@azure/identity 1.0.0-preview.1 → 1.0.0-preview.2

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":["../src/client/errors.ts","../src/credentials/chainedTokenCredential.ts","../src/client/identityClient.ts","../src/credentials/clientSecretCredential.ts","../src/credentials/environmentCredential.ts","../src/credentials/managedIdentityCredential.ts","../src/credentials/defaultAzureCredential.ts","../src/credentials/clientCertificateCredential.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n * \n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  public readonly statusCode: number;\n  public readonly errorResponse: ErrorResponse;\n\n  constructor(statusCode: number, errorBody: string | undefined | null) {\n    let errorResponse = {\n      error: \"unknown\",\n      error_description: \"An unknown error occurred and no additional details are available.\"\n    };\n\n    if (errorBody) {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        errorResponse = JSON.parse(errorBody);\n      } catch (e) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            error_description: \"The specified authority URL was not found.\"\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            error_description: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        error_description: \"An unknown error occurred and no additional details are available.\"\n      };\n    }\n\n    super(\n      `An error was returned while authenticating to Azure Active Directory (status code ${statusCode}).\\n\\nMore details:\\n\\n${JSON.stringify(\n        errorResponse,\n        null,\n        \"  \"\n      )}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = \"AuthenticationError\";\n  }\n}\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  public errors: any[];\n  constructor(errors: any[]) {\n    super(\"Authentication failed to complete due to errors\");\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = \"AggregateAuthenticationError\";\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AggregateAuthenticationError } from \"../client/errors\";\n\n/**\n * Enables multiple {@link TokenCredential} implementations to be tried in order\n * until one of the getToken methods returns an {@link AccessToken}.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n  private _sources: TokenCredential[] = [];\n\n  constructor(...sources: TokenCredential[]) {\n    this._sources = sources;\n  }\n\n  /**\n   * Returns the first {@link AccessToken} returned by one of the chained\n   * {@link TokenCredential} implementations.  Throws an {@link AggregateAuthenticationError}\n   * when one or more credentials throws an {@link AuthenticationError} and\n   * no credentials have returned an {@link AccessToken}.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let token = null;\n    const errors = [];\n\n    for (let i = 0; i < this._sources.length && token === null; i++) {\n      try {\n        token = await this._sources[i].getToken(scopes, options);\n      } catch (err) {\n        errors.push(err);\n      }\n    }\n\n    if (!token && errors.length > 0) {\n      throw new AggregateAuthenticationError(errors);\n    }\n\n    return token;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport uuid from \"uuid\";\nimport {\n  AccessToken,\n  ServiceClient,\n  ServiceClientOptions,\n  GetTokenOptions,\n  WebResource,\n  RequestPrepareOptions,\n  RestError\n} from \"@azure/core-http\";\nimport { AuthenticationError } from \"./errors\";\n\nconst SelfSignedJwtLifetimeMins = 10;\nconst DefaultAuthorityHost = \"https://login.microsoftonline.com\";\nconst DefaultScopeSuffix = \"/.default\";\nexport const ImdsEndpoint = \"http://169.254.169.254/metadata/identity/oauth2/token\";\nexport const ImdsApiVersion = \"2018-02-01\";\nexport const AppServiceMsiApiVersion = \"2017-09-01\";\n\nexport class IdentityClient extends ServiceClient {\n  constructor(options?: IdentityClientOptions) {\n    options = options || IdentityClient.getDefaultOptions();\n    super(undefined, options);\n\n    this.baseUri = options.authorityHost;\n  }\n\n  private createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n    const webResource = new WebResource();\n    webResource.prepare(requestOptions);\n    return webResource;\n  }\n\n  private async sendTokenRequest(\n    webResource: WebResource,\n    expiresOnParser?: (responseBody: any) => number,\n  ): Promise<AccessToken | null> {\n    const response = await this.sendRequest(webResource);\n\n    expiresOnParser = expiresOnParser || ((responseBody: any) => {\n      return Date.now() + responseBody.expires_in * 1000\n    });\n\n    if (response.status === 200 || response.status === 201) {\n      return {\n        token: response.parsedBody.access_token,\n        expiresOnTimestamp: expiresOnParser(response.parsedBody)\n      };\n    } else {\n      throw new AuthenticationError(response.status, response.bodyAsText);\n    }\n  }\n\n  private mapScopesToResource(scopes: string | string[]): string {\n    let scope = \"\";\n    if (Array.isArray(scopes)) {\n      if (scopes.length !== 1) {\n        throw \"To convert to a resource string the specified array must be exactly length 1\";\n      }\n\n      scope = scopes[0];\n    } else if (typeof scopes === \"string\") {\n      scope = scopes;\n    }\n\n    if (!scope.endsWith(DefaultScopeSuffix)) {\n      return scope;\n    }\n\n    return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n  }\n\n  private dateInSeconds(date: Date): number {\n    return Math.floor(date.getTime() / 1000);\n  }\n\n  private addMinutes(date: Date, minutes: number): Date {\n    date.setMinutes(date.getMinutes() + minutes);\n    return date;\n  }\n\n  private createImdsAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const queryParameters: any = {\n      resource,\n      \"api-version\": ImdsApiVersion\n    };\n\n    if (clientId) {\n      queryParameters.client_id = clientId;\n    }\n\n    return {\n      url: ImdsEndpoint,\n      method: \"GET\",\n      queryParameters,\n      headers: {\n        Accept: \"application/json\",\n        Metadata: true\n      }\n    };\n  }\n\n  private createAppServiceMsiAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const queryParameters: any = {\n      resource,\n      \"api-version\": AppServiceMsiApiVersion,\n    };\n\n    if (clientId) {\n      queryParameters.client_id = clientId;\n    }\n\n    return {\n      url: process.env.MSI_ENDPOINT,\n      method: \"GET\",\n      queryParameters,\n      headers: {\n        Accept: \"application/json\",\n        secret: process.env.MSI_SECRET\n      }\n    };\n  }\n\n  private createCloudShellMsiAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const body: any = {\n      resource\n    };\n\n    if (clientId) {\n      body.client_id = clientId;\n    }\n\n    return {\n      url: process.env.MSI_ENDPOINT,\n      method: \"POST\",\n      body: qs.stringify(body),\n      headers: {\n        Accept: \"application/json\",\n        Metadata: true,\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      }\n    };\n  }\n\n  private async pingImdsEndpoint(resource: string, clientId?: string): Promise<boolean> {\n    const request = this.createImdsAuthRequest(resource, clientId);\n\n    // This will always be populated, but let's make TypeScript happy\n    if (request.headers) {\n      // Remove the Metadata header to invoke a request error from\n      // IMDS endpoint\n      delete request.headers.Metadata;\n    }\n\n    // Create a request with a 500 msec timeout since we expect that\n    // not having a \"Metadata\" header should cause an error to be\n    // returned quickly from the endpoint, proving its availability.\n    const webResource = this.createWebResource(request);\n    webResource.timeout = 500;\n\n    try {\n      await this.sendRequest(webResource);\n    } catch (err) {\n      if (err instanceof RestError && err.code === RestError.REQUEST_SEND_ERROR) {\n        // Either request failed or IMDS endpoint isn't available\n        return false;\n      }\n    }\n\n    // If we received any response, the endpoint is available\n    return true;\n  }\n\n  authenticateClientSecret(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    scopes: string | string[],\n    getTokenOptions?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const webResource = this.createWebResource({\n      url: `${this.baseUri}/${tenantId}/oauth2/v2.0/token`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        response_type: \"token\",\n        grant_type: \"client_credentials\",\n        client_id: clientId,\n        client_secret: clientSecret,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: getTokenOptions && getTokenOptions.abortSignal\n    });\n\n    return this.sendTokenRequest(webResource);\n  }\n\n  async authenticateManagedIdentity(\n    scopes: string | string[],\n    checkIfImdsEndpointAvailable: boolean,\n    clientId?: string,\n    getTokenOptions?