@azure/identity 2.0.0-beta.2 → 2.0.0-beta.6

package/dist-esm/src/credentials/azurePowerShellCredential.js

@@ -0,0 +1,173 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { CredentialUnavailableError } from "../client/errors";
+import { credentialLogger, formatSuccess, formatError } from "../util/logging";
+import { trace } from "../util/tracing";
+import { ensureValidScope, getScopeResource } from "../util/scopeUtils";
+import { processUtils } from "../util/processUtils";
+import { processMultiTenantRequest } from "../util/validateMultiTenant";
+import { checkTenantId } from "../util/checkTenantId";
+const logger = credentialLogger("AzurePowerShellCredential");
+const isWindows = process.platform === "win32";
+/**
+ * Returns a platform-appropriate command name by appending ".exe" on Windows.
+ *
+ * @internal
+ */
+export function formatCommand(commandName) {
+    if (isWindows) {
+        return `${commandName}.exe`;
+    }
+    else {
+        return commandName;
+    }
+}
+/**
+ * Receives a list of commands to run, executes them, then returns the outputs.
+ * If anything fails, an error is thrown.
+ * @internal
+ */
+async function runCommands(commands) {
+    const results = [];
+    for (const command of commands) {
+        const [file, ...parameters] = command;
+        const result = (await processUtils.execFile(file, parameters, { encoding: "utf8" }));
+        results.push(result);
+    }
+    return results;
+}
+/**
+ * Known PowerShell errors
+ * @internal
+ */
+export const powerShellErrors = {
+    login: "Run Connect-AzAccount to login",
+    installed: "The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory"
+};
+/**
+ * Messages to use when throwing in this credential.
+ * @internal
+ */
+export const powerShellPublicErrorMessages = {
+    login: "Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
+    installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`
+};
+// PowerShell Azure User not logged in error check.
+const isLoginError = (err) => err.message.match(`(.*)${powerShellErrors.login}(.*)`);
+// Az Module not Installed in Azure PowerShell check.
+const isNotInstalledError = (err) => err.message.match(powerShellErrors.installed);
+/**
+ * The PowerShell commands to be tried, in order.
+ *
+ * @internal
+ */
+export const commandStack = [formatCommand("pwsh")];
+if (isWindows) {
+    commandStack.push(formatCommand("powershell"));
+}
+/**
+ * This credential will use the currently logged-in user information from the
+ * Azure PowerShell module. To do so, it will read the user access token and
+ * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
+ *
+ * To be able to use this credential:
+ * - Install the Azure Az PowerShell module with:
+ *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
+ * - You have already logged in to Azure PowerShell using the command
+ * `Connect-AzAccount` from the command line.
+ */
+export class AzurePowerShellCredential {
+    /**
+     * Creates an instance of the {@link AzurePowershellCredential}.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options) {
+        this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
+        this.allowMultiTenantAuthentication = options === null || options === void 0 ? void 0 : options.allowMultiTenantAuthentication;
+    }
+    /**
+     * Gets the access token from Azure PowerShell
+     * @param resource - The resource to use when getting the token
+     */
+    async getAzurePowerShellAccessToken(resource, tenantId) {
+        // Clone the stack to avoid mutating it while iterating
+        for (const powerShellCommand of [...commandStack]) {
+            try {
+                await runCommands([[powerShellCommand, "/?"]]);
+            }
+            catch (e) {
+                // Remove this credential from the original stack so that we don't try it again.
+                commandStack.shift();
+                continue;
+            }
+            let tenantSection = "";
+            if (tenantId) {
+                tenantSection = `-TenantId "${tenantId}"`;
+            }
+            const results = await runCommands([
+                [
+                    powerShellCommand,
+                    "-Command",
+                    "Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru"
+                ],
+                [
+                    powerShellCommand,
+                    "-Command",
+                    `Get-AzAccessToken ${tenantSection} -ResourceUrl "${resource}" | ConvertTo-Json`
+                ]
+            ]);
+            const result = results[1];
+            try {
+                return JSON.parse(result);
+            }
+            catch (e) {
+                throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
+            }
+        }
+        throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system.`);
+    }
+    /**
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this TokenCredential implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        return trace(`${this.constructor.name}.getToken`, options, async () => {
+            const tenantId = processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options);
+            if (tenantId) {
+                checkTenantId(logger, tenantId);
+            }
+            const scope = typeof scopes === "string" ? scopes : scopes[0];
+            ensureValidScope(scope, logger);
+            logger.getToken.info(`Using the scope ${scope}`);
+            const resource = getScopeResource(scope);
+            try {
+                const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
+                logger.getToken.info(formatSuccess(scopes));
+                return {
+                    token: response.Token,
+                    expiresOnTimestamp: new Date(response.ExpiresOn).getTime()
+                };
+            }
+            catch (err) {
+                if (isNotInstalledError(err)) {
+                    const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
+                    logger.getToken.info(formatError(scope, error));
+                    throw error;
+                }
+                else if (isLoginError(err)) {
+                    const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
+                    logger.getToken.info(formatError(scope, error));
+                    throw error;
+                }
+                const error = new CredentialUnavailableError(err);
+                logger.getToken.info(formatError(scope, error));
+                throw error;
+            }
+        });
+    }
+}
+//# sourceMappingURL=azurePowerShellCredential.js.map

