@azure/identity 2.0.0-beta.3 → 2.0.0

package/dist-esm/src/client/identityClient.js

@@ -1,150 +1,158 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import qs from "qs";
-import { ServiceClient, WebResource, createPipelineFromOptions, isNode } from "@azure/core-http";
+import { ServiceClient } from "@azure/core-client";
 import { SpanStatusCode } from "@azure/core-tracing";
+import { isNode } from "@azure/core-util";
+import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 import { AbortController } from "@azure/abort-controller";
-import { AuthenticationError, AuthenticationErrorName } from "./errors";
-import { getAuthorityHostEnvironment } from "../util/authHostEnv";
+import { AuthenticationError, AuthenticationErrorName } from "../errors";
 import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
 import { DefaultAuthorityHost } from "../constants";
 import { createSpan } from "../util/tracing";
 import { logger } from "../util/logging";
 const noCorrelationId = "noCorrelationId";
+/**
+ * @internal
+ */
+export function getIdentityClientAuthorityHost(options) {
+    // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
+    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
+    // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
+    if (isNode) {
+        authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
+    }
+    // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
+    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
+}
 /**
  * The network module used by the Identity credentials.
  *
  * It allows for credentials to abort any pending request independently of the MSAL flow,
  * by calling to the `abortRequests()` method.
  *
- * @internal
  */
 export class IdentityClient extends ServiceClient {
     constructor(options) {
-        if (isNode) {
-            options = options || getAuthorityHostEnvironment();
-        }
-        // Only if the authorityHost is not provided, we use the default one.
-        options = Object.assign({ authorityHost: DefaultAuthorityHost }, options);
-        super(undefined, createPipelineFromOptions(Object.assign(Object.assign({}, options), { deserializationOptions: {
-                expectedContentTypes: {
-                    json: ["application/json", "text/json", "text/plain"]
-                }
-            } })));
-        this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;
-        if (!this.baseUri.startsWith("https:")) {
+        var _a;
+        const packageDetails = `azsdk-js-identity/2.0.0`;
+        const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
+            ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
+            : `${packageDetails}`;
+        const baseUri = getIdentityClientAuthorityHost(options);
+        if (!baseUri.startsWith("https:")) {
             throw new Error("The authorityHost address must use the 'https' protocol.");
         }
+        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8" }, options), { userAgentOptions: {
+                userAgentPrefix
+            }, baseUri }));
+        this.authorityHost = baseUri;
         this.abortControllers = new Map();
     }
-    createWebResource(requestOptions) {
-        const webResource = new WebResource();
-        webResource.prepare(requestOptions);
-        return webResource;
-    }
-    sendTokenRequest(webResource, expiresOnParser) {
-        return __awaiter(this, void 0, void 0, function* () {
-            logger.info(`IdentityClient: sending token request to [${webResource.url}]`);
-            const response = yield this.sendRequest(webResource);
-            expiresOnParser =
-                expiresOnParser ||
-                    ((responseBody) => {
-                        return Date.now() + responseBody.expires_in * 1000;
-                    });
-            if (response.status === 200 || response.status === 201) {
-                const token = {
-                    accessToken: {
-                        token: response.parsedBody.access_token,
-                        expiresOnTimestamp: expiresOnParser(response.parsedBody)
-                    },
-                    refreshToken: response.parsedBody.refresh_token
-                };
-                logger.info(`IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
-                return token;
-            }
-            else {
-                const error = new AuthenticationError(response.status, response.parsedBody || response.bodyAsText);
-                logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
-                throw error;
-            }
-        });
-    }
-    refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
-        var _a, _b;
-        return __awaiter(this, void 0, void 0, function* () {
-            if (refreshToken === undefined) {
+    async sendTokenRequest(request, expiresOnParser) {
+        logger.info(`IdentityClient: sending token request to [${request.url}]`);
+        const response = await this.sendRequest(request);
+        expiresOnParser =
+            expiresOnParser ||
+                ((responseBody) => {
+                    return Date.now() + responseBody.expires_in * 1000;
+                });
+        if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
+            const parsedBody = JSON.parse(response.bodyAsText);
+            if (!parsedBody.access_token) {
                 return null;
             }
-            logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
-            const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
-            const refreshParams = {
-                grant_type: "refresh_token",
-                client_id: clientId,
-                refresh_token: refreshToken,
-                scope: scopes
+            const token = {
+                accessToken: {
+                    token: parsedBody.access_token,
+                    expiresOnTimestamp: expiresOnParser(parsedBody)
+                },
+                refreshToken: parsedBody.refresh_token
             };
-            if (clientSecret !== undefined) {
-                refreshParams.client_secret = clientSecret;
-            }
-            try {
-                const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
-                const webResource = this.createWebResource({
-                    url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
-                    method: "POST",
-                    disableJsonStringifyOnBody: true,
-                    deserializationMapper: undefined,
