npm - @azure/identity - Versions diffs - 2.0.0-beta.2 → 2.0.0-beta.6 - Mend

@azure/identity 2.0.0-beta.2 → 2.0.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (157) hide show

package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js CHANGED Viewed

@@ -1,10 +1,44 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { readFileSync } from "fs";
+import { readFile } from "fs";
 import { createHash } from "crypto";
+import { promisify } from "util";
 import { MsalNode } from "./nodeCommon";
 import { formatError } from "../../util/logging";
+const readFileAsync = promisify(readFile);
+/**
+ * Tries to asynchronously load a certificate from the given path.
+ *
+ * @param certificatePath - Path to the certificate.
+ * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.
+ * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.
+ * @internal
+ */
+export async function parseCertificate(certificatePath, sendCertificateChain) {
+    const certificateParts = {};
+    certificateParts.certificateContents = await readFileAsync(certificatePath, "utf8");
+    if (sendCertificateChain) {
+        certificateParts.x5c = certificateParts.certificateContents;
+    }
+    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
+    const publicKeys = [];
+    // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
+    let match;
+    do {
+        match = certificatePattern.exec(certificateParts.certificateContents);
+        if (match) {
+            publicKeys.push(match[3]);
+        }
+    } while (match);
+    if (publicKeys.length === 0) {
+        throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
+    }
+    certificateParts.thumbprint = createHash("sha1")
+        .update(Buffer.from(publicKeys[0], "base64"))
+        .digest("hex")
+        .toUpperCase();
+    return certificateParts;
+}
 /**
  * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
  * @internal
@@ -13,57 +47,41 @@ export class MsalClientCertificate extends MsalNode {
     constructor(options) {
         super(options);
         this.requiresConfidential = true;
+        this.certificatePath = options.certificatePath;
         this.sendCertificateChain = options.sendCertificateChain;
-        const parts = this.parseCertificate(options.certificatePath);
-        this.msalConfig.auth.clientCertificate = {
-            thumbprint: parts.thumbprint,
-            privateKey: parts.certificateContents,
-            x5c: parts.x5c
-        };
     }
-    parseCertificate(certificatePath) {
-        const certificateParts = {};
-        certificateParts.certificateContents = readFileSync(certificatePath, "utf8");
-        if (this.sendCertificateChain) {
-            certificateParts.x5c = certificateParts.certificateContents;
+    // Changing the MSAL configuration asynchronously
+    async init(options) {
+        try {
+            const parts = await parseCertificate(this.certificatePath, this.sendCertificateChain);
+            this.msalConfig.auth.clientCertificate = {
+                thumbprint: parts.thumbprint,
+                privateKey: parts.certificateContents,
+                x5c: parts.x5c
+            };
         }
-        const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
-        const publicKeys = [];
-        // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
-        let match;
-        do {
-            match = certificatePattern.exec(certificateParts.certificateContents);
-            if (match) {
-                publicKeys.push(match[3]);
-            }
-        } while (match);
-        if (publicKeys.length === 0) {
-            const error = new Error("The file at the specified path does not contain a PEM-encoded certificate.");
+        catch (error) {
             this.logger.info(formatError("", error));
             throw error;
         }
-        certificateParts.thumbprint = createHash("sha1")
-            .update(Buffer.from(publicKeys[0], "base64"))
-            .digest("hex")
-            .toUpperCase();
-        return certificateParts;
+        return super.init(options);
     }
-    doGetToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const result = yield this.confidentialApp.acquireTokenByClientCredential({
-                    scopes,
-                    correlationId: options.correlationId
-                });
-                // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,
-                // The Client Credential flow does not return the account information from the authentication service,
-                // so each time getToken gets called, we will have to acquire a new token through the service.
-                return this.handleResult(scopes, this.clientId, result || undefined);
-            }
-            catch (err) {
-                throw this.handleError(scopes, err, options);
-            }
-        });
+    async doGetToken(scopes, options = {}) {
+        try {
+            const result = await this.confidentialApp.acquireTokenByClientCredential({
+                scopes,
+                correlationId: options.correlationId,
+                azureRegion: this.azureRegion,
+                authority: options.authority
+            });
+            // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,
+            // The Client Credential flow does not return the account information from the authentication service,
+            // so each time getToken gets called, we will have to acquire a new token through the service.
+            return this.handleResult(scopes, this.clientId, result || undefined);
+        }
+        catch (err) {
+            throw this.handleError(scopes, err, options);
+        }
     }
 }
 //# sourceMappingURL=msalClientCertificate.js.map