package/dist-esm/src/credentials/azurePowerShellCredential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE;QACb,OAAO,GAAG,WAAW,MAAM,CAAC;KAC7B;SAAM;QACL,OAAO,WAAW,CAAC;KACpB;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB;IAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAW,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;KACtB;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;CACxL,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAE5F,qDAAqD;AACrD,MAAM,mBAAmB,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAE1F;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;CAChD;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,yBAAyB;IAIpC;;;;OAIG;IACH,YAAY,OAA0C;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB;QAEjB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;YACjD,IAAI;gBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;aAChD;YAAC,OAAO,CAAC,EAAE;gBACV,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;aACV;YAED,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,EAAE;gBACZ,aAAa,GAAG,cAAc,QAAQ,GAAG,CAAC;aAC3C;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,UAAU;oBACV,2DAA2D;iBAC5D;gBACD;oBACE,iBAAiB;oBACjB,UAAU;oBACV,qBAAqB,aAAa,kBAAkB,QAAQ,oBAAoB;iBACjF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;aAC3B;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;aACzF;SACF;QAED,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACpE,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,8BAA8B,EACnC,OAAO,CACR,CAAC;YACF,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YAED,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC9D,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;YACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAEzC,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;iBAC3D,CAAC;aACH;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,GAAG,CAAC,CAAC;gBAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { ensureValidScope, getScopeResource } from \"../util/scopeUtils\";\nimport { processUtils } from \"../util/processUtils\";\nimport { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/**\n * Returns a platform-appropriate command name by appending \".exe\" on Windows.\n *\n * @internal\n */\nexport function formatCommand(commandName: string): string {\n  if (isWindows) {\n    return `${commandName}.exe`;\n  } else {\n    return commandName;\n  }\n}\n\n/**\n * Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n */\nasync function runCommands(commands: string[][]): Promise<string[]> {\n  const results: string[] = [];\n\n  for (const command of commands) {\n    const [file, ...parameters] = command;\n    const result = (await processUtils.execFile(file, parameters, { encoding: \"utf8\" })) as string;\n    results.push(result);\n  }\n\n  return results;\n}\n\n/**\n * Known PowerShell errors\n * @internal\n */\nexport const powerShellErrors = {\n  login: \"Run Connect-AzAccount to login\",\n  installed:\n    \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\"\n};\n\n/**\n * Messages to use when throwing in this credential.\n * @internal\n */\nexport const powerShellPublicErrorMessages = {\n  login:\n    \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n  installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError = (err: Error) => err.message.match(`(.*)${powerShellErrors.login}(.*)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError = (err: Error) => err.message.match(powerShellErrors.installed);\n\n/**\n * The PowerShell commands to be tried, in order.