@azure/identity 2.0.0-beta.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (149) hide show
  1. package/CHANGELOG.md +232 -6
  2. package/README.md +124 -39
  3. package/dist/index.js +2317 -1596
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/identityClient.js +147 -133
  6. package/dist-esm/src/client/identityClient.js.map +1 -1
  7. package/dist-esm/src/constants.js +1 -1
  8. package/dist-esm/src/constants.js.map +1 -1
  9. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js +1 -1
  10. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  11. package/dist-esm/src/credentials/authorizationCodeCredential.js +13 -76
  12. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  13. package/dist-esm/src/credentials/azureApplicationCredential.browser.js +34 -0
  14. package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map +1 -0
  15. package/dist-esm/src/credentials/azureApplicationCredential.js +36 -0
  16. package/dist-esm/src/credentials/azureApplicationCredential.js.map +1 -0
  17. package/dist-esm/src/credentials/azureCliCredential.browser.js +7 -0
  18. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  19. package/dist-esm/src/credentials/azureCliCredential.js +110 -83
  20. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/azureCliCredentialOptions.js +4 -0
  22. package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -0
  23. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js +3 -1
  24. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map +1 -1
  25. package/dist-esm/src/credentials/azurePowerShellCredential.js +93 -83
  26. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  27. package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js +4 -0
  28. package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +1 -0
  29. package/dist-esm/src/credentials/chainedTokenCredential.js +34 -37
  30. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  31. package/dist-esm/src/credentials/clientCertificateCredential.browser.js +7 -0
  32. package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +1 -1
  33. package/dist-esm/src/credentials/clientCertificateCredential.js +24 -23
  34. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  35. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  36. package/dist-esm/src/credentials/clientSecretCredential.browser.js +39 -44
  37. package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
  38. package/dist-esm/src/credentials/clientSecretCredential.js +9 -11
  39. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  40. package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  41. package/dist-esm/src/credentials/credentialPersistenceOptions.js +4 -0
  42. package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -0
  43. package/dist-esm/src/credentials/defaultAzureCredential.browser.js +1 -1
  44. package/dist-esm/src/credentials/defaultAzureCredential.browser.js.map +1 -1
  45. package/dist-esm/src/credentials/defaultAzureCredential.js +50 -27
  46. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  47. package/dist-esm/src/credentials/deviceCodeCredential.browser.js +7 -0
  48. package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +1 -1
  49. package/dist-esm/src/credentials/deviceCodeCredential.js +27 -22
  50. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  51. package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +1 -1
  52. package/dist-esm/src/credentials/environmentCredential.browser.js +7 -0
  53. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  54. package/dist-esm/src/credentials/environmentCredential.js +39 -38
  55. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  56. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +20 -29
  57. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  58. package/dist-esm/src/credentials/interactiveBrowserCredential.js +23 -29
  59. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  60. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  61. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +36 -22
  62. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  63. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +62 -47
  64. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  65. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +33 -22
  66. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
  67. package/dist-esm/src/credentials/managedIdentityCredential/constants.js +2 -1
  68. package/dist-esm/src/credentials/managedIdentityCredential/constants.js.map +1 -1
  69. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +42 -27
  70. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  71. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +115 -91
  72. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  73. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js +3 -6
  74. package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js.map +1 -1
  75. package/dist-esm/src/credentials/managedIdentityCredential/index.js +120 -125
  76. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  77. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  78. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +82 -0
  79. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