-                    body: qs.stringify(refreshParams),
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/x-www-form-urlencoded"
-                    },
-                    spanOptions: (_a = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _a === void 0 ? void 0 : _a.spanOptions,
-                    tracingContext: (_b = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _b === void 0 ? void 0 : _b.tracingContext,
-                    abortSignal: options && options.abortSignal
+            logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
+            return token;
+        }
+        else {
+            const error = new AuthenticationError(response.status, response.bodyAsText);
+            logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
+            throw error;
+        }
+    }
+    async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
+        if (refreshToken === undefined) {
+            return null;
+        }
+        logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
+        const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
+        const refreshParams = {
+            grant_type: "refresh_token",
+            client_id: clientId,
+            refresh_token: refreshToken,
+            scope: scopes
+        };
+        if (clientSecret !== undefined) {
+            refreshParams.client_secret = clientSecret;
+        }
+        const query = new URLSearchParams(refreshParams);
+        try {
+            const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
+            const request = createPipelineRequest({
+                url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
+                method: "POST",
+                body: query.toString(),
+                abortSignal: options && options.abortSignal,
+                headers: createHttpHeaders({
+                    Accept: "application/json",
+                    "Content-Type": "application/x-www-form-urlencoded"
+                }),
+                tracingOptions: updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions
+            });
+            const response = await this.sendTokenRequest(request, expiresOnParser);
+            logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
+            return response;
+        }
+        catch (err) {
+            if (err.name === AuthenticationErrorName &&
+                err.errorResponse.error === "interaction_required") {
+                // It's likely that the refresh token has expired, so
+                // return null so that the credential implementation will
+                // initiate the authentication flow again.
+                logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
+                span.setStatus({
+                    code: SpanStatusCode.ERROR,
+                    message: err.message
                 });
-                const response = yield this.sendTokenRequest(webResource, expiresOnParser);
-                logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
-                return response;
-            }
-            catch (err) {
-                if (err.name === AuthenticationErrorName &&
-                    err.errorResponse.error === "interaction_required") {
-                    // It's likely that the refresh token has expired, so
-                    // return null so that the credential implementation will
-                    // initiate the authentication flow again.
-                    logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
-                    span.setStatus({
-                        code: SpanStatusCode.ERROR,
-                        message: err.message
-                    });
-                    return null;
-                }
-                else {
-                    logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
-                    span.setStatus({
-                        code: SpanStatusCode.ERROR,
-                        message: err.message
-                    });
-                    throw err;
-                }
+                return null;
             }
-            finally {
-                span.end();
+            else {
+                logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
+                span.setStatus({
+                    code: SpanStatusCode.ERROR,
+                    message: err.message
+                });
+                throw err;
             }
-        });
+        }
+        finally {
+            span.end();
+        }
     }
     // Here is a custom layer that allows us to abort requests that go through MSAL,
     // since MSAL doesn't allow us to pass options all the way through.
     generateAbortSignal(correlationId) {
         const controller = new AbortController();
-        const key = correlationId || noCorrelationId;
-        const controllers = this.abortControllers.get(key) || [];
+        const controllers = this.abortControllers.get(correlationId) || [];
         controllers.push(controller);
-        this.abortControllers.set(key, controllers);
+        this.abortControllers.set(correlationId, controllers);
+        const existingOnAbort = controller.signal.onabort;
+        controller.signal.onabort = (...params) => {
+            this.abortControllers.set(correlationId, undefined);
+            if (existingOnAbort) {
+                existingOnAbort(...params);
+            }
+        };
         return controller.signal;
     }
-    abortRequests(correlationId = noCorrelationId) {
+    abortRequests(correlationId) {
         const key = correlationId || noCorrelationId;
         const controllers = [
             ...(this.abortControllers.get(key) || []),
@@ -158,37 +166,43 @@ export class IdentityClient extends ServiceClient {
             controller.abort();
         }
         this.abortControllers.set(key, undefined);
-        this.abortControllers.set(noCorrelationId, undefined);
     }
     getCorrelationId(options) {
         var _a;
         const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
-        return parameter && parameter.length ? parameter[1] : noCorrelationId;
+        return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
     }
     // The MSAL network module methods follow
-    sendGetRequestAsync(url, options) {
-        const webResource = new WebResource(url, "GET", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers, false, false, 
-        // MSAL doesn't send the correlation ID on the get requests.