\n *\n * @internal\n */\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n  commandStack.push(formatCommand(\"powershell\"));\n}\n\n/**\n * This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n *\n * To be able to use this credential:\n * - Install the Azure Az PowerShell module with:\n *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n */\nexport class AzurePowerShellCredential implements TokenCredential {\n  private tenantId?: string;\n  private allowMultiTenantAuthentication?: boolean;\n\n  /**\n   * Creates an instance of the {@link AzurePowershellCredential}.\n   *\n   * @param options - Options, to optionally allow multi-tenant requests.\n   */\n  constructor(options?: AzurePowerShellCredentialOptions) {\n    this.tenantId = options?.tenantId;\n    this.allowMultiTenantAuthentication = options?.allowMultiTenantAuthentication;\n  }\n\n  /**\n   * Gets the access token from Azure PowerShell\n   * @param resource - The resource to use when getting the token\n   */\n  private async getAzurePowerShellAccessToken(\n    resource: string,\n    tenantId?: string\n  ): Promise<{ Token: string; ExpiresOn: string }> {\n    // Clone the stack to avoid mutating it while iterating\n    for (const powerShellCommand of [...commandStack]) {\n      try {\n        await runCommands([[powerShellCommand, \"/?\"]]);\n      } catch (e) {\n        // Remove this credential from the original stack so that we don't try it again.\n        commandStack.shift();\n        continue;\n      }\n\n      let tenantSection = \"\";\n      if (tenantId) {\n        tenantSection = `-TenantId \"${tenantId}\"`;\n      }\n\n      const results = await runCommands([\n        [\n          powerShellCommand,\n          \"-Command\",\n          \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\"\n        ],\n        [\n          powerShellCommand,\n          \"-Command\",\n          `Get-AzAccessToken ${tenantSection} -ResourceUrl \"${resource}\" | ConvertTo-Json`\n        ]\n      ]);\n\n      const result = results[1];\n      try {\n        return JSON.parse(result);\n      } catch (e) {\n        throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n      }\n    }\n\n    throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system.`);\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    return trace(`${this.constructor.name}.getToken`, options, async () => {\n      const tenantId = processMultiTenantRequest(\n        this.tenantId,\n        this.allowMultiTenantAuthentication,\n        options\n      );\n      if (tenantId) {\n        checkTenantId(logger, tenantId);\n      }\n\n      const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n      ensureValidScope(scope, logger);\n      logger.getToken.info(`Using the scope ${scope}`);\n      const resource = getScopeResource(scope);\n\n      try {\n        const response = await this.getAzurePowerShellAccessToken(resource, tenantId);\n        logger.getToken.info(formatSuccess(scopes));\n        return {\n          token: response.Token,\n          expiresOnTimestamp: new Date(response.ExpiresOn).getTime()\n        };\n      } catch (err) {\n        if (isNotInstalledError(err)) {\n          const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n          logger.getToken.info(formatError(scope, error));\n          throw error;\n        } else if (isLoginError(err)) {\n          const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n          logger.getToken.info(formatError(scope, error));\n          throw error;\n        }\n        const error = new CredentialUnavailableError(err);\n        logger.getToken.info(formatError(scope, error));\n        throw error;\n      }\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+export {};
+//# sourceMappingURL=azurePowerShellCredentialOptions.js.map

