@azure/identity 2.0.0-beta.2 → 2.0.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (157) hide show
  1. package/CHANGELOG.md +127 -8
  2. package/README.md +88 -45
  3. package/dist/index.js +2237 -1675
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/errors.js +1 -1
  6. package/dist-esm/src/client/errors.js.map +1 -1
  7. package/dist-esm/src/client/identityClient.js +146 -132
  8. package/dist-esm/src/client/identityClient.js.map +1 -1
  9. package/dist-esm/src/constants.js +1 -1
  10. package/dist-esm/src/constants.js.map +1 -1
  11. package/dist-esm/src/credentials/applicationCredential.browser.js +29 -0
  12. package/dist-esm/src/credentials/applicationCredential.browser.js.map +1 -0
  13. package/dist-esm/src/credentials/applicationCredential.js +34 -0
  14. package/dist-esm/src/credentials/applicationCredential.js.map +1 -0
  15. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  16. package/dist-esm/src/credentials/authorizationCodeCredential.js +13 -76
  17. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  18. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  19. package/dist-esm/src/credentials/azureCliCredential.js +104 -81
  20. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/azureCliCredentialOptions.js +4 -0
  22. package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -0
  23. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js +20 -0
  24. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map +1 -0
  25. package/dist-esm/src/credentials/azurePowerShellCredential.js +173 -0
  26. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -0
  27. package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js +4 -0
  28. package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +1 -0
  29. package/dist-esm/src/credentials/chainedTokenCredential.js +37 -34
  30. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  31. package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +1 -1
  32. package/dist-esm/src/credentials/clientCertificateCredential.js +9 -11
  33. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  34. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  35. package/dist-esm/src/credentials/clientSecretCredential.browser.js +87 -0
  36. package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -0
  37. package/dist-esm/src/credentials/clientSecretCredential.js +9 -11
  38. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  39. package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  40. package/dist-esm/src/credentials/credentialPersistenceOptions.js +4 -0
  41. package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -0
  42. package/dist-esm/src/credentials/defaultAzureCredential.browser.js +1 -1
  43. package/dist-esm/src/credentials/defaultAzureCredential.browser.js.map +1 -1
  44. package/dist-esm/src/credentials/defaultAzureCredential.js +38 -19
  45. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  46. package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +1 -1
  47. package/dist-esm/src/credentials/deviceCodeCredential.js +13 -22
  48. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  49. package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +1 -1
  50. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  51. package/dist-esm/src/credentials/environmentCredential.js +47 -30
  52. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  53. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +14 -23
  54. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  55. package/dist-esm/src/credentials/interactiveBrowserCredential.js +20 -26
  56. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  57. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  58. package/dist-esm/src/credentials/interactiveCredentialOptions.js.map +1 -1
  59. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +36 -18
  60. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  61. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +61 -42
  62. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  63. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +33 -18
  64. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
  65. package/dist-esm/src/credentials/managedIdentityCredential/constants.js +2 -1
  66. package/dist-esm/src/credentials/managedIdentityCredential/constants.js.map +1 -1
  67. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +42 -23
  68. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  69. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +108 -73
  70. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  71. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js +3 -6
  72. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js.map +1 -1
  73. package/dist-esm/src/credentials/managedIdentityCredential/index.js +119 -124
  74. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  75. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  76. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +82 -0
  77. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
  78. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +14 -8
  79. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  80. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js +17 -0
  81. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js.map +1 -0
  82. package/dist-esm/src/credentials/onBehalfOfCredential.js +62 -0
  83. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -0
  84. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js +4 -0
  85. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -0
  86. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +87 -0
  87. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -0
  88. package/dist-esm/src/credentials/usernamePasswordCredential.js +9 -33
  89. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  90. package/dist-esm/src/credentials/usernamePasswordCredentialOptions.js.map +1 -1
  91. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js +5 -0
  92. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -1
  93. package/dist-esm/src/credentials/visualStudioCodeCredential.js +70 -68
