npm - @azure/identity - Versions diffs - 2.0.0-beta.3 → 2.0.0 - Mend

@azure/identity 2.0.0-beta.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (149) hide show

package/dist-esm/src/credentials/azurePowerShellCredential.js CHANGED Viewed

@@ -1,11 +1,12 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { CredentialUnavailableError } from "../client/errors";
+import { CredentialUnavailableError } from "../errors";
 import { credentialLogger, formatSuccess, formatError } from "../util/logging";
 import { trace } from "../util/tracing";
 import { ensureValidScope, getScopeResource } from "../util/scopeUtils";
 import { processUtils } from "../util/processUtils";
+import { processMultiTenantRequest } from "../util/validateMultiTenant";
+import { checkTenantId } from "../util/checkTenantId";
 const logger = credentialLogger("AzurePowerShellCredential");
 const isWindows = process.platform === "win32";
 /**
@@ -26,16 +27,14 @@ export function formatCommand(commandName) {
  * If anything fails, an error is thrown.
  * @internal
  */
-function runCommands(commands) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const results = [];
-        for (const command of commands) {
-            const [file, ...parameters] = command;
-            const result = (yield processUtils.execFile(file, parameters, { encoding: "utf8" }));
-            results.push(result);
-        }
-        return results;
-    });
+async function runCommands(commands) {
+    const results = [];
+    for (const command of commands) {
+        const [file, ...parameters] = command;
+        const result = (await processUtils.execFile(file, parameters, { encoding: "utf8" }));
+        results.push(result);
+    }
+    return results;
 }
 /**
  * Known PowerShell errors
@@ -51,7 +50,8 @@ export const powerShellErrors = {
  */
 export const powerShellPublicErrorMessages = {
     login: "Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.",
-    installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`
+    installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,
+    troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`
 };
 // PowerShell Azure User not logged in error check.
 const isLoginError = (err) => err.message.match(`(.*)${powerShellErrors.login}(.*)`);
@@ -70,93 +70,103 @@ if (isWindows) {
  * This credential will use the currently logged-in user information from the
  * Azure PowerShell module. To do so, it will read the user access token and
  * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
- *
- * To be able to use this credential:
- * - Install the Azure Az PowerShell module with:
- *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
- * - You have already logged in to Azure PowerShell using the command
- * `Connect-AzAccount` from the command line.
  */
 export class AzurePowerShellCredential {
+    /**
+     * Creates an instance of the {@link AzurePowerShellCredential}.
+     *
+     * To use this credential:
+     * - Install the Azure Az PowerShell module with:
+     *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
+     * - You have already logged in to Azure PowerShell using the command
+     * `Connect-AzAccount` from the command line.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options) {
+        this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
+    }
     /**
      * Gets the access token from Azure PowerShell
      * @param resource - The resource to use when getting the token
      */
-    getAzurePowerShellAccessToken(resource) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Clone the stack to avoid mutating it while iterating
-            for (const powerShellCommand of [...commandStack]) {
-                try {
-                    yield runCommands([[powerShellCommand, "/?"]]);
-                }
-                catch (e) {
-                    // Remove this credential from the original stack so that we don't try it again.
-                    commandStack.shift();
-                    continue;
-                }
-                const results = yield runCommands([
-                    [
-                        powerShellCommand,
-                        "-Command",
-                        "Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru"
-                    ],
-                    [
-                        powerShellCommand,
-                        "-Command",
-                        `Get-AzAccessToken -ResourceUrl "${resource}" | ConvertTo-Json`
-                    ]
-                ]);
-                const result = results[1];
-                try {
-                    return JSON.parse(result);
-                }
-                catch (e) {
-                    throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
-                }
+    async getAzurePowerShellAccessToken(resource, tenantId) {
