                            err.name === "AuthenticationRequiredError") {
-                            errors.push(err);
-                        }
-                        else {
-                            logger.getToken.info(formatError(scopes, err));
-                            throw err;
-                        }
-                    }
-                }
-                if (!token && errors.length > 0) {
-                    const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
-                    logger.getToken.info(formatError(scopes, err));
-                    throw err;
-                }
-                logger.getToken.info(`Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`);
-                if (token === null) {
-                    throw new CredentialUnavailableError("Failed to retrieve a valid token");
-                }
-                return { token, successfulCredential };
-            }));
-        });
-    }
-}
-//# sourceMappingURL=chainedTokenCredential.js.map

package/dist-esm/identity/src/credentials/chainedTokenCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;;;;;;;;;;OAkBG;IACH,YAAY,GAAG,OAA0B;QArBjC,aAAQ,GAAsB,EAAE,CAAC;QAsBvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;IAEa,gBAAgB;6DAC5B,MAAyB,EACzB,UAA2B,EAAE;YAE7B,IAAI,KAAK,GAAuB,IAAI,CAAC;YACrC,IAAI,oBAAqC,CAAC;YAC1C,MAAM,MAAM,GAAY,EAAE,CAAC;YAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,CAAO,cAAc,EAAE,EAAE;gBACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;oBAChE,IAAI,CAAC;wBACH,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;wBAChE,oBAAoB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAC1C,CAAC;oBAAC,OAAO,GAAQ,EAAE,CAAC;wBAClB,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;4BACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C,CAAC;4BACD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBACnB,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;4BAC/C,MAAM,GAAG,CAAC;wBACZ,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,GAAG,CAAC;gBACZ,CAAC;gBAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,cAAc,oBAAoB,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAChF,CAAC;gBAEF,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACnB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;gBAC3E,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\n/**\n * @internal\n */\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order until\n * one of the getToken methods returns an access token. For more information, see\n * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).\n */\nexport class ChainedTokenCredential implements TokenCredential {\n  private _sources: TokenCredential[] = [];\n\n  /**\n   * Creates an instance of ChainedTokenCredential using the given credentials.\n   *\n   * @param sources - `TokenCredential` implementations to be tried in order.\n   *\n   * Example usage:\n   * ```ts snippet:chained_token_credential_example\n   * import { ClientSecretCredential, ChainedTokenCredential } from \"@azure/identity\";\n   *\n   * const tenantId = \"<tenant-id>\";\n   * const clientId = \"<client-id>\";\n   * const clientSecret = \"<client-secret>\";\n   * const anotherClientId = \"<another-client-id>\";\n   * const anotherSecret = \"<another-client-secret>\";\n   * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n   * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n   * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n   * ```\n   */\n  constructor(...sources: TokenCredential[]) {\n    this._sources = sources;\n  }\n\n  /**\n   * Returns the first access token returned by one of the chained\n   * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}\n   * when one or more credentials throws an {@link AuthenticationError} and\n   * no credentials have returned an access token.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    const { token } = await this.getTokenInternal(scopes, options);\n    return token;\n  }\n\n  private async getTokenInternal(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<{ token: AccessToken; successfulCredential: TokenCredential }> {\n    let token: AccessToken | null = null;\n    let successfulCredential: TokenCredential;\n    const errors: Error[] = [];\n\n    return tracingClient.withSpan(\n      \"ChainedTokenCredential.getToken\",\n      options,\n      async (updatedOptions) => {\n        for (let i = 0; i < this._sources.length && token === null; i++) {\n          try {\n            token = await this._sources[i].getToken(scopes, updatedOptions);\n            successfulCredential = this._sources[i];\n          } catch (err: any) {\n            if (\n              err.name === \"CredentialUnavailableError\" ||\n              err.name === \"AuthenticationRequiredError\"\n            ) {\n              errors.push(err);\n            } else {\n              logger.getToken.info(formatError(scopes, err));\n              throw err;\n            }\n          }\n        }\n\n        if (!token && errors.length > 0) {\n          const err = new AggregateAuthenticationError(\n            errors,\n            \"ChainedTokenCredential authentication failed.\",\n          );\n          logger.getToken.info(formatError(scopes, err));\n          throw err;\n        }\n\n        logger.getToken.info(\n          `Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`,\n        );\n\n        if (token === null) {\n          throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n        }\n        return { token, successfulCredential };\n      },\n    );\n  }\n}\n"]}

