@azure/identity 1.0.0-preview.1 → 1.0.0-preview.2

package/dist-esm/src/client/identityClient.js

@@ -2,21 +2,17 @@
 // Licensed under the MIT License.
 import * as tslib_1 from "tslib";
 import qs from "qs";
-import jws from "jws";
-import uuid from "uuid";
-import { ServiceClient, WebResource, RestError } from "@azure/core-http";
+import { ServiceClient, WebResource } from "@azure/core-http";
 import { AuthenticationError } from "./errors";
-const SelfSignedJwtLifetimeMins = 10;
 const DefaultAuthorityHost = "https://login.microsoftonline.com";
-const DefaultScopeSuffix = "/.default";
-export const ImdsEndpoint = "http://169.254.169.254/metadata/identity/oauth2/token";
-export const ImdsApiVersion = "2018-02-01";
-export const AppServiceMsiApiVersion = "2017-09-01";
 export class IdentityClient extends ServiceClient {
     constructor(options) {
         options = options || IdentityClient.getDefaultOptions();
         super(undefined, options);
-        this.baseUri = options.authorityHost;
+        this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;
+        if (!this.baseUri.startsWith("https:")) {
+            throw new Error("The authorityHost address must use the 'https' protocol.");
+        }
     }
     createWebResource(requestOptions) {
         const webResource = new WebResource();
@@ -31,219 +27,59 @@ export class IdentityClient extends ServiceClient {
             });
             if (response.status === 200 || response.status === 201) {
                 return {
-                    token: response.parsedBody.access_token,
-                    expiresOnTimestamp: expiresOnParser(response.parsedBody)
+                    accessToken: {
+                        token: response.parsedBody.access_token,
+                        expiresOnTimestamp: expiresOnParser(response.parsedBody)
+                    },
+                    refreshToken: response.parsedBody.refresh_token,
                 };
             }
             else {
-                throw new AuthenticationError(response.status, response.bodyAsText);
+                throw new AuthenticationError(response.status, response.parsedBody || response.bodyAsText);
             }
         });
     }
-    mapScopesToResource(scopes) {
-        let scope = "";
-        if (Array.isArray(scopes)) {
-            if (scopes.length !== 1) {
-                throw "To convert to a resource string the specified array must be exactly length 1";
-            }
-            scope = scopes[0];
-        }
-        else if (typeof scopes === "string") {
-            scope = scopes;
-        }
-        if (!scope.endsWith(DefaultScopeSuffix)) {
-            return scope;
-        }
-        return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));
-    }
-    dateInSeconds(date) {
-        return Math.floor(date.getTime() / 1000);
-    }
-    addMinutes(date, minutes) {
-        date.setMinutes(date.getMinutes() + minutes);
-        return date;
-    }
-    createImdsAuthRequest(resource, clientId) {
-        const queryParameters = {
-            resource,
-            "api-version": ImdsApiVersion
-        };
-        if (clientId) {
-            queryParameters.client_id = clientId;
-        }
-        return {
-            url: ImdsEndpoint,
-            method: "GET",
-            queryParameters,
-            headers: {
-                Accept: "application/json",
-                Metadata: true
-            }
-        };
-    }
-    createAppServiceMsiAuthRequest(resource, clientId) {
-        const queryParameters = {
-            resource,
-            "api-version": AppServiceMsiApiVersion,
-        };
-        if (clientId) {
-            queryParameters.client_id = clientId;
-        }
-        return {
-            url: process.env.MSI_ENDPOINT,
-            method: "GET",
-            queryParameters,
-            headers: {
-                Accept: "application/json",
-                secret: process.env.MSI_SECRET
-            }
-        };
-    }
-    createCloudShellMsiAuthRequest(resource, clientId) {
-        const body = {
-            resource
-        };
-        if (clientId) {
-            body.client_id = clientId;
-        }
-        return {
-            url: process.env.MSI_ENDPOINT,
-            method: "POST",
-            body: qs.stringify(body),
-            headers: {
-                Accept: "application/json",
-                Metadata: true,
-                "Content-Type": "application/x-www-form-urlencoded"
-            }
-        };
-    }
-    pingImdsEndpoint(resource, clientId) {
+    refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
         return tslib_1.__awaiter(this, void 0, void 0, function* () {
-            const request = this.createImdsAuthRequest(resource, clientId);
-            // This will always be populated, but let's make TypeScript happy
-            if (request.headers) {
-                // Remove the Metadata header to invoke a request error from
-                // IMDS endpoint
-                delete request.headers.Metadata;
+            if (refreshToken === undefined) {
+                return null;
+            }
+            const refreshParams = {
+                grant_type: "refresh_token",
+                client_id: clientId,
+                refresh_token: refreshToken,
+                scope: scopes
+            };
+            if (clientSecret !== undefined) {
+                refreshParams.client_secret = clientSecret;
             }
-            // Create a request with a 500 msec timeout since we expect that
-            // not having a "Metadata" header should cause an error to be
-            // returned quickly from the endpoint, proving its availability.
-            const webResource = this.createWebResource(request);
-            webResource.timeout = 500;
+            const webResource = this.createWebResource({
+                url: `${this.authorityHost}/${tenantId}/oauth2/v2.0/token`,
+                method: "POST",
+                disableJsonStringifyOnBody: true,
