@azure/identity 1.2.0-beta.2 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (72) hide show
  1. package/CHANGELOG.md +24 -2
  2. package/README.md +75 -55
  3. package/dist/index.js +533 -396
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/msalClient.js +138 -0
  6. package/dist-esm/src/client/msalClient.js.map +1 -0
  7. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js +2 -2
  8. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  9. package/dist-esm/src/credentials/authorizationCodeCredential.js +3 -1
  10. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  11. package/dist-esm/src/credentials/azureCliCredential.browser.js +2 -2
  12. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  13. package/dist-esm/src/credentials/azureCliCredential.js +5 -5
  14. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  15. package/dist-esm/src/credentials/chainedTokenCredential.js +2 -2
  16. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  17. package/dist-esm/src/credentials/clientCertificateCredential.browser.js +2 -2
  18. package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +1 -1
  19. package/dist-esm/src/credentials/clientCertificateCredential.js +5 -3
  20. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  22. package/dist-esm/src/credentials/clientSecretCredential.js +2 -2
  23. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  24. package/dist-esm/src/credentials/deviceCodeCredential.browser.js +2 -2
  25. package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +1 -1
  26. package/dist-esm/src/credentials/deviceCodeCredential.js +53 -47
  27. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  28. package/dist-esm/src/credentials/environmentCredential.browser.js +2 -2
  29. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  30. package/dist-esm/src/credentials/environmentCredential.js +6 -2
  31. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  32. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +7 -5
  33. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  34. package/dist-esm/src/credentials/interactiveBrowserCredential.js +30 -69
  35. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  36. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  37. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +44 -0
  38. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -0
  39. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +74 -0
  40. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -0
  41. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +41 -0
  42. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -0
  43. package/dist-esm/src/credentials/managedIdentityCredential/constants.js +8 -0
  44. package/dist-esm/src/credentials/managedIdentityCredential/constants.js.map +1 -0
  45. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +59 -0
  46. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -0
  47. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +109 -0
  48. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -0
  49. package/dist-esm/src/credentials/{managedIdentityCredential.browser.js → managedIdentityCredential/index.browser.js} +4 -4
  50. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js.map +1 -0
  51. package/dist-esm/src/credentials/managedIdentityCredential/index.js +165 -0
  52. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -0
  53. package/dist-esm/src/credentials/managedIdentityCredential/models.js +3 -0
  54. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -0
  55. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +28 -0
  56. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -0
  57. package/dist-esm/src/credentials/usernamePasswordCredential.js +3 -1
  58. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  59. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js +2 -2
  60. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -1
  61. package/dist-esm/src/credentials/visualStudioCodeCredential.js +19 -8
  62. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  63. package/dist-esm/src/index.js.map +1 -1
  64. package/dist-esm/src/util/checkTenantId.js +11 -0
  65. package/dist-esm/src/util/checkTenantId.js.map +1 -0
  66. package/dist-esm/src/util/logging.js +7 -3
  67. package/dist-esm/src/util/logging.js.map +1 -1
  68. package/package.json +7 -5
  69. package/types/identity.d.ts +9 -33
  70. package/dist-esm/src/credentials/managedIdentityCredential.browser.js.map +0 -1
  71. package/dist-esm/src/credentials/managedIdentityCredential.js +0 -376
  72. package/dist-esm/src/credentials/managedIdentityCredential.js.map +0 -1
package/dist-esm/src/credentials/clientSecretCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YAC7F,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;iBAChF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBAClC,CAAC,CAAC,aAAa,CAAC,eAAe;oBAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;gBAC5B,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI;oBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC1B,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { AuthenticationErrorName } from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { credentialLogger, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /**\n * Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * @param clientSecret A client secret that was generated for the App Registration.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, options: newOptions } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n logger.getToken.info(err);\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1
+ {"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YAC7F,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;iBAChF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBAClC,CAAC,CAAC,aAAa,CAAC,eAAe;oBAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;gBAC5B,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI;oBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { AuthenticationErrorName } from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /**\n * Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * @param clientSecret A client secret that was generated for the App Registration.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, options: newOptions } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
package/dist-esm/src/credentials/deviceCodeCredential.browser.js CHANGED
@@ -5,11 +5,11 @@ const BrowserNotSupportedError = new Error("DeviceCodeCredential is not supporte
5
5
  const logger = credentialLogger("DeviceCodeCredential");
6
6
  export class DeviceCodeCredential {
7
7
  constructor() {
8
- logger.info(formatError(BrowserNotSupportedError));
8
+ logger.info(formatError("", BrowserNotSupportedError));
9
9
  throw BrowserNotSupportedError;
10
10
  }
11
11
  getToken() {
12
- logger.getToken.info(formatError(BrowserNotSupportedError));
12
+ logger.getToken.info(formatError("", BrowserNotSupportedError));
13
13
  throw BrowserNotSupportedError;
14
14
  }
15
15
  }
package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deviceCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AACpG,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD,MAAM,OAAO,oBAAoB;IAC/B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACnD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC5D,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"DeviceCodeCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\nexport class DeviceCodeCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"deviceCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AACpG,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD,MAAM,OAAO,oBAAoB;IAC/B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"DeviceCodeCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\nexport class DeviceCodeCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/deviceCodeCredential.js CHANGED
@@ -1,9 +1,11 @@
1
1
  import { __awaiter } from "tslib";
2
+ import { AuthenticationRequired, MsalClient } from "../client/msalClient";
2
3
  import { createSpan } from "../util/tracing";
3
- import { credentialLogger } from "../util/logging";
4
+ import { credentialLogger, formatError, formatSuccess } from "../util/logging";
4
5
  import { AuthenticationErrorName } from "../client/errors";
5
6
  import { CanonicalCode } from "@opentelemetry/api";
6
- import { PublicClientApplication } from "@azure/msal-node";
7
+ import { checkTenantId } from "../util/checkTenantId";
8
+ import { DeveloperSignOnClientId } from "../constants";
7
9
  const logger = credentialLogger("DeviceCodeCredential");
8
10
  /**
9
11
  * Method that logs the user code from the DeviceCodeCredential.