package/dist-esm/identity/src/credentials/clientAssertionCredential.js

@@ -1,58 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
-import { CredentialUnavailableError } from "../errors";
-import { credentialLogger } from "../util/logging";
-import { tracingClient } from "../util/tracing";
-const logger = credentialLogger("ClientAssertionCredential");
-/**
- * Authenticates a service principal with a JWT assertion.
- */
-export class ClientAssertionCredential {
-    /**
-     * Creates an instance of the ClientAssertionCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * assertion provided by the developer through the `getAssertion` function parameter.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param getAssertion - A function that retrieves the assertion for the credential to use.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId, clientId, getAssertion, options = {}) {
-        if (!tenantId) {
-            throw new CredentialUnavailableError("ClientAssertionCredential: tenantId is a required parameter.");
-        }
-        if (!clientId) {
-            throw new CredentialUnavailableError("ClientAssertionCredential: clientId is a required parameter.");
-        }
-        if (!getAssertion) {
-            throw new CredentialUnavailableError("ClientAssertionCredential: clientAssertion is a required parameter.");
-        }
-        this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.options = options;
-        this.getAssertion = getAssertion;
-        this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: this.options }));
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-                const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-                return this.msalClient.getTokenByClientAssertion(arrayScopes, this.getAssertion, newOptions);
-            }));
-        });
-    }
-}
-//# sourceMappingURL=clientAssertionCredential.js.map

package/dist-esm/identity/src/credentials/clientAssertionCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientAssertionCredential.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAOpC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAA4C,EAAE;QAE9C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,0BAA0B,CAClC,qEAAqE,CACtE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,IAAI,CAAC,OAAO,IACpC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACG,QAAQ;6DAAC,MAAyB,EAAE,UAA2B,EAAE;YACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,CAAO,UAAU,EAAE,EAAE;gBACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;gBAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAC9C,WAAW,EACX,IAAI,CAAC,YAAY,EACjB,UAAU,CACX,CAAC;YACJ,CAAC,CAAA,CACF,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport type { ClientAssertionCredentialOptions } from \"./clientAssertionCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/**\n * Authenticates a service principal with a JWT assertion.\n */\nexport class ClientAssertionCredential implements TokenCredential {\n  private msalClient: MsalClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private getAssertion: () => Promise<string>;\n  private options: ClientAssertionCredentialOptions;\n\n  /**\n   * Creates an instance of the ClientAssertionCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a client\n   * assertion provided by the developer through the `getAssertion` function parameter.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param getAssertion - A function that retrieves the assertion for the credential to use.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    getAssertion: () => Promise<string>,\n    options: ClientAssertionCredentialOptions = {},\n  ) {\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: tenantId is a required parameter.\",\n      );\n    }\n\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: clientId is a required parameter.\",\n      );\n    }\n\n    if (!getAssertion) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: clientAssertion is a required parameter.\",\n      );\n    }\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    this.options = options;\n    this.getAssertion = getAssertion;\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n      tokenCredentialOptions: this.options,\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n        return this.msalClient.getTokenByClientAssertion(\n          arrayScopes,\n          this.getAssertion,\n          newOptions,\n        );\n      },\n    );\n  }\n}\n"]}

package/dist-esm/identity/src/credentials/clientAssertionCredentialOptions.js

@@ -1,4 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-export {};
-//# sourceMappingURL=clientAssertionCredentialOptions.js.map