+                deserializationMapper: undefined,
+                body: qs.stringify(refreshParams),
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                abortSignal: options && options.abortSignal
+            });
             try {
-                yield this.sendRequest(webResource);
+                return yield this.sendTokenRequest(webResource, expiresOnParser);
             }
             catch (err) {
-                if (err instanceof RestError && err.code === RestError.REQUEST_SEND_ERROR) {
-                    // Either request failed or IMDS endpoint isn't available
-                    return false;
-                }
-            }
-            // If we received any response, the endpoint is available
-            return true;
-        });
-    }
-    authenticateClientSecret(tenantId, clientId, clientSecret, scopes, getTokenOptions) {
-        const webResource = this.createWebResource({
-            url: `${this.baseUri}/${tenantId}/oauth2/v2.0/token`,
-            method: "POST",
-            disableJsonStringifyOnBody: true,
-            deserializationMapper: undefined,
-            body: qs.stringify({
-                response_type: "token",
-                grant_type: "client_credentials",
-                client_id: clientId,
-                client_secret: clientSecret,
-                scope: typeof scopes === "string" ? scopes : scopes.join(" ")
-            }),
-            headers: {
-                Accept: "application/json",
-                "Content-Type": "application/x-www-form-urlencoded"
-            },
-            abortSignal: getTokenOptions && getTokenOptions.abortSignal
-        });
-        return this.sendTokenRequest(webResource);
-    }
-    authenticateManagedIdentity(scopes, checkIfImdsEndpointAvailable, clientId, getTokenOptions) {
-        return tslib_1.__awaiter(this, void 0, void 0, function* () {
-            let authRequestOptions;
-            const resource = this.mapScopesToResource(scopes);
-            let expiresInParser;
-            // Detect which type of environment we are running in
-            if (process.env.MSI_ENDPOINT) {
-                if (process.env.MSI_SECRET) {
-                    // Running in App Service
-                    authRequestOptions = this.createAppServiceMsiAuthRequest(resource, clientId);
-                    expiresInParser = (requestBody) => {
-                        // Parse a date format like "06/20/2019 02:57:58 +00:00" and
-                        // convert it into a JavaScript-formatted date
-                        const m = requestBody.expires_on.match(/(\d\d)\/(\d\d)\/(\d\d\d\d) (\d\d):(\d\d):(\d\d) (\+|-)(\d\d):(\d\d)/);
-                        return Date.parse(`${m[3]}-${m[1]}-${m[2]}T${m[4]}:${m[5]}:${m[6]}${m[7]}${m[8]}:${m[9]}`);
-                    };
-                }
-                else {
-                    // Running in Cloud Shell
-                    authRequestOptions = this.createCloudShellMsiAuthRequest(resource, clientId);
-                }
-            }
-            else {
-                // Ping the IMDS endpoint to see if it's available
-                if (!checkIfImdsEndpointAvailable || (yield this.pingImdsEndpoint(resource, clientId))) {
-                    // Running in an Azure VM
-                    authRequestOptions = this.createImdsAuthRequest(resource, clientId);
+                if (err instanceof AuthenticationError && err.errorResponse.error === "interaction_required") {
+                    // It's likely that the refresh token has expired, so
+                    // return null so that the credential implementation will
+                    // initiate the authentication flow again.
+                    return null;
                 }
                 else {
-                    // Returning null tells the ManagedIdentityCredential that
-                    // no MSI authentication endpoints are available
-                    return null;
+                    throw err;
                 }
             }
-            const webResource = this.createWebResource(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions && getTokenOptions.abortSignal }, authRequestOptions));
-            return this.sendTokenRequest(webResource, expiresInParser);
-        });
-    }
-    authenticateClientCertificate(tenantId, clientId, certificateString, certificateX5t, scopes, getTokenOptions) {
-        const tokenId = uuid.v4();
-        const audienceUrl = `${this.baseUri}/${tenantId}/oauth2/v2.0/token`;
-        const header = {
-            typ: "JWT",
-            alg: "RS256",
-            x5t: certificateX5t
-        };
-        const payload = {
-            iss: clientId,
-            sub: clientId,
-            aud: audienceUrl,
-            jti: tokenId,
-            nbf: this.dateInSeconds(new Date()),
-            exp: this.dateInSeconds(this.addMinutes(new Date(), SelfSignedJwtLifetimeMins))
-        };
-        const clientAssertion = jws.sign({
-            header,
-            payload,
-            secret: certificateString
-        });
-        const webResource = this.createWebResource({
-            url: audienceUrl,
-            method: "POST",
-            disableJsonStringifyOnBody: true,
-            deserializationMapper: undefined,
-            body: qs.stringify({
-                response_type: "token",
-                grant_type: "client_credentials",
-                client_id: clientId,
-                client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-                client_assertion: clientAssertion,
-                scope: typeof scopes === "string" ? scopes : scopes.join(" ")
-            }),
-            headers: {
-                Accept: "application/json",
-                "Content-Type": "application/x-www-form-urlencoded"
-            },
-            abortSignal: getTokenOptions && getTokenOptions.abortSignal
         });
-        return this.sendTokenRequest(webResource);
     }
     static getDefaultOptions() {
         return {