@@ -22,39 +24,30 @@ export class DeviceCodeCredential {
22
24
  * to initiate the device code authorization flow with Azure Active Directory.
23
25
  *
24
26
  * @param tenantId The Azure Active Directory tenant (directory) ID or name.
27
+ * The default value is 'organizations'.
25
28
  * 'organizations' may be used when dealing with multi-tenant scenarios.
26
29
  * @param clientId The client (application) ID of an App Registration in the tenant.
30
+ * By default we will try to use the Azure CLI's client ID to authenticate.
27
31
  * @param userPromptCallback A callback function that will be invoked to show
28
32
  {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.
29
33
  * @param options Options for configuring the client which makes the authentication request.
30
34
  */
31
- constructor(tenantId, clientId, userPromptCallback = defaultDeviceCodePromptCallback, options) {
32
- this.tenantId = tenantId;
33
- this.clientId = clientId;
35
+ constructor(tenantId = "organizations", clientId = DeveloperSignOnClientId, userPromptCallback = defaultDeviceCodePromptCallback, options) {
36
+ checkTenantId(logger, tenantId);
34
37
  this.userPromptCallback = userPromptCallback;
38
+ let authorityHost;
35
39
  if (options && options.authorityHost) {
36
40
  if (options.authorityHost.endsWith("/")) {
37
- this.authorityHost = options.authorityHost + this.tenantId;
41
+ authorityHost = options.authorityHost + tenantId;
38
42
  }
39
43
  else {
40
- this.authorityHost = options.authorityHost + "/" + this.tenantId;
44
+ authorityHost = options.authorityHost + "/" + tenantId;
41
45
  }
42
46
  }
43
47
  else {
44
- this.authorityHost = "https://login.microsoftonline.com/" + this.tenantId;
48
+ authorityHost = "https://login.microsoftonline.com/" + tenantId;
45
49
  }
46
- const knownAuthorities = this.tenantId === "adfs" ? [this.authorityHost] : [];
47
- const publicClientConfig = {
48
- auth: {
49
- clientId: this.clientId,
50
- authority: this.authorityHost,
51
- knownAuthorities: knownAuthorities
52
- },
53
- cache: {
54
- cachePlugin: undefined
55
- }
56
- };
57
- this.pca = new PublicClientApplication(publicClientConfig);
50
+ this.msalClient = new MsalClient({ clientId: clientId, authority: authorityHost }, false, undefined, options);
58
51
  }
59
52
  /**
60
53
  * Authenticates with Azure Active Directory and returns an access token if
@@ -67,37 +60,50 @@ export class DeviceCodeCredential {
67
60
  * TokenCredential implementation might make.
