npm - @azure/identity - Versions diffs - 1.3.0 → 1.5.2 - Mend

@azure/identity 1.3.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (54) hide show

package/dist-esm/src/credentials/clientCertificateCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAStC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;QAE3H,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,qHAAqH;QACrH,IAAI,KAAK,CAAC;QACV,GAAG;YACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE;gBACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;SACF,QAAQ,KAAK,EAAE;QAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4EAA4E,CAC7E,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,IAAI,CAAC,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxF,IAAI,OAAO,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAC3C,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC;SAClC;IACH,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACzF,IAAI,MAAkB,CAAC;gBAEvB,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;wBACxB,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;qBAAM;oBACL,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;gBAED,MAAM,OAAO,GAAG;oBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;oBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;iBAC3E,CAAC;gBAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC/B,MAAM;oBACN,OAAO;oBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;iBAC/B,CAAC,CAAC;gBAEH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,WAAW;oBAChB,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,qBAAqB,EAAE,wDAAwD;wBAC/E,gBAAgB,EAAE,eAAe;wBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;iBACtF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport { v4 as uuidV4 } from \"uuid\";\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst SelfSignedJwtLifetimeMins = 10;\n\nfunction timestampInSeconds(date: Date): number {\n return Math.floor(date.getTime() / 1000);\n}\n\nfunction addMinutes(date: Date, minutes: number): Date {\n date.setMinutes(date.getMinutes() + minutes);\n return date;\n}\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private certificateString: string;\n private certificateThumbprint: string;\n private certificateX5t: string;\n private certificateX5c?: Array<string>;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.certificateString = readFileSync(certificatePath, \"utf8\");\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(this.certificateString);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n const error = new Error(\n \"The file at the specified path does not contain a PEM-encoded certificate.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.certificateThumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n if (options && options.sendCertificateChain) {\n this.certificateX5c = publicKeys;\n }\n }\n\n /*\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"ClientCertificateCredential-getToken\",\n options\n );\n try {\n const tokenId = uuidV4();\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`;\n let header: jws.Header;\n\n if (this.certificateX5c) {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t,\n x5c: this.certificateX5c\n };\n } else {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t\n };\n }\n\n const payload = {\n iss: this.clientId,\n sub: this.clientId,\n aud: audienceUrl,\n jti: tokenId,\n nbf: timestampInSeconds(new Date()),\n exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n };\n\n const clientAssertion = jws.sign({\n header,\n payload,\n secret: this.certificateString\n });\n\n const webResource = this.identityClient.createWebResource({\n url: audienceUrl,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n client_assertion: clientAssertion,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(\"\", err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAStC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;QAE3H,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,qHAAqH;QACrH,IAAI,KAAK,CAAC;QACV,GAAG;YACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE;gBACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;SACF,QAAQ,KAAK,EAAE;QAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4EAA4E,CAC7E,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,IAAI,CAAC,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxF,IAAI,OAAO,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAC3C,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC;SAClC;IACH,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACzF,IAAI,MAAkB,CAAC;gBAEvB,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;wBACxB,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;qBAAM;oBACL,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;gBAED,MAAM,OAAO,GAAG;oBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;oBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;iBAC3E,CAAC;gBAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC/B,MAAM;oBACN,OAAO;oBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;iBAC/B,CAAC,CAAC;gBAEH,MAAM,WAAW,GAAG,qBAAqB,CAAC;oBACxC,GAAG,EAAE,WAAW;oBAChB,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,qBAAqB,EAAE,wDAAwD;wBAC/E,gBAAgB,EAAE,eAAe;wBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,cAAc,EAAE;wBACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;wBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;qBACtF;iBACF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport { v4 as uuidV4 } from \"uuid\";\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst SelfSignedJwtLifetimeMins = 10;\n\nfunction timestampInSeconds(date: Date): number {\n return Math.floor(date.getTime() / 1000);\n}\n\nfunction addMinutes(date: Date, minutes: number): Date {\n date.setMinutes(date.getMinutes() + minutes);\n return date;\n}\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private certificateString: string;\n private certificateThumbprint: string;\n private certificateX5t: string;\n private certificateX5c?: Array<string>;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.certificateString = readFileSync(certificatePath, \"utf8\");\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(this.certificateString);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n const error = new Error(\n \"The file at the specified path does not contain a PEM-encoded certificate.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.certificateThumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n if (options && options.sendCertificateChain) {\n this.certificateX5c = publicKeys;\n }\n }\n\n /*\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"ClientCertificateCredential-getToken\",\n options\n );\n try {\n const tokenId = uuidV4();\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`;\n let header: jws.Header;\n\n if (this.certificateX5c) {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t,\n x5c: this.certificateX5c\n };\n } else {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t\n };\n }\n\n const payload = {\n iss: this.clientId,\n sub: this.clientId,\n aud: audienceUrl,\n jti: tokenId,\n nbf: timestampInSeconds(new Date()),\n exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n };\n\n const clientAssertion = jws.sign({\n header,\n payload,\n secret: this.certificateString\n });\n\n const webResource = createPipelineRequest({\n url: audienceUrl,\n method: \"POST\",\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n client_assertion: clientAssertion,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n }\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(\"\", err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}

package/dist-esm/src/credentials/clientSecretCredential.js CHANGED Viewed

@@ -2,6 +2,7 @@
 // Licensed under the MIT license.
 import { __awaiter } from "tslib";
 import qs from "qs";
+import { createPipelineRequest, createHttpHeaders } from "@azure/core-rest-pipeline";
 import { IdentityClient } from "../client/identityClient";
 import { createSpan } from "../util/tracing";
 import { SpanStatusCode } from "@azure/core-tracing";
@@ -45,14 +46,12 @@ export class ClientSecretCredential {
      */
     getToken(scopes, options) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { span, updatedOptions: newOptions } = createSpan("ClientSecretCredential-getToken", options);
+            const { span, updatedOptions } = createSpan("ClientSecretCredential-getToken", options);
             try {
                 const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);
-                const webResource = this.identityClient.createWebResource({
+                const request = createPipelineRequest({
                     url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,
                     method: "POST",
-                    disableJsonStringifyOnBody: true,
-                    deserializationMapper: undefined,
                     body: qs.stringify({
                         response_type: "token",
                         grant_type: "client_credentials",
@@ -60,15 +59,17 @@ export class ClientSecretCredential {
                         client_secret: this.clientSecret,
                         scope: typeof scopes === "string" ? scopes : scopes.join(" ")
                     }),
-                    headers: {
+                    headers: createHttpHeaders({
                         Accept: "application/json",
                         "Content-Type": "application/x-www-form-urlencoded"
-                    },
+                    }),
                     abortSignal: options && options.abortSignal,
-                    spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
-                    tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,
+                    tracingOptions: {
+                        spanOptions: updatedOptions.tracingOptions && updatedOptions.tracingOptions.spanOptions,
+                        tracingContext: updatedOptions.tracingOptions && updatedOptions.tracingOptions.tracingContext
+                    }
                 });
-                const tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
+                const tokenResponse = yield this.identityClient.sendTokenRequest(request);
                 logger.getToken.info(formatSuccess(scopes));
                 return (tokenResponse && tokenResponse.accessToken) || null;
             }