package/dist-esm/src/client/identityClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAEL,aAAa,EAGb,WAAW,EAEX,SAAS,EACV,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAE/C,MAAM,yBAAyB,GAAG,EAAE,CAAC;AACrC,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AACjE,MAAM,kBAAkB,GAAG,WAAW,CAAC;AACvC,MAAM,CAAC,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,MAAM,CAAC,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,MAAM,CAAC,MAAM,uBAAuB,GAAG,YAAY,CAAC;AAEpD,MAAM,OAAO,cAAe,SAAQ,aAAa;IAC/C,YAAY,OAA+B;QACzC,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IACvC,CAAC;IAEO,iBAAiB,CAAC,cAAqC;QAC7D,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEa,gBAAgB,CAC5B,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe,GAAG,eAAe,IAAI,CAAC,CAAC,YAAiB,EAAE,EAAE;gBAC1D,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAA;YACpD,CAAC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;oBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;iBACzD,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;aACrE;QACH,CAAC;KAAA;IAEO,mBAAmB,CAAC,MAAyB;QACnD,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;gBACvB,MAAM,8EAA8E,CAAC;aACtF;YAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;SACnB;aAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YACrC,KAAK,GAAG,MAAM,CAAC;SAChB;QAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;YACvC,OAAO,KAAK,CAAC;SACd;QAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAChE,CAAC;IAEO,aAAa,CAAC,IAAU;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3C,CAAC;IAEO,UAAU,CAAC,IAAU,EAAE,OAAe;QAC5C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;QAC/D,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,cAAc;SAC9B,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;aACf;SACF,CAAC;IACJ,CAAC;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,eAAe,GAAQ;YAC3B,QAAQ;YACR,aAAa,EAAE,uBAAuB;SACvC,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;SACtC;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,KAAK;YACb,eAAe;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;aAC/B;SACF,CAAC;IACJ,CAAC;IAEO,8BAA8B,CAAC,QAAgB,EAAE,QAAiB;QACxE,MAAM,IAAI,GAAQ;YAChB,QAAQ;SACT,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;SAC3B;QAED,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;YACxB,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,IAAI;gBACd,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC;IACJ,CAAC;IAEa,gBAAgB,CAAC,QAAgB,EAAE,QAAiB;;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAE/D,iEAAiE;YACjE,IAAI,OAAO,CAAC,OAAO,EAAE;gBACnB,4DAA4D;gBAC5D,gBAAgB;gBAChB,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC;YAED,gEAAgE;YAChE,6DAA6D;YAC7D,gEAAgE;YAChE,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACpD,WAAW,CAAC,OAAO,GAAG,GAAG,CAAC;YAE1B,IAAI;gBACF,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;aACrC;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,SAAS,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,kBAAkB,EAAE;oBACzE,yDAAyD;oBACzD,OAAO,KAAK,CAAC;iBACd;aACF;YAED,yDAAyD;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;IAED,wBAAwB,CACtB,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,MAAyB,EACzB,eAAiC;QAEjC,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACzC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,IAAI,QAAQ,oBAAoB;YACpD,MAAM,EAAE,MAAM;YACd,0BAA0B,EAAE,IAAI;YAChC,qBAAqB,EAAE,SAAS;YAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;gBACjB,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC;YACF,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;YACD,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW;SAC5D,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAEK,2BAA2B,CAC/B,MAAyB,EACzB,4BAAqC,EACrC,QAAiB,EACjB,eAAiC;;YAEjC,IAAI,kBAAyC,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAClD,IAAI,eAA2D,CAAC;YAEhE,qDAAqD;YACrD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;gBAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;oBAC1B,yBAAyB;oBACzB,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAC7E,eAAe,GAAG,CAAC,WAAgB,EAAE,EAAE;wBACrC,4DAA4D;wBAC5D,8CAA8C;wBAC9C,MAAM,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAA;wBAC7G,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;oBAC5F,CAAC,CAAC;iBACH;qBAAM;oBACL,yBAAyB;oBACzB,kBAAkB,GAAG,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBAC9E;aACF;iBAAM;gBACL,kDAAkD;gBAClD,IAAI,CAAC,4BAA4B,KAAI,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA,EAAE;oBACpF,yBAAyB;oBACzB,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBACrE;qBAAM;oBACL,0DAA0D;oBAC1D,gDAAgD;oBAChD,OAAO,IAAI,CAAC;iBACb;aACF;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,iBACxC,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW,IACxD,kBAAkB,EACrB,CAAC;YAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAC7D,CAAC;KAAA;IAED,6BAA6B,CAC3B,QAAgB,EAChB,QAAgB,EAChB,iBAAyB,EACzB,cAAsB,EACtB,MAAyB,EACzB,eAAiC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,OAAO,IAAI,QAAQ,oBAAoB,CAAC;QACpE,MAAM,MAAM,GAAe;YACzB,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,cAAc;SACpB,CAAC;QAEF,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE,CAAC;YACnC,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;SAChF,CAAC;QAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;YAC/B,MAAM;YACN,OAAO;YACP,MAAM,EAAE,iBAAiB;SAC1B,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACzC,GAAG,EAAE,WAAW;YAChB,MAAM,EAAE,MAAM;YACd,0BAA0B,EAAE,IAAI;YAChC,qBAAqB,EAAE,SAAS;YAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;gBACjB,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,QAAQ;gBACnB,qBAAqB,EAAE,wDAAwD;gBAC/E,gBAAgB,EAAE,eAAe;gBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC;YACF,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;YACD,WAAW,EAAE,eAAe,IAAI,eAAe,CAAC,WAAW;SAC5D,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,CAAC,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAEL,aAAa,EAEb,WAAW,EAGZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAE/C,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AAkBjE,MAAM,OAAO,cAAe,SAAQ,aAAa;IAG/C,YAAY,OAA+B;QACzC,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,oBAAoB,CAAC;QAElF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;IACH,CAAC;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEK,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe,GAAG,eAAe,IAAI,CAAC,CAAC,YAAiB,EAAE,EAAE;gBAC1D,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAA;YACpD,CAAC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,OAAO;oBACL,WAAW,EAAE;wBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;wBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;qBACzD;oBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;iBAChD,CAAC;aACH;iBAAM;gBACL,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC;aAC5F;QACH,CAAC;KAAA;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YAED,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,oBAAoB;gBAC1D,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;gBACjC,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;aAClE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,mBAAmB,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAAE;oBAC5F,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,GAAG,CAAC;iBACX;aACF;QACH,CAAC;KAAA;IAED,MAAM,CAAC,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;IACJ,CAAC;CACF"}

