@azure/identity 1.3.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (54) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/README.md +8 -1
  3. package/dist/index.js +233 -168
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/identityClient.js +92 -51
  6. package/dist-esm/src/client/identityClient.js.map +1 -1
  7. package/dist-esm/src/client/msalClient.js.map +1 -1
  8. package/dist-esm/src/constants.js +5 -0
  9. package/dist-esm/src/constants.js.map +1 -1
  10. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  11. package/dist-esm/src/credentials/authorizationCodeCredential.js +8 -7
  12. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  13. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  14. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  15. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  16. package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +1 -1
  17. package/dist-esm/src/credentials/clientCertificateCredential.js +8 -7
  18. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  19. package/dist-esm/src/credentials/clientSecretCredential.js +10 -9
  20. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +1 -1
  22. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  23. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  24. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  25. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +2 -3
  26. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  27. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  28. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +11 -5
  29. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  30. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +16 -9
  31. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  32. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +4 -3
  33. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
  34. package/dist-esm/src/credentials/managedIdentityCredential/constants.js +2 -1
  35. package/dist-esm/src/credentials/managedIdentityCredential/constants.js.map +1 -1
  36. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +6 -4
  37. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  38. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +42 -21
  39. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  40. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js.map +1 -1
  41. package/dist-esm/src/credentials/managedIdentityCredential/index.js +1 -1
  42. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  43. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  44. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +6 -2
  45. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  46. package/dist-esm/src/credentials/usernamePasswordCredential.js +8 -7
  47. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  48. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -1
  49. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  50. package/dist-esm/src/index.js.map +1 -1
  51. package/dist-esm/src/util/isNode.js +10 -0
  52. package/dist-esm/src/util/isNode.js.map +1 -0
  53. package/package.json +6 -7
  54. package/types/identity.d.ts +7 -6
package/dist-esm/src/client/identityClient.js CHANGED
@@ -2,69 +2,102 @@
2
2
  // Licensed under the MIT license.
3
3
  import { __awaiter } from "tslib";
4
4
  import qs from "qs";
5
- import { ServiceClient, WebResource, createPipelineFromOptions, isNode } from "@azure/core-http";
6
5
  import { SpanStatusCode } from "@azure/core-tracing";
6
+ import { ServiceClient } from "@azure/core-client";
7
+ import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
7
8
  import { AuthenticationError, AuthenticationErrorName } from "./errors";
9
+ import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
10
+ import { DefaultAuthorityHost } from "../constants";
8
11
  import { createSpan } from "../util/tracing";
9
12
  import { logger } from "../util/logging";
10
- import { getAuthorityHostEnvironment } from "../util/authHostEnv";
11
- import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
12
- const DefaultAuthorityHost = "https://login.microsoftonline.com";
13
+ import { isNode } from "../util/isNode";
14
+ /**
15
+ * Safe JSON parse.
16
+ * @internal
17
+ */
18
+ function parse(input) {
19
+ if (!input) {
20
+ return {};
21
+ }
22
+ try {
23
+ return JSON.parse(input);
24
+ }
25
+ catch (e) {
26
+ return {};
27
+ }
28
+ }
29
+ /**
30
+ * @internal
31
+ */
32
+ export function getIdentityClientAuthorityHost(options) {
33
+ // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
34
+ let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
35
+ // The AZURE_AUTHORITY_HOST environment variable can only be provided in NodeJS.
36
+ if (isNode) {
37
+ authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
38
+ }
39
+ // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
40
+ return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
41
+ }
42
+ /**
43
+ * The network module used by the Identity credentials.
44
+ *
45
+ * It allows for credentials to abort any pending request independently of the MSAL flow,
46
+ * by calling to the `abortRequests()` method.
47
+ *
48
+ */
13
49
  export class IdentityClient extends ServiceClient {
14
50
  constructor(options) {
15
- if (isNode) {
16
- options = options || getAuthorityHostEnvironment();
17
- }
18
- options = options || IdentityClient.getDefaultOptions();
19
- super(undefined, createPipelineFromOptions(Object.assign(Object.assign({}, options), { deserializationOptions: {
20
- expectedContentTypes: {
21
- json: ["application/json", "text/json", "text/plain"]
22
- }
23
- } })));
24
- this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;
25
- if (!this.baseUri.startsWith("https:")) {
51
+ var _a;
52
+ const packageDetails = `azsdk-js-identity/1.5.2`;
53
+ const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix) ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
54
+ : `${packageDetails}`;
55
+ const baseUri = getIdentityClientAuthorityHost(options);
56
+ if (!baseUri.startsWith("https:")) {
26
57
  throw new Error("The authorityHost address must use the 'https' protocol.");
27
58
  }
59
+ super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8" }, options), { userAgentOptions: {
60
+ userAgentPrefix
61
+ }, baseUri }));
62
+ this.authorityHost = baseUri;
28
63
  }
29
- createWebResource(requestOptions) {
30
- const webResource = new WebResource();
31
- webResource.prepare(requestOptions);
32
- return webResource;
33
- }
34
- sendTokenRequest(webResource, expiresOnParser) {
64
+ sendTokenRequest(request, expiresOnParser) {
65
+ var _a;
35
66
  return __awaiter(this, void 0, void 0, function* () {
36
- logger.info(`IdentityClient: sending token request to [${webResource.url}]`);
37
- const response = yield this.sendRequest(webResource);
67
+ logger.info(`IdentityClient: sending token request to [${request.url}]`);
68
+ const response = yield this.sendRequest(request);
38
69
  expiresOnParser =
39
70
  expiresOnParser ||
40
71
  ((responseBody) => {
41
72
  return Date.now() + responseBody.expires_in * 1000;
42
73
  });
43
- if (response.status === 200 || response.status === 201) {
74
+ if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
75
+ const parsedBody = parse(response.bodyAsText);
44
76
  const token = {
45
77
  accessToken: {
46