package/dist-esm/src/credentials/clientSecretCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,~~UAAU,EAAE,~~GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;~~YACpG~~,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,~~WAAW~~,GAAG,~~IAAI~~,CAAC~~,cAAc,CAAC,iBAAiB,CAAC~~;~~oBACxD~~,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,~~0BAA0B,EAAE,~~IAAI~~;oBAChC~~,~~qBAAqB,~~EAAE,~~SAAS;oBAChC,IAAI,~~EAAE,~~EAAE,~~CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;~~wBACP~~,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;~~oBACD~~,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,~~UAAU~~,CAAC,cAAc,IAAI,~~UAAU~~,CAAC,cAAc,CAAC,WAAW;~~oBAC/E~~,cAAc,~~EAAE~~,~~UAAU~~,CAAC,cAAc,IAAI,~~UAAU~~,CAAC,cAAc,CAAC,cAAc;~~iBACtF~~,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,~~WAAW~~,CAAC,CAAC;~~gBAC9E~~,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-~~http~~\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n \n /\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /*\n Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: ~~newOptions~~ } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const ~~webResource~~ = ~~this.identityClient.createWebResource~~({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n ~~disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n~~ body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: ~~newOptions~~.tracingOptions && ~~newOptions~~.tracingOptions.spanOptions,\n tracingContext~~: newOptions~~.tracingOptions && ~~newOptions~~.tracingOptions.tracingContext,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(~~webResource~~);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1	+ {"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACU,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YACxF,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,cAAc,EAAE;wBACd,WAAW,EAAE,cAAc,CAAC,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC,WAAW;wBACvF,cAAc,EACZ,cAAc,CAAC,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC,cAAc;qBAChF;iBACF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n \n /\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /*\n Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const request = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: updatedOptions.tracingOptions && updatedOptions.tracingOptions.spanOptions,\n tracingContext:\n updatedOptions.tracingOptions && updatedOptions.tracingOptions.tracingContext\n }\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(request);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}

package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"deviceCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AACpG,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD,MAAM,OAAO,oBAAoB;IAC/B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-~~http~~\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"DeviceCodeCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\nexport class DeviceCodeCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"deviceCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;AACpG,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD,MAAM,OAAO,oBAAoB;IAC/B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"DeviceCodeCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\nexport class DeviceCodeCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/deviceCodeCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":";AAGA,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAIrD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAiCvD,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAI/B;;;;;;;;;;;;OAYG;IACH,YACE,WAAmB,eAAe,EAClC,WAAmB,uBAAuB,EAC1C,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAE7C,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,EAChD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG;gBACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM,EAAE,UAAU;aACnB,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9E,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAO,CAAC,EAAE,EAAE;gBACzE,IAAI,CAAC,YAAY,sBAAsB,EAAE;oBACvC,IAAI;wBACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;wBACjF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAChD,OAAO,KAAK,CAAC;qBACd;oBAAC,OAAO,GAAG,EAAE;wBACZ,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAE,cAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;wBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;wBACnD,MAAM,GAAG,CAAC;qBACX;4BAAS;wBACR,IAAI,CAAC,GAAG,EAAE,CAAC;qBACZ;iBACF;qBAAM;oBACL,MAAM,CAAC,CAAC;iBACT;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;IAEa,wBAAwB,CACpC,iBAAoC,EACpC,MAAgB;;YAEhB,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBACzF,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,EAAE;oBAC9C,MAAM,kBAAkB,GAAG,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,kBAAkB;wBAClB,KAAK,EAAE,cAAc,CAAC,WAAW;qBAClC,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;iBAClE;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-~~http~~\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\nimport { DeviceCodeRequest } from \"@azure/msal-node\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { DeveloperSignOnClientId } from \"../constants\";\n\n/*\n Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n /\nexport interface DeviceCodeInfo {\n /\n The device code that the user must enter into the verification page.\n /\n userCode: string;\n\n /\n The verification URI to which the user must navigate to enter the device\n * code.\n /\n verificationUri: string;\n\n /\n A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n /\n message: string;\n}\n\n/\n Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n /\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/\n Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n /\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/\n Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n /\nexport class DeviceCodeCredential implements TokenCredential {\n private userPromptCallback: DeviceCodePromptCallback;\n private msalClient: MsalClient;\n\n /\n Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * The default value is 'organizations'.\n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * By default we will try to use the Azure CLI's client ID to authenticate.\n * @param userPromptCallback - A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string = \"organizations\",\n clientId: string = DeveloperSignOnClientId,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.userPromptCallback = userPromptCallback;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n { clientId: clientId, authority: authorityHost },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(\", \")}`);\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch(async (e) => {\n if (e instanceof AuthenticationRequired) {\n try {\n const token = await this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);\n logger.getToken.info(formatSuccess(scopeArray));\n return token;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopeArray, err));\n throw err;\n } finally {\n span.end();\n }\n } else {\n throw e;\n }\n });\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest,\n scopes: string[]\n ): Promise<AccessToken \| null> {\n try {\n const deviceResponse = await this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);\n if (deviceResponse && deviceResponse.expiresOn) {\n const expiresOnTimestamp = deviceResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n expiresOnTimestamp,\n token: deviceResponse.accessToken\n };\n } else {\n throw new Error(\"Did not receive token with a valid expiration\");\n }\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n"]}
1	+ {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":";AAGA,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAIrD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAiCvD,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAI/B;;;;;;;;;;;;OAYG;IACH,YACE,WAAmB,eAAe,EAClC,WAAmB,uBAAuB,EAC1C,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAE7C,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,EAChD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG;gBACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM,EAAE,UAAU;aACnB,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9E,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAO,CAAC,EAAE,EAAE;gBACzE,IAAI,CAAC,YAAY,sBAAsB,EAAE;oBACvC,IAAI;wBACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;wBACjF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAChD,OAAO,KAAK,CAAC;qBACd;oBAAC,OAAO,GAAG,EAAE;wBACZ,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAE,cAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;wBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;wBACnD,MAAM,GAAG,CAAC;qBACX;4BAAS;wBACR,IAAI,CAAC,GAAG,EAAE,CAAC;qBACZ;iBACF;qBAAM;oBACL,MAAM,CAAC,CAAC;iBACT;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;IAEa,wBAAwB,CACpC,iBAAoC,EACpC,MAAgB;;YAEhB,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBACzF,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,EAAE;oBAC9C,MAAM,kBAAkB,GAAG,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,kBAAkB;wBAClB,KAAK,EAAE,cAAc,CAAC,WAAW;qBAClC,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;iBAClE;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\nimport { DeviceCodeRequest } from \"@azure/msal-node\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { DeveloperSignOnClientId } from \"../constants\";\n\n/*\n Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n /\nexport interface DeviceCodeInfo {\n /\n The device code that the user must enter into the verification page.\n /\n userCode: string;\n\n /\n The verification URI to which the user must navigate to enter the device\n * code.\n /\n verificationUri: string;\n\n /\n A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n /\n message: string;\n}\n\n/\n Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n /\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/\n Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n /\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/\n Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n /\nexport class DeviceCodeCredential implements TokenCredential {\n private userPromptCallback: DeviceCodePromptCallback;\n private msalClient: MsalClient;\n\n /\n Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * The default value is 'organizations'.\n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * By default we will try to use the Azure CLI's client ID to authenticate.\n * @param userPromptCallback - A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string = \"organizations\",\n clientId: string = DeveloperSignOnClientId,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.userPromptCallback = userPromptCallback;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n { clientId: clientId, authority: authorityHost },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(\", \")}`);\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch(async (e) => {\n if (e instanceof AuthenticationRequired) {\n try {\n const token = await this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);\n logger.getToken.info(formatSuccess(scopeArray));\n return token;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopeArray, err));\n throw err;\n } finally {\n span.end();\n }\n } else {\n throw e;\n }\n });\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest,\n scopes: string[]\n ): Promise<AccessToken \| null> {\n try {\n const deviceResponse = await this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);\n if (deviceResponse && deviceResponse.expiresOn) {\n const expiresOnTimestamp = deviceResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n expiresOnTimestamp,\n token: deviceResponse.accessToken\n };\n } else {\n throw new Error(\"Did not receive token with a valid expiration\");\n }\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n"]}