  80. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +14 -8
  81. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  82. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js +23 -0
  83. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js.map +1 -0
  84. package/dist-esm/src/credentials/onBehalfOfCredential.js +57 -0
  85. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -0
  86. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js +4 -0
  87. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -0
  88. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +41 -46
  89. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
  90. package/dist-esm/src/credentials/usernamePasswordCredential.js +9 -13
  91. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  92. package/dist-esm/src/credentials/usernamePasswordCredentialOptions.js.map +1 -1
  93. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js +27 -0
  94. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -0
  95. package/dist-esm/src/credentials/visualStudioCodeCredential.js +183 -0
  96. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -0
  97. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js +4 -0
  98. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
  99. package/dist-esm/src/{client/errors.js → errors.js} +16 -1
  100. package/dist-esm/src/errors.js.map +1 -0
  101. package/dist-esm/src/index.js +4 -2
  102. package/dist-esm/src/index.js.map +1 -1
  103. package/dist-esm/src/msal/browserFlows/browserCommon.js +33 -31
  104. package/dist-esm/src/msal/browserFlows/browserCommon.js.map +1 -1
  105. package/dist-esm/src/msal/browserFlows/msalAuthCode.js +113 -115
  106. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  107. package/dist-esm/src/msal/credentials.js.map +1 -1
  108. package/dist-esm/src/msal/flows.js.map +1 -1
  109. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +41 -0
  110. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -0
  111. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +65 -46
  112. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  113. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js +15 -16
  114. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +1 -1
  115. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js +20 -22
  116. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
  117. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js +56 -0
  118. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -0
  119. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +44 -33
  120. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  121. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js +15 -17
  122. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
  123. package/dist-esm/src/msal/nodeFlows/nodeCommon.js +141 -98
  124. package/dist-esm/src/msal/nodeFlows/nodeCommon.js.map +1 -1
  125. package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js +4 -0
  126. package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -0
  127. package/dist-esm/src/msal/utils.js +23 -15
  128. package/dist-esm/src/msal/utils.js.map +1 -1
  129. package/dist-esm/src/plugins/consumer.browser.js +7 -0
  130. package/dist-esm/src/plugins/consumer.browser.js.map +1 -0
  131. package/dist-esm/src/plugins/consumer.js +44 -0
  132. package/dist-esm/src/plugins/consumer.js.map +1 -0
  133. package/dist-esm/src/plugins/provider.js +4 -0
  134. package/dist-esm/src/plugins/provider.js.map +1 -0
  135. package/dist-esm/src/regionalAuthority.js +115 -0
  136. package/dist-esm/src/regionalAuthority.js.map +1 -0
  137. package/dist-esm/src/util/tracing.js +24 -27
  138. package/dist-esm/src/util/tracing.js.map +1 -1
  139. package/dist-esm/src/util/validateMultiTenant.browser.js +22 -0
  140. package/dist-esm/src/util/validateMultiTenant.browser.js.map +1 -0
  141. package/dist-esm/src/util/validateMultiTenant.js +29 -0
  142. package/dist-esm/src/util/validateMultiTenant.js.map +1 -0
  143. package/package.json +44 -28
  144. package/types/identity.d.ts +482 -126
  145. package/dist-esm/src/client/errors.js.map +0 -1
  146. package/dist-esm/src/msal/errors.js +0 -22
  147. package/dist-esm/src/msal/errors.js.map +0 -1
  148. package/dist-esm/src/util/authHostEnv.js +0 -13
  149. package/dist-esm/src/util/authHostEnv.js.map +0 -1
package/dist-esm/src/msal/nodeFlows/msalClientSecret.js CHANGED
@@ -1,6 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { __awaiter } from "tslib";
4
3
  import { MsalNode } from "./nodeCommon";
5
4
  /**
6
5
  * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
@@ -12,21 +11,21 @@ export class MsalClientSecret extends MsalNode {
12
11
  this.requiresConfidential = true;
13
12
  this.msalConfig.auth.clientSecret = options.clientSecret;
14
13
  }
15
- doGetToken(scopes, options = {}) {
16
- return __awaiter(this, void 0, void 0, function* () {
17
- try {
18
- const result = yield this.confidentialApp.acquireTokenByClientCredential({
19
- scopes,
20
- correlationId: options.correlationId
21
- });
22
- // The Client Credential flow does not return an account,
23
- // so each time getToken gets called, we will have to acquire a new token through the service.