- token: response.parsedBody.access_token,
47
- expiresOnTimestamp: expiresOnParser(response.parsedBody)
78
+ token: (_a = parsedBody.token) !== null && _a !== void 0 ? _a : parsedBody.access_token,
79
+ expiresOnTimestamp: expiresOnParser(parsedBody)
48
80
  },
49
- refreshToken: response.parsedBody.refresh_token
81
+ refreshToken: parsedBody.refresh_token
50
82
  };
51
- logger.info(`IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
83
+ logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
52
84
  return token;
53
85
  }
54
86
  else {
55
- const error = new AuthenticationError(response.status, response.parsedBody || response.bodyAsText);
87
+ const error = new AuthenticationError(response.status, response.bodyAsText);
56
88
  logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
57
89
  throw error;
58
90
  }
59
91
  });
60
92
  }
61
93
  refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
94
+ var _a, _b;
62
95
  return __awaiter(this, void 0, void 0, function* () {
63
96
  if (refreshToken === undefined) {
64
97
  return null;
65
98
  }
66
99
  logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
67
- const { span, updatedOptions: newOptions } = createSpan("IdentityClient-refreshAccessToken", options);
100
+ const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
68
101
  const refreshParams = {
69
102
  grant_type: "refresh_token",
70
103
  client_id: clientId,
@@ -76,19 +109,19 @@ export class IdentityClient extends ServiceClient {
76
109
  }
77
110
  try {
78
111
  const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
79
- const webResource = this.createWebResource({
112
+ const webResource = createPipelineRequest({
80
113
  url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
81
114
  method: "POST",
82
- disableJsonStringifyOnBody: true,
83
- deserializationMapper: undefined,
84
115
  body: qs.stringify(refreshParams),
85
- headers: {
116
+ abortSignal: options && options.abortSignal,
117
+ headers: createHttpHeaders({
86
118
  Accept: "application/json",
87
119
  "Content-Type": "application/x-www-form-urlencoded"
88
- },
89
- spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
90
- tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,
91
- abortSignal: options && options.abortSignal
120
+ }),
121
+ tracingOptions: {
122
+ spanOptions: (_a = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _a === void 0 ? void 0 : _a.spanOptions,
123
+ tracingContext: (_b = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _b === void 0 ? void 0 : _b.tracingContext
124
+ }
92
125
  });
93
126
  const response = yield this.sendTokenRequest(webResource, expiresOnParser);
94
127
  logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
@@ -121,30 +154,38 @@ export class IdentityClient extends ServiceClient {
121
154
  }
122
155
  });
123
156
  }
157
+ // The MSAL network module methods follow
124
158
  sendGetRequestAsync(url, options) {
125
- const webResource = new WebResource(url, "GET", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers);
126
- return this.sendRequest(webResource).then((response) => {
159
+ return __awaiter(this, void 0, void 0, function* () {
160
+ const request = createPipelineRequest({
161
+ url,
162
+ method: "GET",
163
+ body: options === null || options === void 0 ? void 0 : options.body,
164
+ headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers)
165
+ });
166
+ const response = yield this.sendRequest(request);
127
167
  return {
128
- body: response.parsedBody,
129
- headers: response.headers.rawHeaders(),
168
+ body: parse(response.bodyAsText),
169
+ headers: response.headers.toJSON(),
130
170
  status: response.status
131
171
  };
132
172
  });
133
173
  }
134
174
  sendPostRequestAsync(url, options) {
135
- const webResource = new WebResource(url, "POST", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers);
136
- return this.sendRequest(webResource).then((response) => {
175
+ return __awaiter(this, void 0, void 0, function* () {
176
+ const request = createPipelineRequest({
177
+ url,
178
+ method: "POST",
179
+ body: options === null || options === void 0 ? void 0 : options.body,
180
+ headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers)
181
+ });
182
+ const response = yield this.sendRequest(request);
137
183
  return {
138
- body: response.parsedBody,
139
- headers: response.headers.rawHeaders(),
184
+ body: parse(response.bodyAsText),
185
+ headers: response.headers.toJSON(),
140
186
  status: response.status
141
187
  };
142
188
  });
143
189
  }
144
- static getDefaultOptions() {
145
- return {
146
- authorityHost: DefaultAuthorityHost
147
- };
148
- }
149
190
  }
150
191
  //# sourceMappingURL=identityClient.js.map
package/dist-esm/src/client/identityClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAEL,aAAa,EAEb,WAAW,EAGX,yBAAyB,EACzB,MAAM,EACP,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AAkBjE,MAAM,OAAO,cAAe,SAAQ,aAAa;IAG/C,YAAY,OAAgC;QAC1C,IAAI,MAAM,EAAE;YACV,OAAO,GAAG,OAAO,IAAI,2BAA2B,EAAE,CAAC;SACpD;QACD,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CACH,SAAS,EACT,yBAAyB,iCACpB,OAAO,KACV,sBAAsB,EAAE;gBACtB,oBAAoB,EAAE;oBACpB,IAAI,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC;iBACtD;aACF,IACD,CACH,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,oBAAoB,CAAC;QAElF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;IACH,CAAC;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEK,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe;gBACb,eAAe;oBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;wBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;oBACrD,CAAC,CAAC,CAAC;YAEL,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;wBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;qBACzD;oBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;iBAChD,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,WAAW,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAC1G,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CACnC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAC3C,CAAC;gBACF,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;aACb;QACH,CAAC;KAAA;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;YAEtG,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;oBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;oBACjC,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;oBACrF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;iBAC5C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;oBACA,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;iBACX;aACF;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;IAED,mBAAmB,CACjB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,EAAE,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC;QAErF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAClB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,EAAE,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n AccessToken,\n ServiceClient,\n PipelineOptions,\n WebResource,\n RequestPrepareOptions,\n GetTokenOptions,\n createPipelineFromOptions,\n isNode\n} from \"@azure/core-http\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\n\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { getAuthorityHostEnvironment } from \"../util/authHostEnv\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst DefaultAuthorityHost = \"https://login.microsoftonline.com\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n\n