+        // Clone the stack to avoid mutating it while iterating
+        for (const powerShellCommand of [...commandStack]) {
+            try {
+                await runCommands([[powerShellCommand, "/?"]]);
             }
-            throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system.`);
-        });
+            catch (e) {
+                // Remove this credential from the original stack so that we don't try it again.
+                commandStack.shift();
+                continue;
+            }
+            let tenantSection = "";
+            if (tenantId) {
+                tenantSection = `-TenantId "${tenantId}"`;
+            }
+            const results = await runCommands([
+                [
+                    powerShellCommand,
+                    "-Command",
+                    "Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru"
+                ],
+                [
+                    powerShellCommand,
+                    "-Command",
+                    `Get-AzAccessToken ${tenantSection} -ResourceUrl "${resource}" | ConvertTo-Json`
+                ]
+            ]);
+            const result = results[1];
+            try {
+                return JSON.parse(result);
+            }
+            catch (e) {
+                throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);
+            }
+        }
+        throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if
-     * successful. If authentication cannot be performed at this time, this method may
-     * return null. If an error occurs during authentication, an {@link AuthenticationError}
-     * containing failure details will be thrown.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this TokenCredential implementation might make.
      */
-    getToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return trace(`${this.constructor.name}.getToken`, options, () => __awaiter(this, void 0, void 0, function* () {
-                const scope = typeof scopes === "string" ? scopes : scopes[0];
-                logger.getToken.info(`Using the scope ${scope}`);
-                ensureValidScope(scope, logger);
-                const resource = getScopeResource(scope);
-                try {
-                    const response = yield this.getAzurePowerShellAccessToken(resource);
-                    logger.getToken.info(formatSuccess(scopes));
-                    return {
-                        token: response.Token,
-                        expiresOnTimestamp: new Date(response.ExpiresOn).getTime()
-                    };
+    async getToken(scopes, options = {}) {
+        return trace(`${this.constructor.name}.getToken`, options, async () => {
+            const tenantId = processMultiTenantRequest(this.tenantId, options);
+            if (tenantId) {
+                checkTenantId(logger, tenantId);
+            }
+            const scope = typeof scopes === "string" ? scopes : scopes[0];
+            ensureValidScope(scope, logger);
+            logger.getToken.info(`Using the scope ${scope}`);
+            const resource = getScopeResource(scope);
+            try {
+                const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
+                logger.getToken.info(formatSuccess(scopes));
+                return {
+                    token: response.Token,
+                    expiresOnTimestamp: new Date(response.ExpiresOn).getTime()
+                };
+            }
+            catch (err) {
+                if (isNotInstalledError(err)) {
+                    const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
+                    logger.getToken.info(formatError(scope, error));
+                    throw error;
                 }
-                catch (err) {
-                    if (isNotInstalledError(err)) {
-                        const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
-                        logger.getToken.info(formatError(scope, error));
-                        throw error;
-                    }
-                    else if (isLoginError(err)) {
-                        const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
-                        logger.getToken.info(formatError(scope, error));
-                        throw error;
-                    }
-                    const error = new CredentialUnavailableError(err);
+                else if (isLoginError(err)) {
+                    const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
                     logger.getToken.info(formatError(scope, error));
                     throw error;
                 }
-            }));
+                const error = new CredentialUnavailableError(`${err}. ${powerShellPublicErrorMessages.troubleshoot}`);
+                logger.getToken.info(formatError(scope, error));
+                throw error;
+            }
         });
     }
 }