  94. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  95. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js +4 -0
  96. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
  97. package/dist-esm/src/index.js +6 -1
  98. package/dist-esm/src/index.js.map +1 -1
  99. package/dist-esm/src/msal/browserFlows/browserCommon.js +30 -29
  100. package/dist-esm/src/msal/browserFlows/browserCommon.js.map +1 -1
  101. package/dist-esm/src/msal/browserFlows/msalAuthCode.js +103 -113
  102. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  103. package/dist-esm/src/msal/credentials.js.map +1 -1
  104. package/dist-esm/src/msal/errors.js +1 -2
  105. package/dist-esm/src/msal/errors.js.map +1 -1
  106. package/dist-esm/src/msal/flows.js.map +1 -1
  107. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +41 -0
  108. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -0
  109. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +64 -46
  110. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  111. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js +15 -16
  112. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +1 -1
  113. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js +20 -22
  114. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
  115. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js +56 -0
  116. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -0
  117. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +43 -32
  118. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  119. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js +15 -17
  120. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
  121. package/dist-esm/src/msal/nodeFlows/nodeCommon.js +133 -110
  122. package/dist-esm/src/msal/nodeFlows/nodeCommon.js.map +1 -1
  123. package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js +4 -0
  124. package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -0
  125. package/dist-esm/src/msal/utils.js +31 -22
  126. package/dist-esm/src/msal/utils.js.map +1 -1
  127. package/dist-esm/src/plugins/consumer.browser.js +7 -0
  128. package/dist-esm/src/plugins/consumer.browser.js.map +1 -0
  129. package/dist-esm/src/plugins/consumer.js +44 -0
  130. package/dist-esm/src/plugins/consumer.js.map +1 -0
  131. package/dist-esm/src/{tokenCache/types.js → plugins/provider.js} +1 -1
  132. package/dist-esm/src/plugins/provider.js.map +1 -0
  133. package/dist-esm/src/regionalAuthority.js +115 -0
  134. package/dist-esm/src/regionalAuthority.js.map +1 -0
  135. package/dist-esm/src/util/logging.js +1 -1
  136. package/dist-esm/src/util/logging.js.map +1 -1
  137. package/dist-esm/src/util/processUtils.js +32 -0
  138. package/dist-esm/src/util/processUtils.js.map +1 -0
  139. package/dist-esm/src/util/scopeUtils.js +22 -0
  140. package/dist-esm/src/util/scopeUtils.js.map +1 -0
  141. package/dist-esm/src/util/tracing.js +23 -26
  142. package/dist-esm/src/util/tracing.js.map +1 -1
  143. package/dist-esm/src/util/validateMultiTenant.js +24 -0
  144. package/dist-esm/src/util/validateMultiTenant.js.map +1 -0
  145. package/package.json +43 -41
  146. package/types/identity.d.ts +500 -131
  147. package/dist-esm/src/tokenCache/TokenCachePersistence.browser.js +0 -23
  148. package/dist-esm/src/tokenCache/TokenCachePersistence.browser.js.map +0 -1
  149. package/dist-esm/src/tokenCache/TokenCachePersistence.js +0 -51
  150. package/dist-esm/src/tokenCache/TokenCachePersistence.js.map +0 -1
  151. package/dist-esm/src/tokenCache/nodeVersion.js +0 -10
  152. package/dist-esm/src/tokenCache/nodeVersion.js.map +0 -1
  153. package/dist-esm/src/tokenCache/persistencePlatforms.js +0 -150
  154. package/dist-esm/src/tokenCache/persistencePlatforms.js.map +0 -1
  155. package/dist-esm/src/tokenCache/types.js.map +0 -1
  156. package/dist-esm/src/util/authHostEnv.js +0 -13
  157. package/dist-esm/src/util/authHostEnv.js.map +0 -1
package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAYzD;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAEe,UAAU,CACxB,MAAgB,EAChB,OAAuC;;YAEvC,IAAI;gBACF,MAAM,cAAc,GAAqC;oBACvD,MAAM;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;iBACtC,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;gBACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;aACtE;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;aAChD;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-http\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAYzD;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;YACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/nodeCommon.js CHANGED
@@ -1,15 +1,29 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { __awaiter } from "tslib";
4
3
  import * as msalNode from "@azure/msal-node";
5
4
  import { DeveloperSignOnClientId } from "../../constants";
6
5
  import { IdentityClient } from "../../client/identityClient";
7
- import { TokenCachePersistence } from "../../tokenCache/TokenCachePersistence";
8
6
  import { resolveTenantId } from "../../util/resolveTenantId";
9
7
  import { AuthenticationRequiredError } from "../errors";
10
- import { defaultLoggerCallback, getAuthorityHost, getKnownAuthorities, MsalBaseUtilities, msalToPublic, publicToMsal } from "../utils";
8
+ import { defaultLoggerCallback, getAuthority, getKnownAuthorities, MsalBaseUtilities, msalToPublic, publicToMsal } from "../utils";
9
+ import { RegionalAuthority } from "../../regionalAuthority";
10
+ import { processMultiTenantRequest } from "../../util/validateMultiTenant";
11
11
  /**
12
- * MSAL partial base client for NodeJS.
12
+ * The current persistence provider, undefined by default.
13
+ * @internal
14
+ */
15
+ let persistenceProvider = undefined;
16
+ /**
17
+ * An object that allows setting the persistence provider.
18
+ * @internal
19
+ */
20
+ export const msalNodeFlowCacheControl = {
21
+ setPersistence(pluginProvider) {
22
+ persistenceProvider = pluginProvider;
23
+ }
24
+ };
25
+ /**
26
+ * MSAL partial base client for Node.js.
13
27
  *
14
28
  * It completes the input configuration with some default values.