constructor(options?: TokenCredentialOptions) {\n if (isNode) {\n options = options || getAuthorityHostEnvironment();\n }\n options = options || IdentityClient.getDefaultOptions();\n super(\n undefined,\n createPipelineFromOptions({\n ...options,\n deserializationOptions: {\n expectedContentTypes: {\n json: [\"application/json\", \"text/json\", \"text/plain\"]\n }\n }\n })\n );\n\n this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;\n\n if (!this.baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n }\n\n createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n const webResource = new WebResource();\n webResource.prepare(requestOptions);\n return webResource;\n }\n\n async sendTokenRequest(\n webResource: WebResource,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse | null> {\n logger.info(`IdentityClient: sending token request to [${webResource.url}]`);\n const response = await this.sendRequest(webResource);\n\n expiresOnParser =\n expiresOnParser ||\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.status === 200 || response.status === 201) {\n const token = {\n accessToken: {\n token: response.parsedBody.access_token,\n expiresOnTimestamp: expiresOnParser(response.parsedBody)\n },\n refreshToken: response.parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(\n response.status,\n response.parsedBody || response.bodyAsText\n );\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse | null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions: newOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = this.createWebResource({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify(refreshParams),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n abortSignal: options && options.abortSignal\n });\n\n const response = await this.sendTokenRequest(webResource, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n\n sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(url, \"GET\", options?.body, {}, options?.headers);\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n\n sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(url, \"POST\", options?.body, {}, options?.headers);\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n\n static getDefaultOptions(): TokenCredentialOptions {\n return {\n authorityHost: DefaultAuthorityHost\n };\n }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends PipelineOptions {\n /**\n * The authority host to use for authentication requests. The default is\n * \"https://login.microsoftonline.com\".\n */\n authorityHost?: string;\n}\n"]}
1
+ {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAGpB,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAGtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC;;;GAGG;AACH,SAAS,KAAK,CAAI,KAAgC;IAChD,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,EAAO,CAAC;KAChB;IACD,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;KAC1B;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,EAAO,CAAC;KAChB;AACH,CAAC;AAkBD;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,gFAAgF;IAChF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAG/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,yBAAyB,CAAC;QACjD,MAAM,eAAe,GAAG,OAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe,EAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,IAClD,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;IAC/B,CAAC;IAEK,gBAAgB,CACpB,OAAwB,EACxB,eAA+C;;;YAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEjD,eAAe;gBACb,eAAe;oBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;wBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;oBACrD,CAAC,CAAC,CAAC;YAEL,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;gBAC/E,MAAM,UAAU,GAAG,KAAK,CAIrB,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAExB,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,QAAE,UAAU,CAAC,KAAK,mCAAI,UAAU,CAAC,YAAa;wBACnD,kBAAkB,EAAE,eAAe,CAAC,UAAU,CAAC;qBAChD;oBACD,YAAY,EAAE,UAAU,CAAC,aAAa;iBACvC,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;aACb;;KACF;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;YAE1F,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,qBAAqB,CAAC;oBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;oBACjC,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE;wBACd,WAAW,QAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,WAAW;wBACxD,cAAc,QAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,cAAc;qBAC/D;iBACF,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;oBACA,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;iBACX;aACF;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;;KACF;IACD,yCAAyC;IAEnC,mBAAmB,CACvB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAI,QAAQ,CAAC,UAAU,CAAC;gBACnC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;KAAA;IAEK,oBAAoB,CACxB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAI,QAAQ,CAAC,UAAU,CAAC;gBACnC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport {\n createHttpHeaders,\n createPipelineRequest,\n PipelineRequest,\n PipelineOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { isNode } from \"../util/isNode\";\n\n/**\n * Safe JSON parse.\n * @internal\n */\nfunction parse<T>(input: string | null | undefined): T {\n if (!input) {\n return {} as T;\n }\n try {\n return JSON.parse(input);\n } catch (e) {\n return {} as T;\n }\n}\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in NodeJS.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/1.5.2`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n ...options,\n userAgentOptions: {\n userAgentPrefix\n },\n baseUri\n });\n\n this.authorityHost = baseUri;\n }\n\n async sendTokenRequest(\n request: PipelineRequest,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse | null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n\n expiresOnParser =\n expiresOnParser ||\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n const parsedBody = parse<{\n token?: string;\n access_token?: string;\n refresh_token?: string;\n }>(response.bodyAsText);\n\n const token = {\n accessToken: {\n token: parsedBody.token ?? parsedBody.access_token!,\n expiresOnTimestamp: expiresOnParser(parsedBody)\n },\n refreshToken: parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse | null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify(refreshParams),\n abortSignal: options && options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n tracingOptions: {\n spanOptions: updatedOptions?.tracingOptions?.spanOptions,\n tracingContext: updatedOptions?.tracingOptions?.tracingContext\n }\n });\n\n const response = await this.sendTokenRequest(webResource, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers)\n });\n\n const response = await this.sendRequest(request);\n return {\n body: parse<T>(response.bodyAsText),\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers)\n });\n\n const response = await this.sendRequest(request);\n return {\n body: parse<T>(response.bodyAsText),\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends PipelineOptions {\n /**\n * The authority host to use for authentication requests.\n * Possible values are available through {@link AzureAuthorityHosts}.\n * The default is \"https://login.microsoftonline.com\".\n */\n authorityHost?: string;\n}\n"]}