package/dist-esm/src/credentials/environmentCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"environmentCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,wDAAwD,CACzD,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD,MAAM,OAAO,qBAAqB;IAChC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-~~http~~\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"EnvironmentCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\nexport class EnvironmentCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"environmentCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,wDAAwD,CACzD,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD,MAAM,OAAO,qBAAqB;IAChC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"EnvironmentCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\nexport class EnvironmentCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/environmentCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,~~EACL~~,mBAAmB,~~EACnB~~,qBAAqB,~~EACtB~~,MAAM,kBAAkB,CAAC;~~AAC1B~~,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAqB;IAEhC;;;;;;;OAOG;IACH,YAAY,OAAgC;QAC1C,oEAAoE;QAV9D,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,~~CAAC~~,gCAAgC,~~EAAE~~,OAAO,~~CAAC~~,CAAC;~~YACnG~~,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;YAED,0EAA0E;YAC1E,iEAAiE;YACjE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;QACd,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-~~http~~\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport {\n AuthenticationError~~,\n~~ CredentialUnavailable\n} from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/*\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/\n Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n \n - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n \n This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n /\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /\n Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\"EnvironmentCredential-getToken\", options);\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: SpanStatusCode.ERROR });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n}\n"]}
1	+ {"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,qBAAqB;IAEhC;;;;;;;OAOG;IACH,YAAY,OAAgC;QAC1C,oEAAoE;QAV9D,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,gCAAgC,EAChC,OAAO,CACR,CAAC;YACF,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;YAED,0EAA0E;YAC1E,iEAAiE;YACjE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;QACd,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport { AuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/*\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/\n Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n \n - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n \n This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n /\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /\n Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"EnvironmentCredential-getToken\",\n options\n );\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: SpanStatusCode.ERROR });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n}\n"]}

package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js CHANGED Viewed

@@ -2,10 +2,9 @@
 // Licensed under the MIT license.
 import { __awaiter } from "tslib";
 import * as msal from "msal";
-import { IdentityClient } from "../client/identityClient";
 import { createSpan } from "../util/tracing";
 import { SpanStatusCode } from "@azure/core-tracing";
-import { DefaultTenantId, DeveloperSignOnClientId } from "../constants";
+import { DefaultAuthorityHost, DefaultTenantId, DeveloperSignOnClientId } from "../constants";
 import { credentialLogger, formatSuccess, formatError } from "../util/logging";
 const logger = credentialLogger("InteractiveBrowserCredential");
 /**
@@ -24,7 +23,7 @@ export class InteractiveBrowserCredential {
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(options) {
-        options = Object.assign(Object.assign(Object.assign({}, IdentityClient.getDefaultOptions()), options), { tenantId: (options && options.tenantId) || DefaultTenantId,
+        options = Object.assign(Object.assign({ authorityHost: DefaultAuthorityHost }, options), { tenantId: (options && options.tenantId) || DefaultTenantId,
             // TODO: temporary - this is the Azure CLI clientID - we'll replace it when
             // Developer Sign On application is available
             // https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9