package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Allows specifying a tenant ID\n   */\n  tenantId?: string;\n}\n"]}

package/dist-esm/src/credentials/chainedTokenCredential.js

@@ -1,11 +1,13 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { AggregateAuthenticationError, CredentialUnavailableError } from "../client/errors";
 import { createSpan } from "../util/tracing";
 import { SpanStatusCode } from "@azure/core-tracing";
 import { credentialLogger, formatSuccess, formatError } from "../util/logging";
-const logger = credentialLogger("ChainedTokenCredential");
+/**
+ * @internal
+ */
+export const logger = credentialLogger("ChainedTokenCredential");
 /**
  * Enables multiple `TokenCredential` implementations to be tried in order
  * until one of the getToken methods returns an access token.
@@ -44,41 +46,42 @@ export class ChainedTokenCredential {
      * @param options - The options used to configure any requests this
      *                `TokenCredential` implementation might make.
      */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let token = null;
-            const errors = [];
-            const { span, updatedOptions } = createSpan("ChainedTokenCredential-getToken", options);
-            for (let i = 0; i < this._sources.length && token === null; i++) {
-                try {
-                    token = yield this._sources[i].getToken(scopes, updatedOptions);
+    async getToken(scopes, options) {
+        let token = null;
+        let successfulCredentialName = "";
+        const errors = [];
+        const { span, updatedOptions } = createSpan("ChainedTokenCredential-getToken", options);
+        for (let i = 0; i < this._sources.length && token === null; i++) {
+            try {
+                token = await this._sources[i].getToken(scopes, updatedOptions);
+                successfulCredentialName = this._sources[i].constructor.name;
+            }
+            catch (err) {
+                if (err.name === "CredentialUnavailableError" ||
+                    err.name === "AuthenticationRequiredError") {
+                    errors.push(err);
                 }
-                catch (err) {
-                    if (err.name === "CredentialUnavailableError") {
-                        errors.push(err);
-                    }
-                    else {
-                        logger.getToken.info(formatError(scopes, err));
-                        throw err;
-                    }
+                else {
+                    logger.getToken.info(formatError(scopes, err));
+                    throw err;
                 }
             }
-            if (!token && errors.length > 0) {
-                const err = new AggregateAuthenticationError(errors);
-                span.setStatus({
-                    code: SpanStatusCode.ERROR,
-                    message: err.message
-                });
-                logger.getToken.info(formatError(scopes, err));
-                throw err;
-            }
-            span.end();
-            logger.getToken.info(formatSuccess(scopes));
-            if (token === null) {
-                throw new CredentialUnavailableError("Failed to retrieve a valid token");
-            }
-            return token;
-        });
+        }
+        if (!token && errors.length > 0) {
+            const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: err.message
+            });
+            logger.getToken.info(formatError(scopes, err));
+            throw err;
+        }
+        span.end();
+        logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
+        if (token === null) {
+            throw new CredentialUnavailableError("Failed to retrieve a valid token");
+        }
+        return token;
     }
 }
 //# sourceMappingURL=chainedTokenCredential.js.map

