@azure/identity 2.0.0-beta.4 → 2.0.1-alpha.20211025.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (132) hide show
  1. package/CHANGELOG.md +215 -4
  2. package/README.md +78 -25
  3. package/dist/index.js +888 -477
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/identityClient.js +75 -62
  6. package/dist-esm/src/client/identityClient.js.map +1 -1
  7. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js +1 -1
  8. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  9. package/dist-esm/src/credentials/authorizationCodeCredential.js +12 -74
  10. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  11. package/dist-esm/src/credentials/azureApplicationCredential.browser.js +34 -0
  12. package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map +1 -0
  13. package/dist-esm/src/credentials/azureApplicationCredential.js +36 -0
  14. package/dist-esm/src/credentials/azureApplicationCredential.js.map +1 -0
  15. package/dist-esm/src/credentials/azureCliCredential.browser.js +7 -0
  16. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  17. package/dist-esm/src/credentials/azureCliCredential.js +10 -10
  18. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  19. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js +3 -1
  20. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map +1 -1
  21. package/dist-esm/src/credentials/azurePowerShellCredential.js +13 -13
  22. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  23. package/dist-esm/src/credentials/chainedTokenCredential.js +3 -3
  24. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  25. package/dist-esm/src/credentials/clientCertificateCredential.browser.js +7 -0
  26. package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +1 -1
  27. package/dist-esm/src/credentials/clientCertificateCredential.js +19 -13
  28. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  29. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  30. package/dist-esm/src/credentials/clientSecretCredential.browser.js +17 -19
  31. package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
  32. package/dist-esm/src/credentials/clientSecretCredential.js +3 -0
  33. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  34. package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  35. package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -1
  36. package/dist-esm/src/credentials/defaultAzureCredential.browser.js +1 -1
  37. package/dist-esm/src/credentials/defaultAzureCredential.browser.js.map +1 -1
  38. package/dist-esm/src/credentials/defaultAzureCredential.js +22 -21
  39. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  40. package/dist-esm/src/credentials/deviceCodeCredential.browser.js +7 -0
  41. package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +1 -1
  42. package/dist-esm/src/credentials/deviceCodeCredential.js +14 -0
  43. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  44. package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +1 -1
  45. package/dist-esm/src/credentials/environmentCredential.browser.js +7 -0
  46. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  47. package/dist-esm/src/credentials/environmentCredential.js +5 -21
  48. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  49. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +7 -7
  50. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  51. package/dist-esm/src/credentials/interactiveBrowserCredential.js +7 -7
  52. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  53. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  54. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +31 -12
  55. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  56. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +45 -23
  57. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  58. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +29 -13
  59. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
  60. package/dist-esm/src/credentials/managedIdentityCredential/constants.js +2 -1
  61. package/dist-esm/src/credentials/managedIdentityCredential/constants.js.map +1 -1
  62. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +36 -11
  63. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  64. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +69 -47
  65. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  66. package/dist-esm/src/credentials/managedIdentityCredential/index.js +19 -17
  67. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  68. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  69. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +82 -0
  70. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
  71. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +16 -4
  72. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  73. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js +23 -0
  74. package/dist-esm/src/credentials/onBehalfOfCredential.browser.js.map +1 -0
  75. package/dist-esm/src/credentials/onBehalfOfCredential.js +57 -0
  76. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -0
  77. package/dist-esm/src/credentials/{visualStudioCodeCredentialExtension.js → onBehalfOfCredentialOptions.js} +1 -1
  78. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -0
  79. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +17 -19
  80. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
  81. package/dist-esm/src/credentials/usernamePasswordCredential.js +3 -2