15
29
  * It also provides with utility protected methods that can be used from any of the clients,
@@ -19,27 +33,49 @@ import { defaultLoggerCallback, getAuthorityHost, getKnownAuthorities, MsalBaseU
19
33
  */
20
34
  export class MsalNode extends MsalBaseUtilities {
21
35
  constructor(options) {
36
+ var _a, _b, _c;
22
37
  super(options);
23
38
  this.requiresConfidential = false;
24
39
  this.msalConfig = this.defaultNodeMsalConfig(options);
40
+ this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
41
+ this.allowMultiTenantAuthentication = options === null || options === void 0 ? void 0 : options.allowMultiTenantAuthentication;
25
42
  this.clientId = this.msalConfig.auth.clientId;
26
- if (options.tokenCachePersistenceOptions) {
27
- this.tokenCache = new TokenCachePersistence(options.tokenCachePersistenceOptions);
43
+ // If persistence has been configured
44
+ if (persistenceProvider !== undefined && ((_a = options.tokenCachePersistenceOptions) === null || _a === void 0 ? void 0 : _a.enabled)) {
45
+ this.createCachePlugin = () => persistenceProvider(options.tokenCachePersistenceOptions);
46
+ }
47
+ else if ((_b = options.tokenCachePersistenceOptions) === null || _b === void 0 ? void 0 : _b.enabled) {
48
+ throw new Error([
49
+ "Persistent token caching was requested, but no persistence provider was configured.",
50
+ "You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
51
+ "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
52
+ "`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`."
53
+ ].join(" "));
54
+ }
55
+ this.azureRegion = (_c = options.regionalAuthority) !== null && _c !== void 0 ? _c : process.env.AZURE_REGIONAL_AUTHORITY_NAME;
56
+ if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {
57
+ this.azureRegion = "AUTO_DISCOVER";
28
58
  }
29
59
  }
30
60
  /**
31
- * Generates a MSAL configuration that generally works for NodeJS
61
+ * Generates a MSAL configuration that generally works for Node.js
32
62
  */
33
63
  defaultNodeMsalConfig(options) {
34
64
  const clientId = options.clientId || DeveloperSignOnClientId;
35
65
  const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
36
- const authorityHost = getAuthorityHost(tenantId, options.authorityHost);
37
- this.identityClient = new IdentityClient(Object.assign(Object.assign({}, options.tokenCredentialOptions), { authorityHost }));
66
+ this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;
67
+ const authority = getAuthority(tenantId, this.authorityHost);
68
+ this.identityClient = new IdentityClient(Object.assign(Object.assign({}, options.tokenCredentialOptions), { authorityHost: authority }));
69
+ let clientCapabilities = ["CP1"];
70
+ if (process.env.AZURE_IDENTITY_DISABLE_CP1) {
71
+ clientCapabilities = [];
72
+ }
38
73
  return {
39
74
  auth: {
40
75
  clientId,
41
- authority: authorityHost,
42
- knownAuthorities: getKnownAuthorities(tenantId, authorityHost)
76
+ authority,
77
+ knownAuthorities: getKnownAuthorities(tenantId, authority),
78
+ clientCapabilities
43
79
  },
44
80
  // Cache is defined in this.prepare();
45
81
  system: {
@@ -53,36 +89,34 @@ export class MsalNode extends MsalBaseUtilities {
53
89
  /**
54
90
  * Prepares the MSAL applications.
55
91
  */
56
- init(options) {
57
- return __awaiter(this, void 0, void 0, function* () {
58
- if (options === null || options === void 0 ? void 0 : options.abortSignal) {
59
- options.abortSignal.addEventListener("abort", () => {
60
- // This will abort any pending request in the IdentityClient,
61
- // based on the received or generated correlationId
62
- this.identityClient.abortRequests(options.correlationId);
63
- });
64
- }
65
- if (this.publicApp || this.confidentialApp) {
66
- return;
67
- }
68
- if (this.tokenCache) {
69
- this.msalConfig.cache = {
70
- cachePlugin: yield this.tokenCache.register()
71
- };
72
- }
73
- this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);
74
- // The confidential client requires either a secret, assertion or certificate.
75
- if (this.msalConfig.auth.clientSecret ||
76
- this.msalConfig.auth.clientAssertion ||
77
- this.msalConfig.auth.clientCertificate) {
78
- this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);
79
- }
80
- else {
81
- if (this.requiresConfidential) {
82
- throw new Error("Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.");
83
- }
92
+ async init(options) {
93
+ if (options === null || options === void 0 ? void 0 : options.abortSignal) {
94
+ options.abortSignal.addEventListener("abort", () => {
95
+ // This will abort any pending request in the IdentityClient,
96
+ // based on the received or generated correlationId
97
+ this.identityClient.abortRequests(options.correlationId);
98
+ });
99
+ }
100
+ if (this.publicApp || this.confidentialApp) {
101
+ return;
102
+ }
103
+ if (this.createCachePlugin !== undefined) {
104
+ this.msalConfig.cache = {
105
+ cachePlugin: await this.createCachePlugin()
106
+ };
107
+ }
108
+ this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);
109
+ // The confidential client requires either a secret, assertion or certificate.