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let authRequestOptions: RequestPrepareOptions;\n    const resource = this.mapScopesToResource(scopes);\n    let expiresInParser: ((requestBody: any) => number) | undefined;\n\n    // Detect which type of environment we are running in\n    if (process.env.MSI_ENDPOINT) {\n      if (process.env.MSI_SECRET) {\n        // Running in App Service\n        authRequestOptions = this.createAppServiceMsiAuthRequest(resource, clientId);\n        expiresInParser = (requestBody: any) => {\n          // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n          // convert it into a JavaScript-formatted date\n          const m = requestBody.expires_on.match(/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d) (\\d\\d):(\\d\\d):(\\d\\d) (\\+|-)(\\d\\d):(\\d\\d)/)\n          return Date.parse(`${m[3]}-${m[1]}-${m[2]}T${m[4]}:${m[5]}:${m[6]}${m[7]}${m[8]}:${m[9]}`)\n        };\n      } else {\n        // Running in Cloud Shell\n        authRequestOptions = this.createCloudShellMsiAuthRequest(resource, clientId);\n      }\n    } else {\n      // Ping the IMDS endpoint to see if it's available\n      if (!checkIfImdsEndpointAvailable || await this.pingImdsEndpoint(resource, clientId)) {\n        // Running in an Azure VM\n        authRequestOptions = this.createImdsAuthRequest(resource, clientId);\n      } else {\n        // Returning null tells the ManagedIdentityCredential that\n        // no MSI authentication endpoints are available\n        return null;\n      }\n    }\n\n    const webResource = this.createWebResource({\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      abortSignal: getTokenOptions && getTokenOptions.abortSignal,\n      ...authRequestOptions\n    });\n\n    return this.sendTokenRequest(webResource, expiresInParser);\n  }\n\n  authenticateClientCertificate(\n    tenantId: string,\n    clientId: string,\n    certificateString: string,\n    certificateX5t: string,\n    scopes: string | string[],\n    getTokenOptions?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const tokenId = uuid.v4();\n    const audienceUrl = `${this.baseUri}/${tenantId}/oauth2/v2.0/token`;\n    const header: jws.Header = {\n      typ: \"JWT\",\n      alg: \"RS256\",\n      x5t: certificateX5t\n    };\n\n    const payload = {\n      iss: clientId,\n      sub: clientId,\n      aud: audienceUrl,\n      jti: tokenId,\n      nbf: this.dateInSeconds(new Date()),\n      exp: this.dateInSeconds(this.addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n    };\n\n    const clientAssertion = jws.sign({\n      header,\n      payload,\n      secret: certificateString\n    });\n\n    const webResource = this.createWebResource({\n      url: audienceUrl,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        response_type: \"token\",\n        grant_type: \"client_credentials\",\n        client_id: clientId,\n        client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n        client_assertion: clientAssertion,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: getTokenOptions && getTokenOptions.abortSignal\n    });\n\n    return this.sendTokenRequest(webResource);\n  }\n\n  static getDefaultOptions(): IdentityClientOptions {\n    return {\n      authorityHost: DefaultAuthorityHost\n    };\n  }\n}\n\nexport interface IdentityClientOptions extends ServiceClientOptions {\n  authorityHost: string;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration.  More information on how\n * to configure a client secret can be found here:\n * \n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private _tenantId: string;\n  private _clientId: string;\n  private _clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   * \n   * @param tenantId The Azure Active Directory tenant (directory) ID.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret A client secret that was generated for the App Registration.\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this._tenantId = tenantId;\n    this._clientId = clientId;\n    this._clientSecret = clientSecret;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    return this.identityClient.authenticateClientSecret(\n      this._tenantId,\n      this._clientId,\n      this._clientSecret,\n      scopes,\n      options\n    );\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, TokenCredential, isNode, GetTokenOptions } from \"@azure/core-http\";\nimport { IdentityClientOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n * \n * - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n * \n * This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details.  Please consult the\n * documentation of that class for more details.\n */\nexport class EnvironmentCredential implements TokenCredential {\n  private _credential?: TokenCredential = undefined;\n  /**\n   * Creates an instance of the EnvironmentCredential class and reads\n   * client secret details from environment variables.  If the expected\n   * environment variables are not found at this time, the getToken method\n   * will return null when invoked.\n   * \n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: IdentityClientOptions) {\n    if (!isNode) {\n      throw \"EnvironmentCredential is only supported when running in Node.js.\";\n    }\n\n    const tenantId = process.env.AZURE_TENANT_ID,\n      clientId = process.env.AZURE_CLIENT_ID,\n      clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n    if (tenantId && clientId && clientSecret) {\n      this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null> {\n    if (this._credential) {\n      return this._credential.getToken(scopes, options);\n    }\n\n    return Promise.resolve(null);\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\n/**\n * Attempts authentication using a managed identity that has been assigned\n * to the deployment environment.  This authentication type works in Azure VMs,\n * App Service and Azure Functions applications, and inside of Azure Cloud Shell.\n * \n * More information about configuring managed identities can be found here:\n * \n * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n */\nexport class ManagedIdentityCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private _clientId: string | undefined;\n  private isEndpointUnavailable: boolean | null = null;\n\n  constructor(clientId?: string, options?: IdentityClientOptions) {\n    this.identityClient = new IdentityClient(options);\n    this._clientId = clientId;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let result: AccessToken | null = null;\n\n    // isEndpointAvailable can be true, false, or null,\n    // the latter indicating that we don't yet know whether\n    // the endpoint is available and need to check for it.\n    if (this.isEndpointUnavailable !== true) {\n      result =\n        await this.identityClient.authenticateManagedIdentity(\n          scopes,\n          this.isEndpointUnavailable === null,\n          this._clientId,\n          options);\n\n      // If authenticateManagedIdentity returns null, it means no MSI\n      // endpoints are available.  In this case, don't try them in future\n      // requests.\n      this.isEndpointUnavailable = result === null;\n    }\n\n    return result;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { IdentityClientOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.  The following credential\n * types will be tried, in order:\n * \n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n * \n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class.\n   * \n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(identityClientOptions?: IdentityClientOptions) {\n    super(\n      new EnvironmentCredential(identityClientOptions),\n      new ManagedIdentityCredential(undefined, identityClientOptions)\n    );\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\n/**\n * Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration.  More information\n * on how to configure certificate authentication can be found here:\n * \n * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private _tenantId: string;\n  private _clientId: string;\n  private _certificateString: string;\n\n  public certificateThumbprint: string;\n  public certificateX5t: string;\n\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Azure Active Directory with a certificate.\n   * \n   * @param tenantId The Azure Active Directory tenant (directory) ID.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param certificatePath The path to a PEM-encoded public/private key certificate on the filesystem.\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePath: string,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this._tenantId = tenantId;\n    this._clientId = clientId;\n\n    this._certificateString = readFileSync(certificatePath, \"utf8\");\n\n    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/;\n    const matchCert = this._certificateString.match(certificatePattern);\n    const publicKey = matchCert ? matchCert[3] : \"\";\n    if (!publicKey) {\n      throw new Error(\n        \"The file at the specified path does not contain a PEM-encoded certificate.\"\n      );\n    }\n\n    this.certificateThumbprint = createHash(\"sha1\")\n      .update(Buffer.from(publicKey, \"base64\"))\n      .digest(\"hex\")\n      .toUpperCase();\n\n    this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    return this.identityClient.authenticateClientCertificate(\n      this._tenantId,\n      this._clientId,\n      this._certificateString,\n      this.certificateX5t,\n      scopes,\n      options\n    );\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { TokenCredential } from \"@azure/core-http\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\nexport { IdentityClientOptions } from \"./client/identityClient\";\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientCertificateCredential } from \"./credentials/clientCertificateCredential\";\nexport { ManagedIdentityCredential } from \"./credentials/managedIdentityCredential\";\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport { AuthenticationError, AggregateAuthenticationError } from \"./client/errors\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\n\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n"],"names":["ServiceClient","WebResource","RestError","isNode","readFileSync","createHash"],"mappings":";;;;;;;;;;;;;;AAAA;;;;;;;AAyBA,MAAa,mBAAoB,SAAQ,KAAK;IAI5C,YAAY,UAAkB,EAAE,SAAoC;QAClE,IAAI,aAAa,GAAG;YAClB,KAAK,EAAE,SAAS;YAChB,iBAAiB,EAAE,oEAAoE;SACxF,CAAC;QAEF,IAAI,SAAS,EAAE;YACb,IAAI;;;gBAGF,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;aACvC;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,iBAAiB,EAAE,4CAA4C;qBAChE,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oDAAoD,SAAS,EAAE;qBACnF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;SACH;QAED,KAAK,CACH,qFAAqF,UAAU,0BAA0B,IAAI,CAAC,SAAS,CACrI,aAAa,EACb,IAAI,EACJ,IAAI,CACL,EAAE,CACJ,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;;QAGnC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;KACnC;CACF;;;;;AAMD,MAAa,4BAA6B,SAAQ,KAAK;IAErD,YAAY,MAAa;QACvB,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;QAGrB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;KAC5C;CACF;;ACxFD;AACA,AAKA;;;;AAIA,MAAa,sBAAsB;IAGjC,YAAY,GAAG,OAA0B;QAFjC,aAAQ,GAAsB,EAAE,CAAC;QAGvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;KACzB;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;iBAC1D;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAClB;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;aAChD;YAED,OAAO,KAAK,CAAC;SACd;KAAA;CACF;;AChDD;AACA,AAgBA,MAAM,yBAAyB,GAAG,EAAE,CAAC;AACrC,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AACjE,MAAM,kBAAkB,GAAG,WAAW,CAAC;AACvC,AAAO,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,AAAO,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,AAAO,MAAM,uBAAuB,GAAG,YAAY,CAAC;AAEpD,MAAa,cAAe,SAAQA,sBAAa;IAC/C,YAAY,OAA+B;QACzC,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;KACtC;IAEO,iBAAiB,CAAC,cAAqC;QAC7D,MAAM,WAAW,GAAG,IAAIC,oBAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;KACpB;IAEa,gBAAgB,CAC5B,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe,GAAG,eAAe,KAAK,CAAC,YAAiB;gBACtD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAA;aACnD,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;oBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;iBACzD,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;aACrE;SACF;KAAA;IAEO,mBAAmB,CAAC,MAAyB;QACnD,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;gBACvB,MAAM,8EAA8E,CAAC;aACtF;YAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;SACnB;aAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YACrC,KAAK,GAAG,MAAM,CAAC;SAChB;QAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;YACvC,OAAO,KAAK,CAAC;SACd;QAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;KAC/D;IAEO,aAAa,CAAC,IAAU;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;KAC1C;IAEO,UAAU,CAAC,IAAU,EAAE,OAAe;QAC5C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;KACb;IAEO,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;QAC/D,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,cAAc;SAC9B,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;aACf;SACF,CAAC;KACH;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,uBAAuB;SACvC,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;aAC/B;SACF,CAAC;KACH;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,IAAI,GAAQ;YAChB,QAAQ;SACT,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;SAC3B;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;YACxB,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;gBACd,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC;KACH;IAEa,gBAAgB,CAAC,QAAgB,EAAE,QAAiB;;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;;YAG/D,IAAI,OAAO,CAAC,OAAO,EAAE;;;gBAGnB,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC;;;;YAKD,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACpD,WAAW,CAAC,OAAO,GAAG,GAAG,CAAC;YAE1B,IAAI;gBACF,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;aACrC;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAYC,kBAAS,IAAI,GAAG,CAAC,IAAI,KAAKA,kBAAS,CAAC,kBAAkB,EAAE;;oBAEzE,OAAO,KAAK,CAAC;iBACd;aACF;;YAGD,OAAO,IAAI,CAAC;SACb;KAAA;IAED,wBAAwB,CACtB,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,MAAyB,EACzB,eAAiC;QAEjC,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACzC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,IAAI,QAAQ,oBAAoB;YACpD,MAAM,EAAE,MAAM;YACd,0BAA0B,EAAE,IAAI;YAChC,qBAAqB,EAAE,SAAS;YAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;gBACjB,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC;YACF,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;YACD,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW;SAC5D,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;KAC3C;IAEK,2BAA2B,CAC/B,MAAyB,EACzB,4BAAqC,EACrC,QAAiB,EACjB,eAAiC;;YAEjC,IAAI,kBAAyC,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAClD,IAAI,eAA2D,CAAC;;YAGhE,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;gBAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;;oBAE1B,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAC7E,eAAe,GAAG,CAAC,WAAgB;;;wBAGjC,MAAM,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAA;wBAC7G,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;qBAC3F,CAAC;iBACH;qBAAM;;oBAEL,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBAC9E;aACF;iBAAM;;gBAEL,IAAI,CAAC,4BAA4B,KAAI,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA,EAAE;;oBAEpF,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBACrE;qBAAM;;;oBAGL,OAAO,IAAI,CAAC;iBACb;aACF;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,iBACxC,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW,IACxD,kBAAkB,EACrB,CAAC;YAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;SAC5D;KAAA;IAED,6BAA6B,CAC3B,QAAgB,EAChB,QAAgB,EAChB,iBAAyB,EACzB,cAAsB,EACtB,MAAyB,EACzB,eAAiC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,OAAO,IAAI,QAAQ,oBAAoB,CAAC;QACpE,MAAM,MAAM,GAAe;YACzB,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,cAAc;SACpB,CAAC;QAEF,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE,CAAC;YACnC,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;SAChF,CAAC;QAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;YAC/B,MAAM;YACN,OAAO;YACP,MAAM,EAAE,iBAAiB;SAC1B,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACzC,GAAG,EAAE,WAAW;YAChB,MAAM,EAAE,MAAM;YACd,0BAA0B,EAAE,IAAI;YAChC,qBAAqB,EAAE,SAAS;YAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;gBACjB,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,QAAQ;gBACnB,qBAAqB,EAAE,wDAAwD;gBAC/E,gBAAgB,EAAE,eAAe;gBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC;YACF,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;YACD,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW;SAC5D,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;KAC3C;IAED,OAAO,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;KACH;CACF;;ACzTD;AACA,AAKA;;;;;;;;AAQA,MAAa,sBAAsB;;;;;;;;;;;IAgBjC,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;KACnC;;;;;;;;;;;IAYM,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,OAAO,IAAI,CAAC,cAAc,CAAC,wBAAwB,CACjD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,EAClB,MAAM,EACN,OAAO,CACR,CAAC;KACH;CACF;;AChED;AACA,AAMA;;;;;;;;;;;;AAYA,MAAa,qBAAqB;;;;;;;;;IAUhC,YAAY,OAA+B;QATnC,gBAAW,GAAqB,SAAS,CAAC;QAUhD,IAAI,CAACC,eAAM,EAAE;YACX,MAAM,kEAAkE,CAAC;SAC1E;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;SAC1F;KACF;;;;;;;;;;;IAYD,QAAQ,CAAC,MAAyB,EAAE,OAAyB;QAC3D,IAAI,IAAI,CAAC,WAAW,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAED,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9B;CACF;;AC5DD;AACA,AAKA;;;;;;;;;AASA,MAAa,yBAAyB;IAKpC,YAAY,QAAiB,EAAE,OAA+B;QAFtD,0BAAqB,GAAmB,IAAI,CAAC;QAGnD,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;KAC3B;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,MAAM,GAAuB,IAAI,CAAC;;;;YAKtC,IAAI,IAAI,CAAC,qBAAqB,KAAK,IAAI,EAAE;gBACvC,MAAM;oBACJ,MAAM,IAAI,CAAC,cAAc,CAAC,2BAA2B,CACnD,MAAM,EACN,IAAI,CAAC,qBAAqB,KAAK,IAAI,EACnC,IAAI,CAAC,SAAS,EACd,OAAO,CAAC,CAAC;;;;gBAKb,IAAI,CAAC,qBAAqB,GAAG,MAAM,KAAK,IAAI,CAAC;aAC9C;YAED,OAAO,MAAM,CAAC;SACf;KAAA;CACF;;AC5DD;AACA,AAOA;;;;;;;;;;;AAWA,MAAa,sBAAuB,SAAQ,sBAAsB;;;;;;IAMhE,YAAY,qBAA6C;QACvD,KAAK,CACH,IAAI,qBAAqB,CAAC,qBAAqB,CAAC,EAChD,IAAI,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAChE,CAAC;KACH;CACF;;AC/BD;AACA,AAOA;;;;;;;;AAQA,MAAa,2BAA2B;;;;;;;;;;IAkBtC,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAE1B,IAAI,CAAC,kBAAkB,GAAGC,eAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAEhE,MAAM,kBAAkB,GAAG,8FAA8F,CAAC;QAC1H,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;SACH;QAED,IAAI,CAAC,qBAAqB,GAAGC,iBAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;aACxC,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACzF;;;;;;;;;;;IAYM,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,OAAO,IAAI,CAAC,cAAc,CAAC,6BAA6B,CACtD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,cAAc,EACnB,MAAM,EACN,OAAO,CACR,CAAC;KACH;CACF;;ACtFD;AACA,SAgBgB,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;CACrC;;;;;;;;;;;;"}