  82. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  83. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js +7 -1
  84. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -1
  85. package/dist-esm/src/credentials/visualStudioCodeCredential.js +16 -8
  86. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  87. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js +4 -0
  88. package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
  89. package/dist-esm/src/{client/errors.js → errors.js} +16 -1
  90. package/dist-esm/src/errors.js.map +1 -0
  91. package/dist-esm/src/index.js +3 -4
  92. package/dist-esm/src/index.js.map +1 -1
  93. package/dist-esm/src/msal/browserFlows/browserCommon.js +8 -7
  94. package/dist-esm/src/msal/browserFlows/browserCommon.js.map +1 -1
  95. package/dist-esm/src/msal/browserFlows/msalAuthCode.js +12 -4
  96. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  97. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +41 -0
  98. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -0
  99. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +49 -29
  100. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  101. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +1 -1
  102. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js +56 -0
  103. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -0
  104. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +2 -2
  105. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  106. package/dist-esm/src/msal/nodeFlows/nodeCommon.js +32 -13
  107. package/dist-esm/src/msal/nodeFlows/nodeCommon.js.map +1 -1
  108. package/dist-esm/src/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -1
  109. package/dist-esm/src/msal/utils.js +15 -8
  110. package/dist-esm/src/msal/utils.js.map +1 -1
  111. package/dist-esm/src/plugins/consumer.browser.js +7 -0
  112. package/dist-esm/src/plugins/consumer.browser.js.map +1 -0
  113. package/dist-esm/src/{extensions → plugins}/consumer.js +12 -12
  114. package/dist-esm/src/plugins/consumer.js.map +1 -0
  115. package/dist-esm/src/{extensions → plugins}/provider.js +0 -0
  116. package/dist-esm/src/plugins/provider.js.map +1 -0
  117. package/dist-esm/src/util/tracing.js +2 -2
  118. package/dist-esm/src/util/tracing.js.map +1 -1
  119. package/dist-esm/src/util/validateMultiTenant.browser.js +22 -0
  120. package/dist-esm/src/util/validateMultiTenant.browser.js.map +1 -0
  121. package/dist-esm/src/util/validateMultiTenant.js +17 -12
  122. package/dist-esm/src/util/validateMultiTenant.js.map +1 -1
  123. package/package.json +38 -21
  124. package/types/identity.d.ts +250 -225
  125. package/dist-esm/src/client/errors.js.map +0 -1
  126. package/dist-esm/src/credentials/visualStudioCodeCredentialExtension.js.map +0 -1
  127. package/dist-esm/src/extensions/consumer.browser.js +0 -7
  128. package/dist-esm/src/extensions/consumer.browser.js.map +0 -1
  129. package/dist-esm/src/extensions/consumer.js.map +0 -1
  130. package/dist-esm/src/extensions/provider.js.map +0 -1
  131. package/dist-esm/src/msal/errors.js +0 -22
  132. package/dist-esm/src/msal/errors.js.map +0 -1
package/dist-esm/src/client/identityClient.js CHANGED
@@ -1,10 +1,11 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import qs from "qs";
4
- import { ServiceClient, WebResource, createPipelineFromOptions, isNode } from "@azure/core-http";
3
+ import { ServiceClient } from "@azure/core-client";
5
4
  import { SpanStatusCode } from "@azure/core-tracing";
5
+ import { isNode } from "@azure/core-util";
6
+ import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
6
7
  import { AbortController } from "@azure/abort-controller";
7
- import { AuthenticationError, AuthenticationErrorName } from "./errors";
8
+ import { AuthenticationError, AuthenticationErrorName } from "../errors";
8
9
  import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
9
10
  import { DefaultAuthorityHost } from "../constants";
10
11
  import { createSpan } from "../util/tracing";
@@ -16,7 +17,7 @@ const noCorrelationId = "noCorrelationId";
16
17
  export function getIdentityClientAuthorityHost(options) {
17
18
  // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
18
19
  let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
19
- // The AZURE_AUTHORITY_HOST environment variable can only be provided in NodeJS.
20
+ // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
20
21
  if (isNode) {
21
22
  authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
22
23
  }
@@ -32,49 +33,51 @@ export function getIdentityClientAuthorityHost(options) {
32
33
  */
33
34
  export class IdentityClient extends ServiceClient {
34
35
  constructor(options) {
35
- super(undefined, createPipelineFromOptions(Object.assign(Object.assign({}, options), { deserializationOptions: {
36
- expectedContentTypes: {
37
- json: ["application/json", "text/json", "text/plain"]
38
- }
39
- } })));
40
- this.baseUri = this.authorityHost = getIdentityClientAuthorityHost(options);
41
- if (!this.baseUri.startsWith("https:")) {
36
+ var _a;
37
+ const packageDetails = `azsdk-js-identity/2.0.1`;
38
+ const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
39
+ ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
40
+ : `${packageDetails}`;
41
+ const baseUri = getIdentityClientAuthorityHost(options);
42
+ if (!baseUri.startsWith("https:")) {
42
43
  throw new Error("The authorityHost address must use the 'https' protocol.");
43
44
  }
45
+ super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8" }, options), { userAgentOptions: {
46
+ userAgentPrefix