package/dist-esm/src/credentials/chainedTokenCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,MAAyB,EAAE,OAAyB;;YACjE,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YAExF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;iBACjE;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,CAAC,IAAI,KAAK,4BAA4B,EAAE;wBAC7C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;YAEX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAE5C,IAAI,KAAK,KAAK,IAAI,EAAE;gBAClB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;aAC1E;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n  /**\n   * The message to use when the chained token fails to get a token\n   */\n  protected UnavailableMessage =\n    \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n  private _sources: TokenCredential[] = [];\n\n  /**\n   * Creates an instance of ChainedTokenCredential using the given credentials.\n   *\n   * @param sources - `TokenCredential` implementations to be tried in order.\n   *\n   * Example usage:\n   * ```javascript\n   * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n   * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n   * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n   * ```\n   */\n  constructor(...sources: TokenCredential[]) {\n    this._sources = sources;\n  }\n\n  /**\n   * Returns the first access token returned by one of the chained\n   * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}\n   * when one or more credentials throws an {@link AuthenticationError} and\n   * no credentials have returned an access token.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  async getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken> {\n    let token = null;\n    const errors = [];\n\n    const { span, updatedOptions } = createSpan(\"ChainedTokenCredential-getToken\", options);\n\n    for (let i = 0; i < this._sources.length && token === null; i++) {\n      try {\n        token = await this._sources[i].getToken(scopes, updatedOptions);\n      } catch (err) {\n        if (err.name === \"CredentialUnavailableError\") {\n          errors.push(err);\n        } else {\n          logger.getToken.info(formatError(scopes, err));\n          throw err;\n        }\n      }\n    }\n\n    if (!token && errors.length > 0) {\n      const err = new AggregateAuthenticationError(errors);\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    }\n\n    span.end();\n\n    logger.getToken.info(formatSuccess(scopes));\n\n    if (token === null) {\n      throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n    }\n    return token;\n  }\n}\n"]}
+{"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,OAAyB;QACjE,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,IAAI,wBAAwB,GAAG,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,EAAE,CAAC;QAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QAExF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;YAC/D,IAAI;gBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;gBAChE,wBAAwB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;aAC9D;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;oBACA,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAClB;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;YACF,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;QAEX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,wBAAwB,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEzF,IAAI,KAAK,KAAK,IAAI,EAAE;YAClB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;SAC1E;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\n\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\n/**\n * @internal\n */\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/**\n * Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n */\nexport class ChainedTokenCredential implements TokenCredential {\n  /**\n   * The message to use when the chained token fails to get a token\n   */\n  protected UnavailableMessage =\n    \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n  private _sources: TokenCredential[] = [];\n\n  /**\n   * Creates an instance of ChainedTokenCredential using the given credentials.\n   *\n   * @param sources - `TokenCredential` implementations to be tried in order.\n   *\n   * Example usage:\n   * ```javascript\n   * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n   * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n   * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n   * ```\n   */\n  constructor(...sources: TokenCredential[]) {\n    this._sources = sources;\n  }\n\n  /**\n   * Returns the first access token returned by one of the chained\n   * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}\n   * when one or more credentials throws an {@link AuthenticationError} and\n   * no credentials have returned an access token.\n   *\n   * This method is called automatically by Azure SDK client libraries. You may call this method\n   * directly, but you must also handle token caching and token refreshing.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  async getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken> {\n    let token = null;\n    let successfulCredentialName = \"\";\n    const errors = [];\n\n    const { span, updatedOptions } = createSpan(\"ChainedTokenCredential-getToken\", options);\n\n    for (let i = 0; i < this._sources.length && token === null; i++) {\n      try {\n        token = await this._sources[i].getToken(scopes, updatedOptions);\n        successfulCredentialName = this._sources[i].constructor.name;\n      } catch (err) {\n        if (\n          err.name === \"CredentialUnavailableError\" ||\n          err.name === \"AuthenticationRequiredError\"\n        ) {\n          errors.push(err);\n        } else {\n          logger.getToken.info(formatError(scopes, err));\n          throw err;\n        }\n      }\n    }\n\n    if (!token && errors.length > 0) {\n      const err = new AggregateAuthenticationError(\n        errors,\n        \"ChainedTokenCredential authentication failed.\"\n      );\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    }\n\n    span.end();\n\n    logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);\n\n    if (token === null) {\n      throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n    }\n    return token;\n  }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\nexport class ClientCertificateCredential implements TokenCredential {\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}
+{"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\nexport class ClientCertificateCredential implements TokenCredential {\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.js