68
61
  */
69
62
  getToken(scopes, options) {
70
- const { span } = createSpan("DeviceCodeCredential-getToken", options);
71
- const scopeArray = typeof scopes === "object" ? scopes : [scopes];
72
- const deviceCodeRequest = {
73
- deviceCodeCallback: this.userPromptCallback,
74
- scopes: scopeArray
75
- };
76
- logger.info("Sending devicecode request");
77
- try {
78
- return this.acquireTokenByDeviceCode(deviceCodeRequest);
79
- }
80
- catch (err) {
81
- const code = err.name === AuthenticationErrorName
82
- ? CanonicalCode.UNAUTHENTICATED
83
- : CanonicalCode.UNKNOWN;
84
- span.setStatus({
85
- code,
86
- message: err.message
87
- });
88
- logger.getToken.info(err);
89
- throw err;
90
- }
91
- finally {
92
- span.end();
93
- }
63
+ return __awaiter(this, void 0, void 0, function* () {
64
+ const { span } = createSpan("DeviceCodeCredential-getToken", options);
65
+ const scopeArray = typeof scopes === "object" ? scopes : [scopes];
66
+ const deviceCodeRequest = {
67
+ deviceCodeCallback: this.userPromptCallback,
68
+ scopes: scopeArray
69
+ };
70
+ logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(", ")}`);
71
+ return this.msalClient.acquireTokenFromCache(scopeArray).catch((e) => __awaiter(this, void 0, void 0, function* () {
72
+ if (e instanceof AuthenticationRequired) {
73
+ try {
74
+ const token = yield this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);
75
+ logger.getToken.info(formatSuccess(scopeArray));
76
+ return token;
77
+ }
78
+ catch (err) {
79
+ const code = err.name === AuthenticationErrorName
80
+ ? CanonicalCode.UNAUTHENTICATED
81
+ : CanonicalCode.UNKNOWN;
82
+ span.setStatus({
83
+ code,
84
+ message: err.message
85
+ });
86
+ logger.getToken.info(formatError(scopeArray, err));
87
+ throw err;
88
+ }
89
+ finally {
90
+ span.end();
91
+ }
92
+ }
93
+ else {
94
+ throw e;
95
+ }
96
+ }));
97
+ });
94
98
  }
95
- acquireTokenByDeviceCode(deviceCodeRequest) {
99
+ acquireTokenByDeviceCode(deviceCodeRequest, scopes) {
96
100
  return __awaiter(this, void 0, void 0, function* () {
97
101
  try {
98
- const deviceResponse = yield this.pca.acquireTokenByDeviceCode(deviceCodeRequest);
102
+ const deviceResponse = yield this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);
103
+ const expiresOnTimestamp = deviceResponse.expiresOn.getTime();
104
+ logger.getToken.info(formatSuccess(scopes));
99
105
  return {
100
- expiresOnTimestamp: deviceResponse.expiresOn.getTime(),
106
+ expiresOnTimestamp,
101
107
  token: deviceResponse.accessToken
102
108
  };
103
109
  }
package/dist-esm/src/credentials/deviceCodeCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,uBAAuB,EAAqB,MAAM,kBAAkB,CAAC;AAiC9E,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAO/B;;;;;;;;;;OAUG;IACH,YACE,QAAkC,EAClC,QAAgB,EAChB,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC;aAC5D;iBAAM;gBACL,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;aAClE;SACF;aAAM;YACL,IAAI,CAAC,aAAa,GAAG,oCAAoC,GAAG,IAAI,CAAC,QAAQ,CAAC;SAC3E;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9E,MAAM,kBAAkB,GAAG;YACzB,IAAI,EAAE;gBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa;gBAC7B,gBAAgB,EAAE,gBAAgB;aACnC;YACD,KAAK,EAAE;gBACL,WAAW,EAAE,SAAS;aACvB;SACF,CAAC;QAEF,IAAI,CAAC,GAAG,GAAG,IAAI,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAyB,EAAE,OAAyB;QAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;QAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAElE,MAAM,iBAAiB,GAAG;YACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,MAAM,EAAE,UAAU;SACnB,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAE1C,IAAI;YACF,OAAO,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;SACzD;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;gBAClC,CAAC,CAAC,aAAa,CAAC,eAAe;gBAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;YAC5B,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI;gBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;IAEa,wBAAwB,CACpC,iBAAoC;;YAEpC,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBAClF,OAAO;oBACL,kBAAkB,EAAE,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE;oBACtD,KAAK,EAAE,cAAc,CAAC,WAAW;iBAClC,CAAC;aACH;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger } from \"../util/logging\";\nimport { AuthenticationErrorName } from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\n\nimport { PublicClientApplication, DeviceCodeRequest } from \"@azure/msal-node\";\n\n/**\n * Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n */\nexport interface DeviceCodeInfo {\n /**\n * The device code that the user must enter into the verification page.\n */\n userCode: string;\n\n /**\n * The verification URI to which the user must navigate to enter the device\n * code.\n */\n verificationUri: string;\n\n /**\n * A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n */\n message: string;\n}\n\n/**\n * Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n */\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n private pca: PublicClientApplication;\n private tenantId: string;\n private clientId: string;\n private userPromptCallback: DeviceCodePromptCallback;\n private authorityHost: string;\n\n /**\n * Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID or name. \n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * @param userPromptCallback A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string | \"organizations\",\n clientId: string,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.userPromptCallback = userPromptCallback;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n this.authorityHost = options.authorityHost + this.tenantId;\n } else {\n this.authorityHost = options.authorityHost + \"/\" + this.tenantId;\n }\n } else {\n this.authorityHost = \"https://login.microsoftonline.com/\" + this.tenantId;\n }\n\n const knownAuthorities = this.tenantId === \"adfs\" ? [this.authorityHost] : [];\n\n const publicClientConfig = {\n auth: {\n clientId: this.clientId,\n authority: this.authorityHost,\n knownAuthorities: knownAuthorities\n },\n cache: {\n cachePlugin: undefined\n }\n };\n\n this.pca = new PublicClientApplication(publicClientConfig);\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(\"Sending devicecode request\");\n\n try {\n return this.acquireTokenByDeviceCode(deviceCodeRequest);\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n logger.getToken.info(err);\n throw err;\n } finally {\n span.end();\n }\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest\n ): Promise<AccessToken | null> {\n try {\n const deviceResponse = await this.pca.acquireTokenByDeviceCode(deviceCodeRequest);\n return {\n expiresOnTimestamp: deviceResponse.expiresOn.getTime(),\n token: deviceResponse.accessToken\n };\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":";AAGA,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAInD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAiCvD,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAI/B;;;;;;;;;;;;OAYG;IACH,YACE,WAAmB,eAAe,EAClC,WAAmB,uBAAuB,EAC1C,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAE7C,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,EAChD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG;gBACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM,EAAE,UAAU;aACnB,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9E,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAO,CAAC,EAAE,EAAE;gBACzE,IAAI,CAAC,YAAY,sBAAsB,EAAE;oBACvC,IAAI;wBACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;wBACjF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAChD,OAAO,KAAK,CAAC;qBACd;oBAAC,OAAO,GAAG,EAAE;wBACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;4BAClC,CAAC,CAAC,aAAa,CAAC,eAAe;4BAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;wBAC5B,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI;4BACJ,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;wBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;wBACnD,MAAM,GAAG,CAAC;qBACX;4BAAS;wBACR,IAAI,CAAC,GAAG,EAAE,CAAC;qBACZ;iBACF;qBAAM;oBACL,MAAM,CAAC,CAAC;iBACT;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;IAEa,wBAAwB,CACpC,iBAAoC,EACpC,MAAgB;;YAEhB,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBACzF,MAAM,kBAAkB,GAAG,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,kBAAkB;oBAClB,KAAK,EAAE,cAAc,CAAC,WAAW;iBAClC,CAAC;aACH;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { AuthenticationErrorName } from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\nimport { DeviceCodeRequest } from \"@azure/msal-node\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { DeveloperSignOnClientId } from \"../constants\";\n\n/**\n * Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n */\nexport interface DeviceCodeInfo {\n /**\n * The device code that the user must enter into the verification page.\n */\n userCode: string;\n\n /**\n * The verification URI to which the user must navigate to enter the device\n * code.\n */\n verificationUri: string;\n\n /**\n * A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n */\n message: string;\n}\n\n/**\n * Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n */\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n private userPromptCallback: DeviceCodePromptCallback;\n private msalClient: MsalClient;\n\n /**\n * Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID or name.\n * The default value is 'organizations'.\n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * By default we will try to use the Azure CLI's client ID to authenticate.\n * @param userPromptCallback A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string = \"organizations\",\n clientId: string = DeveloperSignOnClientId,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.userPromptCallback = userPromptCallback;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n { clientId: clientId, authority: authorityHost },\n false,\n undefined,\n options\n );\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(\", \")}`);\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch(async (e) => {\n if (e instanceof AuthenticationRequired) {\n try {\n const token = await this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);\n logger.getToken.info(formatSuccess(scopeArray));\n return token;\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n logger.getToken.info(formatError(scopeArray, err));\n throw err;\n } finally {\n span.end();\n }\n } else {\n throw e;\n }\n });\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest,\n scopes: string[]\n ): Promise<AccessToken | null> {\n try {\n const deviceResponse = await this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);\n const expiresOnTimestamp = deviceResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n expiresOnTimestamp,\n token: deviceResponse.accessToken\n };\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n"]}
package/dist-esm/src/credentials/environmentCredential.browser.js CHANGED
@@ -5,11 +5,11 @@ const BrowserNotSupportedError = new Error("EnvironmentCredential is not support
5
5
  const logger = credentialLogger("EnvironmentCredential");
6
6
  export class EnvironmentCredential {
7
7
  constructor() {
8
- logger.info(formatError(BrowserNotSupportedError));
8
+ logger.info(formatError("", BrowserNotSupportedError));
9
9
  throw BrowserNotSupportedError;
10
10
  }
11
11
  getToken() {
12
- logger.getToken.info(formatError(BrowserNotSupportedError));
12
+ logger.getToken.info(formatError("", BrowserNotSupportedError));
13
13
  throw BrowserNotSupportedError;
14
14
  }
15
15
  }