package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAK1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAKvC;;;;;;;;OAQG;IACH,YAAY,OAA6C;QACvD,OAAO,iDACF,cAAc,CAAC,iBAAiB,EAAE,GAClC,OAAO,KACV,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe;YAC1D,2EAA2E;YAC3E,6CAA6C;YAC7C,yGAAyG;YACzG,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,GACnE,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC;QAChD,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YACzD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,gBAAgB,GACpB,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5F,IAAI,CAAC,UAAU,GAAG;YAChB,IAAI,gCACF,QAAQ,EAAE,OAAO,CAAC,QAAS,EAC3B,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,QAAQ,EAAE,EACzD,gBAAgB,IACb,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,GAC7D,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC,CACrF;YACD,KAAK,EAAE;gBACL,aAAa,EAAE,cAAc;gBAC7B,sBAAsB,EAAE,IAAI;aAC7B;SACF,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK;QACX,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,YAAY,GAAG,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACtE,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1D,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBAChC,OAAO,YAAY,CAAC;aACrB;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;SACvC;IACH,CAAC;IAEa,YAAY,CACxB,UAAyC;;YAEzC,IAAI,YAA2C,CAAC;YAChD,IAAI;gBACF,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACpD,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;aACrE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,IAAI,CAAC,SAAS,EAAE;oBACjC,QAAQ,GAAG,CAAC,SAAS,EAAE;wBACrB,KAAK,kBAAkB,CAAC;wBACxB,KAAK,sBAAsB,CAAC;wBAC5B,KAAK,gBAAgB;4BACnB,MAAM,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;4BAClE,MAAM;wBACR;4BACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,4BAA4B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;4BACvF,MAAM,GAAG,CAAC;qBACb;iBACF;aACF;YAED,IAAI,WAAmD,CAAC;YACxD,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,MAAM,CAAC,IAAI,CACT,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;gBACF,QAAQ,IAAI,CAAC,UAAU,EAAE;oBACvB,KAAK,UAAU;wBACb,WAAW,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;4BAC5C,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC1D,CAAC,CAAC,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;wBACjD,MAAM;oBACR,KAAK,OAAO;wBACV,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;wBAC5D,MAAM;iBACT;gBAED,YAAY,GAAG,WAAW,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC;aACnD;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,uCAAuC,EAAE,OAAO,CAAC,CAAC;YAC9E,IAAI;gBACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE;oBACjC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;iBACpB;gBAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;oBAC3C,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;iBAC3D,CAAC,CAAC;gBAEH,IAAI,YAAY,EAAE;oBAChB,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC5D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,YAAY,CAAC,WAAW;wBAC/B,kBAAkB;qBACnB,CAAC;iBACH;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACpC,OAAO,IAAI,CAAC;iBACb;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"msal\";\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport {\n BrowserLoginStyle,\n InteractiveBrowserCredentialOptions\n} from \"./interactiveBrowserCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/*\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private loginStyle: BrowserLoginStyle;\n private msalConfig: msal.Configuration;\n private msalObject: msal.UserAgentApplication;\n\n /\n Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Azure Active Directory with\n * a user identity.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: InteractiveBrowserCredentialOptions) {\n options = {\n ...IdentityClient.getDefaultOptions(),\n ...options,\n tenantId: (options && options.tenantId) \|\| DefaultTenantId,\n // TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n // Developer Sign On application is available\n // https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\n clientId: (options && options.clientId) \|\| DeveloperSignOnClientId\n };\n\n this.loginStyle = options.loginStyle \|\| \"popup\";\n if ([\"redirect\", \"popup\"].indexOf(this.loginStyle) === -1) {\n const error = new Error(`Invalid loginStyle: ${options.loginStyle}`);\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n const knownAuthorities =\n options.tenantId === \"adfs\" ? (options.authorityHost ? [options.authorityHost] : []) : [];\n\n this.msalConfig = {\n auth: {\n clientId: options.clientId!, // we just initialized it above\n authority: `${options.authorityHost}/${options.tenantId}`,\n knownAuthorities,\n ...(options.redirectUri && { redirectUri: options.redirectUri }),\n ...(options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })\n },\n cache: {\n cacheLocation: \"localStorage\",\n storeAuthStateInCookie: true\n }\n };\n\n this.msalObject = new msal.UserAgentApplication(this.msalConfig);\n }\n\n private login(): Promise<msal.AuthResponse> {\n switch (this.loginStyle) {\n case \"redirect\": {\n const loginPromise = new Promise<msal.AuthResponse>((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.loginRedirect();\n return loginPromise;\n }\n case \"popup\":\n return this.msalObject.loginPopup();\n }\n }\n\n private async acquireToken(\n authParams: msal.AuthenticationParameters\n ): Promise<msal.AuthResponse \| undefined> {\n let authResponse: msal.AuthResponse \| undefined;\n try {\n logger.info(\"Attempting to acquire token silently\");\n authResponse = await this.msalObject.acquireTokenSilent(authParams);\n } catch (err) {\n if (err instanceof msal.AuthError) {\n switch (err.errorCode) {\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(`Authentication returned errorCode ${err.errorCode}`);\n break;\n default:\n logger.info(formatError(authParams.scopes, `Failed to acquire token: ${err.message}`));\n throw err;\n }\n }\n }\n\n let authPromise: Promise<msal.AuthResponse> \| undefined;\n if (authResponse === undefined) {\n logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n );\n switch (this.loginStyle) {\n case \"redirect\":\n authPromise = new Promise((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.acquireTokenRedirect(authParams);\n break;\n case \"popup\":\n authPromise = this.msalObject.acquireTokenPopup(authParams);\n break;\n }\n\n authResponse = authPromise && (await authPromise);\n }\n\n return authResponse;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"InteractiveBrowserCredential-getToken\", options);\n try {\n if (!this.msalObject.getAccount()) {\n await this.login();\n }\n\n const authResponse = await this.acquireToken({\n scopes: Array.isArray(scopes) ? scopes : scopes.split(\",\")\n });\n\n if (authResponse) {\n const expiresOnTimestamp = authResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: authResponse.accessToken,\n expiresOnTimestamp\n };\n } else {\n logger.getToken.info(\"No response\");\n return null;\n }\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1	+ {"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAM7B,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC9F,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAKvC;;;;;;;;OAQG;IACH,YAAY,OAA6C;QACvD,OAAO,iCACL,aAAa,EAAE,oBAAoB,IAChC,OAAO,KACV,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe;YAC1D,2EAA2E;YAC3E,6CAA6C;YAC7C,yGAAyG;YACzG,QAAQ,EAAE,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,GACnE,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC;QAChD,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YACzD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,gBAAgB,GACpB,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5F,IAAI,CAAC,UAAU,GAAG;YAChB,IAAI,gCACF,QAAQ,EAAE,OAAO,CAAC,QAAS,EAC3B,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,QAAQ,EAAE,EACzD,gBAAgB,IACb,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,GAC7D,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC,CACrF;YACD,KAAK,EAAE;gBACL,aAAa,EAAE,cAAc;gBAC7B,sBAAsB,EAAE,IAAI;aAC7B;SACF,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK;QACX,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,YAAY,GAAG,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBACtE,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC1D,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBAChC,OAAO,YAAY,CAAC;aACrB;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;SACvC;IACH,CAAC;IAEa,YAAY,CACxB,UAAyC;;YAEzC,IAAI,YAA2C,CAAC;YAChD,IAAI;gBACF,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACpD,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;aACrE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,GAAG,YAAY,IAAI,CAAC,SAAS,EAAE;oBACjC,QAAQ,GAAG,CAAC,SAAS,EAAE;wBACrB,KAAK,kBAAkB,CAAC;wBACxB,KAAK,sBAAsB,CAAC;wBAC5B,KAAK,gBAAgB;4BACnB,MAAM,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;4BAClE,MAAM;wBACR;4BACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,4BAA4B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;4BACvF,MAAM,GAAG,CAAC;qBACb;iBACF;aACF;YAED,IAAI,WAAmD,CAAC;YACxD,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,MAAM,CAAC,IAAI,CACT,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;gBACF,QAAQ,IAAI,CAAC,UAAU,EAAE;oBACvB,KAAK,UAAU;wBACb,WAAW,GAAG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;4BAC5C,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;wBAC1D,CAAC,CAAC,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;wBACjD,MAAM;oBACR,KAAK,OAAO;wBACV,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;wBAC5D,MAAM;iBACT;gBAED,YAAY,GAAG,WAAW,IAAI,CAAC,MAAM,WAAW,CAAC,CAAC;aACnD;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,uCAAuC,EAAE,OAAO,CAAC,CAAC;YAC9E,IAAI;gBACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE;oBACjC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;iBACpB;gBAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;oBAC3C,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;iBAC3D,CAAC,CAAC;gBAEH,IAAI,YAAY,EAAE;oBAChB,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC5D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,YAAY,CAAC,WAAW;wBAC/B,kBAAkB;qBACnB,CAAC;iBACH;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACpC,OAAO,IAAI,CAAC;iBACb;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"msal\";\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport {\n BrowserLoginStyle,\n InteractiveBrowserCredentialOptions\n} from \"./interactiveBrowserCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { DefaultAuthorityHost, DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/*\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private loginStyle: BrowserLoginStyle;\n private msalConfig: msal.Configuration;\n private msalObject: msal.UserAgentApplication;\n\n /\n Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Azure Active Directory with\n * a user identity.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: InteractiveBrowserCredentialOptions) {\n options = {\n authorityHost: DefaultAuthorityHost,\n ...options,\n tenantId: (options && options.tenantId) \|\| DefaultTenantId,\n // TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n // Developer Sign On application is available\n // https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\n clientId: (options && options.clientId) \|\| DeveloperSignOnClientId\n };\n\n this.loginStyle = options.loginStyle \|\| \"popup\";\n if ([\"redirect\", \"popup\"].indexOf(this.loginStyle) === -1) {\n const error = new Error(`Invalid loginStyle: ${options.loginStyle}`);\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n const knownAuthorities =\n options.tenantId === \"adfs\" ? (options.authorityHost ? [options.authorityHost] : []) : [];\n\n this.msalConfig = {\n auth: {\n clientId: options.clientId!, // we just initialized it above\n authority: `${options.authorityHost}/${options.tenantId}`,\n knownAuthorities,\n ...(options.redirectUri && { redirectUri: options.redirectUri }),\n ...(options.postLogoutRedirectUri && { redirectUri: options.postLogoutRedirectUri })\n },\n cache: {\n cacheLocation: \"localStorage\",\n storeAuthStateInCookie: true\n }\n };\n\n this.msalObject = new msal.UserAgentApplication(this.msalConfig);\n }\n\n private login(): Promise<msal.AuthResponse> {\n switch (this.loginStyle) {\n case \"redirect\": {\n const loginPromise = new Promise<msal.AuthResponse>((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.loginRedirect();\n return loginPromise;\n }\n case \"popup\":\n return this.msalObject.loginPopup();\n }\n }\n\n private async acquireToken(\n authParams: msal.AuthenticationParameters\n ): Promise<msal.AuthResponse \| undefined> {\n let authResponse: msal.AuthResponse \| undefined;\n try {\n logger.info(\"Attempting to acquire token silently\");\n authResponse = await this.msalObject.acquireTokenSilent(authParams);\n } catch (err) {\n if (err instanceof msal.AuthError) {\n switch (err.errorCode) {\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(`Authentication returned errorCode ${err.errorCode}`);\n break;\n default:\n logger.info(formatError(authParams.scopes, `Failed to acquire token: ${err.message}`));\n throw err;\n }\n }\n }\n\n let authPromise: Promise<msal.AuthResponse> \| undefined;\n if (authResponse === undefined) {\n logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n );\n switch (this.loginStyle) {\n case \"redirect\":\n authPromise = new Promise((resolve, reject) => {\n this.msalObject.handleRedirectCallback(resolve, reject);\n });\n this.msalObject.acquireTokenRedirect(authParams);\n break;\n case \"popup\":\n authPromise = this.msalObject.acquireTokenPopup(authParams);\n break;\n }\n\n authResponse = authPromise && (await authPromise);\n }\n\n return authResponse;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"InteractiveBrowserCredential-getToken\", options);\n try {\n if (!this.msalObject.getAccount()) {\n await this.login();\n }\n\n const authResponse = await this.acquireToken({\n scopes: Array.isArray(scopes) ? scopes : scopes.split(\",\")\n });\n\n if (authResponse) {\n const expiresOnTimestamp = authResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: authResponse.accessToken,\n expiresOnTimestamp\n };\n } else {\n logger.getToken.info(\"No response\");\n return null;\n }\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}