package/dist-esm/src/credentials/azurePowerShellCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE;QACb,OAAO,GAAG,WAAW,MAAM,CAAC;KAC7B;SAAM;QACL,OAAO,WAAW,CAAC;KACpB;AACH,CAAC;AAED;;;;GAIG;AACH,SAAe,WAAW,CAAC,QAAoB;;QAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;YAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;YACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAW,CAAC;YAC/F,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CAAA;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;CACxL,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAE5F,qDAAqD;AACrD,MAAM,mBAAmB,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAE1F;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;CAChD;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,yBAAyB;IACpC;;;OAGG;IACW,6BAA6B,CACzC,QAAgB;;YAEhB,uDAAuD;YACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;gBACjD,IAAI;oBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;iBAChD;gBAAC,OAAO,CAAC,EAAE;oBACV,gFAAgF;oBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;oBACrB,SAAS;iBACV;gBAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;oBAChC;wBACE,iBAAiB;wBACjB,UAAU;wBACV,2DAA2D;qBAC5D;oBACD;wBACE,iBAAiB;wBACjB,UAAU;wBACV,mCAAmC,QAAQ,oBAAoB;qBAChE;iBACF,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1B,IAAI;oBACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;iBAC3B;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;iBACzF;aACF;YAED,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;KAAA;IAED;;;;;;;;OAQG;IACU,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;;YAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,GAAS,EAAE;gBACpE,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAE9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAEjD,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAChC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBAEzC,IAAI;oBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC;oBACpE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;wBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBAC3D,CAAC;iBACH;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;wBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;wBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBAChD,MAAM,KAAK,CAAC;qBACb;yBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;wBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;wBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBAChD,MAAM,KAAK,CAAC;qBACb;oBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,GAAG,CAAC,CAAC;oBAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;YACH,CAAC,CAAA,CAAC,CAAC;QACL,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { ensureValidScope, getScopeResource } from \"../util/scopeUtils\";\nimport { processUtils } from \"../util/processUtils\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][]): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, { encoding: \"utf8\" })) as string;\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\"\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError = (err: Error) => err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError = (err: Error) => err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n \n To be able to use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]]);\n } catch (e) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-Command\",\n \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\"\n ],\n [\n powerShellCommand,\n \"-Command\",\n `Get-AzAccessToken -ResourceUrl \"${resource}\" \| ConvertTo-Json`\n ]\n ]);\n\n const result = results[1];\n try {\n return JSON.parse(result);\n } catch (e) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system.`);\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n return trace(`${this.constructor.name}.getToken`, options, async () => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n\n logger.getToken.info(`Using the scope ${scope}`);\n\n ensureValidScope(scope, logger);\n const resource = getScopeResource(scope);\n\n try {\n const response = await this.getAzurePowerShellAccessToken(resource);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime()\n };\n } catch (err) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(err);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE;QACb,OAAO,GAAG,WAAW,MAAM,CAAC;KAC7B;SAAM;QACL,OAAO,WAAW,CAAC;KACpB;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB;IAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAW,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;KACtB;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAE5F,qDAAqD;AACrD,MAAM,mBAAmB,GAAG,CAAC,GAAU,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAE1F;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAGpC;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;IACpC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB;QAEjB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;YACjD,IAAI;gBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;aAChD;YAAC,OAAO,CAAC,EAAE;gBACV,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;aACV;YAED,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,EAAE;gBACZ,aAAa,GAAG,cAAc,QAAQ,GAAG,CAAC;aAC3C;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,UAAU;oBACV,2DAA2D;iBAC5D;gBACD;oBACE,iBAAiB;oBACjB,UAAU;oBACV,qBAAqB,aAAa,kBAAkB,QAAQ,oBAAoB;iBACjF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;aAC3B;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;aACzF;SACF;QAED,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACpE,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnE,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YAED,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC9D,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;YACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAEzC,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;iBAC3D,CAAC;aACH;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { ensureValidScope, getScopeResource } from \"../util/scopeUtils\";\nimport { processUtils } from \"../util/processUtils\";\nimport { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][]): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, { encoding: \"utf8\" })) as string;\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\"\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError = (err: Error) => err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError = (err: Error) => err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n\n /\n Creates an instance of the {@link AzurePowerShellCredential}.\n \n To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzurePowerShellCredentialOptions) {\n this.tenantId = options?.tenantId;\n }\n\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]]);\n } catch (e) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n let tenantSection = \"\";\n if (tenantId) {\n tenantSection = `-TenantId \"${tenantId}\"`;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-Command\",\n \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\"\n ],\n [\n powerShellCommand,\n \"-Command\",\n `Get-AzAccessToken ${tenantSection} -ResourceUrl \"${resource}\" \| ConvertTo-Json`\n ]\n ]);\n\n const result = results[1];\n try {\n return JSON.parse(result);\n } catch (e) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<AccessToken> {\n return trace(`${this.constructor.name}.getToken`, options, async () => {\n const tenantId = processMultiTenantRequest(this.tenantId, options);\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n ensureValidScope(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n\n try {\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime()\n };\n } catch (err) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js ADDED Viewed