package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalClientCertificate.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientCertificate.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,~~YAAY~~,EAAE,MAAM,IAAI,CAAC;~~AAClC~~,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;~~AAEpC~~,OAAO,~~EAAmB~~,~~QAAQ~~,EAAE,MAAM,~~cAAc~~,CAAC;~~AACzD~~,OAAO,~~EAAE~~,~~WAAW~~,EAAE,MAAM,~~oBAAoB~~,CAAC;~~AAsCjD;;;GAGG;AACH~~,~~MAAM,~~OAAO,~~qBAAsB~~,~~SAAQ~~,~~QAAQ;IAGjD~~,~~YAAY~~,~~OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,~~oBAAoB,~~GAAG,IAAI,~~CAAC;~~QACjC~~,~~IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAEzD,~~MAAM,~~KAAK~~,GAAG,~~IAAI~~,CAAC,~~gBAAgB~~,CAAC,~~OAAO,~~CAAC~~,eAAe,CAAC,CAAC~~;~~QAC7D~~,~~IAAI~~,CAAC,~~UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;YACvC,UAAU,EAAE,~~KAAK,~~CAAC,~~UAAU~~;YAC5B~~,~~UAAU~~,~~EAAE~~,~~KAAK~~,~~CAAC~~,~~mBAAmB~~;~~YACrC~~,~~GAAG,EAAE,KAAK,CAAC,GAAG;SACf,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,eAAuB;QAC9C,~~MAAM,gBAAgB,GAA8B,EAAE,CAAC;~~QAEvD~~,gBAAgB,CAAC,mBAAmB,GAAG,~~YAAY~~,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;~~QAC7E~~,IAAI,~~IAAI,CAAC,~~oBAAoB,EAAE;~~YAC7B~~,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;~~SAC7D~~;~~QAED~~,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;~~QAC3H~~,MAAM,UAAU,GAAa,EAAE,CAAC;~~QAEhC~~,qHAAqH;~~QACrH~~,IAAI,KAAK,CAAC;~~QACV~~,GAAG;~~YACD~~,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;~~YACtE~~,IAAI,KAAK,EAAE;~~gBACT~~,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;~~aAC3B~~;~~SACF~~,QAAQ,KAAK,EAAE;~~QAEhB~~,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;~~YAC3B~~,MAAM,~~KAAK,GAAG,~~IAAI,KAAK,~~CACrB~~,4EAA4E,~~CAC7E~~,CAAC;~~YACF~~,~~IAAI~~,CAAC,MAAM,CAAC,IAAI,CAAC,~~WAAW~~,CAAC,~~EAAE~~,EAAE,KAAK,CAAC,CAAC,CAAC;~~YACzC~~,MAAM,KAAK,CAAC;~~SACb~~;~~QAED~~,~~gBAAgB~~,CAAC,~~UAAU~~,GAAG,~~UAAU~~,CAAC,~~MAAM~~,CAAC;~~aAC7C~~,~~MAAM~~,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,~~QAAQ~~,CAAC,CAAC;~~aAC5C~~,MAAM,CAAC,~~KAAK~~,CAAC~~;aACb~~,WAAW,EAAE,CAAC;~~QAEjB~~,OAAO,~~gBAAoC~~,CAAC;~~IAC9C~~,CAAC;~~IAEe~~,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE~~;;YAE3C~~,IAAI;~~gBACF~~,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;~~oBACxE~~,MAAM;~~oBACN~~,aAAa,EAAE,OAAO,CAAC,aAAa;~~iBACrC~~,CAAC,CAAC;~~gBACH~~,iHAAiH;~~gBACjH~~,sGAAsG;~~gBACtG~~,8FAA8F;~~gBAC9F~~,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;~~aACtE~~;~~YAAC~~,OAAO,GAAG,EAAE;~~gBACZ~~,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;~~aAC9C~~;~~QACH~~,CAAC;~~KAAA;~~CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { ~~readFileSync~~ } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { AccessToken } from \"@azure/core-~~http~~\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/*\n Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n /\nexport interface MSALClientCertificateOptions extends MsalNodeOptions {\n /\n Location of the certificate.\n /\n certificatePath: string;\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n /\n sendCertificateChain?: boolean;\n}\n\n/\n Parts of a certificate, as understood by MSAL.\n * @internal\n /\ninterface CertificateParts {\n /\n Hex encoded X.509 SHA-1 thumbprint of the certificate\n /\n thumbprint: string;\n /\n The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n /\n certificateContents: string;\n /\n x5c header.\n /\n x5c: string;\n}\n\n/\n ~~MSAL~~ ~~client~~ ~~certificate~~ ~~client.~~ ~~Calls~~ to ~~MSAL's~~ ~~confidential~~ ~~application's~~ ~~`acquireTokenByClientCredential`~~ ~~during `doGetToken`.\~~n * @~~internal\n~~ /\nexport ~~class~~ ~~MsalClientCertificate~~ ~~extends~~ ~~MsalNode~~ {\n ~~private~~ sendCertificateChain?: ~~boolean;\n\n constructor(options:~~ ~~MSALClientCertificateOptions)~~ ~~{\n super(options);\n this.requiresConfidential~~ = ~~true;\n this.sendCertificateChain~~ = ~~options.sendCertificateChain;\~~n~~\n const~~ parts = ~~this.parseCertificate(options.certificatePath);\~~n ~~this.msalConfig.auth.clientCertificate~~ = {\n ~~thumbprint:~~ ~~parts.thumbprint,\n privateKey:~~ ~~parts.certificateContents,\n x5c:~~ ~~parts.x5c~~\n ~~};\n~~ ~~}\n\n private parseCertificate(~~certificatePath: string): CertificateParts {\n const certificateParts: Partial<CertificateParts> = {};\n\n certificateParts.certificateContents = ~~readFileSync~~(certificatePath, \"utf8\");\n if (~~this.