package/dist-esm/src/credentials/interactiveBrowserCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAMlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAExE,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAG1E,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAMvC,YAAY,OAA6C;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC;QAClE,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,CAAC;QAE1E,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,gGAAgG;QAChG,8DAA8D;QAE9D,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE;YAClC,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE;gBAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;aACxC;iBAAM;gBACL,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;aAC1C;SACF;aAAM;YACL,IAAI,CAAC,WAAW,GAAG,kBAAkB,CAAC;SACvC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE7B,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B;YACE,QAAQ;YACR,SAAS,EAAE,aAAa;YACxB,gBAAgB,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;SACpF,EACD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAyB,EACzB,QAA0B;QAE1B,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YACnE,IAAI,CAAC,YAAY,sBAAsB,EAAE;gBACvC,OAAO,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;aACjD;iBAAM;gBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAC,CAAC;aACT;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAG;gBAC5B,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAC7E,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;KAAA;IAEO,uBAAuB,CAAC,UAAoB;QAClD,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAE,EAAE;gBAC9E,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAA6B;oBAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,UAAU;iBACnB,CAAC;gBAEF,IAAI,CAAC,UAAU;qBACZ,kBAAkB,CAAC,YAAY,CAAC;qBAChC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAEhD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,MAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,IAAI,GAAG,CAAC,CAC3E,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3C,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars /\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { InteractiveBrowserCredentialOptions } from \"./interactiveBrowserCredentialOptions\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { Socket } from \"net\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { AuthorizationCodeRequest } from \"@azure/msal-node\";\n\nimport open from \"open\";\nimport http from \"http\";\nimport stoppable from \"stoppable\";\n\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window. This credential is not currently supported in Node.js.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private msalClient: MsalClient;\n\n constructor(options?: InteractiveBrowserCredentialOptions) {\n const tenantId = (options && options.tenantId) \|\| DefaultTenantId;\n const clientId = (options && options.clientId) \|\| DeveloperSignOnClientId;\n\n checkTenantId(logger, tenantId);\n\n // const persistenceEnabled = options?.persistenceEnabled ? options?.persistenceEnabled : false;\n // const authenticationRecord = options?.authenticationRecord;\n\n if (options && options.redirectUri) {\n if (typeof options.redirectUri === \"string\") {\n this.redirectUri = options.redirectUri;\n } else {\n this.redirectUri = options.redirectUri();\n }\n } else {\n this.redirectUri = \"http://localhost\";\n }\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n\n this.hostname = url.hostname;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n {\n clientId,\n authority: authorityHost,\n knownAuthorities: tenantId === \"adfs\" ? (authorityHost ? [authorityHost] : []) : []\n },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch((e) => {\n if (e instanceof AuthenticationRequired) {\n return this.acquireTokenFromBrowser(scopeArray);\n } else {\n logger.getToken.info(formatError(scopes, e));\n throw e;\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.msalClient.getAuthCodeUrl(authCodeUrlParameters);\n await open(response);\n }\n\n private acquireTokenFromBrowser(scopeArray: string[]): Promise<AccessToken \| null> {\n return new Promise<AccessToken \| null>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse) => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopeArray\n };\n\n this.msalClient\n .acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n logger.getToken.info(formatSuccess(scopeArray));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n logger.info(`InteractiveBrowerCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopeArray).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAMlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAExE,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAG1E,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,OAAO,4BAA4B;IAMvC,YAAY,OAA6C;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC;QAClE,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,uBAAuB,CAAC;QAE1E,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,gGAAgG;QAChG,8DAA8D;QAE9D,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE;YAClC,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE;gBAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;aACxC;iBAAM;gBACL,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;aAC1C;SACF;aAAM;YACL,IAAI,CAAC,WAAW,GAAG,kBAAkB,CAAC;SACvC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE7B,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B;YACE,QAAQ;YACR,SAAS,EAAE,aAAa;YACxB,gBAAgB,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;SACpF,EACD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACI,QAAQ,CACb,MAAyB,EACzB,QAA0B;QAE1B,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YACnE,IAAI,CAAC,YAAY,sBAAsB,EAAE;gBACvC,OAAO,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;aACjD;iBAAM;gBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAC,CAAC;aACT;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAG;gBAC5B,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAC7E,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;KAAA;IAEO,uBAAuB,CAAC,UAAoB;QAClD,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAE,EAAE;gBAC9E,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAA6B;oBAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,UAAU;iBACnB,CAAC;gBAEF,IAAI,CAAC,UAAU;qBACZ,kBAAkB,CAAC,YAAY,CAAC;qBAChC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAEhD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,MAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,IAAI,GAAG,CAAC,CAC3E,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3C,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars /\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { InteractiveBrowserCredentialOptions } from \"./interactiveBrowserCredentialOptions\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { Socket } from \"net\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { AuthorizationCodeRequest } from \"@azure/msal-node\";\n\nimport open from \"open\";\nimport http from \"http\";\nimport stoppable from \"stoppable\";\n\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window. This credential is not currently supported in Node.js.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private msalClient: MsalClient;\n\n constructor(options?: InteractiveBrowserCredentialOptions) {\n const tenantId = (options && options.tenantId) \|\| DefaultTenantId;\n const clientId = (options && options.clientId) \|\| DeveloperSignOnClientId;\n\n checkTenantId(logger, tenantId);\n\n // const persistenceEnabled = options?.persistenceEnabled ? options?.persistenceEnabled : false;\n // const authenticationRecord = options?.authenticationRecord;\n\n if (options && options.redirectUri) {\n if (typeof options.redirectUri === \"string\") {\n this.redirectUri = options.redirectUri;\n } else {\n this.redirectUri = options.redirectUri();\n }\n } else {\n this.redirectUri = \"http://localhost\";\n }\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n\n this.hostname = url.hostname;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n {\n clientId,\n authority: authorityHost,\n knownAuthorities: tenantId === \"adfs\" ? (authorityHost ? [authorityHost] : []) : []\n },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch((e) => {\n if (e instanceof AuthenticationRequired) {\n return this.acquireTokenFromBrowser(scopeArray);\n } else {\n logger.getToken.info(formatError(scopes, e));\n throw e;\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.msalClient.getAuthCodeUrl(authCodeUrlParameters);\n await open(response);\n }\n\n private acquireTokenFromBrowser(scopeArray: string[]): Promise<AccessToken \| null> {\n return new Promise<AccessToken \| null>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse) => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopeArray\n };\n\n this.msalClient\n .acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n logger.getToken.info(formatSuccess(scopeArray));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n logger.info(`InteractiveBrowerCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopeArray).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n });\n }\n}\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js CHANGED Viewed