package/dist-esm/src/credentials/clientCertificateCredential.browser.d.ts

@@ -0,0 +1,7 @@
+import { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-http";
+import { IdentityClientOptions } from "../client/identityClient";
+export declare class ClientCertificateCredential implements TokenCredential {
+    constructor(tenantId: string, clientId: string, certificatePath: string, options?: IdentityClientOptions);
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+}
+//# sourceMappingURL=clientCertificateCredential.browser.d.ts.map

package/dist-esm/src/credentials/clientCertificateCredential.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"clientCertificateCredential.browser.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAIjE,qBAAa,2BAA4B,YAAW,eAAe;gBAE/D,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,qBAAqB;IAK1B,QAAQ,CACb,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAG/B"}

package/dist-esm/src/credentials/clientCertificateCredential.browser.js

@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+const BrowserNotSupportedError = new Error("ClientCertificateCredential is not supported in the browser.");
+export class ClientCertificateCredential {
+    constructor(tenantId, clientId, certificatePath, options) {
+        throw BrowserNotSupportedError;
+    }
+    getToken(scopes, options) {
+        throw BrowserNotSupportedError;
+    }
+}
+//# sourceMappingURL=clientCertificateCredential.browser.js.map

package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;AAE3G,MAAM,OAAO,2BAA2B;IACtC,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA+B;QAE/B,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF"}

package/dist-esm/src/credentials/clientCertificateCredential.d.ts

@@ -10,11 +10,11 @@ import { IdentityClientOptions } from "../client/identityClient";
  */
 export declare class ClientCertificateCredential implements TokenCredential {
     private identityClient;
-    private _tenantId;
-    private _clientId;
-    private _certificateString;
-    certificateThumbprint: string;
-    certificateX5t: string;
+    private tenantId;
+    private clientId;
+    private certificateString;
+    private certificateThumbprint;
+    private certificateX5t;
     /**
      * Creates an instance of the ClientCertificateCredential with the details
      * needed to authenticate against Azure Active Directory with a certificate.

package/dist-esm/src/credentials/clientCertificateCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientCertificateCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAkB,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,kBAAkB,CAAS;IAE5B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IAE9B;;;;;;;;OAQG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,qBAAqB;IAyBjC;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAU/B"}
+{"version":3,"file":"clientCertificateCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAkB,MAAM,0BAA0B,CAAC;AAajF;;;;;;;GAOG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,cAAc,CAAS;IAE/B;;;;;;;;OAQG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,qBAAqB;IAyBjC;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CA+C/B"}