package/dist-esm/src/client/msalClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../src/client/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,EACL,uBAAuB,EAUxB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAA6B,MAAM,OAAO,CAAC;AAElD,OAAO,EAAE,cAAc,EAA0B,MAAM,kBAAkB,CAAC;AAE1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAqChE,MAAM,OAAO,sBAAuB,SAAQ,qBAAqB;CAAG;AAEpE,MAAM,OAAO,UAAU;IAQrB,YACE,UAA2B,EAC3B,kBAA2B,EAC3B,oBAA2C,EAC3C,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAEK,yBAAyB;;YAC7B,qEAAqE;YACrE,IAAI,IAAI,CAAC,GAAG,EAAE;gBACZ,OAAO;aACR;YAED,iFAAiF;YACjF,MAAM,YAAY,GAAkB;gBAClC,IAAI,EAAE,IAAI,CAAC,UAAU;gBACrB,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE;aAC/C,CAAC;YAEF,IAAI,CAAC,GAAG,GAAG,IAAI,uBAAuB,CAAC,YAAY,CAAC,CAAC;QACvD,CAAC;KAAA;IAEK,qBAAqB,CAAC,MAAgB;;YAC1C,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC1D,MAAM,IAAI,sBAAsB,EAAE,CAAC;aACpC;YAED,MAAM,aAAa,GAAG;gBACpB,OAAO,EAAE,IAAI,CAAC,oBAAqB;gBACnC,MAAM;aACP,CAAC;YAEF,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBACnE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;gBACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,SAAS,EAAE;oBAClC,OAAO;wBACL,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;wBAChD,KAAK,EAAE,QAAQ,CAAC,WAAW;qBAC5B,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;iBACrF;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;aACrF;QACH,CAAC;KAAA;IAEK,cAAc,CAAC,OAAkD;;YACrE,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;KAAA;IAEK,kBAAkB,CACtB,OAAiC;;YAEjC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;KAAA;IAEK,wBAAwB,CAAC,OAA0B;;YACvD,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAEK,8BAA8B,CAClC,OAAgC;;YAEhC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;KAAA;CACF;AAED,MAAM,CAAN,IAAY,UAGX;AAHD,WAAY,UAAU;IACpB,yBAAW,CAAA;IACX,2BAAa,CAAA;AACf,CAAC,EAHW,UAAU,KAAV,UAAU,QAGrB;AACD;;GAEG;AACH,MAAM,OAAO,UAAU;IACrB;;;;OAIG;IACG,mBAAmB,CACvB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAuB;gBAClC,MAAM,EAAE,UAAU,CAAC,GAAG;gBACtB,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC,OAAO;gBACnC,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG;gBACV,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,IAAI,EAAE,QAAQ,CAAC,IAAS;gBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YACF,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED;;;;OAIG;IACG,oBAAoB,CACxB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAuB;gBAClC,MAAM,EAAE,UAAU,CAAC,IAAI;gBACvB,GAAG,EAAE,GAAG;gBACR,IAAI,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;gBACrC,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC,OAAO;gBACnC,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG;gBACV,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,IAAI,EAAE,QAAQ,CAAC,IAAS;gBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YAEF,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialUnavailable } from \"./errors\";\nimport {\n PublicClientApplication,\n Configuration,\n AuthorizationCodeRequest,\n AuthenticationResult,\n DeviceCodeRequest,\n ConfidentialClientApplication,\n ClientCredentialRequest,\n NetworkRequestOptions,\n NetworkResponse,\n INetworkModule\n} from \"@azure/msal-node\";\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { IdentityClient, TokenCredentialOptions } from \"./identityClient\";\nimport { AccessToken } from \"@azure/core-http\";\nimport { credentialLogger } from \"../util/logging\";\nimport { NodeAuthOptions } from \"@azure/msal-node/dist/config/Configuration\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * The record to use to find the cached tokens in the cache\n */\nexport interface AuthenticationRecord {\n /**\n * The associated authority, if used\n */\n authority?: string;\n\n /**\n * The home account Id\n */\n homeAccountId: string;\n\n /**\n * The login environment, eg \"login.windows.net\"\n */\n environment: string;\n\n /**\n * The associated tenant ID\n */\n tenantId: string;\n\n /**\n * Local, tenant-specific account identifer for this account object, usually used in legacy cases\n */\n localAccountId: string;\n\n /**\n * The username of the logged in account\n */\n username: string;\n}\n\nexport class AuthenticationRequired extends CredentialUnavailable {}\n\nexport class MsalClient {\n private persistenceEnabled: boolean;\n private authenticationRecord: AuthenticationRecord | undefined;\n private identityClient: IdentityClient;\n private pca: PublicClientApplication | undefined;\n private cca: ConfidentialClientApplication | undefined;\n private msalConfig: NodeAuthOptions;\n\n constructor(\n msalConfig: NodeAuthOptions,\n persistenceEnabled: boolean,\n authenticationRecord?: AuthenticationRecord,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.msalConfig = msalConfig;\n this.persistenceEnabled = persistenceEnabled;\n this.authenticationRecord = authenticationRecord;\n }\n\n async prepareClientApplications(): Promise<void> {\n // If we've already initialized the public client application, return\n if (this.pca) {\n return;\n }\n\n // Construct the public client application, since it hasn't been initialized, yet\n const clientConfig: Configuration = {\n auth: this.msalConfig,\n cache: undefined,\n system: { networkClient: this.identityClient }\n };\n\n this.pca = new PublicClientApplication(clientConfig);\n }\n\n async acquireTokenFromCache(scopes: string[]): Promise<AccessToken | null> {\n await this.prepareClientApplications();\n\n if (!this.persistenceEnabled || !this.authenticationRecord) {\n throw new AuthenticationRequired();\n }\n\n const silentRequest = {\n account: this.authenticationRecord!,\n scopes\n };\n\n try {\n const response = await this.pca!.acquireTokenSilent(silentRequest);\n logger.info(\"Successful silent token acquisition\");\n if (response && response.expiresOn) {\n return {\n expiresOnTimestamp: response.expiresOn.getTime(),\n token: response.accessToken\n };\n } else {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n } catch (e) {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n }\n\n async getAuthCodeUrl(request: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.prepareClientApplications();\n\n return this.pca!.getAuthCodeUrl(request);\n }\n\n async acquireTokenByCode(\n request: AuthorizationCodeRequest\n ): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByCode(request);\n }\n\n async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByDeviceCode(request);\n }\n\n async acquireTokenByClientCredential(\n request: ClientCredentialRequest\n ): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.cca!.acquireTokenByClientCredential(request);\n }\n}\n\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\"\n}\n/**\n * This class implements the API for network requests.\n */\nexport class HttpClient implements INetworkModule {\n /**\n * Http Get request\n * @param url -\n * @param options -\n */\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.GET,\n url: url,\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n return out;\n }\n\n /**\n * Http Post request\n * @param url -\n * @param options -\n */\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.POST,\n url: url,\n data: (options && options.body) || \"\",\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n\n return out;\n }\n}\n"]}
1