47
+ }, baseUri }));
48
+ this.authorityHost = baseUri;
44
49
  this.abortControllers = new Map();
45
50
  }
46
- createWebResource(requestOptions) {
47
- const webResource = new WebResource();
48
- webResource.prepare(requestOptions);
49
- return webResource;
50
- }
51
- async sendTokenRequest(webResource, expiresOnParser) {
52
- logger.info(`IdentityClient: sending token request to [${webResource.url}]`);
53
- const response = await this.sendRequest(webResource);
51
+ async sendTokenRequest(request, expiresOnParser) {
52
+ logger.info(`IdentityClient: sending token request to [${request.url}]`);
53
+ const response = await this.sendRequest(request);
54
54
  expiresOnParser =
55
55
  expiresOnParser ||
56
56
  ((responseBody) => {
57
57
  return Date.now() + responseBody.expires_in * 1000;
58
58
  });
59
- if (response.status === 200 || response.status === 201) {
59
+ if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
60
+ const parsedBody = JSON.parse(response.bodyAsText);
61
+ if (!parsedBody.access_token) {
62
+ return null;
63
+ }
60
64
  const token = {
61
65
  accessToken: {
62
- token: response.parsedBody.access_token,
63
- expiresOnTimestamp: expiresOnParser(response.parsedBody)
66
+ token: parsedBody.access_token,
67
+ expiresOnTimestamp: expiresOnParser(parsedBody)
64
68
  },
65
- refreshToken: response.parsedBody.refresh_token
69
+ refreshToken: parsedBody.refresh_token
66
70
  };
67
- logger.info(`IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
71
+ logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
68
72
  return token;
69
73
  }
70
74
  else {
71
- const error = new AuthenticationError(response.status, response.parsedBody || response.bodyAsText);
75
+ const error = new AuthenticationError(response.status, response.bodyAsText);
72
76
  logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
73
77
  throw error;
74
78
  }
75
79
  }
76
80
  async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, expiresOnParser, options) {
77
- var _a, _b;
78
81
  if (refreshToken === undefined) {
79
82
  return null;
80
83
  }
@@ -89,23 +92,21 @@ export class IdentityClient extends ServiceClient {
89
92
  if (clientSecret !== undefined) {
90
93
  refreshParams.client_secret = clientSecret;
91
94
  }
95
+ const query = new URLSearchParams(refreshParams);
92
96
  try {
93
97
  const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
94
- const webResource = this.createWebResource({
98
+ const request = createPipelineRequest({
95
99
  url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
96
100
  method: "POST",
97
- disableJsonStringifyOnBody: true,
98
- deserializationMapper: undefined,
99
- body: qs.stringify(refreshParams),
100
- headers: {
101
+ body: query.toString(),
102
+ abortSignal: options && options.abortSignal,
103
+ headers: createHttpHeaders({
101
104
  Accept: "application/json",
102
105
  "Content-Type": "application/x-www-form-urlencoded"
103
- },
104
- spanOptions: (_a = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _a === void 0 ? void 0 : _a.spanOptions,
105
- tracingContext: (_b = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _b === void 0 ? void 0 : _b.tracingContext,
106
- abortSignal: options && options.abortSignal
106
+ }),
107
+ tracingOptions: updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions
107
108
  });
108
- const response = await this.sendTokenRequest(webResource, expiresOnParser);
109
+ const response = await this.sendTokenRequest(request, expiresOnParser);
109
110
  logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
110
111
  return response;
111
112
  }
@@ -139,13 +140,19 @@ export class IdentityClient extends ServiceClient {
139
140
  // since MSAL doesn't allow us to pass options all the way through.
140
141
  generateAbortSignal(correlationId) {
141
142
  const controller = new AbortController();
142
- const key = correlationId || noCorrelationId;
143
- const controllers = this.abortControllers.get(key) || [];
143
+ const controllers = this.abortControllers.get(correlationId) || [];
144
144
  controllers.push(controller);
145
- this.abortControllers.set(key, controllers);
145
+ this.abortControllers.set(correlationId, controllers);
146
+ const existingOnAbort = controller.signal.onabort;
147
+ controller.signal.onabort = (...params) => {
148
+ this.abortControllers.set(correlationId, undefined);
149
+ if (existingOnAbort) {
150
+ existingOnAbort(...params);
151
+ }
152
+ };
146
153
  return controller.signal;
147
154
  }
148
- abortRequests(correlationId = noCorrelationId) {
155
+ abortRequests(correlationId) {
149
156
  const key = correlationId || noCorrelationId;
150
157
  const controllers = [
151
158
  ...(this.abortControllers.get(key) || []),
@@ -159,37 +166,43 @@ export class IdentityClient extends ServiceClient {
159
166
  controller.abort();
160
167
  }
161
168
  this.abortControllers.set(key, undefined);
162
- this.abortControllers.set(noCorrelationId, undefined);
163
169
  }
164
170
  getCorrelationId(options) {
165
171
  var _a;
166
172
  const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
167
- return parameter && parameter.length ? parameter[1] : noCorrelationId;
173
+ return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
168
174
  }
169
175
  // The MSAL network module methods follow
170
- sendGetRequestAsync(url, options) {
171
- const webResource = new WebResource(url, "GET", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers, false, false,
172
- // MSAL doesn't send the correlation ID on the get requests.