110
+ if (this.msalConfig.auth.clientSecret ||
111
+ this.msalConfig.auth.clientAssertion ||
112
+ this.msalConfig.auth.clientCertificate) {
113
+ this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);
114
+ }
115
+ else {
116
+ if (this.requiresConfidential) {
117
+ throw new Error("Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.");
84
118
  }
85
- });
119
+ }
86
120
  }
87
121
  /**
88
122
  * Allows the cancellation of a MSAL request.
@@ -104,89 +138,78 @@ export class MsalNode extends MsalBaseUtilities {
104
138
  /**
105
139
  * Returns the existing account, attempts to load the account from MSAL.
106
140
  */
107
- getActiveAccount() {
108
- var _a;
109
- return __awaiter(this, void 0, void 0, function* () {
110
- if (this.account) {
111
- return this.account;
112
- }
113
- const cache = (_a = this.publicApp) === null || _a === void 0 ? void 0 : _a.getTokenCache();
114
- const accountsByTenant = yield (cache === null || cache === void 0 ? void 0 : cache.getAllAccounts());
115
- if (!accountsByTenant) {
116
- return;
117
- }
118
- if (accountsByTenant.length === 1) {
119
- this.account = msalToPublic(this.clientId, accountsByTenant[0]);
120
- }
121
- else {
122
- this.logger
123
- .info(`More than one account was found authenticated for this Client ID and Tenant ID.
141
+ async getActiveAccount() {
142
+ var _a, _b, _c;
143
+ if (this.account) {
144
+ return this.account;
145
+ }
146
+ const cache = (_b = (_a = this.confidentialApp) === null || _a === void 0 ? void 0 : _a.getTokenCache()) !== null && _b !== void 0 ? _b : (_c = this.publicApp) === null || _c === void 0 ? void 0 : _c.getTokenCache();
147
+ const accountsByTenant = await (cache === null || cache === void 0 ? void 0 : cache.getAllAccounts());
148
+ if (!accountsByTenant) {
149
+ return;
150
+ }
151
+ if (accountsByTenant.length === 1) {
152
+ this.account = msalToPublic(this.clientId, accountsByTenant[0]);
153
+ }
154
+ else {
155
+ this.logger
156
+ .info(`More than one account was found authenticated for this Client ID and Tenant ID.
124
157
  However, no "authenticationRecord" has been provided for this credential,
125
158
  therefore we're unable to pick between these accounts.
126
159
  A new login attempt will be requested, to ensure the correct account is picked.
127
160
  To work with multiple accounts for the same Client ID and Tenant ID, please provide an "authenticationRecord" when initializing a credential to prevent this from happening.`);
128
- return;
129
- }
130
- return this.account;
131
- });
132
- }
133
- /**
134
- * Clears MSAL's cache.
135
- */
136
- logout() {
137
- var _a;
138
- return __awaiter(this, void 0, void 0, function* () {
139
- const cache = yield ((_a = this.publicApp) === null || _a === void 0 ? void 0 : _a.getTokenCache());
140
- if (!this.account || !cache) {
141
- return;
142
- }
143
- cache.removeAccount(publicToMsal(this.account));
144
- });
161
+ return;
162
+ }
163
+ return this.account;
145
164
  }
146
165
  /**
147
166
  * Attempts to retrieve a token from cache.
148
167
  */
149
- getTokenSilent(scopes, options) {
150
- return __awaiter(this, void 0, void 0, function* () {
151
- yield this.getActiveAccount();
152
- if (!this.account) {
153
- throw new AuthenticationRequiredError(scopes, options);
154
- }
155
- const silentRequest = {
156
- // To be able to re-use the account, the Token Cache must also have been provided.
157
- account: publicToMsal(this.account),
158
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
159
- scopes
160
- };
161
- try {
162
- this.logger.info("Attempting to acquire token silently");
163
- const response = yield this.publicApp.acquireTokenSilent(silentRequest);
164
- return this.handleResult(scopes, this.clientId, response || undefined);
165
- }
166
- catch (err) {
167
- throw this.handleError(scopes, err, options);
168
- }
169
- });
168
+ async getTokenSilent(scopes, options) {
169
+ var _a, _b;
170
+ await this.getActiveAccount();
171
+ if (!this.account) {
172
+ throw new AuthenticationRequiredError(scopes, options);
173
+ }
174
+ const silentRequest = {
175
+ // To be able to re-use the account, the Token Cache must also have been provided.