package/dist-esm/identity/src/credentials/clientAssertionCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientAssertionCredentialOptions.js","sourceRoot":"","sources":["../../../../../identity/src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link ClientAssertionCredential}\n */\nexport interface ClientAssertionCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {}\n"]}

package/dist-esm/identity/src/credentials/clientCertificateCredential.js

@@ -1,126 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { __awaiter } from "tslib";
-import { createMsalClient } from "../msal/nodeFlows/msalClient";
-import { createHash, createPrivateKey } from "crypto";
-import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
-import { credentialLogger } from "../util/logging";
-import { readFile } from "fs/promises";
-import { tracingClient } from "../util/tracing";
-const credentialName = "ClientCertificateCredential";
-const logger = credentialLogger(credentialName);
-/**
- * Enables authentication to Microsoft Entra ID using a PEM-encoded
- * certificate that is assigned to an App Registration. More information
- * on how to configure certificate authentication can be found here:
- *
- * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
- *
- */
-export class ClientCertificateCredential {
-    constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
-        if (!tenantId || !clientId) {
-            throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
-        }
-        this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.sendCertificateChain = options.sendCertificateChain;
-        this.certificateConfiguration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
-            ? {
-                certificatePath: certificatePathOrConfiguration,
-            }
-            : certificatePathOrConfiguration));
-        const certificate = this.certificateConfiguration.certificate;
-        const certificatePath = this.certificateConfiguration.certificatePath;
-        if (!this.certificateConfiguration || !(certificate || certificatePath)) {
-            throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
-        }
-        if (certificate && certificatePath) {
-            throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
-        }
-        this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes_1) {
-        return __awaiter(this, arguments, void 0, function* (scopes, options = {}) {
-            return tracingClient.withSpan(`${credentialName}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-                const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-                const certificate = yield this.buildClientCertificate();
-                return this.msalClient.getTokenByClientCertificate(arrayScopes, certificate, newOptions);
-            }));
-        });
-    }
-    buildClientCertificate() {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const parts = yield parseCertificate(this.certificateConfiguration, (_a = this.sendCertificateChain) !== null && _a !== void 0 ? _a : false);
-            let privateKey;
-            if (this.certificateConfiguration.certificatePassword !== undefined) {
-                privateKey = createPrivateKey({
-                    key: parts.certificateContents,
-                    passphrase: this.certificateConfiguration.certificatePassword,
-                    format: "pem",
-                })
-                    .export({
-                    format: "pem",
-                    type: "pkcs8",
-                })
-                    .toString();
-            }
-            else {
-                privateKey = parts.certificateContents;
-            }
-            return {
-                thumbprint: parts.thumbprint,
-                privateKey,
-                x5c: parts.x5c,
-            };
-        });
-    }
-}
-/**
- * Parses a certificate into its relevant parts
- *
- * @param certificateConfiguration - The certificate contents or path to the certificate
- * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
- * @returns The parsed certificate parts and the certificate contents
- */
-export function parseCertificate(certificateConfiguration, sendCertificateChain) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const certificate = certificateConfiguration.certificate;
-        const certificatePath = certificateConfiguration.certificatePath;
-        const certificateContents = certificate || (yield readFile(certificatePath, "utf8"));
-        const x5c = sendCertificateChain ? certificateContents : undefined;
-        const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
-        const publicKeys = [];
-        // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
-        let match;
-        do {
-            match = certificatePattern.exec(certificateContents);
-            if (match) {
-                publicKeys.push(match[3]);
-            }
-        } while (match);
-        if (publicKeys.length === 0) {
-            throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
-        }
-        const thumbprint = createHash("sha1")
-            .update(Buffer.from(publicKeys[0], "base64"))
-            .digest("hex")
-            .toUpperCase();
-        return {
-            certificateContents,
-            thumbprint,
-            x5c,
-        };
-    });
-}
-//# sourceMappingURL=clientCertificateCredential.js.map