173
- this.generateAbortSignal());
174
- return this.sendRequest(webResource).then((response) => {
175
- return {
176
- body: response.parsedBody,
177
- headers: response.headers.rawHeaders(),
178
- status: response.status
179
- };
176
+ async sendGetRequestAsync(url, options) {
177
+ const request = createPipelineRequest({
178
+ url,
179
+ method: "GET",
180
+ body: options === null || options === void 0 ? void 0 : options.body,
181
+ headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
182
+ abortSignal: this.generateAbortSignal(noCorrelationId)
180
183
  });
184
+ const response = await this.sendRequest(request);
185
+ return {
186
+ body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
187
+ headers: response.headers.toJSON(),
188
+ status: response.status
189
+ };
181
190
  }
182
- sendPostRequestAsync(url, options) {
183
- const webResource = new WebResource(url, "POST", options === null || options === void 0 ? void 0 : options.body, {}, options === null || options === void 0 ? void 0 : options.headers, false, false,
184
- // MSAL doesn't send the correlation ID on the get requests.
185
- this.generateAbortSignal(this.getCorrelationId(options)));
186
- return this.sendRequest(webResource).then((response) => {
187
- return {
188
- body: response.parsedBody,
189
- headers: response.headers.rawHeaders(),
190
- status: response.status
191
- };
191
+ async sendPostRequestAsync(url, options) {
192
+ const request = createPipelineRequest({
193
+ url,
194
+ method: "POST",
195
+ body: options === null || options === void 0 ? void 0 : options.body,
196
+ headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
197
+ // MSAL doesn't send the correlation ID on the get requests.
198
+ abortSignal: this.generateAbortSignal(this.getCorrelationId(options))
192
199
  });
200
+ const response = await this.sendRequest(request);
201
+ return {
202
+ body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
203
+ headers: response.headers.toJSON(),
204
+ status: response.status
205
+ };
193
206
  }
194
207
  }
195
208
  //# sourceMappingURL=identityClient.js.map
package/dist-esm/src/client/identityClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAEL,aAAa,EAEb,WAAW,EAGX,yBAAyB,EACzB,MAAM,EACP,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAkB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,gFAAgF;IAChF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAI/C,YAAY,OAAgC;QAC1C,KAAK,CACH,SAAS,EACT,yBAAyB,iCACpB,OAAO,KACV,sBAAsB,EAAE;gBACtB,oBAAoB,EAAE;oBACpB,IAAI,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC;iBACtD;aACF,IACD,CACH,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QAE5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;QAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAErD,eAAe;YACb,eAAe;gBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;oBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;gBACrD,CAAC,CAAC,CAAC;QAEL,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YACtD,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;oBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;iBACzD;gBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;aAChD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,WAAW,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAC1G,CAAC;YACF,OAAO,KAAK,CAAC;SACd;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CACnC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAC3C,CAAC;YACF,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;QAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,OAAO,IAAI,CAAC;SACb;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;QAE1F,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;YAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;SACrD;QAED,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;YAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;gBACrD,MAAM,EAAE,MAAM;gBACd,0BAA0B,EAAE,IAAI;gBAChC,qBAAqB,EAAE,SAAS;gBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;gBACjC,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,WAAW,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,WAAW;gBACxD,cAAc,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,cAAc;gBAC9D,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;aAC5C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;YAC1E,OAAO,QAAQ,CAAC;SACjB;QAAC,OAAO,GAAG,EAAE;YACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;gBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;gBACA,qDAAqD;gBACrD,yDAAyD;gBACzD,0CAA0C;gBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;gBAC/E,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC;aACb;iBAAM;gBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;gBACF,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;SACF;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAsB;QACxC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAE7C,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACzD,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAE5C,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,gBAAwB,eAAe;QACnD,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;IACxE,CAAC;IAED,yCAAyC;IAEzC,mBAAmB,CACjB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CACjC,GAAG,EACH,KAAK,EACL,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,EAAE,EACF,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAChB,KAAK,EACL,KAAK;QACL,4DAA4D;QAC5D,IAAI,CAAC,mBAAmB,EAAE,CAC3B,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAClB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CACjC,GAAG,EACH,MAAM,EACN,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,EAAE,EACF,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAChB,KAAK,EACL,KAAK;QACL,4DAA4D;QAC5D,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CACzD,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n AccessToken,\n ServiceClient,\n PipelineOptions,\n WebResource,\n RequestPrepareOptions,\n GetTokenOptions,\n createPipelineFromOptions,\n isNode\n} from \"@azure/core-http\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-common\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in NodeJS.