~~sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n ~~const~~ ~~error =~~ new Error(\~~n \~~"The file at the specified path does not contain a PEM-encoded certificate.\"\n );\n ~~this.logger.info(formatError(\"\", error));\n throw error;\n~~ }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId\n });\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result \|\| undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1	+ {"version":3,"file":"msalClientCertificate.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientCertificate.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAGjC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGjD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAqC1C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,eAAuB,EACvB,oBAA8B;IAE9B,MAAM,gBAAgB,GAA8B,EAAE,CAAC;IAEvD,gBAAgB,CAAC,mBAAmB,GAAG,MAAM,aAAa,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IACpF,IAAI,oBAAoB,EAAE;QACxB,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;KAC7D;IAED,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;IAC3H,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG;QACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QACtE,IAAI,KAAK,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B;KACF,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;KAC/F;IAED,gBAAgB,CAAC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;SAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;SACb,WAAW,EAAE,CAAC;IAEjB,OAAO,gBAAoC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACtF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;gBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;gBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC;SACb;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YACH,iHAAiH;YACjH,sGAAsG;YACtG,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { readFile } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { promisify } from \"util\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\nconst readFileAsync = promisify(readFile);\n\n/*\n Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n /\nexport interface MSALClientCertificateOptions extends MsalNodeOptions {\n /\n Location of the PEM certificate.\n /\n certificatePath: string;\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n /\n sendCertificateChain?: boolean;\n}\n\n/\n Parts of a certificate, as understood by MSAL.\n * @internal\n /\ninterface CertificateParts {\n /\n Hex encoded X.509 SHA-1 thumbprint of the certificate\n /\n thumbprint: string;\n /\n The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n /\n certificateContents: string;\n /\n x5c header.\n /\n x5c: string;\n}\n\n/\n Tries to asynchronously load a certificate from the given path.\n \n @param certificatePath - Path to the certificate.\n * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.\n * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.\n * @internal\n /\nexport async function parseCertificate(\n certificatePath: string,\n sendCertificateChain?: boolean\n): Promise<CertificateParts> {\n const certificateParts: Partial<CertificateParts> = {};\n\n certificateParts.certificateContents = await readFileAsync(certificatePath, \"utf8\");\n if (sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n}\n\n/*\n MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientCertificate extends MsalNode {\n private certificatePath: string;\n private sendCertificateChain?: boolean;\n\n constructor(options: MSALClientCertificateOptions) {\n super(options);\n this.requiresConfidential = true;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n try {\n const parts = await parseCertificate(this.certificatePath, this.sendCertificateChain);\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c\n };\n } catch (error) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority\n });\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result \|\| undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalClientSecret.js CHANGED Viewed