176
+ account: publicToMsal(this.account),
177
+ correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
178
+ scopes,
179
+ authority: options === null || options === void 0 ? void 0 : options.authority
180
+ };
181
+ try {
182
+ this.logger.info("Attempting to acquire token silently");
183
+ const response = (_b = (await ((_a = this.confidentialApp) === null || _a === void 0 ? void 0 : _a.acquireTokenSilent(silentRequest)))) !== null && _b !== void 0 ? _b : (await this.publicApp.acquireTokenSilent(silentRequest));
184
+ return this.handleResult(scopes, this.clientId, response || undefined);
185
+ }
186
+ catch (err) {
187
+ throw this.handleError(scopes, err, options);
188
+ }
170
189
  }
171
190
  /**
172
191
  * Wrapper around each MSAL flow get token operation: doGetToken.
173
192
  * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.
174
193
  */
175
- getToken(scopes, options = {}) {
176
- return __awaiter(this, void 0, void 0, function* () {
177
- options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
178
- yield this.init(options);
179
- return this.getTokenSilent(scopes, options).catch((err) => {
180
- if (err.name !== "AuthenticationRequiredError") {
181
- throw err;
182
- }
183
- if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
184
- throw new AuthenticationRequiredError(scopes, options, "Automatic authentication has been disabled. You may call the authentication() method.");
185
- }
186
- this.logger.info(`Silent authentication failed, falling back to interactive method.`);
187
- return this.doGetToken(scopes, options);
188
- });
189
- });
194
+ async getToken(scopes, options = {}) {
195
+ const tenantId = processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||
196
+ this.tenantId;
197
+ options.authority = getAuthority(tenantId, this.authorityHost);
198
+ options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
199
+ await this.init(options);
200
+ try {
201
+ return await this.getTokenSilent(scopes, options);
202
+ }
203
+ catch (err) {
204
+ if (err.name !== "AuthenticationRequiredError") {
205
+ throw err;
206
+ }
207
+ if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
208
+ throw new AuthenticationRequiredError(scopes, options, "Automatic authentication has been disabled. You may call the authentication() method.");
209
+ }
210
+ this.logger.info(`Silent authentication failed, falling back to interactive method.`);
211
+ return this.doGetToken(scopes, options);
212
+ }
190
213
  }
191
214
  }
192
215
  //# sourceMappingURL=nodeCommon.js.map
package/dist-esm/src/msal/nodeFlows/nodeCommon.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"nodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/nodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAI7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAA0B,MAAM,6BAA6B,CAAC;AAErF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAI7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AAExD,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACb,MAAM,UAAU,CAAC;AAWlB;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAStD,YAAY,OAAwB;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHP,yBAAoB,GAAY,KAAK,CAAC;QAI9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAE9C,IAAI,OAAO,CAAC,4BAA4B,EAAE;YACxC,IAAI,CAAC,UAAU,GAAG,IAAI,qBAAqB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SACnF;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACrF,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,IACb,CAAC;QACH,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS,EAAE,aAAa;gBACxB,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,aAAa,CAAC;aAC/D;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACG,IAAI,CAAC,OAAuC;;YAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,6DAA6D;oBAC7D,mDAAmD;oBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;aACJ;YAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;gBAC1C,OAAO;aACR;YAED,IAAI,IAAI,CAAC,UAAU,EAAE;gBACnB,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;oBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE;iBAC9C,CAAC;aACH;YAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvE,8EAA8E;YAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;gBACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;gBACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;gBACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACpF;iBAAM;gBACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;oBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;iBACH;aACF;QACH,CAAC;KAAA;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACG,gBAAgB;;;YACpB,IAAI,IAAI,CAAC,OAAO,EAAE;gBAChB,OAAO,IAAI,CAAC,OAAO,CAAC;aACrB;YACD,MAAM,KAAK,GAAG,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;YAC9C,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;YAEvD,IAAI,CAAC,gBAAgB,EAAE;gBACrB,OAAO;aACR;YAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;gBACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;aACjE;iBAAM;gBACL,IAAI,CAAC,MAAM;qBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;gBACzK,OAAO;aACR;YAED,OAAO,IAAI,CAAC,OAAO,CAAC;;KACrB;IAED;;OAEG;IACG,MAAM;;;YACV,MAAM,KAAK,GAAG,MAAM,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAA,CAAC;YACpD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,EAAE;gBAC3B,OAAO;aACR;YACD,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;;KACjD;IAED;;OAEG;IACG,cAAc,CAClB,MAAgB,EAChB,OAAuC;;YAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;gBACjB,MAAM,IAAI,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;aACxD;YAED,MAAM,aAAa,GAA+B;gBAChD,kFAAkF;gBAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;gBACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,MAAM;aACP,CAAC;YAEF,IAAI;gBACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBACzE,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;aAC9C;QACH,CAAC;KAAA;IAOD;;;OAGG;IACU,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;;YAE3C,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxD,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;oBAC9C,MAAM,GAAG,CAAC;iBACX;gBACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;oBAC3C,MAAM,IAAI,2BAA2B,CACnC,MAAM,EACN,OAAO,EACP,uFAAuF,CACxF,CAAC;iBACH;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;gBACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-http\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { TokenCachePersistenceOptions } from \"../../tokenCache/persistencePlatforms\";\nimport { TokenCachePersistence } from \"../../tokenCache/TokenCachePersistence\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { TokenCache } from \"../../tokenCache/types\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRequiredError } from \"../errors\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n defaultLoggerCallback,\n getAuthorityHost,\n getKnownAuthorities,\n MsalBaseUtilities,\n msalToPublic,\n publicToMsal\n} from \"../utils\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n}\n\n/**\n * MSAL partial base client for NodeJS.