+{"version":3,"file":"index.js","sources":["../src/client/errors.ts","../src/credentials/chainedTokenCredential.ts","../src/client/identityClient.ts","../src/credentials/clientSecretCredential.ts","../src/credentials/environmentCredential.ts","../src/credentials/managedIdentityCredential.ts","../src/credentials/defaultAzureCredential.ts","../src/credentials/clientCertificateCredential.ts","../src/credentials/interactiveBrowserCredential.ts","../src/credentials/deviceCodeCredential.ts","../src/credentials/usernamePasswordCredential.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is ErrorResponse {\n  return errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\";\n}\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  public readonly statusCode: number;\n  public readonly errorResponse: ErrorResponse;\n\n  constructor(statusCode: number, errorBody: object | string | undefined | null) {\n    let errorResponse = {\n      error: \"unknown\",\n      error_description: \"An unknown error occurred and no additional details are available.\"\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = errorBody;\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        errorResponse = JSON.parse(errorBody);\n      } catch (e) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            error_description: \"The specified authority URL was not found.\"\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            error_description: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        error_description: \"An unknown error occurred and no additional details are available.\"\n      };\n    }\n\n    super(\n      `An error was returned while authenticating to Azure Active Directory (status code ${statusCode}).\\n\\nMore details:\\n\\n${JSON.stringify(\n        errorResponse,\n        null,\n        \"  \"\n      )}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = \"AuthenticationError\";\n  }\n}\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  public errors: any[];\n  constructor(errors: any[]) {\n    super(\"Authentication failed to complete due to errors\");\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = \"AggregateAuthenticationError\";\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AggregateAuthenticationError } from \"../client/errors\";\n\n/**\n * Enables multiple {@link TokenCredential} implementations to be tried in order\n * until one of the getToken methods returns an {@link AccessToken}.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n  private _sources: TokenCredential[] = [];\n\n  constructor(...sources: TokenCredential[]) {\n    this._sources = sources;\n  }\n\n  /**\n   * Returns the first {@link AccessToken} returned by one of the chained\n   * {@link TokenCredential} implementations.  Throws an {@link AggregateAuthenticationError}\n   * when one or more credentials throws an {@link AuthenticationError} and\n   * no credentials have returned an {@link AccessToken}.\n   * \n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let token = null;\n    const errors = [];\n\n    for (let i = 0; i < this._sources.length && token === null; i++) {\n      try {\n        token = await this._sources[i].getToken(scopes, options);\n      } catch (err) {\n        errors.push(err);\n      }\n    }\n\n    if (!token && errors.length > 0) {\n      throw new AggregateAuthenticationError(errors);\n    }\n\n    return token;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport {\n  AccessToken,\n  ServiceClient,\n  ServiceClientOptions,\n  WebResource,\n  RequestPrepareOptions,\n  GetTokenOptions\n} from \"@azure/core-http\";\nimport { AuthenticationError } from \"./errors\";\n\nconst DefaultAuthorityHost = \"https://login.microsoftonline.com\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the AccessToken.\n */\nexport interface TokenResponse {\n  /**\n   * The AccessToken to be returned from getToken.\n   */\n  accessToken: AccessToken,\n\n  /**\n   * The refresh token if the 'offline_access' scope was used.\n   */\n  refreshToken?: string\n}\n\nexport class IdentityClient extends ServiceClient {\n  public authorityHost: string;\n\n  constructor(options?: IdentityClientOptions) {\n    options = options || IdentityClient.getDefaultOptions();\n    super(undefined, options);\n\n    this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;\n\n    if (!this.baseUri.startsWith(\"https:\")) {\n      throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n    }\n  }\n\n  createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n    const webResource = new WebResource();\n    webResource.prepare(requestOptions);\n    return webResource;\n  }\n\n  async sendTokenRequest(\n    webResource: WebResource,\n    expiresOnParser?: (responseBody: any) => number,\n  ): Promise<TokenResponse | null> {\n    const response = await this.sendRequest(webResource);\n\n    expiresOnParser = expiresOnParser || ((responseBody: any) => {\n      return Date.now() + responseBody.expires_in * 1000\n    });\n\n    if (response.status === 200 || response.status === 201) {\n      return {\n        accessToken: {\n          token: response.parsedBody.access_token,\n          expiresOnTimestamp: expiresOnParser(response.parsedBody)\n        },\n        refreshToken: response.parsedBody.refresh_token,\n      };\n    } else {\n      throw new AuthenticationError(response.status, response.parsedBody || response.bodyAsText);\n    }\n  }\n\n  async refreshAccessToken(\n    tenantId: string,\n    clientId: string,\n    scopes: string,\n    refreshToken: string | undefined,\n    clientSecret: string | undefined,\n    expiresOnParser?: (responseBody: any) => number,\n    options?: GetTokenOptions\n  ): Promise<TokenResponse | null> {\n    if (refreshToken === undefined) {\n      return null;\n    }\n\n    const refreshParams = {\n      grant_type: \"refresh_token\",\n      client_id: clientId,\n      refresh_token: refreshToken,\n      scope: scopes\n    };\n\n    if (clientSecret !== undefined) {\n      (refreshParams as any).client_secret = clientSecret;\n    }\n\n    const webResource = this.createWebResource({\n      url: `${this.authorityHost}/${tenantId}/oauth2/v2.0/token`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify(refreshParams),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    try {\n      return await this.sendTokenRequest(webResource, expiresOnParser);\n    } catch (err) {\n      if (err instanceof AuthenticationError && err.errorResponse.error === \"interaction_required\") {\n        // It's likely that the refresh token has expired, so\n        // return null so that the credential implementation will\n        // initiate the authentication flow again.\n        return null;\n      } else {\n        throw err;\n      }\n    }\n  }\n\n  static getDefaultOptions(): IdentityClientOptions {\n    return {\n      authorityHost: DefaultAuthorityHost\n    };\n  }\n}\n\nexport interface IdentityClientOptions extends ServiceClientOptions {\n  authorityHost?: string;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration.  More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId The Azure Active Directory tenant (directory) ID.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret A client secret that was generated for the App Registration.\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n    this.clientSecret = clientSecret;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const webResource = this.identityClient.createWebResource({\n      url: `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        response_type: \"token\",\n        grant_type: \"client_credentials\",\n        client_id: this.clientId,\n        client_secret: this.clientSecret,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { IdentityClientOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n *\n * - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n *\n * This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details.  Please consult the\n * documentation of that class for more details.\n */\nexport class EnvironmentCredential implements TokenCredential {\n  private _credential?: TokenCredential = undefined;\n  /**\n   * Creates an instance of the EnvironmentCredential class and reads\n   * client secret details from environment variables.  If the expected\n   * environment variables are not found at this time, the getToken method\n   * will return null when invoked.\n   *\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: IdentityClientOptions) {\n    const tenantId = process.env.AZURE_TENANT_ID,\n      clientId = process.env.AZURE_CLIENT_ID,\n      clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n    if (tenantId && clientId && clientSecret) {\n      this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null> {\n    if (this._credential) {\n      return this._credential.getToken(scopes, options);\n    }\n\n    return Promise.resolve(null);\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport {\n  AccessToken,\n  GetTokenOptions,\n  RequestPrepareOptions,\n  RestError,\n  TokenCredential\n} from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\nconst DefaultScopeSuffix = \"/.default\";\nexport const ImdsEndpoint = \"http://169.254.169.254/metadata/identity/oauth2/token\";\nexport const ImdsApiVersion = \"2018-02-01\";\nexport const AppServiceMsiApiVersion = \"2017-09-01\";\n\n/**\n * Attempts authentication using a managed identity that has been assigned\n * to the deployment environment.  This authentication type works in Azure VMs,\n * App Service and Azure Functions applications, and inside of Azure Cloud Shell.\n *\n * More information about configuring managed identities can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n */\nexport class ManagedIdentityCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private clientId: string | undefined;\n  private isEndpointUnavailable: boolean | null = null;\n\n  constructor(clientId?: string, options?: IdentityClientOptions) {\n    this.identityClient = new IdentityClient(options);\n    this.clientId = clientId;\n  }\n\n  private mapScopesToResource(scopes: string | string[]): string {\n    let scope = \"\";\n    if (Array.isArray(scopes)) {\n      if (scopes.length !