package/dist-esm/src/credentials/clientCertificateCredential.js

@@ -1,8 +1,20 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+import * as tslib_1 from "tslib";
+import qs from "qs";
+import jws from "jws";
+import uuid from "uuid";
 import { readFileSync } from "fs";
 import { createHash } from "crypto";
 import { IdentityClient } from "../client/identityClient";
+const SelfSignedJwtLifetimeMins = 10;
+function timestampInSeconds(date) {
+    return Math.floor(date.getTime() / 1000);
+}
+function addMinutes(date, minutes) {
+    date.setMinutes(date.getMinutes() + minutes);
+    return date;
+}
 /**
  * Enables authentication to Azure Active Directory using a PEM-encoded
  * certificate that is assigned to an App Registration.  More information
@@ -23,11 +35,11 @@ export class ClientCertificateCredential {
      */
     constructor(tenantId, clientId, certificatePath, options) {
         this.identityClient = new IdentityClient(options);
-        this._tenantId = tenantId;
-        this._clientId = clientId;
-        this._certificateString = readFileSync(certificatePath, "utf8");
+        this.tenantId = tenantId;
+        this.clientId = clientId;
+        this.certificateString = readFileSync(certificatePath, "utf8");
         const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/;
-        const matchCert = this._certificateString.match(certificatePattern);
+        const matchCert = this.certificateString.match(certificatePattern);
         const publicKey = matchCert ? matchCert[3] : "";
         if (!publicKey) {
             throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
@@ -49,7 +61,49 @@ export class ClientCertificateCredential {
      *                TokenCredential implementation might make.
      */
     getToken(scopes, options) {
-        return this.identityClient.authenticateClientCertificate(this._tenantId, this._clientId, this._certificateString, this.certificateX5t, scopes, options);
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            const tokenId = uuid.v4();
+            const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`;
+            const header = {
+                typ: "JWT",
+                alg: "RS256",
+                x5t: this.certificateX5t
+            };
+            const payload = {
+                iss: this.clientId,
+                sub: this.clientId,
+                aud: audienceUrl,
+                jti: tokenId,
+                nbf: timestampInSeconds(new Date()),
+                exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))
+            };
+            const clientAssertion = jws.sign({
+                header,
+                payload,
+                secret: this.certificateString
+            });
+            const webResource = this.identityClient.createWebResource({
+                url: audienceUrl,
+                method: "POST",
+                disableJsonStringifyOnBody: true,
+                deserializationMapper: undefined,
+                body: qs.stringify({
+                    response_type: "token",
+                    grant_type: "client_credentials",
+                    client_id: this.clientId,
+                    client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
+                    client_assertion: clientAssertion,
+                    scope: typeof scopes === "string" ? scopes : scopes.join(" ")
+                }),
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                abortSignal: options && options.abortSignal
+            });
+            const tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
+            return (tokenResponse && tokenResponse.accessToken) || null;
+        });
     }
 }
 //# sourceMappingURL=clientCertificateCredential.js.map

package/dist-esm/src/credentials/clientCertificateCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAyB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAStC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAE1B,IAAI,CAAC,kBAAkB,GAAG,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAEhE,MAAM,kBAAkB,GAAG,8FAA8F,CAAC;QAC1H,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;SACH;QAED,IAAI,CAAC,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;aACxC,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1F,CAAC;IAED;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,OAAO,IAAI,CAAC,cAAc,CAAC,6BAA6B,CACtD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,cAAc,EACnB,MAAM,EACN,OAAO,CACR,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAyB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAEjF,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAQtC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,8FAA8F,CAAC;QAC1H,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;SACH;QAED,IAAI,CAAC,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;aACxC,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1F,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB,CAAC;YAC9F,MAAM,MAAM,GAAe;gBACzB,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;aACzB,CAAC;YAEF,MAAM,OAAO,GAAG;gBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,GAAG,EAAE,WAAW;gBAChB,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;gBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;aAC3E,CAAC;YAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC/B,MAAM;gBACN,OAAO;gBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,WAAW;gBAChB,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,oBAAoB;oBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,qBAAqB,EAAE,wDAAwD;oBAC/E,gBAAgB,EAAE,eAAe;oBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC;KAAA;CACF"}

package/dist-esm/src/credentials/clientSecretCredential.d.ts

@@ -10,9 +10,9 @@ import { IdentityClientOptions } from "../client/identityClient";
  */
 export declare class ClientSecretCredential implements TokenCredential {
     private identityClient;
-    private _tenantId;
-    private _clientId;
-    private _clientSecret;
+    private tenantId;
+    private clientId;
+    private clientSecret;
     /**
      * Creates an instance of the ClientSecretCredential with the details
      * needed to authenticate against Azure Active Directory with a client