package/dist-esm/src/credentials/environmentCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"environmentCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,wDAAwD,CACzD,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD,MAAM,OAAO,qBAAqB;IAChC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACnD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC5D,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"EnvironmentCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\nexport class EnvironmentCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"environmentCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,wDAAwD,CACzD,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD,MAAM,OAAO,qBAAqB;IAChC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"EnvironmentCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\nexport class EnvironmentCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/environmentCredential.js CHANGED
@@ -8,6 +8,7 @@ import { CanonicalCode } from "@opentelemetry/api";
8
8
  import { ClientCertificateCredential } from "./clientCertificateCredential";
9
9
  import { UsernamePasswordCredential } from "./usernamePasswordCredential";
10
10
  import { credentialLogger, processEnvVars, formatSuccess, formatError } from "../util/logging";
11
+ import { checkTenantId } from "../util/checkTenantId";
11
12
  /**
12
13
  * Contains the list of all supported environment variable names so that an
13
14
  * appropriate error message can be generated when no credentials can be
@@ -51,6 +52,9 @@ export class EnvironmentCredential {
51
52
  const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(", ");
52
53
  logger.info(`Found the following environment variables: ${assigned}`);
53
54
  const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
55
+ if (tenantId) {
56
+ checkTenantId(logger, tenantId);
57
+ }
54
58
  if (tenantId && clientId && clientSecret) {
55
59
  logger.info(`Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`);
56
60
  this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
@@ -103,7 +107,7 @@ export class EnvironmentCredential {
103
107
  .split("More details:")
104
108
  .join("")
105
109
  });
106
- logger.getToken.info(formatError(authenticationError));
110
+ logger.getToken.info(formatError(scopes, authenticationError));
107
111
  throw authenticationError;
108
112
  }
109
113
  finally {
@@ -115,7 +119,7 @@ export class EnvironmentCredential {
115
119
  span.setStatus({ code: CanonicalCode.UNAUTHENTICATED });
116
120
  span.end();
117
121
  const error = new CredentialUnavailable("EnvironmentCredential is unavailable. Environment variables are not fully configured.");
118
- logger.getToken.info(formatError(error));
122
+ logger.getToken.info(formatError(scopes, error));
119
123
  throw error;
120
124
  });
121
125
  }
package/dist-esm/src/credentials/environmentCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,EACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/F;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAqB;IAEhC;;;;;;;OAOG;IACH,YAAY,OAAgC;QAC1C,oEAAoE;QAV9D,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,gCAAgC,EAAE,OAAO,CAAC,CAAC;YAC5F,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;wBAClC,CAAC,CAAC,aAAa,CAAC,eAAe;wBAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;oBAC5B,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI;wBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC,CAAC;oBACvD,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;YAED,0EAA0E;YAC1E,iEAAiE;YACjE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,eAAe,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport {\n AuthenticationError,\n AuthenticationErrorName,\n CredentialUnavailable\n} from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\n\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n *\n * - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n *\n * This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n */\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /**\n * Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n *\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, options: newOptions } = createSpan(\"EnvironmentCredential-getToken\", options);\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: CanonicalCode.UNAUTHENTICATED });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(error));\n throw error;\n }\n}\n"]}
1
+ {"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,EACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAqB;IAEhC;;;;;;;OAOG;IACH,YAAY,OAAgC;QAC1C,oEAAoE;QAV9D,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,gCAAgC,EAAE,OAAO,CAAC,CAAC;YAC5F,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,IAAI,GACR,GAAG,CAAC,IAAI,KAAK,uBAAuB;wBAClC,CAAC,CAAC,aAAa,CAAC,eAAe;wBAC/B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC;oBAC5B,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI;wBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;YAED,0EAA0E;YAC1E,iEAAiE;YACjE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,eAAe,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;QACd,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport {\n AuthenticationError,\n AuthenticationErrorName,\n CredentialUnavailable\n} from \"../client/errors\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n *\n * - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n *\n * This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n */\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /**\n * Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n *\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, options: newOptions } = createSpan(\"EnvironmentCredential-getToken\", options);\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n const code =\n err.name === AuthenticationErrorName\n ? CanonicalCode.UNAUTHENTICATED\n : CanonicalCode.UNKNOWN;\n span.setStatus({\n code,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: CanonicalCode.UNAUTHENTICATED });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n}\n"]}