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalClientCertificate } from "../msal/nodeFlows/msalClientCertificate";
 import { credentialLogger } from "../util/logging";
 import { trace } from "../util/tracing";
@@ -24,27 +23,26 @@ export class ClientCertificateCredential {
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId, clientId, certificatePath, options = {}) {
+        if (!tenantId || !clientId || !certificatePath) {
+            throw new Error("ClientCertificateCredential: tenantId, clientId, and certificatePath are required parameters.");
+        }
         this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { certificatePath,
             logger,
             clientId,
             tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if
-     * successful.  If authentication cannot be performed at this time, this method may
-     * return null.  If an error occurs during authentication, an {@link AuthenticationError}
-     * containing failure details will be thrown.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this
      *                TokenCredential implementation might make.
      */
-    getToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return trace(`${this.constructor.name}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-                return this.msalFlow.getToken(arrayScopes, newOptions);
-            }));
+    async getToken(scopes, options = {}) {
+        return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalFlow.getToken(arrayScopes, newOptions);
         });
     }
 }

package/dist-esm/src/credentials/clientCertificateCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAGtC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,eAAe;YACf,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;;YACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,CAAO,UAAU,EAAE,EAAE;gBAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACzD,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-http\";\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Azure Active Directory with a certificate.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePath: string,\n    options: ClientCertificateCredentialOptions = {}\n  ) {\n    this.msalFlow = new MsalClientCertificate({\n      ...options,\n      certificatePath,\n      logger,\n      clientId,\n      tenantId,\n      sendCertificateChain: options.sendCertificateChain,\n      tokenCredentialOptions: options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}
+{"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAGtC;;;;;;;;OAQG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,eAAe,EAAE;YAC9C,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,eAAe;YACf,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Azure Active Directory with a certificate.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePath: string,\n    options: ClientCertificateCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !certificatePath) {\n      throw new Error(\n        \"ClientCertificateCredential: tenantId, clientId, and certificatePath are required parameters.\"\n      );\n    }\n    this.msalFlow = new MsalClientCertificate({\n      ...options,\n      certificatePath,\n      logger,\n      clientId,\n      tenantId,\n      sendCertificateChain: options.sendCertificateChain,\n      tokenCredentialOptions: options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { TokenCachePersistenceOptions } from \"../tokenCache/persistencePlatforms\";\n\n/**\n * Optional parameters for the {@link ClientCertificateCredential} class.\n */\nexport interface ClientCertificateCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Option to include x5c header for SubjectName and Issuer name authorization.\n   * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n   */\n  sendCertificateChain?: boolean;\n\n  /**\n   * To provide a persistence layer to store the credentials,\n   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.\n   *\n   * This feature is not currently available on Node 8 or earlier versions of Node JS.\n   *\n   * This persistence layer uses DPAPI on Windows.\n   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.\n   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n}\n"]}
+{"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\n\n/**\n * Optional parameters for the {@link ClientCertificateCredential} class.\n */\nexport interface ClientCertificateCredentialOptions\n  extends TokenCredentialOptions,\n    CredentialPersistenceOptions {\n  /**\n   * Option to include x5c header for SubjectName and Issuer name authorization.\n   * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n   */\n  sendCertificateChain?: boolean;\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, the credential uses the global authority endpoint.\n   */\n  regionalAuthority?: string;\n}\n"]}