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tokenCache: TokenCache | undefined;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.clientId = this.msalConfig.auth.clientId;\n\n if (options.tokenCachePersistenceOptions) {\n this.tokenCache = new TokenCachePersistence(options.tokenCachePersistenceOptions);\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for NodeJS\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n const authorityHost = getAuthorityHost(tenantId, options.authorityHost);\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost\n });\n return {\n auth: {\n clientId,\n authority: authorityHost,\n knownAuthorities: getKnownAuthorities(tenantId, authorityHost)\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger)\n }\n }\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.tokenCache) {\n this.msalConfig.cache = {\n cachePlugin: await this.tokenCache.register()\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Clears MSAL's cache.\n */\n async logout(): Promise<void> {\n const cache = await this.publicApp?.getTokenCache();\n if (!this.account || !cache) {\n return;\n }\n cache.removeAccount(publicToMsal(this.account));\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError(scopes, options);\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response = await this.publicApp!.acquireTokenSilent(silentRequest);\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n return this.getTokenSilent(scopes, options).catch((err) => {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError(\n scopes,\n options,\n \"Automatic authentication has been disabled. You may call the authentication() method.\"\n );\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n });\n }\n}\n"]}
1
+ {"version":3,"file":"nodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/nodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAM7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAA0B,MAAM,6BAA6B,CAAC;AACrF,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAG7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AAExD,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAkB3E;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAatD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QALP,yBAAoB,GAAY,KAAK,CAAC;QAM9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;QAC9E,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAE9C,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,IACxB,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;SACJ;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;SACR;QAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;SACH;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;YACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACpF;aAAM;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;gBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;aACH;SACF;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;QACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;SACR;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;SACjE;aAAM;YACL,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;SACR;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACxD;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;SAC9B,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;SACxE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,8BAA8B,EAAE,OAAO,CAAC;YACtF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;YACF,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CACnC,MAAM,EACN,OAAO,EACP,uFAAuF,CACxF,CAAC;aACH;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACzC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\n\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRequiredError } from \"../errors\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n MsalBaseUtilities,\n msalToPublic,\n publicToMsal\n} from \"../utils\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { processMultiTenantRequest } from \"../../util/validateMultiTenant\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n allowMultiTenantAuthentication?: boolean;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n persistenceProvider = pluginProvider;\n }\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected allowMultiTenantAuthentication?: boolean;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.allowMultiTenantAuthentication = options?.allowMultiTenantAuthentication;\n this.clientId = this.msalConfig.auth.clientId;\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\"\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority\n });\n\n let clientCapabilities: string[] = [\"CP1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger)\n }\n }\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin()\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError(scopes, options);\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||\n this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n return await this.getTokenSilent(scopes, options);\n } catch (err) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError(\n scopes,\n options,\n \"Automatic authentication has been disabled. You may call the authentication() method.\"\n );\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js ADDED
@@ -0,0 +1,4 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ export {};
4
+ //# sourceMappingURL=tokenCachePersistenceOptions.js.map
package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"tokenCachePersistenceOptions.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/tokenCachePersistenceOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * Parameters that enable token cache persistence in the Identity credentials.\n */\nexport interface TokenCachePersistenceOptions {\n /**\n * If set to true, persistent token caching will be enabled for this credential instance.\n */\n enabled: boolean;\n /**\n * Unique identifier for the persistent token cache.\n *\n * Based on this identifier, the persistence file will be located in any of the following places:\n * - Darwin: '/Users/user/.IdentityService/<name>'\n * - Windows 8+: 'C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\.IdentityService\\\\<name>'\n * - Linux: '/home/user/.IdentityService/<name>'\n */\n name?: string;\n /**\n * If set to true, the cache will be stored without encryption if no OS level user encryption is available.\n * When set to false, the PersistentTokenCache will throw an error if no OS level user encryption is available.\n */\n unsafeAllowUnencryptedStorage?: boolean;\n}\n"]}
package/dist-esm/src/msal/utils.js CHANGED
@@ -1,7 +1,8 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import * as msalNode from "@azure/msal-node";
4
3
  import * as msalCommon from "@azure/msal-common";
4
+ import { isNode } from "@azure/core-util";
5
+ import { AbortError } from "@azure/abort-controller";
5
6
  import { v4 as uuidv4 } from "uuid";
6
7
  import { formatError, formatSuccess } from "../util/logging";
7
8
  import { CredentialUnavailableError } from "../client/errors";
@@ -32,10 +33,13 @@ export function ensureValidMsalToken(scopes, logger, msalToken, getTokenOptions)
32
33
  }
33
34
  }
34
35
  /**
35
- * Generates a valid authorityHost by combining a host with a tenantId.