+ {"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../src/client/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,EACL,uBAAuB,EAUxB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAA6B,MAAM,OAAO,CAAC;AAElD,OAAO,EAAE,cAAc,EAA0B,MAAM,kBAAkB,CAAC;AAE1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAqChE,MAAM,OAAO,sBAAuB,SAAQ,qBAAqB;CAAG;AAEpE,MAAM,OAAO,UAAU;IAQrB,YACE,UAA2B,EAC3B,kBAA2B,EAC3B,oBAA2C,EAC3C,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAEK,yBAAyB;;YAC7B,qEAAqE;YACrE,IAAI,IAAI,CAAC,GAAG,EAAE;gBACZ,OAAO;aACR;YAED,iFAAiF;YACjF,MAAM,YAAY,GAAkB;gBAClC,IAAI,EAAE,IAAI,CAAC,UAAU;gBACrB,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE;aAC/C,CAAC;YAEF,IAAI,CAAC,GAAG,GAAG,IAAI,uBAAuB,CAAC,YAAY,CAAC,CAAC;QACvD,CAAC;KAAA;IAEK,qBAAqB,CAAC,MAAgB;;YAC1C,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC1D,MAAM,IAAI,sBAAsB,EAAE,CAAC;aACpC;YAED,MAAM,aAAa,GAAG;gBACpB,OAAO,EAAE,IAAI,CAAC,oBAAqB;gBACnC,MAAM;aACP,CAAC;YAEF,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBACnE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;gBACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,SAAS,EAAE;oBAClC,OAAO;wBACL,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;wBAChD,KAAK,EAAE,QAAQ,CAAC,WAAW;qBAC5B,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;iBACrF;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;aACrF;QACH,CAAC;KAAA;IAEK,cAAc,CAAC,OAAkD;;YACrE,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;KAAA;IAEK,kBAAkB,CACtB,OAAiC;;YAEjC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;KAAA;IAEK,wBAAwB,CAAC,OAA0B;;YACvD,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAEK,8BAA8B,CAClC,OAAgC;;YAEhC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;KAAA;CACF;AAED,MAAM,CAAN,IAAY,UAGX;AAHD,WAAY,UAAU;IACpB,yBAAW,CAAA;IACX,2BAAa,CAAA;AACf,CAAC,EAHW,UAAU,KAAV,UAAU,QAGrB;AACD;;GAEG;AACH,MAAM,OAAO,UAAU;IACrB;;;;OAIG;IACG,mBAAmB,CACvB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAuB;gBAClC,MAAM,EAAE,UAAU,CAAC,GAAG;gBACtB,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC,OAAO;gBACnC,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG;gBACV,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,IAAI,EAAE,QAAQ,CAAC,IAAS;gBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YACF,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED;;;;OAIG;IACG,oBAAoB,CACxB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAuB;gBAClC,MAAM,EAAE,UAAU,CAAC,IAAI;gBACvB,GAAG,EAAE,GAAG;gBACR,IAAI,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;gBACrC,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC,OAAO;gBACnC,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,MAAM,GAAG,GAAG;gBACV,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,IAAI,EAAE,QAAQ,CAAC,IAAS;gBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YAEF,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialUnavailable } from \"./errors\";\nimport {\n PublicClientApplication,\n Configuration,\n AuthorizationCodeRequest,\n AuthenticationResult,\n DeviceCodeRequest,\n ConfidentialClientApplication,\n ClientCredentialRequest,\n NetworkRequestOptions,\n NetworkResponse,\n INetworkModule\n} from \"@azure/msal-node\";\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { IdentityClient, TokenCredentialOptions } from \"./identityClient\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../util/logging\";\nimport { NodeAuthOptions } from \"@azure/msal-node/dist/config/Configuration\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * The record to use to find the cached tokens in the cache\n */\nexport interface AuthenticationRecord {\n /**\n * The associated authority, if used\n */\n authority?: string;\n\n /**\n * The home account Id\n */\n homeAccountId: string;\n\n /**\n * The login environment, eg \"login.windows.net\"\n */\n environment: string;\n\n /**\n * The associated tenant ID\n */\n tenantId: string;\n\n /**\n * Local, tenant-specific account identifer for this account object, usually used in legacy cases\n */\n localAccountId: string;\n\n /**\n * The username of the logged in account\n */\n username: string;\n}\n\nexport class AuthenticationRequired extends CredentialUnavailable {}\n\nexport class MsalClient {\n private persistenceEnabled: boolean;\n private authenticationRecord: AuthenticationRecord | undefined;\n private identityClient: IdentityClient;\n private pca: PublicClientApplication | undefined;\n private cca: ConfidentialClientApplication | undefined;\n private msalConfig: NodeAuthOptions;\n\n constructor(\n msalConfig: NodeAuthOptions,\n persistenceEnabled: boolean,\n authenticationRecord?: AuthenticationRecord,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.msalConfig = msalConfig;\n this.persistenceEnabled = persistenceEnabled;\n this.authenticationRecord = authenticationRecord;\n }\n\n async prepareClientApplications(): Promise<void> {\n // If we've already initialized the public client application, return\n if (this.pca) {\n return;\n }\n\n // Construct the public client application, since it hasn't been initialized, yet\n const clientConfig: Configuration = {\n auth: this.msalConfig,\n cache: undefined,\n system: { networkClient: this.identityClient }\n };\n\n this.pca = new PublicClientApplication(clientConfig);\n }\n\n async acquireTokenFromCache(scopes: string[]): Promise<AccessToken | null> {\n await this.prepareClientApplications();\n\n if (!this.persistenceEnabled || !this.authenticationRecord) {\n throw new AuthenticationRequired();\n }\n\n const silentRequest = {\n account: this.authenticationRecord!,\n scopes\n };\n\n try {\n const response = await this.pca!.acquireTokenSilent(silentRequest);\n logger.info(\"Successful silent token acquisition\");\n if (response && response.expiresOn) {\n return {\n expiresOnTimestamp: response.expiresOn.getTime(),\n token: response.accessToken\n };\n } else {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n } catch (e) {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n }\n\n async getAuthCodeUrl(request: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.prepareClientApplications();\n\n return this.pca!.getAuthCodeUrl(request);\n }\n\n async acquireTokenByCode(\n request: AuthorizationCodeRequest\n ): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByCode(request);\n }\n\n async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByDeviceCode(request);\n }\n\n async acquireTokenByClientCredential(\n request: ClientCredentialRequest\n ): Promise<AuthenticationResult | null> {\n await this.prepareClientApplications();\n\n return this.cca!.acquireTokenByClientCredential(request);\n }\n}\n\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\"\n}\n/**\n * This class implements the API for network requests.\n */\nexport class HttpClient implements INetworkModule {\n /**\n * Http Get request\n * @param url -\n * @param options -\n */\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.GET,\n url: url,\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n return out;\n }\n\n /**\n * Http Post request\n * @param url -\n * @param options -\n */\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.POST,\n url: url,\n data: (options && options.body) || \"\",\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n\n return out;\n }\n}\n"]}
package/dist-esm/src/constants.js CHANGED
@@ -35,4 +35,9 @@ export var AzureAuthorityHosts;
35
35
  */
36
36
  AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
37
37
  })(AzureAuthorityHosts || (AzureAuthorityHosts = {}));
38
+ /**
39
+ * The default authority host.