package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js CHANGED
@@ -32,11 +32,12 @@ export class InteractiveBrowserCredential {
32
32
  this.loginStyle = options.loginStyle || "popup";
33
33
  if (["redirect", "popup"].indexOf(this.loginStyle) === -1) {
34
34
  const error = new Error(`Invalid loginStyle: ${options.loginStyle}`);
35
- logger.info(formatError(error));
35
+ logger.info(formatError("", error));
36
36
  throw error;
37
37
  }
38
+ const knownAuthorities = options.tenantId === "adfs" ? (options.authorityHost ? [options.authorityHost] : []) : [];
38
39
  this.msalConfig = {
39
- auth: Object.assign(Object.assign({ clientId: options.clientId, authority: `${options.authorityHost}/${options.tenantId}` }, (options.redirectUri && { redirectUri: options.redirectUri })), (options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })),
40
+ auth: Object.assign(Object.assign({ clientId: options.clientId, authority: `${options.authorityHost}/${options.tenantId}`, knownAuthorities }, (options.redirectUri && { redirectUri: options.redirectUri })), (options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })),
40
41
  cache: {
41
42
  cacheLocation: "localStorage",
42
43
  storeAuthStateInCookie: true
@@ -73,7 +74,7 @@ export class InteractiveBrowserCredential {
73
74
  logger.info(`Authentication returned errorCode ${err.errorCode}`);
74
75
  break;
75
76
  default:
76
- logger.info(formatError(`Failed to acquire token: ${err.message}`));
77
+ logger.info(formatError(authParams.scopes, `Failed to acquire token: ${err.message}`));
77
78
  throw err;
78
79
  }
79
80
  }
@@ -118,10 +119,11 @@ export class InteractiveBrowserCredential {
118
119
  scopes: Array.isArray(scopes) ? scopes : scopes.split(",")
119
120
  });
120
121
  if (authResponse) {
122
+ const expiresOnTimestamp = authResponse.expiresOn.getTime();
121
123
  logger.getToken.info(formatSuccess(scopes));
122
124
  return {
123
125
  token: authResponse.accessToken,
124
- expiresOnTimestamp: authResponse.expiresOn.getTime()
126
+ expiresOnTimestamp
125
127
  };
126
128
  }
127
129
  else {
@@ -134,7 +136,7 @@ export class InteractiveBrowserCredential {
134
136
  code: CanonicalCode.UNKNOWN,
135
137
  message: err.message
136
138
  });
137
- logger.getToken.info(formatError(err));
139
+ logger.getToken.info(formatError(scopes, err));
138
140
  throw err;
139
141
  }
140
142
  finally {
package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAK1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAKvC;;;;;;;;OAQG;IACH,YAAY,OAA6C;QACvD,OAAO,iDACF,cAAc,CAAC,iBAAiB,EAAE,GAClC,OAAO,KACV,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe;YAC1D,2EAA2E;YAC3E,6CAA6C;YAC7C,yGAAyG;YACzG,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,GACnE,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC;QAChD,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YACzD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC;YAChC,MAAM,KAAK,CAAC;SACb;QAED,IAAI,CAAC,UAAU,GAAG;YAChB,IAAI,gCACF,QAAQ,EAAE,OAAO,CAAC,QAAS,EAC3B,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,QAAQ,EAAE,IACtD,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,GAC7D,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC,CACrF;YACD,KAAK,EAAE;gBACL,aAAa,EAAE,cAAc;gBAC7B,sBAAsB,EAAE,IAAI;aAC7B;SACF,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK;QACX,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,YAAY,GAAG,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACtE,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1D,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBAChC,OAAO,YAAY,CAAC;aACrB;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;SACvC;IACH,CAAC;IAEa,YAAY,CACxB,UAAyC;;YAEzC,IAAI,YAA2C,CAAC;YAChD,IAAI;gBACF,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACpD,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;aACrE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,IAAI,CAAC,SAAS,EAAE;oBACjC,QAAQ,GAAG,CAAC,SAAS,EAAE;wBACrB,KAAK,kBAAkB,CAAC;wBACxB,KAAK,sBAAsB,CAAC;wBAC5B,KAAK,gBAAgB;4BACnB,MAAM,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;4BAClE,MAAM;wBACR;4BACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,4BAA4B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;4BACpE,MAAM,GAAG,CAAC;qBACb;iBACF;aACF;YAED,IAAI,WAAmD,CAAC;YACxD,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,MAAM,CAAC,IAAI,CACT,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;gBACF,QAAQ,IAAI,CAAC,UAAU,EAAE;oBACvB,KAAK,UAAU;wBACb,WAAW,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;4BAC5C,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC1D,CAAC,CAAC,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;wBACjD,MAAM;oBACR,KAAK,OAAO;wBACV,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;wBAC5D,MAAM;iBACT;gBAED,YAAY,GAAG,WAAW,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC;aACnD;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,uCAAuC,EAAE,OAAO,CAAC,CAAC;YAC9E,IAAI;gBACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE;oBACjC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;iBACpB;gBAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;oBAC3C,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;iBAC3D,CAAC,CAAC;gBAEH,IAAI,YAAY,EAAE;oBAChB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,YAAY,CAAC,WAAW;wBAC/B,kBAAkB,EAAE,YAAY,CAAC,SAAS,CAAC,OAAO,EAAE;qBACrD,CAAC;iBACH;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACpC,OAAO,IAAI,CAAC;iBACb;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,aAAa,CAAC,OAAO;oBAC3B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvC,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"msal\";\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport {\n BrowserLoginStyle,\n InteractiveBrowserCredentialOptions\n} from \"./interactiveBrowserCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private loginStyle: BrowserLoginStyle;\n private msalConfig: msal.Configuration;\n private msalObject: msal.UserAgentApplication;\n\n /**\n * Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Azure Active Directory with\n * a user identity.