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private abortControllers: Map<string, AbortController[] | undefined>;\n\n constructor(options?: TokenCredentialOptions) {\n super(\n undefined,\n createPipelineFromOptions({\n ...options,\n deserializationOptions: {\n expectedContentTypes: {\n json: [\"application/json\", \"text/json\", \"text/plain\"]\n }\n }\n })\n );\n\n this.baseUri = this.authorityHost = getIdentityClientAuthorityHost(options);\n\n if (!this.baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n this.abortControllers = new Map();\n }\n\n createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n const webResource = new WebResource();\n webResource.prepare(requestOptions);\n return webResource;\n }\n\n async sendTokenRequest(\n webResource: WebResource,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse | null> {\n logger.info(`IdentityClient: sending token request to [${webResource.url}]`);\n const response = await this.sendRequest(webResource);\n\n expiresOnParser =\n expiresOnParser ||\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.status === 200 || response.status === 201) {\n const token = {\n accessToken: {\n token: response.parsedBody.access_token,\n expiresOnTimestamp: expiresOnParser(response.parsedBody)\n },\n refreshToken: response.parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(\n response.status,\n response.parsedBody || response.bodyAsText\n );\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse | null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = this.createWebResource({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify(refreshParams),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n spanOptions: updatedOptions?.tracingOptions?.spanOptions,\n tracingContext: updatedOptions?.tracingOptions?.tracingContext,\n abortSignal: options && options.abortSignal\n });\n\n const response = await this.sendTokenRequest(webResource, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId?: string): AbortSignalLike {\n const controller = new AbortController();\n const key = correlationId || noCorrelationId;\n\n const controllers = this.abortControllers.get(key) || [];\n controllers.push(controller);\n this.abortControllers.set(key, controllers);\n\n return controller.signal;\n }\n\n abortRequests(correlationId: string = noCorrelationId): void {\n const key = correlationId || noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) || []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) || [])\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n this.abortControllers.set(noCorrelationId, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string | undefined {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(\n url,\n \"GET\",\n options?.body,\n {},\n options?.headers,\n false,\n false,\n // MSAL doesn't send the correlation ID on the get requests.\n this.generateAbortSignal()\n );\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n\n sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(\n url,\n \"POST\",\n options?.body,\n {},\n options?.headers,\n false,\n false,\n // MSAL doesn't send the correlation ID on the get requests.\n this.generateAbortSignal(this.getCorrelationId(options))\n );\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends PipelineOptions {\n /**\n * The authority host to use for authentication requests.\n * The default is \"https://login.microsoftonline.com\".\n */\n authorityHost?: string;\n\n /**\n * If set to true, allows authentication flows to change the tenantId of the request if a different tenantId is received from a challenge or through a direct getToken call.\n */\n allowMultiTenantAuthentication?: boolean;\n}\n"]}
1
+ {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAuB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAkB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAI/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,yBAAyB,CAAC;QACjD,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,IAClD,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,OAAwB,EACxB,eAA+C;QAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,eAAe;YACb,eAAe;gBACf,CAAC,CAAC,YAAiB,EAAE,EAAE;oBACrB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;gBACrD,CAAC,CAAC,CAAC;QAEL,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;YAC/E,MAAM,UAAU,GAIZ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;gBAC5B,OAAO,IAAI,CAAC;aACb;YAED,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,eAAe,CAAC,UAAU,CAAC;iBAChD;gBACD,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;SACd;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;QAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,OAAO,IAAI,CAAC;SACb;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;QAE1F,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;YAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;SACrD;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;YAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;gBACrD,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACtB,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,cAAc,EAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc;aAC/C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;YACvE,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;YAC1E,OAAO,QAAQ,CAAC;SACjB;QAAC,OAAO,GAAG,EAAE;YACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;gBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;gBACA,qDAAqD;gBACrD,yDAAyD;gBACzD,0CAA0C;gBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;gBAC/E,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC;aACb;iBAAM;gBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;gBACF,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,cAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;SACF;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE;gBACnB,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;aAC5B;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-common\";\nimport { CommonClientOptions, ServiceClient } from \"@azure/core-client\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { isNode } from \"@azure/core-util\";\nimport {\n createHttpHeaders,\n createPipelineRequest,\n PipelineRequest\n} from \"@azure/core-rest-pipeline\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n /**\n * The AccessToken to be returned from getToken.