36
+ * Generates a valid authority by combining a host with a tenantId.
36
37
  * @internal
37
38
  */
38
- export function getAuthorityHost(tenantId, host = DefaultAuthorityHost) {
39
+ export function getAuthority(tenantId, host) {
40
+ if (!host) {
41
+ host = DefaultAuthorityHost;
42
+ }
39
43
  if (host.endsWith("/")) {
40
44
  return host + tenantId;
41
45
  }
@@ -45,8 +49,9 @@ export function getAuthorityHost(tenantId, host = DefaultAuthorityHost) {
45
49
  }
46
50
  /**
47
51
  * Generates the known authorities.
48
- * If the tenantId is "adfs", we will return an array with the authorityHost as the only known authority.
49
- * Otherwise, it is safe to return an empty array.
52
+ * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.
53
+ * For that reason, we have to force MSAL to disable validating the authority
54
+ * by sending it within the known authorities in the MSAL configuration.
50
55
  * @internal
51
56
  */
52
57
  export function getKnownAuthorities(tenantId, authorityHost) {
@@ -60,22 +65,22 @@ export function getKnownAuthorities(tenantId, authorityHost) {
60
65
  * @param logger - The logger of the credential.
61
66
  * @internal
62
67
  */
63
- export const defaultLoggerCallback = (logger) => (level, message, containsPii) => {
68
+ export const defaultLoggerCallback = (logger, platform = isNode ? "Node" : "Browser") => (level, message, containsPii) => {
64
69
  if (containsPii) {
65
70
  return;
66
71
  }
67
72
  switch (level) {
68
- case msalNode.LogLevel.Error:
69
- logger.info(`MSAL Browser V2 error: ${message}`);
73
+ case msalCommon.LogLevel.Error:
74
+ logger.info(`MSAL ${platform} V2 error: ${message}`);
70
75
  return;
71
- case msalNode.LogLevel.Info:
72
- logger.info(`MSAL Browser V2 info message: ${message}`);
76
+ case msalCommon.LogLevel.Info:
77
+ logger.info(`MSAL ${platform} V2 info message: ${message}`);
73
78
  return;
74
- case msalNode.LogLevel.Verbose:
75
- logger.info(`MSAL Browser V2 verbose message: ${message}`);
79
+ case msalCommon.LogLevel.Verbose:
80
+ logger.info(`MSAL ${platform} V2 verbose message: ${message}`);
76
81
  return;
77
- case msalNode.LogLevel.Warning:
78
- logger.info(`MSAL Browser V2 warning: ${message}`);
82
+ case msalCommon.LogLevel.Warning:
83
+ logger.info(`MSAL ${platform} V2 warning: ${message}`);
79
84
  return;
80
85
  }
81
86
  };
@@ -118,25 +123,29 @@ export class MsalBaseUtilities {
118
123
  * Handles MSAL errors.