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(options?: InteractiveBrowserCredentialOptions) {\n options = {\n ...IdentityClient.getDefaultOptions(),\n ...options,\n tenantId: (options && options.tenantId) || DefaultTenantId,\n // TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n // Developer Sign On application is available\n // https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\n clientId: (options && options.clientId) || DeveloperSignOnClientId\n };\n\n this.loginStyle = options.loginStyle || \"popup\";\n if ([\"redirect\", \"popup\"].indexOf(this.loginStyle) === -1) {\n const error = new Error(`Invalid loginStyle: ${options.loginStyle}`);\n logger.info(formatError(error));\n throw error;\n }\n\n this.msalConfig = {\n auth: {\n clientId: options.clientId!, // we just initialized it above\n authority: `${options.authorityHost}/${options.tenantId}`,\n ...(options.redirectUri && { redirectUri: options.redirectUri }),\n ...(options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })\n },\n cache: {\n cacheLocation: \"localStorage\",\n storeAuthStateInCookie: true\n }\n };\n\n this.msalObject = new msal.UserAgentApplication(this.msalConfig);\n }\n\n private login(): Promise<msal.AuthResponse> {\n switch (this.loginStyle) {\n case \"redirect\": {\n const loginPromise = new Promise<msal.AuthResponse>((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.loginRedirect();\n return loginPromise;\n }\n case \"popup\":\n return this.msalObject.loginPopup();\n }\n }\n\n private async acquireToken(\n authParams: msal.AuthenticationParameters\n ): Promise<msal.AuthResponse | undefined> {\n let authResponse: msal.AuthResponse | undefined;\n try {\n logger.info(\"Attempting to acquire token silently\");\n authResponse = await this.msalObject.acquireTokenSilent(authParams);\n } catch (err) {\n if (err instanceof msal.AuthError) {\n switch (err.errorCode) {\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(`Authentication returned errorCode ${err.errorCode}`);\n break;\n default:\n logger.info(formatError(`Failed to acquire token: ${err.message}`));\n throw err;\n }\n }\n }\n\n let authPromise: Promise<msal.AuthResponse> | undefined;\n if (authResponse === undefined) {\n logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n );\n switch (this.loginStyle) {\n case \"redirect\":\n authPromise = new Promise((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.acquireTokenRedirect(authParams);\n break;\n case \"popup\":\n authPromise = this.msalObject.acquireTokenPopup(authParams);\n break;\n }\n\n authResponse = authPromise && (await authPromise);\n }\n\n return authResponse;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span } = createSpan(\"InteractiveBrowserCredential-getToken\", options);\n try {\n if (!this.msalObject.getAccount()) {\n await this.login();\n }\n\n const authResponse = await this.acquireToken({\n scopes: Array.isArray(scopes) ? scopes : scopes.split(\",\")\n });\n\n if (authResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: authResponse.accessToken,\n expiresOnTimestamp: authResponse.expiresOn.getTime()\n };\n } else {\n logger.getToken.info(\"No response\");\n return null;\n }\n } catch (err) {\n span.setStatus({\n code: CanonicalCode.UNKNOWN,\n message: err.message\n });\n logger.getToken.info(formatError(err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1
+ {"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAK1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAKvC;;;;;;;;OAQG;IACH,YAAY,OAA6C;QACvD,OAAO,iDACF,cAAc,CAAC,iBAAiB,EAAE,GAClC,OAAO,KACV,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe;YAC1D,2EAA2E;YAC3E,6CAA6C;YAC7C,yGAAyG;YACzG,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,GACnE,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC;QAChD,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YACzD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,gBAAgB,GACpB,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5F,IAAI,CAAC,UAAU,GAAG;YAChB,IAAI,gCACF,QAAQ,EAAE,OAAO,CAAC,QAAS,EAC3B,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,QAAQ,EAAE,EACzD,gBAAgB,IACb,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,GAC7D,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC,CACrF;YACD,KAAK,EAAE;gBACL,aAAa,EAAE,cAAc;gBAC7B,sBAAsB,EAAE,IAAI;aAC7B;SACF,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK;QACX,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,YAAY,GAAG,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACtE,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1D,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBAChC,OAAO,YAAY,CAAC;aACrB;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;SACvC;IACH,CAAC;IAEa,YAAY,CACxB,UAAyC;;YAEzC,IAAI,YAA2C,CAAC;YAChD,IAAI;gBACF,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACpD,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;aACrE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,IAAI,CAAC,SAAS,EAAE;oBACjC,QAAQ,GAAG,CAAC,SAAS,EAAE;wBACrB,KAAK,kBAAkB,CAAC;wBACxB,KAAK,sBAAsB,CAAC;wBAC5B,KAAK,gBAAgB;4BACnB,MAAM,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;4BAClE,MAAM;wBACR;4BACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,4BAA4B