-        this.generateAbortSignal());
-        return this.sendRequest(webResource).then((response) => {
-            return {
-                body: response.parsedBody,
-                headers: response.headers.rawHeaders(),
-                status: response.status
-            };
+    async sendGetRequestAsync(url, options) {
+        const request = createPipelineRequest({
+            url,
+            method: "GET",
+            body: options === null || options === void 0 ? void 0 : options.body,
+            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            abortSignal: this.generateAbortSignal(noCorrelationId)
         });
+        const response = await this.sendRequest(request);
+        return {
+            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            headers: response.headers.toJSON(),
+            status: response.status
+        };
     }
-    sendPostRequestAsync(url, options) {
-        const webResource = new WebResource(url, "POST", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers, false, false, 
-        // MSAL doesn't send the correlation ID on the get requests.
-        this.generateAbortSignal(this.getCorrelationId(options)));
-        return this.sendRequest(webResource).then((response) => {
-            return {
-                body: response.parsedBody,
-                headers: response.headers.rawHeaders(),
-                status: response.status
-            };
+    async sendPostRequestAsync(url, options) {
+        const request = createPipelineRequest({
+            url,
+            method: "POST",
+            body: options === null || options === void 0 ? void 0 : options.body,
+            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            // MSAL doesn't send the correlation ID on the get requests.
+            abortSignal: this.generateAbortSignal(this.getCorrelationId(options))
         });
+        const response = await this.sendRequest(request);
+        return {
+            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            headers: response.headers.toJSON(),
+            status: response.status
+        };
     }
 }
 //# sourceMappingURL=identityClient.js.map

package/dist-esm/src/client/identityClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAEL,aAAa,EAEb,WAAW,EAGX,yBAAyB,EACzB,MAAM,EACP,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAmB1C;;;;;;;GAOG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAI/C,YAAY,OAAgC;QAC1C,IAAI,MAAM,EAAE;YACV,OAAO,GAAG,OAAO,IAAI,2BAA2B,EAAE,CAAC;SACpD;QACD,qEAAqE;QACrE,OAAO,mBACL,aAAa,EAAE,oBAAoB,IAChC,OAAO,CACX,CAAC;QACF,KAAK,CACH,SAAS,EACT,yBAAyB,iCACpB,OAAO,KACV,sBAAsB,EAAE;gBACtB,oBAAoB,EAAE;oBACpB,IAAI,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC;iBACtD;aACF,IACD,CACH,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,oBAAoB,CAAC;QAElF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEK,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe;gBACb,eAAe;oBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;wBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;oBACrD,CAAC,CAAC,CAAC;YAEL,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;wBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;qBACzD;oBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;iBAChD,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,WAAW,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAC1G,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CACnC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAC3C,CAAC;gBACF,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;aACb;QACH,CAAC;KAAA;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;YAE1F,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;oBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;oBACjC,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,WAAW;oBACxD,cAAc,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,cAAc;oBAC9D,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;iBAC5C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;oBACA,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;iBACX;aACF;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;;KACF;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAsB;QACxC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAE7C,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACzD,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAE5C,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,gBAAwB,eAAe;QACnD,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;IACxE,CAAC;IAED,yCAAyC;IAEzC,mBAAmB,CACjB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CACjC,GAAG,EACH,KAAK,EACL,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,EAAE,EACF,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAChB,KAAK,EACL,KAAK;QACL,4DAA4D;QAC5D,IAAI,CAAC,mBAAmB,EAAE,CAC3B,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAClB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CACjC,GAAG,EACH,MAAM,EACN,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,EAAE,EACF,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAChB,KAAK,EACL,KAAK;QACL,4DAA4D;QAC5D,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CACzD,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n  AccessToken,\n  ServiceClient,\n  PipelineOptions,\n  WebResource,\n  RequestPrepareOptions,\n  GetTokenOptions,\n  createPipelineFromOptions,\n  isNode\n} from \"@azure/core-http\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-common\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { getAuthorityHostEnvironment } from \"../util/authHostEnv\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n * @internal\n */\nexport interface TokenResponse {\n  /**\n   * The AccessToken to be returned from getToken.