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalNode } from "./nodeCommon";
 /**
  * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
@@ -12,21 +11,21 @@ export class MsalClientSecret extends MsalNode {
         this.requiresConfidential = true;
         this.msalConfig.auth.clientSecret = options.clientSecret;
     }
-    doGetToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const result = yield this.confidentialApp.acquireTokenByClientCredential({
-                    scopes,
-                    correlationId: options.correlationId
-                });
-                // The Client Credential flow does not return an account,
-                // so each time getToken gets called, we will have to acquire a new token through the service.
-                return this.handleResult(scopes, this.clientId, result || undefined);
-            }
-            catch (err) {
-                throw this.handleError(scopes, err, options);
-            }
-        });
+    async doGetToken(scopes, options = {}) {
+        try {
+            const result = await this.confidentialApp.acquireTokenByClientCredential({
+                scopes,
+                correlationId: options.correlationId,
+                azureRegion: this.azureRegion,
+                authority: options.authority
+            });
+            // The Client Credential flow does not return an account,
+            // so each time getToken gets called, we will have to acquire a new token through the service.
+            return this.handleResult(scopes, this.clientId, result || undefined);
+        }
+        catch (err) {
+            throw this.handleError(scopes, err, options);
+        }
     }
 }
 //# sourceMappingURL=msalClientSecret.js.map