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;4BACvF,MAAM,GAAG,CAAC;qBACb;iBACF;aACF;YAED,IAAI,WAAmD,CAAC;YACxD,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,MAAM,CAAC,IAAI,CACT,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;gBACF,QAAQ,IAAI,CAAC,UAAU,EAAE;oBACvB,KAAK,UAAU;wBACb,WAAW,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;4BAC5C,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC1D,CAAC,CAAC,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;wBACjD,MAAM;oBACR,KAAK,OAAO;wBACV,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;wBAC5D,MAAM;iBACT;gBAED,YAAY,GAAG,WAAW,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC;aACnD;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,uCAAuC,EAAE,OAAO,CAAC,CAAC;YAC9E,IAAI;gBACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE;oBACjC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;iBACpB;gBAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;oBAC3C,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;iBAC3D,CAAC,CAAC;gBAEH,IAAI,YAAY,EAAE;oBAChB,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC5D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,YAAY,CAAC,WAAW;wBAC/B,kBAAkB;qBACnB,CAAC;iBACH;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACpC,OAAO,IAAI,CAAC;iBACb;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,aAAa,CAAC,OAAO;oBAC3B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"msal\";\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport {\n BrowserLoginStyle,\n InteractiveBrowserCredentialOptions\n} from \"./interactiveBrowserCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { CanonicalCode } from \"@opentelemetry/api\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private loginStyle: BrowserLoginStyle;\n private msalConfig: msal.Configuration;\n private msalObject: msal.UserAgentApplication;\n\n /**\n * Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Azure Active Directory with\n * a user identity.\n *\n * @param tenantId The Azure Active Directory tenant (directory) ID.\n * @param clientId The client (application) ID of an App Registration in the tenant.\n * @param options Options for configuring the client which makes the authentication request.\n */\n constructor(options?: InteractiveBrowserCredentialOptions) {\n options = {\n ...IdentityClient.getDefaultOptions(),\n ...options,\n tenantId: (options && options.tenantId) || DefaultTenantId,\n // TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n // Developer Sign On application is available\n // https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\n clientId: (options && options.clientId) || DeveloperSignOnClientId\n };\n\n this.loginStyle = options.loginStyle || \"popup\";\n if ([\"redirect\", \"popup\"].indexOf(this.loginStyle) === -1) {\n const error = new Error(`Invalid loginStyle: ${options.loginStyle}`);\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n const knownAuthorities =\n options.tenantId === \"adfs\" ? (options.authorityHost ? [options.authorityHost] : []) : [];\n\n this.msalConfig = {\n auth: {\n clientId: options.clientId!, // we just initialized it above\n authority: `${options.authorityHost}/${options.tenantId}`,\n knownAuthorities,\n ...(options.redirectUri && { redirectUri: options.redirectUri }),\n ...(options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })\n },\n cache: {\n cacheLocation: \"localStorage\",\n storeAuthStateInCookie: true\n }\n };\n\n this.msalObject = new msal.UserAgentApplication(this.msalConfig);\n }\n\n private login(): Promise<msal.AuthResponse> {\n switch (this.loginStyle) {\n case \"redirect\": {\n const loginPromise = new Promise<msal.AuthResponse>((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.loginRedirect();\n return loginPromise;\n }\n case \"popup\":\n return this.msalObject.loginPopup();\n }\n }\n\n private async acquireToken(\n authParams: msal.AuthenticationParameters\n ): Promise<msal.AuthResponse | undefined> {\n let authResponse: msal.AuthResponse | undefined;\n try {\n logger.info(\"Attempting to acquire token silently\");\n authResponse = await this.msalObject.acquireTokenSilent(authParams);\n } catch (err) {\n if (err instanceof msal.AuthError) {\n switch (err.errorCode) {\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(`Authentication returned errorCode ${err.errorCode}`);\n break;\n default:\n logger.info(formatError(authParams.scopes, `Failed to acquire token: ${err.message}`));\n throw err;\n }\n }\n }\n\n let authPromise: Promise<msal.AuthResponse> | undefined;\n if (authResponse === undefined) {\n logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n );\n switch (this.loginStyle) {\n case \"redirect\":\n authPromise = new Promise((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.acquireTokenRedirect(authParams);\n break;\n case \"popup\":\n authPromise = this.msalObject.acquireTokenPopup(authParams);\n break;\n }\n\n authResponse = authPromise && (await authPromise);\n }\n\n return authResponse;\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes The list of scopes for which the token will have access.\n * @param options The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span } = createSpan(\"InteractiveBrowserCredential-getToken\", options);\n try {\n if (!this.msalObject.getAccount()) {\n await this.login();\n }\n\n const authResponse = await this.acquireToken({\n scopes: Array.isArray(scopes) ? scopes : scopes.split(\",\")\n });\n\n if (authResponse) {\n const expiresOnTimestamp = authResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: authResponse.accessToken,\n expiresOnTimestamp\n };\n } else {\n logger.getToken.info(\"No response\");\n return null;\n }\n } catch (err) {\n span.setStatus({\n code: CanonicalCode.UNKNOWN,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}