package/dist-esm/src/credentials/clientSecretCredential.browser.js

@@ -0,0 +1,87 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { SpanStatusCode } from "@azure/core-tracing";
+import { credentialLogger, formatError, formatSuccess } from "../util/logging";
+import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
+import { IdentityClient } from "../client/identityClient";
+import { createSpan } from "../util/tracing";
+const logger = credentialLogger("ClientSecretCredential");
+// This credential is exported on browser bundles for development purposes.
+// For this credential to work in browsers, browsers would need to have security features disabled.
+// Please do not disable your browser security features.
+/**
+ * Enables authentication to Azure Active Directory using a client secret
+ * that was generated for an App Registration.  More information on how
+ * to configure a client secret can be found here:
+ *
+ * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+ *
+ */
+export class ClientSecretCredential {
+    /**
+     * Creates an instance of the ClientSecretCredential with the details
+     * needed to authenticate against Azure Active Directory with a client
+     * secret.
+     *
+     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param clientSecret - A client secret that was generated for the App Registration.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId, clientId, clientSecret, options) {
+        this.identityClient = new IdentityClient(options);
+        this.tenantId = tenantId;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+    }
+    /**
+     * Authenticates with Azure Active Directory and returns an access token if
+     * successful.  If authentication cannot be performed at this time, this method may
+     * return null.  If an error occurs during authentication, an {@link AuthenticationError}
+     * containing failure details will be thrown.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options) {
+        const { span, updatedOptions: newOptions } = createSpan("ClientSecretCredential-getToken", options);
+        const query = new URLSearchParams({
+            response_type: "token",
+            grant_type: "client_credentials",
+            client_id: this.clientId,
+            client_secret: this.clientSecret,
+            scope: typeof scopes === "string" ? scopes : scopes.join(" ")
+        });
+        try {
+            const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);
+            const request = createPipelineRequest({
+                url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,
+                method: "POST",
+                body: query.toString(),
+                headers: createHttpHeaders({
+                    Accept: "application/json",
+                    "Content-Type": "application/x-www-form-urlencoded"
+                }),
+                abortSignal: options && options.abortSignal,
+                tracingOptions: newOptions === null || newOptions === void 0 ? void 0 : newOptions.tracingOptions
+            });
+            const tokenResponse = await this.identityClient.sendTokenRequest(request);
+            logger.getToken.info(formatSuccess(scopes));
+            return (tokenResponse && tokenResponse.accessToken) || null;
+        }
+        catch (err) {
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: err.message
+            });
+            logger.getToken.info(formatError(scopes, err));
+            throw err;
+        }
+        finally {
+            span.end();
+        }
+    }
+}
+//# sourceMappingURL=clientSecretCredential.browser.js.map

package/dist-esm/src/credentials/clientSecretCredential.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clientSecretCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D,2EAA2E;AAC3E,mGAAmG;AACnG,wDAAwD;AAExD;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,iCAAiC,EACjC,OAAO,CACR,CAAC;QAEF,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;YAChC,aAAa,EAAE,OAAO;YACtB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9D,CAAC,CAAC;QAEH,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACtB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,cAAc;aAC3C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;SAC7D;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n// This credential is exported on browser bundles for development purposes.\n// For this credential to work in browsers, browsers would need to have security features disabled.\n// Please do not disable your browser security features.\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration.  More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options?: TokenCredentialOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n    this.clientSecret = clientSecret;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const { span, updatedOptions: newOptions } = createSpan(\n      \"ClientSecretCredential-getToken\",\n      options\n    );\n\n    const query = new URLSearchParams({\n      response_type: \"token\",\n      grant_type: \"client_credentials\",\n      client_id: this.clientId,\n      client_secret: this.clientSecret,\n      scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n    });\n\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n      const request = createPipelineRequest({\n        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: query.toString(),\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        }),\n        abortSignal: options && options.abortSignal,\n        tracingOptions: newOptions?.tracingOptions\n      });\n\n      const tokenResponse = await this.identityClient.sendTokenRequest(request);\n      logger.getToken.info(formatSuccess(scopes));\n      return (tokenResponse && tokenResponse.accessToken) || null;\n    } catch (err) {\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    } finally {\n      span.end();\n    }\n  }\n}\n"]}

package/dist-esm/src/credentials/clientSecretCredential.js

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalClientSecret } from "../msal/nodeFlows/msalClientSecret";
 import { credentialLogger } from "../util/logging";
 import { trace } from "../util/tracing";
@@ -25,27 +24,26 @@ export class ClientSecretCredential {
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId, clientId, clientSecret, options = {}) {
+        if (!tenantId || !clientId || !clientSecret) {
+            throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters.");
+        }
         this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger,
             clientId,
             tenantId,
             clientSecret, tokenCredentialOptions: options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if
-     * successful.  If authentication cannot be performed at this time, this method may
-     * return null.  If an error occurs during authentication, an {@link AuthenticationError}
-     * containing failure details will be thrown.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this
      *                TokenCredential implementation might make.
      */
-    getToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return trace(`${this.constructor.name}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-                return this.msalFlow.getToken(arrayScopes, newOptions);
-            }));
+    async getToken(scopes, options = {}) {
+        return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalFlow.getToken(arrayScopes, newOptions);
         });
     }
 }