24
- return this.handleResult(scopes, this.clientId, result || undefined);
25
- }
26
- catch (err) {
27
- throw this.handleError(scopes, err, options);
28
- }
29
- });
14
+ async doGetToken(scopes, options = {}) {
15
+ try {
16
+ const result = await this.confidentialApp.acquireTokenByClientCredential({
17
+ scopes,
18
+ correlationId: options.correlationId,
19
+ azureRegion: this.azureRegion,
20
+ authority: options.authority
21
+ });
22
+ // The Client Credential flow does not return an account,
23
+ // so each time getToken gets called, we will have to acquire a new token through the service.
24
+ return this.handleResult(scopes, this.clientId, result || undefined);
25
+ }
26
+ catch (err) {
27
+ throw this.handleError(scopes, err, options);
28
+ }
30
29
  }
31
30
  }
32
31
  //# sourceMappingURL=msalClientSecret.js.map
package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAUzD;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAEe,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;;YAE3C,IAAI;gBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;oBACxE,MAAM;oBACN,aAAa,EAAE,OAAO,CAAC,aAAa;iBACrC,CAAC,CAAC;gBACH,yDAAyD;gBACzD,8FAA8F;gBAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;aACtE;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;aAC9C;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-http\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAazD;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js CHANGED
@@ -1,6 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { __awaiter } from "tslib";
4
3
  import { MsalNode } from "./nodeCommon";
5
4
  /**
6
5
  * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.
@@ -11,27 +10,26 @@ export class MsalDeviceCode extends MsalNode {
11
10
  super(options);
12
11
  this.userPromptCallback = options.userPromptCallback;
13
12
  }
14
- doGetToken(scopes, options) {
15
- return __awaiter(this, void 0, void 0, function* () {
16
- try {
17
- const requestOptions = {
18
- deviceCodeCallback: this.userPromptCallback,
19
- scopes,
20
- cancel: false,
21
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId
22
- };
23
- const promise = this.publicApp.acquireTokenByDeviceCode(requestOptions);
24
- // TODO:
25
- // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.
26
- const deviceResponse = yield this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
27
- requestOptions.cancel = true;
28
- });
29
- return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
30
- }
31
- catch (error) {
32
- throw this.handleError(scopes, error, options);
33
- }
34
- });
13
+ async doGetToken(scopes, options) {
14
+ try {
15
+ const requestOptions = {
16
+ deviceCodeCallback: this.userPromptCallback,
17
+ scopes,
18
+ cancel: false,
19
+ correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
20
+ authority: options === null || options === void 0 ? void 0 : options.authority
21
+ };
22
+ const promise = this.publicApp.acquireTokenByDeviceCode(requestOptions);
23
+ // TODO:
24
+ // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.
25
+ const deviceResponse = await this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
26
+ requestOptions.cancel = true;
27
+ });
28
+ return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
29
+ }
30
+ catch (error) {
31
+ throw this.handleError(scopes, error, options);
32
+ }
35
33
  }
36
34
  }
37
35
  //# sourceMappingURL=msalDeviceCode.js.map
package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAMlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAUzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAEe,UAAU,CACxB,MAAgB,EAChB,OAAuC;;YAEvC,IAAI;gBACF,MAAM,cAAc,GAA+B;oBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;oBAC3C,MAAM;oBACN,MAAM,EAAE,KAAK;oBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;iBACtC,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;gBACzE,QAAQ;gBACR,4FAA4F;gBAC5F,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;oBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;aAC9E;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;aAChD;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-http\";\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n // TODO:\n // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAUzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YACzE,QAAQ;YACR,4FAA4F;YAC5F,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;SAC9E;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n // TODO:\n // This should work, but it currently doesn't. I'm waiting for an answer from the MSAL team.\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js ADDED
@@ -0,0 +1,56 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ import { formatError } from "../../util/logging";
4
+ import { parseCertificate } from "./msalClientCertificate";
5
+ import { MsalNode } from "./nodeCommon";
6
+ /**
7
+ * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.