\n   */\n  accessToken: AccessToken;\n\n  /**\n   * The refresh token if the 'offline_access' scope was used.\n   */\n  refreshToken?: string;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n * @internal\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n  public authorityHost: string;\n  private abortControllers: Map<string, AbortController[] | undefined>;\n\n  constructor(options?: TokenCredentialOptions) {\n    if (isNode) {\n      options = options || getAuthorityHostEnvironment();\n    }\n    // Only if the authorityHost is not provided, we use the default one.\n    options = {\n      authorityHost: DefaultAuthorityHost,\n      ...options\n    };\n    super(\n      undefined,\n      createPipelineFromOptions({\n        ...options,\n        deserializationOptions: {\n          expectedContentTypes: {\n            json: [\"application/json\", \"text/json\", \"text/plain\"]\n          }\n        }\n      })\n    );\n\n    this.baseUri = this.authorityHost = options.authorityHost || DefaultAuthorityHost;\n\n    if (!this.baseUri.startsWith(\"https:\")) {\n      throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n    }\n\n    this.abortControllers = new Map();\n  }\n\n  createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n    const webResource = new WebResource();\n    webResource.prepare(requestOptions);\n    return webResource;\n  }\n\n  async sendTokenRequest(\n    webResource: WebResource,\n    expiresOnParser?: (responseBody: any) => number\n  ): Promise<TokenResponse | null> {\n    logger.info(`IdentityClient: sending token request to [${webResource.url}]`);\n    const response = await this.sendRequest(webResource);\n\n    expiresOnParser =\n      expiresOnParser ||\n      ((responseBody: any) => {\n        return Date.now() + responseBody.expires_in * 1000;\n      });\n\n    if (response.status === 200 || response.status === 201) {\n      const token = {\n        accessToken: {\n          token: response.parsedBody.access_token,\n          expiresOnTimestamp: expiresOnParser(response.parsedBody)\n        },\n        refreshToken: response.parsedBody.refresh_token\n      };\n\n      logger.info(\n        `IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n      );\n      return token;\n    } else {\n      const error = new AuthenticationError(\n        response.status,\n        response.parsedBody || response.bodyAsText\n      );\n      logger.warning(\n        `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n      );\n      throw error;\n    }\n  }\n\n  async refreshAccessToken(\n    tenantId: string,\n    clientId: string,\n    scopes: string,\n    refreshToken: string | undefined,\n    clientSecret: string | undefined,\n    expiresOnParser?: (responseBody: any) => number,\n    options?: GetTokenOptions\n  ): Promise<TokenResponse | null> {\n    if (refreshToken === undefined) {\n      return null;\n    }\n    logger.info(\n      `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n    );\n\n    const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n    const refreshParams = {\n      grant_type: \"refresh_token\",\n      client_id: clientId,\n      refresh_token: refreshToken,\n      scope: scopes\n    };\n\n    if (clientSecret !== undefined) {\n      (refreshParams as any).client_secret = clientSecret;\n    }\n\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n      const webResource = this.createWebResource({\n        url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        disableJsonStringifyOnBody: true,\n        deserializationMapper: undefined,\n        body: qs.stringify(refreshParams),\n        headers: {\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        },\n        spanOptions: updatedOptions?.tracingOptions?.spanOptions,\n        tracingContext: updatedOptions?.tracingOptions?.tracingContext,\n        abortSignal: options && options.abortSignal\n      });\n\n      const response = await this.sendTokenRequest(webResource, expiresOnParser);\n      logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n      return response;\n    } catch (err) {\n      if (\n        err.name === AuthenticationErrorName &&\n        err.errorResponse.error === \"interaction_required\"\n      ) {\n        // It's likely that the refresh token has expired, so\n        // return null so that the credential implementation will\n        // initiate the authentication flow again.\n        logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n        span.setStatus({\n          code: SpanStatusCode.ERROR,\n          message: err.message\n        });\n\n        return null;\n      } else {\n        logger.warning(\n          `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n        );\n        span.setStatus({\n          code: SpanStatusCode.ERROR,\n          message: err.message\n        });\n        throw err;\n      }\n    } finally {\n      span.end();\n    }\n  }\n\n  // Here is a custom layer that allows us to abort requests that go through MSAL,\n  // since MSAL doesn't allow us to pass options all the way through.