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+export {};
+//# sourceMappingURL=azurePowerShellCredentialOptions.js.map

package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azurePowerShellCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\n/**\n * Options for the {@link AzurePowerShellCredential}\n */\nexport interface AzurePowerShellCredentialOptions extends TokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n}\n"]}

package/dist-esm/src/credentials/chainedTokenCredential.js CHANGED Viewed

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { AggregateAuthenticationError, CredentialUnavailableError } from "../client/errors";
+import { AggregateAuthenticationError, CredentialUnavailableError } from "../errors";
 import { createSpan } from "../util/tracing";
 import { SpanStatusCode } from "@azure/core-tracing";
 import { credentialLogger, formatSuccess, formatError } from "../util/logging";
@@ -47,44 +46,42 @@ export class ChainedTokenCredential {
      * @param options - The options used to configure any requests this
      *                `TokenCredential` implementation might make.
      */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let token = null;
-            let successfulCredentialName = "";
-            const errors = [];
-            const { span, updatedOptions } = createSpan("ChainedTokenCredential-getToken", options);
-            for (let i = 0; i < this._sources.length && token === null; i++) {
-                try {
-                    token = yield this._sources[i].getToken(scopes, updatedOptions);
-                    successfulCredentialName = this._sources[i].constructor.name;
+    async getToken(scopes, options) {
+        let token = null;
+        let successfulCredentialName = "";
+        const errors = [];
+        const { span, updatedOptions } = createSpan("ChainedTokenCredential.getToken", options);
+        for (let i = 0; i < this._sources.length && token === null; i++) {
+            try {
+                token = await this._sources[i].getToken(scopes, updatedOptions);
+                successfulCredentialName = this._sources[i].constructor.name;
+            }
+            catch (err) {
+                if (err.name === "CredentialUnavailableError" ||
+                    err.name === "AuthenticationRequiredError") {
+                    errors.push(err);
                 }
-                catch (err) {
-                    if (err.name === "CredentialUnavailableError" ||
-                        err.name === "AuthenticationRequiredError") {
-                        errors.push(err);
-                    }
-                    else {
-                        logger.getToken.info(formatError(scopes, err));
-                        throw err;
-                    }
+                else {
+                    logger.getToken.info(formatError(scopes, err));
+                    throw err;
                 }
             }
-            if (!token && errors.length > 0) {
-                const err = new AggregateAuthenticationError(errors);
-                span.setStatus({
-                    code: SpanStatusCode.ERROR,
-                    message: err.message
-                });
-                logger.getToken.info(formatError(scopes, err));
-                throw err;
-            }
-            span.end();
-            logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
-            if (token === null) {
-                throw new CredentialUnavailableError("Failed to retrieve a valid token");
-            }
-            return token;
-        });
+        }
+        if (!token && errors.length > 0) {
+            const err = new AggregateAuthenticationError(errors, "ChainedTokenCredential authentication failed.");
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: err.message
+            });
+            logger.getToken.info(formatError(scopes, err));
+            throw err;
+        }
+        span.end();
+        logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
+        if (token === null) {
+            throw new CredentialUnavailableError("Failed to retrieve a valid token");
+        }
+        return token;
     }
 }
 //# sourceMappingURL=chainedTokenCredential.js.map