8
+ * @internal
9
+ */
10
+ export class MsalOnBehalfOf extends MsalNode {
11
+ constructor(options) {
12
+ super(options);
13
+ this.logger.info("Initialized MSAL's On-Behalf-Of flow");
14
+ this.requiresConfidential = true;
15
+ this.userAssertionToken = options.userAssertionToken;
16
+ this.certificatePath = options.certificatePath;
17
+ this.sendCertificateChain = options.sendCertificateChain;
18
+ this.clientSecret = options.clientSecret;
19
+ }
20
+ // Changing the MSAL configuration asynchronously
21
+ async init(options) {
22
+ if (this.certificatePath) {
23
+ try {
24
+ const parts = await parseCertificate({ certificatePath: this.certificatePath }, this.sendCertificateChain);
25
+ this.msalConfig.auth.clientCertificate = {
26
+ thumbprint: parts.thumbprint,
27
+ privateKey: parts.certificateContents,
28
+ x5c: parts.x5c
29
+ };
30
+ }
31
+ catch (error) {
32
+ this.logger.info(formatError("", error));
33
+ throw error;
34
+ }
35
+ }
36
+ else {
37
+ this.msalConfig.auth.clientSecret = this.clientSecret;
38
+ }
39
+ return super.init(options);
40
+ }
41
+ async doGetToken(scopes, options = {}) {
42
+ try {
43
+ const result = await this.confidentialApp.acquireTokenOnBehalfOf({
44
+ scopes,
45
+ correlationId: options.correlationId,
46
+ authority: options.authority,
47
+ oboAssertion: this.userAssertionToken
48
+ });
49
+ return this.handleResult(scopes, this.clientId, result || undefined);
50
+ }
51
+ catch (err) {
52
+ throw this.handleError(scopes, err, options);
53
+ }
54
+ }
55
+ }
56
+ //# sourceMappingURL=msalOnBehalfOf.js.map
package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"msalOnBehalfOf.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOnBehalfOf.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AA0BzD;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAM1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE;YACxB,IAAI;gBACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,EACzC,IAAI,CAAC,oBAAoB,CAC1B,CAAC;gBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;aACH;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;SACvD;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,sBAAsB,CAAC;gBAChE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,YAAY,EAAE,IAAI,CAAC,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { parseCertificate } from \"./msalClientCertificate\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MSALOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MSALOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(\n { certificatePath: this.certificatePath },\n this.sendCertificateChain\n );\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c\n };\n } catch (error) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n oboAssertion: this.userAssertionToken\n });\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js CHANGED
@@ -1,13 +1,13 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { __awaiter } from "tslib";
3
+ import * as msalNode from "@azure/msal-node";
4
4
  import http from "http";
5
5
  import open from "open";
6
6
  import stoppable from "stoppable";
7
7
  import { credentialLogger, formatError, formatSuccess } from "../../util/logging";
8
+ import { CredentialUnavailableError } from "../../errors";
8
9
  import { MsalNode } from "./nodeCommon";
9
10
  import { msalToPublic } from "../utils";
10
- import { CredentialUnavailableError } from "../../client/errors";
11
11
  /**
12
12
  * A call to open(), but mockable
13
13
  * @internal
@@ -23,8 +23,9 @@ export const interactiveBrowserMockable = {
23
23
  export class MsalOpenBrowser extends MsalNode {
24
24
  constructor(options) {
25
25
  super(options);
26
- this.logger = credentialLogger("NodeJS MSAL Open Browser");
26
+ this.logger = credentialLogger("Node.js MSAL Open Browser");
27
27
  this.redirectUri = options.redirectUri;
28
+ this.loginHint = options.loginHint;
28
29
  const url = new URL(this.redirectUri);
29
30
  this.port = parseInt(url.port);
30
31
  if (isNaN(this.port)) {
@@ -32,15 +33,14 @@ export class MsalOpenBrowser extends MsalNode {
32
33
  }
33
34
  this.hostname = url.hostname;
34
35
  }
35
- acquireTokenByCode(request) {
36
- return __awaiter(this, void 0, void 0, function* () {
37
- return this.publicApp.acquireTokenByCode(request);