\n\n  generateAbortSignal(correlationId?: string): AbortSignalLike {\n    const controller = new AbortController();\n    const key = correlationId || noCorrelationId;\n\n    const controllers = this.abortControllers.get(key) || [];\n    controllers.push(controller);\n    this.abortControllers.set(key, controllers);\n\n    return controller.signal;\n  }\n\n  abortRequests(correlationId: string = noCorrelationId): void {\n    const key = correlationId || noCorrelationId;\n    const controllers = [\n      ...(this.abortControllers.get(key) || []),\n      // MSAL passes no correlation ID to the get requests...\n      ...(this.abortControllers.get(noCorrelationId) || [])\n    ];\n    if (!controllers.length) {\n      return;\n    }\n    for (const controller of controllers) {\n      controller.abort();\n    }\n    this.abortControllers.set(key, undefined);\n    this.abortControllers.set(noCorrelationId, undefined);\n  }\n\n  getCorrelationId(options?: NetworkRequestOptions): string | undefined {\n    const parameter = options?.body\n      ?.split(\"&\")\n      .map((part) => part.split(\"=\"))\n      .find(([key]) => key === \"client-request-id\");\n    return parameter && parameter.length ? parameter[1] : noCorrelationId;\n  }\n\n  // The MSAL network module methods follow\n\n  sendGetRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions\n  ): Promise<NetworkResponse<T>> {\n    const webResource = new WebResource(\n      url,\n      \"GET\",\n      options?.body,\n      {},\n      options?.headers,\n      false,\n      false,\n      // MSAL doesn't send the correlation ID on the get requests.\n      this.generateAbortSignal()\n    );\n\n    return this.sendRequest(webResource).then((response) => {\n      return {\n        body: response.parsedBody as T,\n        headers: response.headers.rawHeaders(),\n        status: response.status\n      };\n    });\n  }\n\n  sendPostRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions\n  ): Promise<NetworkResponse<T>> {\n    const webResource = new WebResource(\n      url,\n      \"POST\",\n      options?.body,\n      {},\n      options?.headers,\n      false,\n      false,\n      // MSAL doesn't send the correlation ID on the get requests.\n      this.generateAbortSignal(this.getCorrelationId(options))\n    );\n\n    return this.sendRequest(webResource).then((response) => {\n      return {\n        body: response.parsedBody as T,\n        headers: response.headers.rawHeaders(),\n        status: response.status\n      };\n    });\n  }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends PipelineOptions {\n  /**\n   * The authority host to use for authentication requests.\n   * The default is \"https://login.microsoftonline.com\".\n   */\n  authorityHost?: string;\n}\n"]}
+{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAuB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAkB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAI/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,yBAAyB,CAAC;QACjD,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,IAClD,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,OAAwB,EACxB,eAA+C;QAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,eAAe;YACb,eAAe;gBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;oBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;gBACrD,CAAC,CAAC,CAAC;QAEL,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;YAC/E,MAAM,UAAU,GAIZ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;gBAC5B,OAAO,IAAI,CAAC;aACb;YAED,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,eAAe,CAAC,UAAU,CAAC;iBAChD;gBACD,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;SACd;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;QAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,OAAO,IAAI,CAAC;SACb;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;QAE1F,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;YAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;SACrD;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;YAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;gBACrD,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACtB,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,cAAc,EAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc;aAC/C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;YACvE,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;YAC1E,OAAO,QAAQ,CAAC;SACjB;QAAC,OAAO,GAAG,EAAE;YACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;gBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;gBACA,qDAAqD;gBACrD,yDAAyD;gBACzD,0CAA0C;gBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;gBAC/E,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC;aACb;iBAAM;gBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;gBACF,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;SACF;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE;gBACnB,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;aAC5B;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-common\";\nimport { CommonClientOptions, ServiceClient } from \"@azure/core-client\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { isNode } from \"@azure/core-util\";\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequest\n} from \"@azure/core-rest-pipeline\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n  /**\n   * The AccessToken to be returned from getToken.