\n */\n accessToken: AccessToken;\n\n /**\n * The refresh token if the 'offline_access' scope was used.\n */\n refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private abortControllers: Map<string, AbortController[] | undefined>;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/2.0.1`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n ...options,\n userAgentOptions: {\n userAgentPrefix\n },\n baseUri\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n }\n\n async sendTokenRequest(\n request: PipelineRequest,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse | null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n\n expiresOnParser =\n expiresOnParser ||\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n const parsedBody: {\n token?: string;\n access_token?: string;\n refresh_token?: string;\n } = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: expiresOnParser(parsedBody)\n },\n refreshToken: parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string | undefined,\n clientSecret: string | undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse | null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options && options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n tracingOptions: updatedOptions?.tracingOptions\n });\n\n const response = await this.sendTokenRequest(request, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) || [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort(...params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId || noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) || []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) || [])\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId)\n });\n\n const response = await this.sendRequest(request);\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options))\n });\n\n const response = await this.sendRequest(request);\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n}\n\n/**\n * Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n */\nexport interface TokenCredentialOptions extends CommonClientOptions {\n /**\n * The authority host to use for authentication requests.\n * Possible values are available through {@link AzureAuthorityHosts}.\n * The default is \"https://login.microsoftonline.com\".\n */\n authorityHost?: string;\n}\n"]}
package/dist-esm/src/credentials/authorizationCodeCredential.browser.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
3
  import { credentialLogger, formatError } from "../util/logging";
4
- const BrowserNotSupportedError = new Error("AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.");
4
+ const BrowserNotSupportedError = new Error("AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.");
5
5
  const logger = credentialLogger("AuthorizationCodeCredential");
6
6
  export class AuthorizationCodeCredential {
7
7
  constructor() {
package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,mIAAmI,CACpI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAgBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kIAAkI,CACnI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAmBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/authorizationCodeCredential.js CHANGED
@@ -1,14 +1,9 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import qs from "qs";
4
- import { createSpan } from "../util/tracing";
5
- import { CredentialUnavailableError } from "../client/errors";
6
- import { IdentityClient } from "../client/identityClient";
7
- import { SpanStatusCode } from "@azure/core-tracing";
8
- import { credentialLogger, formatSuccess, formatError } from "../util/logging";
9
- import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint";
3
+ import { credentialLogger } from "../util/logging";
10
4
  import { checkTenantId } from "../util/checkTenantId";
11
- import { processMultiTenantRequest } from "../util/validateMultiTenant";
5
+ import { MsalAuthorizationCode } from "../msal/nodeFlows/msalAuthorizationCode";
6
+ import { trace } from "../util/tracing";
12
7
  const logger = credentialLogger("AuthorizationCodeCredential");
13
8
  /**
14
9
  * Enables authentication to Azure Active Directory using an authorization code
@@ -23,26 +18,23 @@ export class AuthorizationCodeCredential {
23
18
  * @internal
24
19
  */
25
20
  constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
26
- this.lastTokenResponse = null;
27
21
  checkTenantId(logger, tenantId);
28
- this.clientId = clientId;
29
- this.tenantId = tenantId;
22
+ let clientSecret = clientSecretOrAuthorizationCode;
30
23
  if (typeof redirectUriOrOptions === "string") {
31
24
  // the clientId+clientSecret constructor
32
- this.clientSecret = clientSecretOrAuthorizationCode;
33
25
  this.authorizationCode = authorizationCodeOrRedirectUri;
34
26
  this.redirectUri = redirectUriOrOptions;
35
27
  // options okay
36
28
  }
37
29
  else {
38
30
  // clientId only
39
- this.clientSecret = undefined;
40
31
  this.authorizationCode = clientSecretOrAuthorizationCode;
41
32
  this.redirectUri = authorizationCodeOrRedirectUri;
33
+ clientSecret = undefined;
42
34
  options = redirectUriOrOptions;
43
35
  }
44
- this.allowMultiTenantAuthentication = options === null || options === void 0 ? void 0 : options.allowMultiTenantAuthentication;
45
- this.identityClient = new IdentityClient(options);
36
+ this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
37
+ clientId, tokenCredentialOptions: options || {}, logger, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
46
38
  }
47
39
  /**
48
40
  * Authenticates with Azure Active Directory and returns an access token if successful.
@@ -52,65 +44,11 @@ export class AuthorizationCodeCredential {
52
44
  * @param options - The options used to configure any requests this
53
45
  * TokenCredential implementation might make.