38
- });
36
+ async acquireTokenByCode(request) {
37
+ return this.publicApp.acquireTokenByCode(request);
39
38
  }
40
39
  doGetToken(scopes, options) {
41
40
  return new Promise((resolve, reject) => {
42
41
  const socketToDestroy = [];
43
42
  const requestListener = (req, res) => {
43
+ var _a;
44
44
  if (!req.url) {
45
45
  reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
46
46
  return;
@@ -56,7 +56,9 @@ export class MsalOpenBrowser extends MsalNode {
56
56
  const tokenRequest = {
57
57
  code: url.searchParams.get("code"),
58
58
  redirectUri: this.redirectUri,
59
- scopes: scopes
59
+ scopes: scopes,
60
+ authority: options === null || options === void 0 ? void 0 : options.authority,
61
+ codeVerifier: (_a = this.pkceCodes) === null || _a === void 0 ? void 0 : _a.verifier
60
62
  };
61
63
  this.acquireTokenByCode(tokenRequest)
62
64
  .then((authResponse) => {
@@ -94,13 +96,8 @@ export class MsalOpenBrowser extends MsalNode {
94
96
  });
95
97
  };
96
98
  const app = http.createServer(requestListener);
97
- const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
98
- app.on("connection", (socket) => socketToDestroy.push(socket));
99
99
  const server = stoppable(app);
100
- this.openAuthCodeUrl(scopes).catch((e) => {
101
- cleanup();
102
- reject(e);
103
- });
100
+ const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
104
101
  function cleanup() {
105
102
  if (listen) {
106
103
  listen.close();
@@ -113,29 +110,43 @@ export class MsalOpenBrowser extends MsalNode {
113
110
  server.stop();
114
111
  }
115
112
  }
116
- const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
117
- if (abortSignal) {
118
- abortSignal.addEventListener("abort", () => {
113
+ app.on("connection", (socket) => socketToDestroy.push(socket));
114
+ app.on("listening", () => {
115
+ const openPromise = this.openAuthCodeUrl(scopes, options);
116
+ const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
117
+ if (abortSignal) {
118
+ abortSignal.addEventListener("abort", () => {
119
+ cleanup();
120
+ reject(new Error("Aborted"));
121
+ });
122
+ }
123
+ openPromise.then().catch((e) => {
119
124
  cleanup();
120
- reject(new Error("Aborted"));
125
+ reject(e);
121
126
  });
122
- }
127
+ });
123
128
  });
124
129
  }
125
- openAuthCodeUrl(scopeArray) {
126
- return __awaiter(this, void 0, void 0, function* () {
127
- const authCodeUrlParameters = {
128
- scopes: scopeArray,
129
- redirectUri: this.redirectUri
130
- };
131
- const response = yield this.publicApp.getAuthCodeUrl(authCodeUrlParameters);
132
- try {
133
- yield interactiveBrowserMockable.open(response, { wait: true });
134
- }
135
- catch (e) {
136
- throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);
137
- }
138
- });
130
+ async openAuthCodeUrl(scopeArray, options) {
131
+ // Initialize CryptoProvider instance
132
+ const cryptoProvider = new msalNode.CryptoProvider();
133
+ // Generate PKCE Codes before starting the authorization flow
134
+ this.pkceCodes = await cryptoProvider.generatePkceCodes();
135
+ const authCodeUrlParameters = {
136
+ scopes: scopeArray,
137
+ redirectUri: this.redirectUri,
138
+ authority: options === null || options === void 0 ? void 0 : options.authority,
139
+ loginHint: this.loginHint,
140
+ codeChallenge: this.pkceCodes.challenge,
141
+ codeChallengeMethod: "S256" // Use SHA256 Algorithm
142
+ };
143
+ const response = await this.publicApp.getAuthCodeUrl(authCodeUrlParameters);
144
+ try {
145
+ await interactiveBrowserMockable.open(response, { wait: true });
146
+ }
147
+ catch (e) {
148
+ throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);
149
+ }
139
150
  }
140
151
  }
141
152
  //# sourceMappingURL=msalOpenBrowser.js.map