package/dist-esm/src/credentials/clientSecretCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE;QAE3C,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,iCAC/B,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,YAAY,EACZ,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;;YACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,CAAO,UAAU,EAAE,EAAE;gBAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACzD,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-http\";\nimport { MsalClientSecret } from \"../msal/nodeFlows/msalClientSecret\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options: ClientSecretCredentialOptions = {}\n  ) {\n    this.msalFlow = new MsalClientSecret({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      clientSecret,\n      tokenCredentialOptions: options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}
+{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE;QAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;YAC3C,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,iCAC/B,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,YAAY,EACZ,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientSecret } from \"../msal/nodeFlows/msalClientSecret\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options: ClientSecretCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !clientSecret) {\n      throw new Error(\n        \"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters.\"\n      );\n    }\n    this.msalFlow = new MsalClientSecret({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      clientSecret,\n      tokenCredentialOptions: options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { TokenCachePersistenceOptions } from \"../tokenCache/persistencePlatforms\";\n\n/**\n * Optional parameters for the {@link ClientSecretCredential} class.\n */\nexport interface ClientSecretCredentialOptions extends TokenCredentialOptions {\n  /**\n   * To provide a persistence layer to store the credentials,\n   * we allow users to optionally specify {@link TokenCachePersistenceOptions} for their credential.\n   *\n   * This feature is not currently available on Node 8 or earlier versions of Node JS.\n   *\n   * This persistence layer uses DPAPI on Windows.\n   * On OSX (Darwin) it tries to use the system's Keychain, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.\n   * On Linux it tries to use the system's Keyring, otherwise if the property `allowUnencryptedStorage` is set to true, it uses an unencrypted file.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n}\n"]}
+{"version":3,"file":"clientSecretCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\n\n/**\n * Optional parameters for the {@link ClientSecretCredential} class.\n */\nexport interface ClientSecretCredentialOptions\n  extends TokenCredentialOptions,\n    CredentialPersistenceOptions {\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, the credential uses the global authority endpoint.\n   */\n  regionalAuthority?: string;\n}\n"]}

package/dist-esm/src/credentials/credentialPersistenceOptions.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+export {};
+//# sourceMappingURL=credentialPersistenceOptions.js.map

package/dist-esm/src/credentials/credentialPersistenceOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentialPersistenceOptions.js","sourceRoot":"","sources":["../../../src/credentials/credentialPersistenceOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions\";\n\n/**\n * Shared configuration options for credentials that support persistent token\n * caching.\n */\nexport interface CredentialPersistenceOptions {\n  /**\n   * Options to provide to the persistence layer (if one is available) when\n   * storing credentials.\n   *\n   * You must first register a persistence provider plugin. See the\n   * `@azure/identity-cache-persistence` package on NPM.\n   *\n   * Example:\n   *\n   * ```javascript\n   * import { cachePersistencePlugin } from \"@azure/identity-cache-persistence\";\n   * import { useIdentityPlugin, DeviceCodeCredential } from \"@azure/identity\";\n   *\n   * useIdentityPlugin(cachePersistencePlugin);\n   *\n   * async function main() {\n   *   const credential = new DeviceCodeCredential({\n   *     tokenCachePersistenceOptions: {\n   *       enabled: true\n   *     }\n   *   });\n   * }\n   *\n   * main().catch((error) => {\n   *   console.error(\"An error occured:\", error);\n   *   process.exit(1);\n   * });\n   * ```\n   */\n\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n}\n"]}