package/dist-esm/src/credentials/chainedTokenCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC~~;;AAGlC~~,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,~~kBAAkB~~,CAAC;~~AAC5F~~,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;~~IACG~~,QAAQ,CAAC,MAAyB,EAAE,OAAyB~~;;YACjE~~,IAAI,KAAK,GAAG,IAAI,CAAC;~~YACjB~~,IAAI,wBAAwB,GAAG,EAAE,CAAC;~~YAClC~~,MAAM,MAAM,GAAG,EAAE,CAAC;~~YAElB~~,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;~~YAExF~~,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;~~gBAC~~/D,IAAI;~~oBACF~~,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;~~oBAChE~~,wBAAwB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;~~iBAC9D~~;~~gBAAC~~,OAAO,GAAG,EAAE;~~oBACZ~~,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;~~wBACzC~~,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;~~wBACA~~,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;~~qBAClB~~;~~yBAAM~~;~~wBACL~~,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;~~wBAC~~/C,MAAM,GAAG,CAAC;~~qBACX~~;~~iBACF;~~aACF;~~YAED~~,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;~~gBAC~~/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,~~CAAC~~,MAAM,~~CAAC~~,CAAC;~~gBACrD~~,IAAI,CAAC,SAAS,CAAC;~~oBACb~~,IAAI,EAAE,cAAc,CAAC,KAAK;~~oBAC1B~~,OAAO,EAAE,GAAG,CAAC,OAAO;~~iBACrB~~,CAAC,CAAC;~~gBACH~~,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;~~gBAC~~/C,MAAM,GAAG,CAAC;~~aACX~~;~~YAED~~,IAAI,CAAC,GAAG,EAAE,CAAC;~~YAEX~~,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,wBAAwB,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;~~YAEzF~~,IAAI,KAAK,KAAK,IAAI,EAAE;~~gBAClB~~,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;~~aAC1E~~;~~YACD~~,OAAO,KAAK,CAAC;~~QACf~~,CAAC;~~KAAA;~~CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-~~http~~\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../~~client/~~errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\n/*\n @internal\n /\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n /\n The message to use when the chained token fails to get a token\n /\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string \| string[], options?: GetTokenOptions): Promise<AccessToken> {\n let token = null;\n let successfulCredentialName = \"\";\n const errors = [];\n\n const { span, updatedOptions } = createSpan(\"ChainedTokenCredential-getToken\", options);\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredentialName = this._sources[i].constructor.name;\n } catch (err) {\n if (\n err.name === \"CredentialUnavailableError\" \|\|\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(errors);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return token;\n }\n}\n"]}
1	+ {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IASjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QApBzC;;WAEG;QACO,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,OAAyB;QACjE,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,IAAI,wBAAwB,GAAG,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,EAAE,CAAC;QAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QAExF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;YAC/D,IAAI;gBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;gBAChE,wBAAwB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;aAC9D;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;oBACA,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAClB;qBAAM;oBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;YACF,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;QAEX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,wBAAwB,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEzF,IAAI,KAAK,KAAK,IAAI,EAAE;YAClB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;SAC1E;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\n\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\n/*\n @internal\n /\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n /\n The message to use when the chained token fails to get a token\n /\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string \| string[], options?: GetTokenOptions): Promise<AccessToken> {\n let token = null;\n let successfulCredentialName = \"\";\n const errors = [];\n\n const { span, updatedOptions } = createSpan(\"ChainedTokenCredential.getToken\", options);\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredentialName = this._sources[i].constructor.name;\n } catch (err) {\n if (\n err.name === \"CredentialUnavailableError\" \|\|\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(\n errors,\n \"ChainedTokenCredential authentication failed.\"\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return token;\n }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.browser.js CHANGED Viewed