@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import { __awaiter } from "tslib";
+import qs from "qs";
+import { createHttpHeaders } from "@azure/core-rest-pipeline";
 import { credentialLogger } from "../../util/logging";
 import { msiGenericGetToken } from "./utils";
 const logger = credentialLogger("ManagedIdentityCredential - AppServiceMSI 2017");
@@ -17,21 +19,25 @@ function prepareRequestOptions(resource, clientId) {
     if (clientId) {
         queryParameters.clientid = clientId;
     }
+    const query = qs.stringify(queryParameters);
     return {
-        url: process.env.MSI_ENDPOINT,
+        url: `${process.env.MSI_ENDPOINT}?${query}`,
         method: "GET",
-        queryParameters,
-        headers: {
+        headers: createHttpHeaders({
             Accept: "application/json",
             secret: process.env.MSI_SECRET
-        }
+        })
     };
 }
 export const appServiceMsi2017 = {
     isAvailable() {
         return __awaiter(this, void 0, void 0, function* () {
             const env = process.env;
-            return Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);
+            const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);
+            if (!result) {
+                logger.info("The Azure App Service MSI 2017 is unavailable.");
+            }
+            return result;
         });
     },
     getToken(identityClient, resource, clientId, getTokenOptions = {}) {

package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"appServiceMsi2017.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/appServiceMsi2017.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;~~AAIlC~~,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;AAElF,SAAS,eAAe,CAAC,WAAgB;IACvC,4DAA4D;IAC5D,8CAA8C;IAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,~~YAAY~~;~~QAC7B~~,MAAM,EAAE,KAAK;QACb,~~eAAe;QACf,~~OAAO,EAAE;~~YACP~~,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,~~UAAU~~;~~SAC/B~~;~~KACF~~,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAQ;IAC9B,WAAW;;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,~~OAAO~~,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;~~QACrD~~,CAAC;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErC,MAAM,CAAC,IAAI,CACT,yFAAyF,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC/I,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACd,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzC,eAAe,EACf,eAAe,CAChB,CAAC;QACJ,CAAC;KAAA;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, ~~RequestPrepareOptions~~ } from \"@azure/core-~~http~~\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - AppServiceMSI 2017\");\n\nfunction expiresInParser(requestBody: any): number {\n // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n // convert it into a JavaScript-formatted date\n return Date.parse(requestBody.expires_on);\n}\n\nfunction prepareRequestOptions(resource: string, clientId?: string): ~~RequestPrepareOptions~~ {\n const queryParameters: any = {\n resource,\n \"api-version\": \"2017-09-01\"\n };\n\n if (clientId) {\n queryParameters.clientid = clientId;\n }\n\n return {\n url: process.env.MSI_ENDPOINT,\n method: \"GET\",\n ~~queryParameters,\n~~ headers: {\n Accept: \"application/json\",\n secret: process.env.MSI_SECRET\n }\n };\n}\n\nexport const appServiceMsi2017: MSI = {\n async isAvailable(): Promise<boolean> {\n const env = process.env;\n ~~return~~ Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n"]}
1	+ {"version":3,"file":"appServiceMsi2017.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/appServiceMsi2017.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAAE,iBAAiB,EAA0B,MAAM,2BAA2B,CAAC;AAGtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;AAElF,SAAS,eAAe,CAAC,WAAgB;IACvC,4DAA4D;IAC5D,8CAA8C;IAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAE5C,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,YAAa,IAAI,KAAK,EAAE;QAC5C,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAW;SAChC,CAAC;KACH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAQ;IAC9B,WAAW;;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;aAC/D;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErC,MAAM,CAAC,IAAI,CACT,yFAAyF,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC/I,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACd,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzC,eAAe,EACf,eAAe,CAChB,CAAC;QACJ,CAAC;KAAA;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { createHttpHeaders, PipelineRequestOptions } from \"@azure/core-rest-pipeline\";\n\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - AppServiceMSI 2017\");\n\nfunction expiresInParser(requestBody: any): number {\n // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n // convert it into a JavaScript-formatted date\n return Date.parse(requestBody.expires_on);\n}\n\nfunction prepareRequestOptions(resource: string, clientId?: string): PipelineRequestOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": \"2017-09-01\"\n };\n\n if (clientId) {\n queryParameters.clientid = clientId;\n }\n\n const query = qs.stringify(queryParameters);\n\n return {\n url: `${process.env.MSI_ENDPOINT!}?${query}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n secret: process.env.MSI_SECRET!\n })\n };\n}\n\nexport const appServiceMsi2017: MSI = {\n async isAvailable(): Promise<boolean> {\n const env = process.env;\n const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n if (!result) {\n logger.info(\"The Azure App Service MSI 2017 is unavailable.\");\n }\n return result;\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js CHANGED Viewed

@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import { __awaiter } from "tslib";
+import qs from "qs";
+import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 import { credentialLogger } from "../../util/logging";
 import { msiGenericGetToken } from "./utils";
 import { azureArcAPIVersion } from "./constants";
@@ -14,15 +16,15 @@ function prepareRequestOptions(resource) {
         resource,
         "api-version": azureArcAPIVersion
     };
+    const query = qs.stringify(queryParameters);
     return {
         // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token
-        url: process.env.IDENTITY_ENDPOINT,
+        url: `${process.env.IDENTITY_ENDPOINT}?${query}`,
         method: "GET",
-        queryParameters,
-        headers: {
+        headers: createHttpHeaders({
             Accept: "application/json",
-            Metadata: true
-        }
+            Metadata: "true"
+        })
     };
 }
 // Since "fs"'s readFileSync locks the thread, and to avoid extra dependencies.
@@ -36,7 +38,7 @@ function readFileAsync(path, options) {
 }
 function filePathRequest(identityClient, requestPrepareOptions) {
     return __awaiter(this, void 0, void 0, function* () {
-        const response = yield identityClient.sendRequest(identityClient.createWebResource(requestPrepareOptions));
+        const response = yield identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));
         if (response.status !== 401) {
             let message = "";
             if (response.bodyAsText) {
@@ -51,22 +53,27 @@ function filePathRequest(identityClient, requestPrepareOptions) {
 export const arcMsi = {
     isAvailable() {
         return __awaiter(this, void 0, void 0, function* () {
-            return Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);
+            const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);
+            if (!result) {
+                logger.info("The Azure Arc MSI is unavailable.");
+            }
+            return result;
         });
     },
     getToken(identityClient, resource, clientId, getTokenOptions = {}) {
+        var _a;
         return __awaiter(this, void 0, void 0, function* () {
             logger.info(`Using the Azure Arc MSI to authenticate.`);
             if (clientId) {
                 throw new Error("User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.");
             }
-            const requestOptions = Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal, spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions, tracingContext: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext }, prepareRequestOptions(resource));
+            const requestOptions = Object.assign({ allowInsecureConnection: true, disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal, spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions }, prepareRequestOptions(resource));
             const filePath = yield filePathRequest(identityClient, requestOptions);
             if (!filePath) {
                 throw new Error("Azure Arc MSI failed to find the token file.");
             }
             const key = yield readFileAsync(filePath, { encoding: "utf-8" });
-            requestOptions.headers["Authorization"] = `Basic ${key}`;
+            (_a = requestOptions.headers) === null || _a === void 0 ? void 0 : _a.set("Authorization", `Basic ${key}`);
             return msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions);
         });
     }