\n   */\n  accessToken: AccessToken;\n\n  /**\n   * The refresh token if the 'offline_access' scope was used.\n   */\n  refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n  // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n  let authorityHost = options?.authorityHost;\n\n  // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n  if (isNode) {\n    authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n  }\n\n  // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n  return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n  public authorityHost: string;\n  private abortControllers: Map<string, AbortController[] | undefined>;\n\n  constructor(options?: TokenCredentialOptions) {\n    const packageDetails = `azsdk-js-identity/2.0.0`;\n    const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n      ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n      : `${packageDetails}`;\n\n    const baseUri = getIdentityClientAuthorityHost(options);\n    if (!baseUri.startsWith(\"https:\")) {\n      throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n    }\n\n    super({\n      requestContentType: \"application/json; charset=utf-8\",\n      ...options,\n      userAgentOptions: {\n        userAgentPrefix\n      },\n      baseUri\n    });\n\n    this.authorityHost = baseUri;\n    this.abortControllers = new Map();\n  }\n\n  async sendTokenRequest(\n    request: PipelineRequest,\n    expiresOnParser?: (responseBody: any) => number\n  ): Promise<TokenResponse | null> {\n    logger.info(`IdentityClient: sending token request to [${request.url}]`);\n    const response = await this.sendRequest(request);\n\n    expiresOnParser =\n      expiresOnParser ||\n      ((responseBody: any) => {\n        return Date.now() + responseBody.expires_in * 1000;\n      });\n\n    if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n      const parsedBody: {\n        token?: string;\n        access_token?: string;\n        refresh_token?: string;\n      } = JSON.parse(response.bodyAsText);\n\n      if (!parsedBody.access_token) {\n        return null;\n      }\n\n      const token = {\n        accessToken: {\n          token: parsedBody.access_token,\n          expiresOnTimestamp: expiresOnParser(parsedBody)\n        },\n        refreshToken: parsedBody.refresh_token\n      };\n\n      logger.info(\n        `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n      );\n      return token;\n    } else {\n      const error = new AuthenticationError(response.status, response.bodyAsText);\n      logger.warning(\n        `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n      );\n      throw error;\n    }\n  }\n\n  async refreshAccessToken(\n    tenantId: string,\n    clientId: string,\n    scopes: string,\n    refreshToken: string | undefined,\n    clientSecret: string | undefined,\n    expiresOnParser?: (responseBody: any) => number,\n    options?: GetTokenOptions\n  ): Promise<TokenResponse | null> {\n    if (refreshToken === undefined) {\n      return null;\n    }\n    logger.info(\n      `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n    );\n\n    const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n    const refreshParams = {\n      grant_type: \"refresh_token\",\n      client_id: clientId,\n      refresh_token: refreshToken,\n      scope: scopes\n    };\n\n    if (clientSecret !== undefined) {\n      (refreshParams as any).client_secret = clientSecret;\n    }\n\n    const query = new URLSearchParams(refreshParams);\n\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n      const request = createPipelineRequest({\n        url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: query.toString(),\n        abortSignal: options && options.abortSignal,\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        }),\n        tracingOptions: updatedOptions?.tracingOptions\n      });\n\n      const response = await this.sendTokenRequest(request, expiresOnParser);\n      logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n      return response;\n    } catch (err) {\n      if (\n        err.name === AuthenticationErrorName &&\n        err.errorResponse.error === \"interaction_required\"\n      ) {\n        // It's likely that the refresh token has expired, so\n        // return null so that the credential implementation will\n        // initiate the authentication flow again.\n        logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n        span.setStatus({\n          code: SpanStatusCode.ERROR,\n          message: err.message\n        });\n\n        return null;\n      } else {\n        logger.warning(\n          `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n        );\n        span.setStatus({\n          code: SpanStatusCode.ERROR,\n          message: err.message\n        });\n        throw err;\n      }\n    } finally {\n      span.end();\n    }\n  }\n\n  // Here is a custom layer that allows us to abort requests that go through MSAL,\n  // since MSAL doesn't allow us to pass options all the way through.