54
46
  */
55
- async getToken(scopes, options) {
56
- var _a, _b;
57
- const tenantId = processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||
58
- this.tenantId;
59
- const { span, updatedOptions } = createSpan("AuthorizationCodeCredential-getToken", options);
60
- try {
61
- let tokenResponse = null;
62
- let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
63
- if (scopeString.indexOf("offline_access") < 0) {
64
- scopeString += " offline_access";
65
- }
66
- // Try to use the refresh token first
67
- if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {
68
- tokenResponse = await this.identityClient.refreshAccessToken(tenantId, this.clientId, scopeString, this.lastTokenResponse.refreshToken, this.clientSecret, undefined, updatedOptions);
69
- }
70
- if (tokenResponse === null) {
71
- const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
72
- const webResource = this.identityClient.createWebResource({
73
- url: `${this.identityClient.authorityHost}/${tenantId}/${urlSuffix}`,
74
- method: "POST",
75
- disableJsonStringifyOnBody: true,
76
- deserializationMapper: undefined,
77
- body: qs.stringify({
78
- client_id: this.clientId,
79
- grant_type: "authorization_code",
80
- scope: scopeString,
81
- code: this.authorizationCode,
82
- redirect_uri: this.redirectUri,
83
- client_secret: this.clientSecret
84
- }),
85
- headers: {
86
- Accept: "application/json",
87
- "Content-Type": "application/x-www-form-urlencoded"
88
- },
89
- abortSignal: options && options.abortSignal,
90
- spanOptions: (_a = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _a === void 0 ? void 0 : _a.spanOptions,
91
- tracingContext: (_b = updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions) === null || _b === void 0 ? void 0 : _b.tracingContext
92
- });
93
- tokenResponse = await this.identityClient.sendTokenRequest(webResource);
94
- }
95
- this.lastTokenResponse = tokenResponse;
96
- logger.getToken.info(formatSuccess(scopes));
97
- const token = tokenResponse && tokenResponse.accessToken;
98
- if (!token) {
99
- throw new CredentialUnavailableError("Failed to retrieve a valid token");
100
- }
101
- return token;
102
- }
103
- catch (err) {
104
- span.setStatus({
105
- code: SpanStatusCode.ERROR,
106
- message: err.message
107
- });
108
- logger.getToken.info(formatError(scopes, err));
109
- throw err;
110
- }
111
- finally {
112
- span.end();
113
- }
47
+ async getToken(scopes, options = {}) {
48
+ return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {
49
+ const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
50
+ return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
51
+ });
114
52
  }
115
53
  }
116
54
  //# sourceMappingURL=authorizationCodeCredential.js.map
package/dist-esm/src/credentials/authorizationCodeCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAIpB,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAyC,MAAM,0BAA0B,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAoEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAvE1B,sBAAiB,GAAyB,IAAI,CAAC;QAyErD,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;YACpD,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,eAAe;SAChB;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;QAC9E,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,8BAA8B,EAAE,OAAO,CAAC;YACtF,IAAI,CAAC,QAAQ,CAAC;QAEhB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,sCAAsC,EAAE,OAAO,CAAC,CAAC;QAC7F,IAAI;YACF,IAAI,aAAa,GAAyB,IAAI,CAAC;YAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;gBAC7C,WAAW,IAAI,iBAAiB,CAAC;aAClC;YAED,qCAAqC;YACrC,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;gBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,QAAQ,EACR,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,IAAI,CAAC,YAAY,EACjB,SAAS,EACT,cAAc,CACf,CAAC;aACH;YAED,IAAI,aAAa,KAAK,IAAI,EAAE;gBAC1B,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACpE,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,UAAU,EAAE,oBAAoB;wBAChC,KAAK,EAAE,WAAW;wBAClB,IAAI,EAAE,IAAI,CAAC,iBAAiB;wBAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;wBAC9B,aAAa,EAAE,IAAI,CAAC,YAAY;qBACjC,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,WAAW;oBACxD,cAAc,EAAE,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,cAAc;iBAC/D,CAAC,CAAC;gBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;aACzE;YAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;YACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC;YAEzD,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;aAC1E;YACD,OAAO,KAAK,CAAC;SACd;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\n\nimport { createSpan } from \"../util/tracing\";\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { IdentityClient, TokenResponse, TokenCredentialOptions } from \"../client/identityClient\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string | undefined;\n private authorizationCode: string;\n private redirectUri: string;\n private lastTokenResponse: TokenResponse | null = null;\n private allowMultiTenantAuthentication?: boolean;\n\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | TokenCredentialOptions | undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.clientId = clientId;\n this.tenantId = tenantId;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.clientSecret = clientSecretOrAuthorizationCode;\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.clientSecret = undefined;\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.allowMultiTenantAuthentication = options?.allowMultiTenantAuthentication;\n this.identityClient = new IdentityClient(options);\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||\n this.tenantId;\n\n const { span, updatedOptions } = createSpan(\"AuthorizationCodeCredential-getToken\", options);\n try {\n let tokenResponse: TokenResponse | null = null;\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // Try to use the refresh token first\n if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n