@@ -3,7 +3,14 @@
 import { credentialLogger, formatError } from "../util/logging";
 const BrowserNotSupportedError = new Error("ClientCertificateCredential is not supported in the browser.");
 const logger = credentialLogger("ClientCertificateCredential");
+/**
+ * Enables authentication to Azure Active Directory using a PEM-encoded
+ * certificate that is assigned to an App Registration.
+ */
 export class ClientCertificateCredential {
+    /**
+     * Only available in Node.js
+     */
     constructor() {
         logger.info(formatError("", BrowserNotSupportedError));
         throw BrowserNotSupportedError;

package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-~~http~~\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\nexport class ClientCertificateCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration.\n /\nexport class ClientCertificateCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.js CHANGED Viewed

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { __awaiter } from "tslib";
 import { MsalClientCertificate } from "../msal/nodeFlows/msalClientCertificate";
 import { credentialLogger } from "../util/logging";
 import { trace } from "../util/tracing";
-const logger = credentialLogger("ClientCertificateCredential");
+const credentialName = "ClientCertificateCredential";
+const logger = credentialLogger(credentialName);
 /**
  * Enables authentication to Azure Active Directory using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
@@ -14,37 +14,38 @@ const logger = credentialLogger("ClientCertificateCredential");
  *
  */
 export class ClientCertificateCredential {
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Azure Active Directory with a certificate.
-     *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId, clientId, certificatePath, options = {}) {
-        this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { certificatePath,
+    constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
+        if (!tenantId || !clientId) {
+            throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
+        }
+        const configuration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
+            ? {
+                certificatePath: certificatePathOrConfiguration
+            }
+            : certificatePathOrConfiguration));
+        if (!configuration || !(configuration.certificate || configuration.certificatePath)) {
+            throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
+        }
+        if (configuration.certificate && configuration.certificatePath) {
+            throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
+        }
+        this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { configuration,
             logger,
             clientId,
             tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if
-     * successful.  If authentication cannot be performed at this time, this method may
-     * return null.  If an error occurs during authentication, an {@link AuthenticationError}
-     * containing failure details will be thrown.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this
      *                TokenCredential implementation might make.
      */
-    getToken(scopes, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return trace(`${this.constructor.name}.getToken`, options, (newOptions) => __awaiter(this, void 0, void 0, function* () {
-                const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-                return this.msalFlow.getToken(arrayScopes, newOptions);
-            }));
+    async getToken(scopes, options = {}) {
+        return trace(`${credentialName}.getToken`, options, async (newOptions) => {
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalFlow.getToken(arrayScopes, newOptions);
         });
     }
 }