package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC~~;;AAIlC~~,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;~~AAUzD~~;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;~~IAEe~~,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE~~;;YAE3C~~,IAAI;~~gBACF~~,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;~~oBACxE~~,MAAM;~~oBACN~~,aAAa,EAAE,OAAO,CAAC,aAAa;~~iBACrC~~,CAAC,CAAC;~~gBACH~~,yDAAyD;~~gBACzD~~,8FAA8F;~~gBAC9F~~,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;~~aACtE~~;~~YAAC~~,OAAO,GAAG,EAAE;~~gBACZ~~,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;~~aAC9C~~;~~QACH~~,CAAC;~~KAAA;~~CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-~~http~~\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/*\n Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n /\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n clientSecret: string;\n}\n\n/\n MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result \|\| undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1	+ {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAazD;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/*\n Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n /\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n /\n A client secret that was generated for the App Registration.\n /\n clientSecret: string;\n}\n\n/\n MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result \|\| undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js CHANGED Viewed

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalNode } from "./nodeCommon";
 /**
  * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.
@@ -11,27 +10,26 @@ export class MsalDeviceCode extends MsalNode {
         super(options);
         this.userPromptCallback = options.userPromptCallback;
     }
-    doGetToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const requestOptions = {
-                    deviceCodeCallback: this.userPromptCallback,
-                    scopes,
-                    cancel: false,
-                    correlationId: options === null || options === void 0 ? void 0 : options.correlationId
-                };
-                const promise = this.publicApp.acquireTokenByDeviceCode(requestOptions);
-                // TODO:
-                // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.
-                const deviceResponse = yield this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
-                    requestOptions.cancel = true;
-                });
-                return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
-            }
-            catch (error) {
-                throw this.handleError(scopes, error, options);
-            }
-        });
+    async doGetToken(scopes, options) {
+        try {
+            const requestOptions = {
+                deviceCodeCallback: this.userPromptCallback,
+                scopes,
+                cancel: false,
+                correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
+                authority: options === null || options === void 0 ? void 0 : options.authority
+            };
+            const promise = this.publicApp.acquireTokenByDeviceCode(requestOptions);
+            // TODO:
+            // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.
+            const deviceResponse = await this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
+                requestOptions.cancel = true;
+            });
+            return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
+        }
+        catch (error) {
+            throw this.handleError(scopes, error, options);
+        }
     }
 }
 //# sourceMappingURL=msalDeviceCode.js.map

package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC~~;;AAMlC~~,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAUzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;~~IAEe~~,UAAU,CACxB,MAAgB,EAChB,OAAuC~~;;YAEvC~~,IAAI;~~gBACF~~,MAAM,cAAc,GAA+B;~~oBACjD~~,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;~~oBAC3C~~,MAAM;~~oBACN~~,MAAM,EAAE,KAAK;~~oBACb~~,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;~~iBACtC~~,CAAC;~~gBACF~~,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;~~gBACzE~~,QAAQ;~~gBACR~~,4FAA4F;~~gBAC5F~~,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;~~oBACrF~~,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;~~gBAC~~/B,CAAC,CAAC,CAAC;~~gBACH~~,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;~~aAC9E~~;~~YAAC~~,OAAO,KAAK,EAAE;~~gBACd~~,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;~~aAChD~~;~~QACH~~,CAAC;~~KAAA;~~CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-~~http~~\";\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/*\n Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n /\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/\n MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n // TODO:\n // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse \|\| undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1	+ {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAUzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YACzE,QAAQ;YACR,4FAA4F;YAC5F,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;SAC9E;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/*\n Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n /\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/\n MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n // TODO:\n // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse \|\| undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js ADDED Viewed

@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { formatError } from "../../util/logging";
+import { parseCertificate } from "./msalClientCertificate";
+import { MsalNode } from "./nodeCommon";
+/**
+ * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.
+ * @internal
+ */
+export class MsalOnBehalfOf extends MsalNode {
+    constructor(options) {
+        super(options);
+        this.logger.info("Initialized MSAL's On-Behalf-Of flow");
+        this.requiresConfidential = true;
+        this.userAssertionToken = options.userAssertionToken;
+        this.certificatePath = options.certificatePath;
+        this.sendCertificateChain = options.sendCertificateChain;
+        this.clientSecret = options.clientSecret;
+    }
+    // Changing the MSAL configuration asynchronously
+    async init(options) {
+        if (this.certificatePath) {
+            try {
+                const parts = await parseCertificate(this.certificatePath, this.sendCertificateChain);
+                this.msalConfig.auth.clientCertificate = {
+                    thumbprint: parts.thumbprint,
+                    privateKey: parts.certificateContents,
+                    x5c: parts.x5c
+                };
+            }
+            catch (error) {
+                this.logger.info(formatError("", error));
+                throw error;
+            }
+        }
+        else {
+            this.msalConfig.auth.clientSecret = this.clientSecret;
+        }
+        return super.init(options);
+    }
+    async doGetToken(scopes, options = {}) {
+        try {
+            const result = await this.confidentialApp.acquireTokenOnBehalfOf({
+                scopes,
+                correlationId: options.correlationId,
+                authority: options.authority,
+                oboAssertion: this.userAssertionToken
+            });
+            return this.handleResult(scopes, this.clientId, result || undefined);
+        }
+        catch (err) {
+            throw this.handleError(scopes, err, options);
+        }
+    }
+}
+//# sourceMappingURL=msalOnBehalfOf.js.map