== 1) {\n        throw \"To convert to a resource string the specified array must be exactly length 1\";\n      }\n\n      scope = scopes[0];\n    } else if (typeof scopes === \"string\") {\n      scope = scopes;\n    }\n\n    if (!scope.endsWith(DefaultScopeSuffix)) {\n      return scope;\n    }\n\n    return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n  }\n\n  private createImdsAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const queryParameters: any = {\n      resource,\n      \"api-version\": ImdsApiVersion\n    };\n\n    if (clientId) {\n      queryParameters.client_id = clientId;\n    }\n\n    return {\n      url: ImdsEndpoint,\n      method: \"GET\",\n      queryParameters,\n      headers: {\n        Accept: \"application/json\",\n        Metadata: true\n      }\n    };\n  }\n\n  private createAppServiceMsiAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const queryParameters: any = {\n      resource,\n      \"api-version\": AppServiceMsiApiVersion,\n    };\n\n    if (clientId) {\n      queryParameters.client_id = clientId;\n    }\n\n    return {\n      url: process.env.MSI_ENDPOINT,\n      method: \"GET\",\n      queryParameters,\n      headers: {\n        Accept: \"application/json\",\n        secret: process.env.MSI_SECRET\n      }\n    };\n  }\n\n  private createCloudShellMsiAuthRequest(resource: string, clientId?: string): RequestPrepareOptions {\n    const body: any = {\n      resource\n    };\n\n    if (clientId) {\n      body.client_id = clientId;\n    }\n\n    return {\n      url: process.env.MSI_ENDPOINT,\n      method: \"POST\",\n      body: qs.stringify(body),\n      headers: {\n        Accept: \"application/json\",\n        Metadata: true,\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      }\n    };\n  }\n\n  private async pingImdsEndpoint(resource: string, clientId?: string): Promise<boolean> {\n    const request = this.createImdsAuthRequest(resource, clientId);\n\n    // This will always be populated, but let's make TypeScript happy\n    if (request.headers) {\n      // Remove the Metadata header to invoke a request error from\n      // IMDS endpoint\n      delete request.headers.Metadata;\n    }\n\n    // Create a request with a 500 msec timeout since we expect that\n    // not having a \"Metadata\" header should cause an error to be\n    // returned quickly from the endpoint, proving its availability.\n    const webResource = this.identityClient.createWebResource(request);\n    webResource.timeout = 500;\n\n    try {\n      await this.identityClient.sendRequest(webResource);\n    } catch (err) {\n      if (err instanceof RestError && err.code === RestError.REQUEST_SEND_ERROR) {\n        // Either request failed or IMDS endpoint isn't available\n        return false;\n      }\n    }\n\n    // If we received any response, the endpoint is available\n    return true;\n  }\n\n  private async authenticateManagedIdentity(\n    scopes: string | string[],\n    checkIfImdsEndpointAvailable: boolean,\n    clientId?: string,\n    getTokenOptions?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let authRequestOptions: RequestPrepareOptions;\n    const resource = this.mapScopesToResource(scopes);\n    let expiresInParser: ((requestBody: any) => number) | undefined;\n\n    // Detect which type of environment we are running in\n    if (process.env.MSI_ENDPOINT) {\n      if (process.env.MSI_SECRET) {\n        // Running in App Service\n        authRequestOptions = this.createAppServiceMsiAuthRequest(resource, clientId);\n        expiresInParser = (requestBody: any) => {\n          // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n          // convert it into a JavaScript-formatted date\n          const m = requestBody.expires_on.match(/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d) (\\d\\d):(\\d\\d):(\\d\\d) (\\+|-)(\\d\\d):(\\d\\d)/)\n          return Date.parse(`${m[3]}-${m[1]}-${m[2]}T${m[4]}:${m[5]}:${m[6]}${m[7]}${m[8]}:${m[9]}`)\n        };\n      } else {\n        // Running in Cloud Shell\n        authRequestOptions = this.createCloudShellMsiAuthRequest(resource, clientId);\n      }\n    } else {\n      // Ping the IMDS endpoint to see if it's available\n      if (!checkIfImdsEndpointAvailable || await this.pingImdsEndpoint(resource, clientId)) {\n        // Running in an Azure VM\n        authRequestOptions = this.createImdsAuthRequest(resource, clientId);\n      } else {\n        // Returning null tells the ManagedIdentityCredential that\n        // no MSI authentication endpoints are available\n        return null;\n      }\n    }\n\n    const webResource = this.identityClient.createWebResource({\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      abortSignal: getTokenOptions && getTokenOptions.abortSignal,\n      ...authRequestOptions\n    });\n\n    const tokenResponse = await this.identityClient.sendTokenRequest(webResource, expiresInParser);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let result: AccessToken | null = null;\n\n    // isEndpointAvailable can be true, false, or null,\n    // the latter indicating that we don't yet know whether\n    // the endpoint is available and need to check for it.\n    if (this.isEndpointUnavailable !== true) {\n      result =\n        await this.authenticateManagedIdentity(\n          scopes,\n          this.isEndpointUnavailable === null,\n          this.clientId,\n          options);\n\n      // If authenticateManagedIdentity returns null, it means no MSI\n      // endpoints are available.  In this case, don't try them in future\n      // requests.\n      this.isEndpointUnavailable = result === null;\n    }\n\n    return result;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { IdentityClientOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.  The following credential\n * types will be tried, in order:\n * \n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n * \n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class.\n   * \n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(identityClientOptions?: IdentityClientOptions) {\n    super(\n      new EnvironmentCredential(identityClientOptions),\n      new ManagedIdentityCredential(undefined, identityClientOptions)\n    );\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport uuid from \"uuid\";\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\nconst SelfSignedJwtLifetimeMins = 10;\n\nfunction timestampInSeconds(date: Date): number {\n  return Math.floor(date.getTime() / 1000);\n}\n\nfunction addMinutes(date: Date, minutes: number): Date {\n  date.setMinutes(date.getMinutes() + minutes);\n  return date;\n}\n\n/**\n * Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration.  More information\n * on how to configure certificate authentication can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private certificateString: string;\n  private certificateThumbprint: string;\n  private certificateX5t: string;\n\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Azure Active Directory with a certificate.\n   *\n   * @param tenantId The Azure Active Directory tenant (directory) ID.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param certificatePath The path to a PEM-encoded public/private key certificate on the filesystem.\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePath: string,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n\n    this.certificateString = readFileSync(certificatePath, \"utf8\");\n\n    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/;\n    const matchCert = this.certificateString.match(certificatePattern);\n    const publicKey = matchCert ? matchCert[3] : \"\";\n    if (!publicKey) {\n      throw new Error(\n        \"The file at the specified path does not contain a PEM-encoded certificate.\"\n      );\n    }\n\n    this.certificateThumbprint = createHash(\"sha1\")\n      .update(Buffer.from(publicKey, \"base64\"))\n      .digest(\"hex\")\n      .toUpperCase();\n\n    this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const tokenId = uuid.v4();\n    const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`;\n    const header: jws.Header = {\n      typ: \"JWT\",\n      alg: \"RS256\",\n      x5t: this.certificateX5t\n    };\n\n    const payload = {\n      iss: this.clientId,\n      sub: this.clientId,\n      aud: audienceUrl,\n      jti: tokenId,\n      nbf: timestampInSeconds(new Date()),\n      exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n    };\n\n    const clientAssertion = jws.sign({\n      header,\n      payload,\n      secret: this.certificateString\n    });\n\n    const webResource = this.identityClient.createWebResource({\n      url: audienceUrl,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        response_type: \"token\",\n        grant_type: \"client_credentials\",\n        client_id: this.clientId,\n        client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n        client_assertion: clientAssertion,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { InteractiveBrowserCredentialOptions } from \"./interactiveBrowserCredentialOptions\";\n\nconst BrowserNotSupportedError = new Error(\"InteractiveBrowserCredential is not supported in Node.js.\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window.  This credential is not currently supported in Node.js.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  constructor(\n    tenantId: string,\n    clientId: string,\n    options?: InteractiveBrowserCredentialOptions\n  ) {\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    throw BrowserNotSupportedError;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken, delay } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient, TokenResponse } from \"../client/identityClient\";\nimport { AuthenticationError } from \"../client/errors\";\n\n/**\n * An internal interface that contains the verbatim devicecode response.\n * This interface does not get exported from the public interface of the\n * library.\n */\nexport interface DeviceCodeResponse {\n  device_code: string,\n  user_code: string,\n  verification_uri: string,\n  expires_in: number,\n  interval: number,\n  message: string\n}\n\n/**\n * Provides the user code and verification URI where the code must be\n * entered.  Also provides a message to display to the user which\n * contains an instruction with these details.\n */\nexport interface DeviceCodeDetails {\n  userCode: string,\n  verificationUri: string,\n  message: string\n}\n\n/**\n * Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n */\nexport type DeviceCodePromptCallback = (deviceCodeDetails: DeviceCodeDetails) => void;\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private userPromptCallback: DeviceCodePromptCallback;\n  private lastTokenResponse: TokenResponse | null = null;\n\n  /**\n   * Creates an instance of DeviceCodeCredential with the details needed\n   * to initiate the device code authorization flow with Azure Active Directory.