119
124
  */
120
125
  handleError(scopes, error, getTokenOptions) {
121
- if (error instanceof msalCommon.AuthError) {
122
- switch (error.errorCode) {
126
+ if (error.name === "AuthError" ||
127
+ error.name === "ClientAuthError" ||
128
+ error.name === "BrowserAuthError") {
129
+ const msalError = error;
130
+ switch (msalError.errorCode) {
123
131
  case "endpoints_resolution_error":
124
132
  this.logger.info(formatError(scopes, error.message));
125
133
  return new CredentialUnavailableError(error.message);
134
+ case "device_code_polling_cancelled":
135
+ return new AbortError("The authentication has been aborted by the caller.");
126
136
  case "consent_required":
127
137
  case "interaction_required":
128
138
  case "login_required":
129
- this.logger.info(formatError(scopes, `Authentication returned errorCode ${error.errorCode}`));
139
+ this.logger.info(formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`));
130
140
  break;
131
141
  default:
132
142
  this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));
133
143
  break;
134
144
  }
135
145
  }
136
- if (error instanceof msalCommon.ClientConfigurationError) {
137
- return error;
138
- }
139
- if (error.name === "AbortError") {
146
+ if (error.name === "ClientConfigurationError" ||
147
+ error.name === "BrowserConfigurationAuthError" ||
148
+ error.name === "AbortError") {
140
149
  return error;
141
150
  }
142
151
  return new AuthenticationRequiredError(scopes, getTokenOptions, error.message);
@@ -149,7 +158,7 @@ export function publicToMsal(account) {
149
158
  }
150
159
  export function msalToPublic(clientId, account) {
151
160
  const record = {
152
- authority: getAuthorityHost(account.tenantId, account.environment),
161
+ authority: getAuthority(account.tenantId, account.environment),
153
162
  homeAccountId: account.homeAccountId,
154
163
  tenantId: account.tenantId || DefaultTenantId,
155
164
  username: account.username,
package/dist-esm/src/msal/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,2BAA2B,EAAE,MAAM,UAAU,CAAC;AAGvD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CACpC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EACzC,eAAe,EACf,OAAO,CACR,CAAC;IACJ,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB,EAAE,OAAe,oBAAoB;IACpF,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6D,CAC7F,MAAwB,EACxB,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACzC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,QAAQ,CAAC,QAAQ,CAAC,KAAK;YAC1B,MAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACjD,OAAO;QACT,KAAK,QAAQ,CAAC,QAAQ,CAAC,IAAI;YACzB,MAAM,CAAC,IAAI,CAAC,iCAAiC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO;QACT,KAAK,QAAQ,CAAC,QAAQ,CAAC,OAAO;YAC5B,MAAM,CAAC,IAAI,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;QACT,KAAK,QAAQ,CAAC,QAAQ,CAAC,OAAO;YAC5B,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO;KACV;AACH,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IAAI,KAAK,YAAY,UAAU,CAAC,SAAS,EAAE;YACzC,QAAQ,KAAK,CAAC,SAAS,EAAE;gBACvB,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,KAAK,CAAC,SAAS,EAAE,CAAC,CAC5E,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IAAI,KAAK,YAAY,UAAU,CAAC,wBAAwB,EAAE;YACxD,OAAO,KAAK,CAAC;SACd;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE;YAC/B,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACjF,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,gBAAgB,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAClE,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-http\";\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { AuthenticationRequiredError } from \"./errors\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError(\n Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message\n );\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authorityHost by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthorityHost(tenantId: string, host: string = DefaultAuthorityHost): string {\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the tenantId is \"adfs\", we will return an array with the authorityHost as the only known authority.\n * Otherwise, it is safe to return an empty array.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (logger: CredentialLogger) => msalCommon.ILoggerCallback = (\n logger: CredentialLogger\n) => (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalNode.LogLevel.Error:\n logger.info(`MSAL Browser V2 error: ${message}`);\n return;\n case msalNode.LogLevel.Info:\n logger.info(`MSAL Browser V2 info message: ${message}`);\n return;\n case msalNode.LogLevel.Verbose:\n logger.info(`MSAL Browser V2 verbose message: ${message}`);\n return;\n case msalNode.LogLevel.Warning:\n logger.info(`MSAL Browser V2 warning: ${message}`);\n return;\n }\n};\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime()\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (error instanceof msalCommon.AuthError) {\n switch (error.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${error.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (error instanceof msalCommon.ClientConfigurationError) {\n return error;\n }\n if (error.name === \"AbortError\") {\n return error;\n }\n return new AuthenticationRequiredError(scopes, getTokenOptions, error.message);\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthorityHost(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
1
+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,2BAA2B,EAAE,MAAM,UAAU,CAAC;AAGvD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CACpC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EACzC,eAAe,EACf,OAAO,CACR,CAAC;IACJ,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;KAC7B;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAGA,CAChC,MAAwB,EACxB,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAC1D,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACzC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO;KACV;AACH,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;YAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS,EAAE;gBAC3B,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,+BAA+B;oBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;gBAC9E,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;YAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;YACA,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACjF,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport { isNode } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortError } from \"@azure/abort-controller\";\n\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { AuthenticationRequiredError } from \"./errors\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError(\n Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message\n );\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback = (\n logger: CredentialLogger,\n platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\"\n) => (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n};\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime()\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError(scopes, getTokenOptions, error.message);\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
package/dist-esm/src/plugins/consumer.browser.js ADDED
@@ -0,0 +1,7 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ // This module is a shim for the plugin consumer in the browser
4
+ export function useIdentityPlugin(_plugin) {
5
+ throw new Error("Identity plugins are not supported in browser environments.");
6
+ }
7
+ //# sourceMappingURL=consumer.browser.js.map
package/dist-esm/src/plugins/consumer.browser.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"consumer.browser.js","sourceRoot":"","sources":["../../../src/plugins/consumer.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,+DAA+D;AAE/D,MAAM,UAAU,iBAAiB,CAAC,OAAgB;IAChD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;AACjF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n// This module is a shim for the plugin consumer in the browser\n\nexport function useIdentityPlugin(_plugin: unknown): void {\n throw new Error(\"Identity plugins are not supported in browser environments.\");\n}\n"]}