package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAUjE;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAK3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QAEvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEa,kBAAkB,CAC9B,OAA0C;;YAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;KAAA;IAES,UAAU,CAAC,MAAgB,EAAE,OAAyB;QAC9D,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;iBACf,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACvC,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;YACzC,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC/B,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAqC;gBAC9D,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAE7E,IAAI;gBACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;aACjE;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aAC9F;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-http\";\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialUnavailableError } from \"../../client/errors\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"NodeJS MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopes).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAK7C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAYxC;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA0C;QAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOO,KAAK,CAAC,eAAe,CAC3B,UAAoB,EACpB,OAAuC;QAEvC,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QACrD,6DAA6D;QAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;QAE1D,MAAM,qBAAqB,GAAqC;YAC9D,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACvC,mBAAmB,EAAE,MAAM,CAAC,uBAAuB;SACpD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QAE7E,IAAI;YACF,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;SACjE;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,0BAA0B,CAAC,2CAA2C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SAC9F;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { CredentialUnavailableError } from \"../../errors\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { msalToPublic } from \"../utils\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\" // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n await interactiveBrowserMockable.open(response, { wait: true });\n } catch (e) {\n throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js CHANGED
@@ -1,6 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { __awaiter } from "tslib";
4
3
  import { MsalNode } from "./nodeCommon";
5
4
  /**
6
5
  * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.
@@ -12,22 +11,21 @@ export class MsalUsernamePassword extends MsalNode {
12
11
  this.username = options.username;
13
12
  this.password = options.password;
14
13
  }
15
- doGetToken(scopes, options) {
16
- return __awaiter(this, void 0, void 0, function* () {
17
- try {
18
- const requestOptions = {
19
- scopes,
20
- username: this.username,
21
- password: this.password,
22
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId
23
- };
24
- const result = yield this.publicApp.acquireTokenByUsernamePassword(requestOptions);
25
- return this.handleResult(scopes, this.clientId, result || undefined);
26
- }
27
- catch (error) {
28
- throw this.handleError(scopes, error, options);
29
- }
30
- });
14
+ async doGetToken(scopes, options) {
15
+ try {
16
+ const requestOptions = {
17
+ scopes,
18
+ username: this.username,
19
+ password: this.password,
20
+ correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
21
+ authority: options === null || options === void 0 ? void 0 : options.authority
22
+ };
23
+ const result = await this.publicApp.acquireTokenByUsernamePassword(requestOptions);
24
+ return this.handleResult(scopes, this.clientId, result || undefined);
25
+ }
26
+ catch (error) {
27
+ throw this.handleError(scopes, error, options);
28
+ }
31
29
  }
32
30
  }
33
31
  //# sourceMappingURL=msalUsernamePassword.js.map
package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAYzD;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAEe,UAAU,CACxB,MAAgB,EAChB,OAAuC;;YAEvC,IAAI;gBACF,MAAM,cAAc,GAAqC;oBACvD,MAAM;oBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;iBACtC,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;gBACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;aACtE;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;aAChD;QACH,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-http\";\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAmB,QAAQ,EAAE,MAAM,cAAc,CAAC;AAYzD;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;aAC9B,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;YACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNodeOptions, MsalNode } from \"./nodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}