\n   *\n   * @param tenantId The Azure Active Directory tenant (directory) ID or name.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param userPromptCallback A callback function that will be invoked to show\n                               {@link DeviceCodeDetails} to the user.\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    userPromptCallback: DeviceCodePromptCallback,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n    this.userPromptCallback = userPromptCallback;\n  }\n\n  private async sendDeviceCodeRequest(\n    scope: string,\n    options?: GetTokenOptions\n  ): Promise<DeviceCodeResponse> {\n    const webResource = this.identityClient.createWebResource({\n      url: `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/devicecode`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        client_id: this.clientId,\n        scope\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    const response = await this.identityClient.sendRequest(webResource);\n    if (!(response.status === 200 || response.status === 201)) {\n      throw new AuthenticationError(response.status, response.bodyAsText);\n    }\n\n    return response.parsedBody as DeviceCodeResponse;\n  }\n\n  private async pollForToken(\n    deviceCodeResponse: DeviceCodeResponse,\n    options?: GetTokenOptions\n  ): Promise<TokenResponse | null> {\n    let tokenResponse: TokenResponse | null = null;\n\n    const webResource = this.identityClient.createWebResource({\n      url: `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n        client_id: this.clientId,\n        device_code: deviceCodeResponse.device_code\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    while (tokenResponse === null) {\n      try {\n        await delay(deviceCodeResponse.interval * 1000);\n\n        // Check the abort signal before sending the request\n        if (options && options.abortSignal && options.abortSignal.aborted) {\n          return null;\n        }\n\n        tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n      } catch (err) {\n        if (err instanceof AuthenticationError) {\n          switch (err.errorResponse.error) {\n            case \"authorization_pending\":\n              break;\n            case \"authorization_declined\":\n              return null;\n            case \"expired_token\":\n              throw err;\n            case \"bad_verification_code\":\n              throw err;\n          }\n        } else {\n          throw err;\n        }\n      }\n    }\n\n    return tokenResponse;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    let tokenResponse: TokenResponse | null = null;\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // Try to use the refresh token first\n    if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n      tokenResponse = await this.identityClient.refreshAccessToken(\n        this.tenantId,\n        this.clientId,\n        scopeString,\n        this.lastTokenResponse.refreshToken,\n        undefined, // clientSecret not needed for device code auth\n        undefined,\n        options);\n    }\n\n    if (tokenResponse === null) {\n      const deviceCodeResponse = await this.sendDeviceCodeRequest(scopeString, options);\n\n      this.userPromptCallback({\n        userCode: deviceCodeResponse.user_code,\n        verificationUri: deviceCodeResponse.verification_uri,\n        message: deviceCodeResponse.message\n      });\n\n      tokenResponse = await this.pollForToken(deviceCodeResponse, options);\n    }\n\n    this.lastTokenResponse = tokenResponse;\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClientOptions, IdentityClient } from \"../client/identityClient\";\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantIdOrName The Azure Active Directory tenant (directory) ID or name.\n   * @param clientId The client (application) ID of an App Registration in the tenant.\n   * @param username The user account's e-mail address (user name).\n   * @param password The user account's account password\n   * @param options Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantIdOrName: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options?: IdentityClientOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantIdOrName;\n    this.clientId = clientId;\n    this.username = username;\n    this.password = password;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an {@link AccessToken} if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes The list of scopes for which the token will have access.\n   * @param options The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const webResource = this.identityClient.createWebResource({\n      url: `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`,\n      method: \"POST\",\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      body: qs.stringify({\n        response_type: \"token\",\n        grant_type: \"password\",\n        client_id: this.clientId,\n        username: this.username,\n        password: this.password,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      }),\n      headers: {\n        Accept: \"application/json\",\n        \"Content-Type\": \"application/x-www-form-urlencoded\"\n      },\n      abortSignal: options && options.abortSignal\n    });\n\n    const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { TokenCredential } from \"@azure/core-http\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\nexport { IdentityClientOptions } from \"./client/identityClient\";\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientCertificateCredential } from \"./credentials/clientCertificateCredential\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport { InteractiveBrowserCredentialOptions, BrowserLoginStyle } from \"./credentials/interactiveBrowserCredentialOptions\";\nexport { ManagedIdentityCredential } from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { AuthenticationError, AggregateAuthenticationError } from \"./client/errors\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\n\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n"],"names":["ServiceClient","WebResource","RestError","readFileSync","createHash","delay"],"mappings":";;;;;;;;;;;;;;AAAA;;AAoBA,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,aAAa;QAClB,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CAAC;CACvD;;;;;;AAOD,MAAa,mBAAoB,SAAQ,KAAK;IAI5C,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAG;YAClB,KAAK,EAAE,SAAS;YAChB,iBAAiB,EAAE,oEAAoE;SACxF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,SAAS,CAAC;SAC3B;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;;;gBAGF,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;aACvC;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,iBAAiB,EAAE,4CAA4C;qBAChE,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oDAAoD,SAAS,EAAE;qBACnF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;SACH;QAED,KAAK,CACH,qFAAqF,UAAU,0BAA0B,IAAI,CAAC,SAAS,CACrI,aAAa,EACb,IAAI,EACJ,IAAI,CACL,EAAE,CACJ,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;;QAGnC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;KACnC;CACF;;;;;AAMD,MAAa,4BAA6B,SAAQ,KAAK;IAErD,YAAY,MAAa;QACvB,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;QAGrB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;KAC5C;CACF;;AChGD;AACA,AAKA;;;;AAIA,MAAa,sBAAsB;IAGjC,YAAY,GAAG,OAA0B;QAFjC,aAAQ,GAAsB,EAAE,CAAC;QAGvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;KACzB;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;iBAC1D;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAClB;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;aAChD;YAED,OAAO,KAAK,CAAC;SACd;KAAA;CACF;;AChDD;AACA,AAaA,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AAkBjE,MAAa,cAAe,SAAQA,sBAAa;IAG/C,YAAY,OAA+B;QACzC,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,oBAAoB,CAAC;QAElF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;KACF;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAIC,oBAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;KACpB;IAEK,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe,GAAG,eAAe,KAAK,CAAC,YAAiB;gBACtD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAA;aACnD,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,OAAO;oBACL,WAAW,EAAE;wBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;wBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;qBACzD;oBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;iBAChD,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC;aAC5F;SACF;KAAA;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YAED,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,oBAAoB;gBAC1D,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;gBACjC,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;aAClE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,mBAAmB,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAAE;;;;oBAI5F,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,GAAG,CAAC;iBACX;aACF;SACF;KAAA;IAED,OAAO,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;KACH;CACF;;ACnID;AACA,AAMA;;;;;;;;AAQA,MAAa,sBAAsB;;;;;;;;;;;IAgBjC,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;KAClC;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB;gBAC9E,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,oBAAoB;oBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;oBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KAAA;CACF;;AC/ED;AACA,AAMA;;;;;;;;;;;;AAYA,MAAa,qBAAqB;;;;;;;;;IAUhC,YAAY,OAA+B;QATnC,gBAAW,GAAqB,SAAS,CAAC;QAUhD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;SAC1F;KACF;;;;;;;;;;;IAYD,QAAQ,CAAC,MAAyB,EAAE,OAAyB;QAC3D,IAAI,IAAI,CAAC,WAAW,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAED,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9B;CACF;;ACxDD;AACA,AAYA,MAAM,kBAAkB,GAAG,WAAW,CAAC;AACvC,AAAO,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,AAAO,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,AAAO,MAAM,uBAAuB,GAAG,YAAY,CAAC;;;;;;;;;;AAWpD,MAAa,yBAAyB;IAKpC,YAAY,QAAiB,EAAE,OAA+B;QAFtD,0BAAqB,GAAmB,IAAI,CAAC;QAGnD,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;KAC1B;IAEO,mBAAmB,CAAC,MAAyB;QACnD,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;gBACvB,MAAM,8EAA8E,CAAC;aACtF;YAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;SACnB;aAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YACrC,KAAK,GAAG,MAAM,CAAC;SAChB;QAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;YACvC,OAAO,KAAK,CAAC;SACd;QAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;KAC/D;IAEO,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;QAC/D,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,cAAc;SAC9B,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;aACf;SACF,CAAC;KACH;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,uBAAuB;SACvC,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;aAC/B;SACF,CAAC;KACH;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,IAAI,GAAQ;YAChB,QAAQ;SACT,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;SAC3B;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;YACxB,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;gBACd,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC;KACH;IAEa,gBAAgB,CAAC,QAAgB,EAAE,QAAiB;;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;;YAG/D,IAAI,OAAO,CAAC,OAAO,EAAE;;;gBAGnB,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC;;;;YAKD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACnE,WAAW,CAAC,OAAO,GAAG,GAAG,CAAC;YAE1B,IAAI;gBACF,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;aACpD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAYC,kBAAS,IAAI,GAAG,CAAC,IAAI,KAAKA,kBAAS,CAAC,kBAAkB,EAAE;;oBAEzE,OAAO,KAAK,CAAC;iBACd;aACF;;YAGD,OAAO,IAAI,CAAC;SACb;KAAA;IAEa,2BAA2B,CACvC,MAAyB,EACzB,4BAAqC,EACrC,QAAiB,EACjB,eAAiC;;YAEjC,IAAI,kBAAyC,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAClD,IAAI,eAA2D,CAAC;;YAGhE,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;gBAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;;oBAE1B,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAC7E,eAAe,GAAG,CAAC,WAAgB;;;wBAGjC,MAAM,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAA;wBAC7G,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;qBAC3F,CAAC;iBACH;qBAAM;;oBAEL,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBAC9E;aACF;iBAAM;;gBAEL,IAAI,CAAC,4BAA4B,KAAI,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA,EAAE;;oBAEpF,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBACrE;qBAAM;;;oBAGL,OAAO,IAAI,CAAC;iBACb;aACF;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,iBACvD,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW,IACxD,kBAAkB,EACrB,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAC/F,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,MAAM,GAAuB,IAAI,CAAC;;;;YAKtC,IAAI,IAAI,CAAC,qBAAqB,KAAK,IAAI,EAAE;gBACvC,MAAM;oBACJ,MAAM,IAAI,CAAC,2BAA2B,CACpC,MAAM,EACN,IAAI,CAAC,qBAAqB,KAAK,IAAI,EACnC,IAAI,CAAC,QAAQ,EACb,OAAO,CAAC,CAAC;;;;gBAKb,IAAI,CAAC,qBAAqB,GAAG,MAAM,KAAK,IAAI,CAAC;aAC9C;YAED,OAAO,MAAM,CAAC;SACf;KAAA;CACF;;ACvOD;AACA,AAOA;;;;;;;;;;;AAWA,MAAa,sBAAuB,SAAQ,sBAAsB;;;;;;IAMhE,YAAY,qBAA6C;QACvD,KAAK,CACH,IAAI,qBAAqB,CAAC,qBAAqB,CAAC,EAChD,IAAI,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAChE,CAAC;KACH;CACF;;AC/BD;AACA,AAUA,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;CAC1C;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;CACb;;;;;;;;;AAUD,MAAa,2BAA2B;;;;;;;;;;IAiBtC,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,iBAAiB,GAAGC,eAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,8FAA8F,CAAC;QAC1H,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;SACH;QAED,IAAI,CAAC,qBAAqB,GAAGC,iBAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;aACxC,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACzF;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB,CAAC;YAC9F,MAAM,MAAM,GAAe;gBACzB,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;aACzB,CAAC;YAEF,MAAM,OAAO,GAAG;gBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,GAAG,EAAE,WAAW;gBAChB,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;gBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;aAC3E,CAAC;YAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC/B,MAAM;gBACN,OAAO;gBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,WAAW;gBAChB,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,oBAAoB;oBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,qBAAqB,EAAE,wDAAwD;oBAC/E,gBAAgB,EAAE,eAAe;oBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KAAA;CACF;;ACxID;;AAQA,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;;;;;;AAOxG,MAAa,4BAA4B;IACvC,YACE,QAAgB,EAChB,QAAgB,EAChB,OAA6C;QAE7C,MAAM,wBAAwB,CAAC;KAChC;IAEM,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,MAAM,wBAAwB,CAAC;KAChC;CACF;;AC9BD;AACA,AAuCA;;;;AAIA,MAAa,oBAAoB;;;;;;;;;;;IAiB/B,YACE,QAAgB,EAChB,QAAgB,EAChB,kBAA4C,EAC5C,OAA+B;QAhBzB,sBAAiB,GAAyB,IAAI,CAAC;QAkBrD,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;KAC9C;IAEa,qBAAqB,CACjC,KAAa,EACb,OAAyB;;YAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,yBAAyB;gBACnF,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,KAAK;iBACN,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACpE,IAAI,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;gBACzD,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;aACrE;YAED,OAAO,QAAQ,CAAC,UAAgC,CAAC;SAClD;KAAA;IAEa,YAAY,CACxB,kBAAsC,EACtC,OAAyB;;YAEzB,IAAI,aAAa,GAAyB,IAAI,CAAC;YAE/C,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB;gBAC9E,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,UAAU,EAAE,8CAA8C;oBAC1D,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,WAAW,EAAE,kBAAkB,CAAC,WAAW;iBAC5C,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,OAAO,aAAa,KAAK,IAAI,EAAE;gBAC7B,IAAI;oBACF,MAAMC,cAAK,CAAC,kBAAkB,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;;oBAGhD,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE;wBACjE,OAAO,IAAI,CAAC;qBACb;oBAED,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;iBACzE;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,YAAY,mBAAmB,EAAE;wBACtC,QAAQ,GAAG,CAAC,aAAa,CAAC,KAAK;4BAC7B,KAAK,uBAAuB;gCAC1B,MAAM;4BACR,KAAK,wBAAwB;gCAC3B,OAAO,IAAI,CAAC;4BACd,KAAK,eAAe;gCAClB,MAAM,GAAG,CAAC;4BACZ,KAAK,uBAAuB;gCAC1B,MAAM,GAAG,CAAC;yBACb;qBACF;yBAAM;wBACL,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,OAAO,aAAa,CAAC;SACtB;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,aAAa,GAAyB,IAAI,CAAC;YAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;gBAC7C,WAAW,IAAI,iBAAiB,CAAC;aAClC;;YAGD,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;gBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,SAAS;gBACT,SAAS,EACT,OAAO,CAAC,CAAC;aACZ;YAED,IAAI,aAAa,KAAK,IAAI,EAAE;gBAC1B,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAElF,IAAI,CAAC,kBAAkB,CAAC;oBACtB,QAAQ,EAAE,kBAAkB,CAAC,SAAS;oBACtC,eAAe,EAAE,kBAAkB,CAAC,gBAAgB;oBACpD,OAAO,EAAE,kBAAkB,CAAC,OAAO;iBACpC,CAAC,CAAC;gBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;aACtE;YAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;YACvC,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KAAA;CACF;;AC1MD;AACA,AAMA;;;;;;AAMA,MAAa,0BAA0B;;;;;;;;;;;;IAkBrC,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;KAC1B;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB;gBAC9E,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,UAAU;oBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;SAC7D;KAAA;CACF;;AClFD;AACA,SAoBgB,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;CACrC;;;;;;;;;;;;;;;"}

package/dist-esm/src/client/errors.d.ts

@@ -22,7 +22,7 @@ export interface ErrorResponse {
 export declare class AuthenticationError extends Error {
     readonly statusCode: number;
     readonly errorResponse: ErrorResponse;
-    constructor(statusCode: number, errorBody: string | undefined | null);
+    constructor(statusCode: number, errorBody: object | string | undefined | null);
 }
 /**
  * Provides an `errors` array containing {@link AuthenticationError} instance

package/dist-esm/src/client/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/client/errors.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,SAAgB,UAAU,EAAE,MAAM,CAAC;IACnC,SAAgB,aAAa,EAAE,aAAa,CAAC;gBAEjC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;CA4CrE;AAED;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,KAAK;IAC9C,MAAM,EAAE,GAAG,EAAE,CAAC;gBACT,MAAM,EAAE,GAAG,EAAE;CAO1B"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/client/errors.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAQD;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,SAAgB,UAAU,EAAE,MAAM,CAAC;IACnC,SAAgB,aAAa,EAAE,aAAa,CAAC;gBAEjC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,IAAI;CA8C9E;AAED;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,KAAK;IAC9C,MAAM,EAAE,GAAG,EAAE,CAAC;gBACT,MAAM,EAAE,GAAG,EAAE;CAO1B"}

package/dist-esm/src/client/errors.js

@@ -1,5 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+function isErrorResponse(errorResponse) {
+    return errorResponse &&
+        typeof errorResponse.error === "string" &&
+        typeof errorResponse.error_description === "string";
+}
 /**
  * Provides details about a failure to authenticate with Azure Active
  * Directory.  The `errorResponse` field contains more details about
@@ -11,7 +16,10 @@ export class AuthenticationError extends Error {
             error: "unknown",
             error_description: "An unknown error occurred and no additional details are available."