package/dist-esm/src/credentials/clientCertificateCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC~~;;AAGlC~~,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,~~6BAA6B~~,CAAC,CAAC;~~AAE/D~~;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;~~IAGtC;;;;;;;;OAQG;IACH~~,YACE,QAAgB,EAChB,QAAgB,EAChB,~~eAAuB~~,~~EACvB~~,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,~~eAAe~~;~~YACf~~,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED~~;;;;;;;;;OASG~~;~~IACG~~,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE~~;;YACrE~~,OAAO,KAAK,CAAC,GAAG,~~IAAI~~,~~CAAC,~~WAAW,~~CAAC~~,~~IAAI~~,~~WAAW,~~EAAE,~~OAAO~~,EAAE,~~CAAO,~~UAAU,EAAE,EAAE;~~gBAC9E~~,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;~~gBAC9D~~,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;~~YACzD~~,CAAC,~~CAAA,~~CAAC,CAAC;~~QACL~~,CAAC;~~KAAA;~~CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-~~http~~\";\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\n\nconst ~~logger~~ = ~~credentialLogger(~~\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options: ClientCertificateCredentialOptions = {}\n ) {\n this.msalFlow = new MsalClientCertificate({\n ...options,\n ~~certificatePath~~,\n logger,\n clientId,\n tenantId,\n sendCertificateChain: options.sendCertificateChain,\n tokenCredentialOptions: options\n });\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful~~. If authentication cannot be performed at this time, this method may\~~n * ~~return null.~~ If an ~~error occurs during authentication~~, an {@link ~~AuthenticationError~~}\n * ~~containing~~ ~~failure~~ details ~~will~~ be ~~thrown~~.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return trace(`${~~this.constructor.name~~}.getToken`, options, async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n });\n }\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,cAAc,GAAG,6BAA6B,CAAC;AACrD,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AA2BhD;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAkCtC,YACE,QAAgB,EAChB,QAAgB,EAChB,8BAAoF,EACpF,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,cAAc,kDAAkD,CAAC,CAAC;SACtF;QACD,MAAM,aAAa,qBACd,CAAC,OAAO,8BAA8B,KAAK,QAAQ;YACpD,CAAC,CAAC;gBACE,eAAe,EAAE,8BAA8B;aAChD;YACH,CAAC,CAAC,8BAA8B,CAAC,CACpC,CAAC;QACF,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,eAAe,CAAC,EAAE;YACnF,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,4MAA4M,CAC9N,CAAC;SACH;QACD,IAAI,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,eAAe,EAAE;YAC9D,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,wOAAwO,CAC1P,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,aAAa;YACb,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\n\nconst credentialName = \"ClientCertificateCredential\";\nconst logger = credentialLogger(credentialName);\n\n/*\n Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n /\nexport type ClientCertificateCredentialPEMConfiguration =\n \| {\n /\n The PEM-encoded public/private key certificate on the filesystem.\n /\n certificate: string;\n /\n The PEM-encoded public/private key certificate on the filesystem should not be provided if `certificate` is provided.\n /\n certificatePath?: never;\n }\n \| {\n /\n The PEM-encoded public/private key certificate on the filesystem should not be provided if `certificatePath` is provided.\n /\n certificate?: never;\n /\n The path to the PEM-encoded public/private key certificate on the filesystem.\n /\n certificatePath: string;\n };\n\n/\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n );\n /\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the PEM-encoded certificate as a string, or as a path on the filesystem.\n * If the type is ignored, we will throw if both the value of the PEM certificate and the path to a PEM certificate are provided at the same time.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificateCredentialPEMConfiguration,\n options?: ClientCertificateCredentialOptions\n );\n constructor(\n tenantId: string,\n clientId: string,\n certificatePathOrConfiguration: string \| ClientCertificateCredentialPEMConfiguration,\n options: ClientCertificateCredentialOptions = {}\n ) {\n if (!tenantId \|\| !clientId) {\n throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);\n }\n const configuration: ClientCertificateCredentialPEMConfiguration = {\n ...(typeof certificatePathOrConfiguration === \"string\"\n ? {\n certificatePath: certificatePathOrConfiguration\n }\n : certificatePathOrConfiguration)\n };\n if (!configuration \|\| !(configuration.certificate \|\| configuration.certificatePath)) {\n throw new Error(\n `${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`\n );\n }\n if (configuration.certificate && configuration.certificatePath) {\n throw new Error(\n `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`\n );\n }\n this.msalFlow = new MsalClientCertificate({\n ...options,\n configuration,\n logger,\n clientId,\n tenantId,\n sendCertificateChain: options.sendCertificateChain,\n tokenCredentialOptions: options\n });\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return trace(`${credentialName}.getToken`, options, async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n });\n }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\n/*\n Optional parameters for the {@link ClientCertificateCredential} class.\n /\nexport interface ClientCertificateCredentialOptions extends TokenCredentialOptions {\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\n\n/*\n Optional parameters for the {@link ClientCertificateCredential} class.\n /\nexport interface ClientCertificateCredentialOptions\n extends TokenCredentialOptions,\n CredentialPersistenceOptions {\n /\n Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n /\n sendCertificateChain?: boolean;\n // TODO: Export again once we're ready to release this feature.\n // /\n // Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n // * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n // * If the property is not specified, the credential uses the global authority endpoint.\n // */\n // regionalAuthority?: string;\n}\n"]}