40
+ * @internal
41
+ */
42
+ export const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
38
43
  //# sourceMappingURL=constants.js.map
package/dist-esm/src/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,yGAAyG;AACzG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,yGAAyG;AACzG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n\n/**\n * The default authority host.\n * @internal\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n"]}
package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,mIAAmI,CACpI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAgBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,mIAAmI,CACpI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAgBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/authorizationCodeCredential.js CHANGED
@@ -3,6 +3,7 @@
3
3
  import { __awaiter } from "tslib";
4
4
  import qs from "qs";
5
5
  import { createSpan } from "../util/tracing";
6
+ import { createPipelineRequest, createHttpHeaders } from "@azure/core-rest-pipeline";
6
7
  import { IdentityClient } from "../client/identityClient";
7
8
  import { SpanStatusCode } from "@azure/core-tracing";
8
9
  import { credentialLogger, formatSuccess, formatError } from "../util/logging";
@@ -67,11 +68,9 @@ export class AuthorizationCodeCredential {
67
68
  }
68
69
  if (tokenResponse === null) {
69
70
  const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);
70
- const webResource = this.identityClient.createWebResource({
71
+ const webResource = createPipelineRequest({
71
72
  url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,
72
73
  method: "POST",
73
- disableJsonStringifyOnBody: true,
74
- deserializationMapper: undefined,
75
74
  body: qs.stringify({
76
75
  client_id: this.clientId,
77
76
  grant_type: "authorization_code",
@@ -80,13 +79,15 @@ export class AuthorizationCodeCredential {
80
79
  redirect_uri: this.redirectUri,
81
80
  client_secret: this.clientSecret
82
81
  }),
83
- headers: {
82
+ headers: createHttpHeaders({
84
83
  Accept: "application/json",
85
84
  "Content-Type": "application/x-www-form-urlencoded"
86
- },
85
+ }),
87
86
  abortSignal: options && options.abortSignal,
88
- spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
89
- tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,
87
+ tracingOptions: {
88
+ spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
89
+ tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext
90
+ }
90
91
  });
91
92
  tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
92
93
  }
package/dist-esm/src/credentials/authorizationCodeCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAyC,MAAM,0BAA0B,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAtE1B,sBAAiB,GAAyB,IAAI,CAAC;QAwErD,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;YACpD,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,eAAe;SAChB;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,IAAI,aAAa,GAAyB,IAAI,CAAC;gBAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;oBAC7C,WAAW,IAAI,iBAAiB,CAAC;iBAClC;gBAED,qCAAqC;gBACrC,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;oBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,IAAI,CAAC,YAAY,EACjB,SAAS,EACT,UAAU,CACX,CAAC;iBACH;gBAED,IAAI,aAAa,KAAK,IAAI,EAAE;oBAC1B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;wBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;wBACzE,MAAM,EAAE,MAAM;wBACd,0BAA0B,EAAE,IAAI;wBAChC,qBAAqB,EAAE,SAAS;wBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;4BACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;4BACxB,UAAU,EAAE,oBAAoB;4BAChC,KAAK,EAAE,WAAW;4BAClB,IAAI,EAAE,IAAI,CAAC,iBAAiB;4BAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;4BAC9B,aAAa,EAAE,IAAI,CAAC,YAAY;yBACjC,CAAC;wBACF,OAAO,EAAE;4BACP,MAAM,EAAE,kBAAkB;4BAC1B,cAAc,EAAE,mCAAmC;yBACpD;wBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;wBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;wBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;qBACtF,CAAC,CAAC;oBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;iBACzE;gBAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;gBACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { createSpan } from \"../util/tracing\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClient, TokenResponse, TokenCredentialOptions } from \"../client/identityClient\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string | undefined;\n private authorizationCode: string;\n private redirectUri: string;\n private lastTokenResponse: TokenResponse | null = null;\n\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | TokenCredentialOptions | undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.clientId = clientId;\n this.tenantId = tenantId;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.clientSecret = clientSecretOrAuthorizationCode;\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.clientSecret = undefined;\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.identityClient = new IdentityClient(options);\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"AuthorizationCodeCredential-getToken\",\n options\n );\n try {\n let tokenResponse: TokenResponse | null = null;\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // Try to use the refresh token first\n if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n this.clientId,\n scopeString,\n this.lastTokenResponse.refreshToken,\n this.clientSecret,\n undefined,\n newOptions\n );\n }\n\n if (tokenResponse === null) {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n client_id: this.clientId,\n grant_type: \"authorization_code\",\n scope: scopeString,\n code: this.authorizationCode,\n redirect_uri: this.redirectUri,\n client_secret: this.clientSecret\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n }\n\n this.lastTokenResponse = tokenResponse;\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1
+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAyC,MAAM,0BAA0B,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAtE1B,sBAAiB,GAAyB,IAAI,CAAC;QAwErD,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;YACpD,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,eAAe;SAChB;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,IAAI,aAAa,GAAyB,IAAI,CAAC;gBAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;oBAC7C,WAAW,IAAI,iBAAiB,CAAC;iBAClC;gBAED,qCAAqC;gBACrC,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;oBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,IAAI,CAAC,YAAY,EACjB,SAAS,EACT,UAAU,CACX,CAAC;iBACH;gBAED,IAAI,aAAa,KAAK,IAAI,EAAE;oBAC1B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAChE,MAAM,WAAW,GAAG,qBAAqB,CAAC;wBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;wBACzE,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;4BACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;4BACxB,UAAU,EAAE,oBAAoB;4BAChC,KAAK,EAAE,WAAW;4BAClB,IAAI,EAAE,IAAI,CAAC,iBAAiB;4BAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;4BAC9B,aAAa,EAAE,IAAI,CAAC,YAAY;yBACjC,CAAC;wBACF,OAAO,EAAE,iBAAiB,CAAC;4BACzB,MAAM,EAAE,kBAAkB;4BAC1B,cAAc,EAAE,mCAAmC;yBACpD,CAAC;wBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;wBAC3C,cAAc,EAAE;4BACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;4BAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;yBACtF;qBACF,CAAC,CAAC;oBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;iBACzE;gBAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;gBACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { createSpan } from \"../util/tracing\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient, TokenResponse, TokenCredentialOptions } from \"../client/identityClient\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string | undefined;\n private authorizationCode: string;\n private redirectUri: string;\n private lastTokenResponse: TokenResponse | null = null;\n\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | TokenCredentialOptions | undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.clientId = clientId;\n this.tenantId = tenantId;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.clientSecret = clientSecretOrAuthorizationCode;\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.clientSecret = undefined;\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.identityClient = new IdentityClient(options);\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"AuthorizationCodeCredential-getToken\",\n options\n );\n try {\n let tokenResponse: TokenResponse | null = null;\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // Try to use the refresh token first\n if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n this.clientId,\n scopeString,\n this.lastTokenResponse.refreshToken,\n this.clientSecret,\n undefined,\n newOptions\n );\n }\n\n if (tokenResponse === null) {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify({\n client_id: this.clientId,\n grant_type: \"authorization_code\",\n scope: scopeString,\n code: this.authorizationCode,\n redirect_uri: this.redirectUri,\n client_secret: this.clientSecret\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n }\n });\n\n tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n }\n\n this.lastTokenResponse = tokenResponse;\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
package/dist-esm/src/credentials/azureCliCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"azureCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD,MAAM,OAAO,kBAAkB;IAC7B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"AzureCliCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"AzureCliCredential\");\n\nexport class AzureCliCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"azureCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD,MAAM,OAAO,kBAAkB;IAC7B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"AzureCliCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"AzureCliCredential\");\n\nexport class AzureCliCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/azureCliCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"azureCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,KAAK,aAAa,MAAM,eAAe,CAAC;AAE/C,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B;SAAM;QACL,OAAO,MAAM,CAAC;KACf;AACH,CAAC;AAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;;;GAOG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;;OAGG;IACa,sBAAsB,CACpC,QAAgB;;YAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,IAAI;oBACF,aAAa,CAAC,IAAI,CAChB,wDAAwD,QAAQ,EAAE,EAClE,EAAE,GAAG,EAAE,iBAAiB,EAAE,EAAE,EAC5B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;wBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;oBACrD,CAAC,CACF,CAAC;iBACH;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb;YACH,CAAC,CAAC,CAAC;QACL,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAEjD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBAElD,4DAA4D;gBAC5D,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;oBACtC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;oBACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,YAAY,GAAG,EAAE,CAAC;gBAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC;gBACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC;qBAClC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACjB,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;wBAC1D,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC;4BACpC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;wBAClD,IAAI,iBAAiB,EAAE;4BACrB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mLAAmL,CACpL,CAAC;4BACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;6BAAM,IAAI,YAAY,EAAE;4BACvB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,2FAA2F,CAC5F,CAAC;4BACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;wBACD,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;yBAAM;wBACL,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;wBAC1B,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAC5C,MAAM,WAAW,GAAG;4BAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;4BAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;yBAC3D,CAAC;wBACF,OAAO,CAAC,WAAW,CAAC,CAAC;wBACrB,OAAO,WAAW,CAAC;qBACpB;gBACH,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { createSpan } from \"../util/tracing\";\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport * as child_process from \"child_process\";\n\nfunction getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n}\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n * To be able to use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n */\nexport class AzureCliCredential implements TokenCredential {\n /**\n * Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n */\n protected async getAzureCliAccessToken(\n resource: string\n ): Promise<{ stdout: string; stderr: string; error: Error | null }> {\n return new Promise((resolve, reject) => {\n try {\n child_process.exec(\n `az account get-access-token --output json --resource ${resource}`,\n { cwd: getSafeWorkingDir() },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err) {\n reject(err);\n }\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n return new Promise((resolve, reject) => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n const resource = scope.replace(/\\/.default$/, \"\");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n let responseData = \"\";\n\n const { span } = createSpan(\"AzureCliCredential-getToken\", options);\n this.getAzureCliAccessToken(resource)\n .then((obj: any) => {\n if (obj.stderr) {\n const isLoginError = obj.stderr.match(\"(.*)az login(.*)\");\n const isNotInstallError =\n obj.stderr.match(\"az:(.*)not found\") ||\n obj.stderr.startsWith(\"'az' is not recognized\");\n if (isNotInstallError) {\n const error = new CredentialUnavailable(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else if (isLoginError) {\n const error = new CredentialUnavailable(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n const error = new CredentialUnavailable(obj.stderr);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else {\n responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime()\n };\n resolve(returnValue);\n return returnValue;\n }\n })\n .catch((err) => {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n reject(err);\n });\n });\n }\n}\n"]}
1
+ {"version":3,"file":"azureCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,KAAK,aAAa,MAAM,eAAe,CAAC;AAE/C,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B;SAAM;QACL,OAAO,MAAM,CAAC;KACf;AACH,CAAC;AAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;;;GAOG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;;OAGG;IACa,sBAAsB,CACpC,QAAgB;;YAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,IAAI;oBACF,aAAa,CAAC,IAAI,CAChB,wDAAwD,QAAQ,EAAE,EAClE,EAAE,GAAG,EAAE,iBAAiB,EAAE,EAAE,EAC5B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;wBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;oBACrD,CAAC,CACF,CAAC;iBACH;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb;YACH,CAAC,CAAC,CAAC;QACL,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAEjD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBAElD,4DAA4D;gBAC5D,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;oBACtC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;oBACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,YAAY,GAAG,EAAE,CAAC;gBAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC;gBACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC;qBAClC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACjB,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;wBAC1D,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC;4BACpC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;wBAClD,IAAI,iBAAiB,EAAE;4BACrB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mLAAmL,CACpL,CAAC;4BACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;6BAAM,IAAI,YAAY,EAAE;4BACvB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,2FAA2F,CAC5F,CAAC;4BACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;wBACD,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;yBAAM;wBACL,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;wBAC1B,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAC5C,MAAM,WAAW,GAAG;4BAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;4BAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;yBAC3D,CAAC;wBACF,OAAO,CAAC,WAAW,CAAC,CAAC;wBACrB,OAAO,WAAW,CAAC;qBACpB;gBACH,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createSpan } from \"../util/tracing\";\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport * as child_process from \"child_process\";\n\nfunction getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n}\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n * To be able to use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n */\nexport class AzureCliCredential implements TokenCredential {\n /**\n * Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n */\n protected async getAzureCliAccessToken(\n resource: string\n ): Promise<{ stdout: string; stderr: string; error: Error | null }> {\n return new Promise((resolve, reject) => {\n try {\n child_process.exec(\n `az account get-access-token --output json --resource ${resource}`,\n { cwd: getSafeWorkingDir() },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err) {\n reject(err);\n }\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n return new Promise((resolve, reject) => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n const resource = scope.replace(/\\/.default$/, \"\");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n let responseData = \"\";\n\n const { span } = createSpan(\"AzureCliCredential-getToken\", options);\n this.getAzureCliAccessToken(resource)\n .then((obj: any) => {\n if (obj.stderr) {\n const isLoginError = obj.stderr.match(\"(.*)az login(.*)\");\n const isNotInstallError =\n obj.stderr.match(\"az:(.*)not found\") ||\n obj.stderr.startsWith(\"'az' is not recognized\");\n if (isNotInstallError) {\n const error = new CredentialUnavailable(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else if (isLoginError) {\n const error = new CredentialUnavailable(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n const error = new CredentialUnavailable(obj.stderr);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else {\n responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime()\n };\n resolve(returnValue);\n return returnValue;\n }\n })\n .catch((err) => {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n reject(err);\n });\n });\n }\n}\n"]}
package/dist-esm/src/credentials/chainedTokenCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YAEpG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;iBAC7D;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;wBACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;YAEX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AggregateAuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n /**\n * The message to use when the chained token fails to get a token\n */\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /**\n * Creates an instance of ChainedTokenCredential using the given credentials.\n *\n * @param sources - `TokenCredential` implementations to be tried in order.\n *\n * Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n */\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /**\n * Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n *\n * This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n let token = null;\n const errors = [];\n\n const { span, updatedOptions: newOptions } = createSpan(\"ChainedTokenCredential-getToken\", options);\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, newOptions);\n } catch (err) {\n if (err instanceof CredentialUnavailable) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(errors);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(formatSuccess(scopes));\n return token;\n }\n}\n"]}
1
+ {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,iCAAiC,EACjC,OAAO,CACR,CAAC;YAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;iBAC7D;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;wBACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;YAEX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n /**\n * The message to use when the chained token fails to get a token\n */\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /**\n * Creates an instance of ChainedTokenCredential using the given credentials.\n *\n * @param sources - `TokenCredential` implementations to be tried in order.\n *\n * Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n */\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /**\n * Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n *\n * This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n let token = null;\n const errors = [];\n\n const { span, updatedOptions: newOptions } = createSpan(\n \"ChainedTokenCredential-getToken\",\n options\n );\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, newOptions);\n } catch (err) {\n if (err instanceof CredentialUnavailable) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(errors);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(formatSuccess(scopes));\n return token;\n }\n}\n"]}
package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\nexport class ClientCertificateCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\nexport class ClientCertificateCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/clientCertificateCredential.js CHANGED
@@ -6,6 +6,7 @@ import jws from "jws";
6
6
  import { v4 as uuidV4 } from "uuid";
7
7
  import { readFileSync } from "fs";
8
8
  import { createHash } from "crypto";
9
+ import { createPipelineRequest, createHttpHeaders } from "@azure/core-rest-pipeline";
9
10
  import { IdentityClient } from "../client/identityClient";
10
11
  import { createSpan } from "../util/tracing";
11
12
  import { SpanStatusCode } from "@azure/core-tracing";
@@ -115,11 +116,9 @@ export class ClientCertificateCredential {
115
116
  payload,
116
117
  secret: this.certificateString
117
118
  });
118
- const webResource = this.identityClient.createWebResource({
119
+ const webResource = createPipelineRequest({
119
120
  url: audienceUrl,
120
121
  method: "POST",
121
- disableJsonStringifyOnBody: true,
122
- deserializationMapper: undefined,
123
122
  body: qs.stringify({
124
123
  response_type: "token",
125
124
  grant_type: "client_credentials",
@@ -128,13 +127,15 @@ export class ClientCertificateCredential {
128
127
  client_assertion: clientAssertion,
129
128
  scope: typeof scopes === "string" ? scopes : scopes.join(" ")
130
129
  }),
131
- headers: {
130
+ headers: createHttpHeaders({
132
131
  Accept: "application/json",
133
132
  "Content-Type": "application/x-www-form-urlencoded"
134
- },
133
+ }),
135
134
  abortSignal: options && options.abortSignal,
136
- spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
137
- tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,
135
+ tracingOptions: {
136
+ spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
137
+ tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext
138
+ }
138
139
  });
139
140
  const tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
140
141
  logger.getToken.info(formatSuccess(scopes));