         };
-        if (errorBody) {
+        if (isErrorResponse(errorBody)) {
+            errorResponse = errorBody;
+        }
+        else if (typeof errorBody === "string") {
             try {
                 // Most error responses will contain JSON-formatted error details
                 // in the response body

package/dist-esm/src/client/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/client/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAmBlC;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAI5C,YAAY,UAAkB,EAAE,SAAoC;QAClE,IAAI,aAAa,GAAG;YAClB,KAAK,EAAE,SAAS;YAChB,iBAAiB,EAAE,oEAAoE;SACxF,CAAC;QAEF,IAAI,SAAS,EAAE;YACb,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;aACvC;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,iBAAiB,EAAE,4CAA4C;qBAChE,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oDAAoD,SAAS,EAAE;qBACnF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;SACH;QAED,KAAK,CACH,qFAAqF,UAAU,0BAA0B,IAAI,CAAC,SAAS,CACrI,aAAa,EACb,IAAI,EACJ,IAAI,CACL,EAAE,CACJ,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAErD,YAAY,MAAa;QACvB,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF"}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/client/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAmBlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,aAAa;QAClB,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAI5C,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAG;YAClB,KAAK,EAAE,SAAS;YAChB,iBAAiB,EAAE,oEAAoE;SACxF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,SAAS,CAAC;SAC3B;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;aACvC;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,iBAAiB,EAAE,4CAA4C;qBAChE,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oDAAoD,SAAS,EAAE;qBACnF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;SACH;QAED,KAAK,CACH,qFAAqF,UAAU,0BAA0B,IAAI,CAAC,SAAS,CACrI,aAAa,EACb,IAAI,EACJ,IAAI,CACL,EAAE,CACJ,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAErD,YAAY,MAAa;QACvB,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF"}

package/dist-esm/src/client/identityClient.d.ts

@@ -1,24 +1,27 @@
-import { AccessToken, ServiceClient, ServiceClientOptions, GetTokenOptions } from "@azure/core-http";
-export declare const ImdsEndpoint = "http://169.254.169.254/metadata/identity/oauth2/token";
-export declare const ImdsApiVersion = "2018-02-01";
-export declare const AppServiceMsiApiVersion = "2017-09-01";
+import { AccessToken, ServiceClient, ServiceClientOptions, WebResource, RequestPrepareOptions, GetTokenOptions } from "@azure/core-http";
+/**
+ * An internal type used to communicate details of a token request's
+ * response that should not be sent back as part of the AccessToken.
+ */
+export interface TokenResponse {
+    /**
+     * The AccessToken to be returned from getToken.
+     */
+    accessToken: AccessToken;
+    /**
+     * The refresh token if the 'offline_access' scope was used.
+     */
+    refreshToken?: string;
+}
 export declare class IdentityClient extends ServiceClient {
+    authorityHost: string;
     constructor(options?: IdentityClientOptions);
-    private createWebResource;
-    private sendTokenRequest;
-    private mapScopesToResource;
-    private dateInSeconds;
-    private addMinutes;
-    private createImdsAuthRequest;
-    private createAppServiceMsiAuthRequest;
-    private createCloudShellMsiAuthRequest;
-    private pingImdsEndpoint;
-    authenticateClientSecret(tenantId: string, clientId: string, clientSecret: string, scopes: string | string[], getTokenOptions?: GetTokenOptions): Promise<AccessToken | null>;
-    authenticateManagedIdentity(scopes: string | string[], checkIfImdsEndpointAvailable: boolean, clientId?: string, getTokenOptions?: GetTokenOptions): Promise<AccessToken | null>;
-    authenticateClientCertificate(tenantId: string, clientId: string, certificateString: string, certificateX5t: string, scopes: string | string[], getTokenOptions?: GetTokenOptions): Promise<AccessToken | null>;
+    createWebResource(requestOptions: RequestPrepareOptions): WebResource;
+    sendTokenRequest(webResource: WebResource, expiresOnParser?: (responseBody: any) => number): Promise<TokenResponse | null>;
+    refreshAccessToken(tenantId: string, clientId: string, scopes: string, refreshToken: string | undefined, clientSecret: string | undefined, expiresOnParser?: (responseBody: any) => number, options?: GetTokenOptions): Promise<TokenResponse | null>;
     static getDefaultOptions(): IdentityClientOptions;
 }
 export interface IdentityClientOptions extends ServiceClientOptions {
-    authorityHost: string;
+    authorityHost?: string;
 }
 //# sourceMappingURL=identityClient.d.ts.map

package/dist-esm/src/client/identityClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,EAIhB,MAAM,kBAAkB,CAAC;AAM1B,eAAO,MAAM,YAAY,0DAA0D,CAAC;AACpF,eAAO,MAAM,cAAc,eAAe,CAAC;AAC3C,eAAO,MAAM,uBAAuB,eAAe,CAAC;AAEpD,qBAAa,cAAe,SAAQ,aAAa;gBACnC,OAAO,CAAC,EAAE,qBAAqB;IAO3C,OAAO,CAAC,iBAAiB;YAMX,gBAAgB;IAoB9B,OAAO,CAAC,mBAAmB;IAmB3B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,qBAAqB;IAqB7B,OAAO,CAAC,8BAA8B;IAqBtC,OAAO,CAAC,8BAA8B;YAqBxB,gBAAgB;IA6B9B,wBAAwB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAuBxB,2BAA2B,CAC/B,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,4BAA4B,EAAE,OAAO,EACrC,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IA0C9B,6BAA6B,CAC3B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IA+C9B,MAAM,CAAC,iBAAiB,IAAI,qBAAqB;CAKlD;AAED,MAAM,WAAW,qBAAsB,SAAQ,oBAAoB;IACjE,aAAa,EAAE,MAAM,CAAC;CACvB"}
+{"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,WAAW,EACX,qBAAqB,EACrB,eAAe,EAChB,MAAM,kBAAkB,CAAC;AAK1B;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IAEzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED,qBAAa,cAAe,SAAQ,aAAa;IACxC,aAAa,EAAE,MAAM,CAAC;gBAEjB,OAAO,CAAC,EAAE,qBAAqB;IAW3C,iBAAiB,CAAC,cAAc,EAAE,qBAAqB,GAAG,WAAW;IAM/D,gBAAgB,CACpB,WAAW,EAAE,WAAW,EACxB,eAAe,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,MAAM,GAC9C,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,eAAe,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,KAAK,MAAM,EAC/C,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA2ChC,MAAM,CAAC,iBAAiB,IAAI,qBAAqB;CAKlD;AAED,MAAM,WAAW,qBAAsB,SAAQ,oBAAoB;IACjE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB"}