package/dist-esm/src/credentials/clientSecretCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAkB,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,aAAa,CAAS;IAE9B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,qBAAqB;IAQjC;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAS/B"}
+{"version":3,"file":"clientSecretCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAkB,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,qBAAqB;IAQjC;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAuB/B"}

package/dist-esm/src/credentials/clientSecretCredential.js

@@ -1,5 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
+import * as tslib_1 from "tslib";
+import qs from "qs";
 import { IdentityClient } from "../client/identityClient";
 /**
  * Enables authentication to Azure Active Directory using a client secret
@@ -22,9 +24,9 @@ export class ClientSecretCredential {
      */
     constructor(tenantId, clientId, clientSecret, options) {
         this.identityClient = new IdentityClient(options);
-        this._tenantId = tenantId;
-        this._clientId = clientId;
-        this._clientSecret = clientSecret;
+        this.tenantId = tenantId;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
     }
     /**
      * Authenticates with Azure Active Directory and returns an {@link AccessToken} if
@@ -37,7 +39,28 @@ export class ClientSecretCredential {
      *                TokenCredential implementation might make.
      */
     getToken(scopes, options) {
-        return this.identityClient.authenticateClientSecret(this._tenantId, this._clientId, this._clientSecret, scopes, options);
+        return tslib_1.__awaiter(this, void 0, void 0, function* () {
+            const webResource = this.identityClient.createWebResource({
+                url: `${this.identityClient.authorityHost}/${this.tenantId}/oauth2/v2.0/token`,
+                method: "POST",
+                disableJsonStringifyOnBody: true,
+                deserializationMapper: undefined,
+                body: qs.stringify({
+                    response_type: "token",
+                    grant_type: "client_credentials",
+                    client_id: this.clientId,
+                    client_secret: this.clientSecret,
+                    scope: typeof scopes === "string" ? scopes : scopes.join(" ")
+                }),
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                abortSignal: options && options.abortSignal
+            });
+            const tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
+            return (tokenResponse && tokenResponse.accessToken) || null;
+        });
     }
 }
 //# sourceMappingURL=clientSecretCredential.js.map

package/dist-esm/src/credentials/clientSecretCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAyB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,OAAO,IAAI,CAAC,cAAc,CAAC,wBAAwB,CACjD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,EAClB,MAAM,EACN,OAAO,CACR,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAAyB,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAEjF;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAA+B;QAE/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;gBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,oBAAoB;gBAC9E,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,oBAAoB;oBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;oBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC;KAAA;CACF"}

package/dist-esm/src/credentials/deviceCodeCredential.browser.d.ts

@@ -0,0 +1,7 @@
+import { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-http";
+import { IdentityClientOptions } from "../client/identityClient";
+export declare class DeviceCodeCredential implements TokenCredential {
+    constructor(tenantId: string, clientId: string, userPromptCallback: (details: any) => void, options?: IdentityClientOptions);
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+}
+//# sourceMappingURL=deviceCodeCredential.browser.d.ts.map

package/dist-esm/src/credentials/deviceCodeCredential.browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deviceCodeCredential.browser.d.ts","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAIjE,qBAAa,oBAAqB,YAAW,eAAe;gBAExD,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,kBAAkB,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,IAAI,EAC1C,OAAO,CAAC,EAAE,qBAAqB;IAK1B,QAAQ,CACb,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAG/B"}

package/dist-esm/src/credentials/deviceCodeCredential.browser.js

@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supported in the browser.");
+export class DeviceCodeCredential {
+    constructor(tenantId, clientId, userPromptCallback, options) {
+        throw BrowserNotSupportedError;
+    }
+    getToken(scopes, options) {
+        throw BrowserNotSupportedError;
+    }
+}
+//# sourceMappingURL=deviceCodeCredential.browser.js.map

package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deviceCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AAEpG,MAAM,OAAO,oBAAoB;IAC/B,YACE,QAAgB,EAChB,QAAgB,EAChB,kBAA0C,EAC1C,OAA+B;QAE/B,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ,CACb,MAAyB,EACzB,OAAyB;QAEzB,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF"}