\n\n  generateAbortSignal(correlationId: string): AbortSignalLike {\n    const controller = new AbortController();\n    const controllers = this.abortControllers.get(correlationId) || [];\n    controllers.push(controller);\n    this.abortControllers.set(correlationId, controllers);\n    const existingOnAbort = controller.signal.onabort;\n    controller.signal.onabort = (...params) => {\n      this.abortControllers.set(correlationId, undefined);\n      if (existingOnAbort) {\n        existingOnAbort(...params);\n      }\n    };\n    return controller.signal;\n  }\n\n  abortRequests(correlationId?: string): void {\n    const key = correlationId || noCorrelationId;\n    const controllers = [\n      ...(this.abortControllers.get(key) || []),\n      // MSAL passes no correlation ID to the get requests...\n      ...(this.abortControllers.get(noCorrelationId) || [])\n    ];\n    if (!controllers.length) {\n      return;\n    }\n    for (const controller of controllers) {\n      controller.abort();\n    }\n    this.abortControllers.set(key, undefined);\n  }\n\n  getCorrelationId(options?: NetworkRequestOptions): string {\n    const parameter = options?.body\n      ?.split(\"&\")\n      .map((part) => part.split(\"=\"))\n      .find(([key]) => key === \"client-request-id\");\n    return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n  }\n\n  // The MSAL network module methods follow\n\n  async sendGetRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"GET\",\n      body: options?.body,\n      headers: createHttpHeaders(options?.headers),\n      abortSignal: this.generateAbortSignal(noCorrelationId)\n    });\n\n    const response = await this.sendRequest(request);\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status\n    };\n  }\n\n  async sendPostRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"POST\",\n      body: options?.body,\n      headers: createHttpHeaders(options?.headers),\n      // MSAL doesn't send the correlation ID on the get requests.\n      abortSignal: this.generateAbortSignal(this.getCorrelationId(options))\n    });\n\n    const response = await this.sendRequest(request);\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status\n    };\n  }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends CommonClientOptions {\n  /**\n   * The authority host to use for authentication requests.\n   * Possible values are available through {@link AzureAuthorityHosts}.\n   * The default is \"https://login.microsoftonline.com\".\n   */\n  authorityHost?: string;\n}\n"]}

package/dist-esm/src/constants.js

@@ -6,7 +6,7 @@
  */
 // TODO: temporary - this is the Azure CLI clientID - we'll replace it when
 // Developer Sign On application is available
-// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9
+// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
 export const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
 /**
  * The default tenant for authentication

package/dist-esm/src/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,yGAAyG;AACzG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n\n/**\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n\n/**\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n"]}

package/dist-esm/src/credentials/authorizationCodeCredential.browser.js

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import { credentialLogger, formatError } from "../util/logging";
-const BrowserNotSupportedError = new Error("AuthorizationCodeCredential is not supported in the browser.  InteractiveBrowserCredential is more appropriate for this use case.");
+const BrowserNotSupportedError = new Error("AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.");
 const logger = credentialLogger("AuthorizationCodeCredential");
 export class AuthorizationCodeCredential {
     constructor() {

package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,mIAAmI,CACpI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAgBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"AuthorizationCodeCredential is not supported in the browser.  InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n  constructor(\n    tenantId: string | \"common\",\n    clientId: string,\n    clientSecret: string,\n    authorizationCode: string,\n    redirectUri: string,\n    options?: TokenCredentialOptions\n  );\n  constructor(\n    tenantId: string | \"common\",\n    clientId: string,\n    authorizationCode: string,\n    redirectUri: string,\n    options?: TokenCredentialOptions\n  );\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}
+{"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kIAAkI,CACnI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAmBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n  /**\n   * Only available in Node.js\n   */\n  constructor(\n    tenantId: string | \"common\",\n    clientId: string,\n    clientSecret: string,\n    authorizationCode: string,\n    redirectUri: string,\n    options?: TokenCredentialOptions\n  );\n  constructor(\n    tenantId: string | \"common\",\n    clientId: string,\n    authorizationCode: string,\n    redirectUri: string,\n    options?: TokenCredentialOptions\n  );\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}

package/dist-esm/src/credentials/authorizationCodeCredential.js

@@ -1,14 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import qs from "qs";
-import { createSpan } from "../util/tracing";
-import { CredentialUnavailableError } from "../client/errors";
-import { IdentityClient } from "../client/identityClient";
-import { SpanStatusCode } from "@azure/core-tracing";
-import { credentialLogger, formatSuccess, formatError } from "../util/logging";