package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"msalOnBehalfOf.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOnBehalfOf.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AA0BzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAM1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE;YACxB,IAAI;gBACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBACtF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;aACH;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;SACvD;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,sBAAsB,CAAC;gBAChE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,YAAY,EAAE,IAAI,CAAC,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { parseCertificate } from \"./msalClientCertificate\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MSALOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MSALOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(this.certificatePath, this.sendCertificateChain);\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c\n };\n } catch (error) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n oboAssertion: this.userAssertionToken\n });\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js CHANGED Viewed

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
+import * as msalNode from "@azure/msal-node";
 import http from "http";
 import open from "open";
 import stoppable from "stoppable";
@@ -23,8 +23,9 @@ export const interactiveBrowserMockable = {
 export class MsalOpenBrowser extends MsalNode {
     constructor(options) {
         super(options);
-        this.logger = credentialLogger("NodeJS MSAL Open Browser");
+        this.logger = credentialLogger("Node.js MSAL Open Browser");
         this.redirectUri = options.redirectUri;
+        this.loginHint = options.loginHint;
         const url = new URL(this.redirectUri);
         this.port = parseInt(url.port);
         if (isNaN(this.port)) {
@@ -32,15 +33,14 @@ export class MsalOpenBrowser extends MsalNode {
         }
         this.hostname = url.hostname;
     }
-    acquireTokenByCode(request) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.publicApp.acquireTokenByCode(request);
-        });
+    async acquireTokenByCode(request) {
+        return this.publicApp.acquireTokenByCode(request);
     }
     doGetToken(scopes, options) {
         return new Promise((resolve, reject) => {
             const socketToDestroy = [];
             const requestListener = (req, res) => {
+                var _a;
                 if (!req.url) {
                     reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
                     return;
@@ -56,7 +56,9 @@ export class MsalOpenBrowser extends MsalNode {
                 const tokenRequest = {
                     code: url.searchParams.get("code"),
                     redirectUri: this.redirectUri,
-                    scopes: scopes
+                    scopes: scopes,
+                    authority: options === null || options === void 0 ? void 0 : options.authority,
+                    codeVerifier: (_a = this.pkceCodes) === null || _a === void 0 ? void 0 : _a.verifier
                 };
                 this.acquireTokenByCode(tokenRequest)
                     .then((authResponse) => {
@@ -94,13 +96,8 @@ export class MsalOpenBrowser extends MsalNode {
                 });
             };
             const app = http.createServer(requestListener);
-            const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
-            app.on("connection", (socket) => socketToDestroy.push(socket));
             const server = stoppable(app);
-            this.openAuthCodeUrl(scopes).catch((e) => {
-                cleanup();
-                reject(e);
-            });
+            const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
             function cleanup() {
                 if (listen) {
                     listen.close();
@@ -113,29 +110,43 @@ export class MsalOpenBrowser extends MsalNode {
                     server.stop();
                 }
             }
-            const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
-            if (abortSignal) {
-                abortSignal.addEventListener("abort", () => {
+            app.on("connection", (socket) => socketToDestroy.push(socket));
+            app.on("listening", () => {
+                const openPromise = this.openAuthCodeUrl(scopes, options);
+                const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
+                if (abortSignal) {
+                    abortSignal.addEventListener("abort", () => {
+                        cleanup();
+                        reject(new Error("Aborted"));
+                    });
+                }
+                openPromise.then().catch((e) => {
                     cleanup();
-                    reject(new Error("Aborted"));
+                    reject(e);
                 });
-            }
+            });
         });
     }
-    openAuthCodeUrl(scopeArray) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const authCodeUrlParameters = {
-                scopes: scopeArray,
-                redirectUri: this.redirectUri
-            };
-            const response = yield this.publicApp.getAuthCodeUrl(authCodeUrlParameters);
-            try {
-                yield interactiveBrowserMockable.open(response, { wait: true });
-            }
-            catch (e) {
-                throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);
-            }
-        });
+    async openAuthCodeUrl(scopeArray, options) {
+        // Initialize CryptoProvider instance
+        const cryptoProvider = new msalNode.CryptoProvider();
+        // Generate PKCE Codes before starting the authorization flow
+        this.pkceCodes = await cryptoProvider.generatePkceCodes();
+        const authCodeUrlParameters = {
+            scopes: scopeArray,
+            redirectUri: this.redirectUri,
+            authority: options === null || options === void 0 ? void 0 : options.authority,
+            loginHint: this.loginHint,
+            codeChallenge: this.pkceCodes.challenge,
+            codeChallengeMethod: "S256" // Use SHA256 Algorithm
+        };
+        const response = await this.publicApp.getAuthCodeUrl(authCodeUrlParameters);
+        try {
+            await interactiveBrowserMockable.open(response, { wait: true });
+        }
+        catch (e) {
+            throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);
+        }
     }
 }
 //# sourceMappingURL=msalOpenBrowser.js.map