package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"arcMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/arcMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;~~AAIlC~~,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,MAAM,MAAM,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;AAEtE,yDAAyD;AACzD,MAAM,eAAe,GAAG,SAAS,CAAC;AAElC,SAAS,qBAAqB,CAAC,QAAiB;IAC9C,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,OAAO;QACL,8EAA8E;QAC9E,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,~~iBAAiB~~;~~QAClC~~,MAAM,EAAE,KAAK;QACb,~~eAAe;QACf,~~OAAO,EAAE;~~YACP~~,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,~~IAAI~~;~~SACf~~;~~KACF~~,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CACrC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAe,eAAe,CAC5B,cAA8B,EAC9B,~~qBAA4C~~;;~~QAE5C~~,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,~~CAC/C,cAAc,~~CAAC,~~iBAAiB~~,CAAC,qBAAqB,CAAC,~~CACxD~~,CAAC;~~QAEF~~,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;gBACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;aAC/C;YACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,wFAAwF,OAAO,EAAE,CAClG,CAAC;SACH;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAQ;IACnB,WAAW;;YACf,~~OAAO~~,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;~~QAC7E~~,CAAC;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAiB,EACjB,QAAiB,EACjB,kBAAmC,EAAE;;YAErC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAExD,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,KAAK,CACb,4TAA4T,CAC7T,CAAC;aACH;YAED,MAAM,cAAc,mBAClB,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,~~EACzF~~,~~cAAc,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,cAAc,IAC5F,~~qBAAqB,CAAC,QAAQ,CAAC,CACnC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAEvE,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACjE;YAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACjE,cAAc,CAAC,~~OAAQ~~,CAAC,eAAe,~~CAAC~~,~~GAAG,~~SAAS,GAAG,EAAE,~~CAAC~~;~~YAE1D~~,OAAO,kBAAkB,CAAC,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;~~QAC9F,CAAC;KAAA;~~CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, ~~RequestPrepareOptions~~ } from \"@azure/core-~~http~~\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\nimport { azureArcAPIVersion } from \"./constants\";\nimport { AuthenticationError } from \"../../client/errors\";\nimport { readFile } from \"fs\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - ArcMSI\");\n\n// Azure Arc MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource?: string): ~~RequestPrepareOptions~~ {\n const queryParameters: any = {\n resource,\n \"api-version\": azureArcAPIVersion\n };\n\n return {\n // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n url: process.env.IDENTITY_ENDPOINT,\n method: \"GET\",\n ~~queryParameters,\n~~ headers: {\n Accept: \"application/json\",\n Metadata: true\n }\n };\n}\n\n// Since \"fs\"'s readFileSync locks the thread, and to avoid extra dependencies.\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n return new Promise((resolve, reject) =>\n readFile(path, options, (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n })\n );\n}\n\nasync function filePathRequest(\n identityClient: IdentityClient,\n requestPrepareOptions: ~~RequestPrepareOptions~~\n): Promise<string \| undefined> {\n const response = await identityClient.sendRequest(~~\n identityClient.createWebResource~~(requestPrepareOptions)\n );\n\n if (response.status !== 401) {\n let message = \"\";\n if (response.bodyAsText) {\n message = ` Response: ${response.bodyAsText}`;\n }\n throw new AuthenticationError(\n response.status,\n `To authenticate with Azure Arc MSI, status code 401 is expected on the first request.${message}`\n );\n }\n\n const authHeader = response.headers.get(\"www-authenticate\") \|\| \"\";\n return authHeader.split(\"=\").slice(1)[0];\n}\n\nexport const arcMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n ~~return~~ Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n },\n async getToken(\n identityClient: IdentityClient,\n resource?: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(`Using the Azure Arc MSI to authenticate.`);\n\n if (clientId) {\n throw new Error(\n \"User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.\"\n );\n }\n\n const requestOptions = {\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n ~~tracingContext: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext,\n~~ ...prepareRequestOptions(resource)\n };\n\n const filePath = await filePathRequest(identityClient, requestOptions);\n\n if (!filePath) {\n throw new Error(\"Azure Arc MSI failed to find the token file.\");\n }\n\n const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n requestOptions.headers![\"Authorization\"] = `Basic ${key}~~`;\~~n\n return msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions);\n }\n};\n"]}
1	+ {"version":3,"file":"arcMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/arcMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,MAAM,MAAM,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;AAEtE,yDAAyD;AACzD,MAAM,eAAe,GAAG,SAAS,CAAC;AAElC,SAAS,qBAAqB,CAAC,QAAiB;IAC9C,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAE5C,OAAO;QACL,8EAA8E;QAC9E,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAkB,IAAI,KAAK,EAAE;QACjD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;KACH,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CACrC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAe,eAAe,CAC5B,cAA8B,EAC9B,qBAA6C;;QAE7C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAEhG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;gBACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;aAC/C;YACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,wFAAwF,OAAO,EAAE,CAClG,CAAC;SACH;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAQ;IACnB,WAAW;;YACf,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACnF,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;aAClD;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAiB,EACjB,QAAiB,EACjB,kBAAmC,EAAE;;;YAErC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAExD,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,KAAK,CACb,4TAA4T,CAC7T,CAAC;aACH;YAED,MAAM,cAAc,mBAClB,uBAAuB,EAAE,IAAI,EAC7B,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,IACtF,qBAAqB,CAAC,QAAQ,CAAC,CACnC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAEvE,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACjE;YAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACjE,MAAA,cAAc,CAAC,OAAO,0CAAE,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,EAAE,EAAE;YAE7D,OAAO,kBAAkB,CAAC,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;;KAC7F;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n createHttpHeaders,\n createPipelineRequest,\n PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\nimport { azureArcAPIVersion } from \"./constants\";\nimport { AuthenticationError } from \"../../client/errors\";\nimport { readFile } from \"fs\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - ArcMSI\");\n\n// Azure Arc MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource?: string): PipelineRequestOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": azureArcAPIVersion\n };\n\n const query = qs.stringify(queryParameters);\n\n return {\n // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n url: `${process.env.IDENTITY_ENDPOINT!}?${query}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n Metadata: \"true\"\n })\n };\n}\n\n// Since \"fs\"'s readFileSync locks the thread, and to avoid extra dependencies.\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n return new Promise((resolve, reject) =>\n readFile(path, options, (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n })\n );\n}\n\nasync function filePathRequest(\n identityClient: IdentityClient,\n requestPrepareOptions: PipelineRequestOptions\n): Promise<string \| undefined> {\n const response = await identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));\n\n if (response.status !== 401) {\n let message = \"\";\n if (response.bodyAsText) {\n message = ` Response: ${response.bodyAsText}`;\n }\n throw new AuthenticationError(\n response.status,\n `To authenticate with Azure Arc MSI, status code 401 is expected on the first request.${message}`\n );\n }\n\n const authHeader = response.headers.get(\"www-authenticate\") \|\| \"\";\n return authHeader.split(\"=\").slice(1)[0];\n}\n\nexport const arcMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n if (!result) {\n logger.info(\"The Azure Arc MSI is unavailable.\");\n }\n return result;\n },\n async getToken(\n identityClient: IdentityClient,\n resource?: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(`Using the Azure Arc MSI to authenticate.`);\n\n if (clientId) {\n throw new Error(\n \"User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.\"\n );\n }\n\n const requestOptions = {\n allowInsecureConnection: true,\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n ...prepareRequestOptions(resource)\n };\n\n const filePath = await filePathRequest(identityClient, requestOptions);\n\n if (!filePath) {\n throw new Error(\"Azure Arc MSI failed to find the token file.\");\n }\n\n const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n requestOptions.headers?.set(\"Authorization\", `Basic ${key}`);\n\n return msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions);\n }\n};\n"]}