-import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
+import { credentialLogger } from "../util/logging";
 import { checkTenantId } from "../util/checkTenantId";
+import { MsalAuthorizationCode } from "../msal/nodeFlows/msalAuthorizationCode";
+import { trace } from "../util/tracing";
 const logger = credentialLogger("AuthorizationCodeCredential");
 /**
  * Enables authentication to Azure Active Directory using an authorization code
@@ -23,94 +18,36 @@ export class AuthorizationCodeCredential {
      * @internal
      */
     constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
-        this.lastTokenResponse = null;
         checkTenantId(logger, tenantId);
-        this.clientId = clientId;
-        this.tenantId = tenantId;
+        let clientSecret = clientSecretOrAuthorizationCode;
         if (typeof redirectUriOrOptions === "string") {
             // the clientId+clientSecret constructor
-            this.clientSecret = clientSecretOrAuthorizationCode;
             this.authorizationCode = authorizationCodeOrRedirectUri;
             this.redirectUri = redirectUriOrOptions;
             // options okay
         }
         else {
             // clientId only
-            this.clientSecret = undefined;
             this.authorizationCode = clientSecretOrAuthorizationCode;
             this.redirectUri = authorizationCodeOrRedirectUri;
+            clientSecret = undefined;
             options = redirectUriOrOptions;
         }
-        this.identityClient = new IdentityClient(options);
+        this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
+            clientId, tokenCredentialOptions: options || {}, logger, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if
-     * successful.  If authentication cannot be performed at this time, this method may
-     * return null.  If an error occurs during authentication, an {@link AuthenticationError}
-     * containing failure details will be thrown.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this
      *                TokenCredential implementation might make.
      */
-    getToken(scopes, options) {
-        var _a, _b;
-        return __awaiter(this, void 0, void 0, function* () {
-            const { span, updatedOptions } = createSpan("AuthorizationCodeCredential-getToken", options);
-            try {
-                let tokenResponse = null;
-                let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
-                if (scopeString.indexOf("offline_access") < 0) {
-                    scopeString += " offline_access";
-                }
-                // Try to use the refresh token first
-                if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {
-                    tokenResponse = yield this.identityClient.refreshAccessToken(this.tenantId, this.clientId, scopeString, this.lastTokenResponse.refreshToken, this.clientSecret, undefined, updatedOptions);
-                }
-                if (tokenResponse === null) {
-                    const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);
-                    const webResource = this.identityClient.createWebResource({
-                        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,
-                        method: "POST",
-                        disableJsonStringifyOnBody: true,
-                        deserializationMapper: undefined,
-                        body: qs.stringify({
-                            client_id: this.clientId,
-                            grant_type: "authorization_code",
-                            scope: scopeString,
-                            code: this.authorizationCode,
-                            redirect_uri: this.redirectUri,
-                            client_secret: this.clientSecret
-                        }),
-                        headers: {
-                            Accept: "application/json",
-                            "Content-Type": "application/x-www-form-urlencoded"
-                        },
-                        abortSignal: options && options.abortSignal,
-                        spanOptions: (_a = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _a === void 0 ? void 0 : _a.spanOptions,
-                        tracingContext: (_b = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _b === void 0 ? void 0 : _b.tracingContext
-                    });
-                    tokenResponse = yield this.identityClient.sendTokenRequest(webResource);
-                }
-                this.lastTokenResponse = tokenResponse;
-                logger.getToken.info(formatSuccess(scopes));
-                const token = tokenResponse && tokenResponse.accessToken;
-                if (!token) {
-                    throw new CredentialUnavailableError("Failed to retrieve a valid token");
-                }
-                return token;
-            }
-            catch (err) {
-                span.setStatus({
-                    code: SpanStatusCode.ERROR,
-                    message: err.message
-                });
-                logger.getToken.info(formatError(scopes, err));
-                throw err;
-            }
-            finally {
-                span.end();
-            }
+    async getToken(scopes, options = {}) {
+        return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
         });
     }
 }