package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAUjE;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAK3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QAEvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEa,kBAAkB,CAC9B,OAA0C;;YAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAES,UAAU,CAAC,MAAgB,EAAE,OAAyB;QAC9D,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;iBACf,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACvC,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;YACzC,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC/B,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAqC;gBAC9D,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAE7E,IAAI;gBACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;aACjE;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aAC9F;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-http\";\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialUnavailableError } from \"../../client/errors\";\n\n/*\n Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n /\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n}\n\n/\n A call to open(), but mockable\n * @internal\n /\nexport const interactiveBrowserMockable = {\n open\n};\n\n/\n This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"NodeJS MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult \| null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopes).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}
1	+ {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAK7C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAYjE;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA0C;QAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOO,KAAK,CAAC,eAAe,CAC3B,UAAoB,EACpB,OAAuC;QAEvC,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QACrD,6DAA6D;QAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;QAE1D,MAAM,qBAAqB,GAAqC;YAC9D,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACvC,mBAAmB,EAAE,MAAM,CAAC,uBAAuB;SACpD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QAE7E,IAAI;YACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;SACjE;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SAC9F;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialUnavailableError } from \"../../client/errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/*\n Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n /\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/\n A call to open(), but mockable\n * @internal\n /\nexport const interactiveBrowserMockable = {\n open\n};\n\n/\n This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult \| null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\" // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js CHANGED Viewed

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalNode } from "./nodeCommon";
 /**
  * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.
@@ -12,22 +11,21 @@ export class MsalUsernamePassword extends MsalNode {
         this.username = options.username;
         this.password = options.password;
     }
-    doGetToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const requestOptions = {
-                    scopes,
-                    username: this.username,
-                    password: this.password,
-                    correlationId: options === null || options === void 0 ? void 0 : options.correlationId
-                };
-                const result = yield this.publicApp.acquireTokenByUsernamePassword(requestOptions);
-                return this.handleResult(scopes, this.clientId, result || undefined);
-            }
-            catch (error) {
-                throw this.handleError(scopes, error, options);
-            }
-        });
+    async doGetToken(scopes, options) {
+        try {
+            const requestOptions = {
+                scopes,
+                username: this.username,
+                password: this.password,
+                correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
+                authority: options === null || options === void 0 ? void 0 : options.authority
+            };
+            const result = await this.publicApp.acquireTokenByUsernamePassword(requestOptions);
+            return this.handleResult(scopes, this.clientId, result || undefined);
+        }
+        catch (error) {
+            throw this.handleError(scopes, error, options);
+        }
     }
 }
 //# sourceMappingURL=msalUsernamePassword.js.map