tokenResponse = await this.identityClient.refreshAccessToken(\n tenantId,\n this.clientId,\n scopeString,\n this.lastTokenResponse.refreshToken,\n this.clientSecret,\n undefined,\n updatedOptions\n );\n }\n\n if (tokenResponse === null) {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n client_id: this.clientId,\n grant_type: \"authorization_code\",\n scope: scopeString,\n code: this.authorizationCode,\n redirect_uri: this.redirectUri,\n client_secret: this.clientSecret\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: updatedOptions?.tracingOptions?.spanOptions,\n tracingContext: updatedOptions?.tracingOptions?.tracingContext\n });\n\n tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n }\n\n this.lastTokenResponse = tokenResponse;\n logger.getToken.info(formatSuccess(scopes));\n const token = tokenResponse && tokenResponse.accessToken;\n\n if (!token) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return token;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n"]}
1
+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAExC,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAgEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,YAAY,GAAuB,+BAA+B,CAAC;QAEvE,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,eAAe;SAChB;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,YAAY,GAAG,SAAS,CAAC;YACzB,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,YAAY;YACZ,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,EACrC,MAAM,EACN,WAAW,EAAE,IAAI,CAAC,WAAW,EAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,IACzC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { MsalAuthorizationCode } from \"../msal/nodeFlows/msalAuthorizationCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { trace } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | TokenCredentialOptions | undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n let clientSecret: string | undefined = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n clientSecret = undefined;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.msalFlow = new MsalAuthorizationCode({\n ...options,\n clientSecret,\n clientId,\n tokenCredentialOptions: options || {},\n logger,\n redirectUri: this.redirectUri,\n authorizationCode: this.authorizationCode\n });\n }\n\n /**\n * Authenticates with Azure Active Directory and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication\n });\n });\n }\n}\n"]}
package/dist-esm/src/credentials/azureApplicationCredential.browser.js ADDED
@@ -0,0 +1,34 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ import { credentialLogger, formatError } from "../util/logging";
4
+ import { ChainedTokenCredential } from "./chainedTokenCredential";
5
+ const BrowserNotSupportedError = new Error("ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.");
6
+ const logger = credentialLogger("ApplicationCredential");
7
+ /**
8
+ * Provides a default {@link ChainedTokenCredential} configuration for
9
+ * applications that will be deployed to Azure.
10
+ *
11
+ * Only available in Node.js
12
+ */
13
+ export class AzureApplicationCredential extends ChainedTokenCredential {
14
+ /**
15
+ * Creates an instance of the AzureApplicationCredential class.
16
+ *
17
+ * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration for
18
+ * applications that will be deployed to Azure.
19
+ *
20
+ * Only available in Node.js
21
+ *
22
+ * @param options - Options for configuring the client which makes the authentication request.
23
+ */
24
+ constructor(_tokenCredentialOptions) {
25
+ super();
26
+ logger.info(formatError("", BrowserNotSupportedError));
27
+ throw BrowserNotSupportedError;
28
+ }
29
+ getToken() {
30
+ logger.getToken.info(formatError("", BrowserNotSupportedError));
31
+ throw BrowserNotSupportedError;
32
+ }
33
+ }
34
+ //# sourceMappingURL=azureApplicationCredential.browser.js.map
package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"azureApplicationCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kGAAkG,CACnG,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,OAAO,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;OASG;IACH,YAAY,uBAAgD;QAC1D,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\n\nconst BrowserNotSupportedError = new Error(\n \"ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.\"\n);\nconst logger = credentialLogger(\"ApplicationCredential\");\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n *\n * Only available in Node.js\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n *\n * Only available in Node.js\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(_tokenCredentialOptions?: TokenCredentialOptions) {\n super();\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
package/dist-esm/src/credentials/azureApplicationCredential.js ADDED
@@ -0,0 +1,36 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ import { ChainedTokenCredential } from "./chainedTokenCredential";
4
+ import { EnvironmentCredential } from "./environmentCredential";
5
+ import { DefaultManagedIdentityCredential } from "./defaultAzureCredential";
6
+ export const AzureApplicationCredentials = [
7
+ EnvironmentCredential,
8
+ DefaultManagedIdentityCredential
9
+ ];
10
+ /**
11
+ * Provides a default {@link ChainedTokenCredential} configuration that should
12
+ * work for most applications that use the Azure SDK.
13
+ */
14
+ export class AzureApplicationCredential extends ChainedTokenCredential {
15
+ /**
16
+ * Creates an instance of the AzureApplicationCredential class.
17
+ *
18
+ * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
19
+ * work for most applications that use the Azure SDK. The following credential
20
+ * types will be tried, in order:
21
+ *
22
+ * - {@link EnvironmentCredential}
23
+ * - {@link ManagedIdentityCredential}
24
+ *
25
+ * Consult the documentation of these credential types for more information
26
+ * on how they attempt authentication.
27
+ *
28
+ * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
29
+ */
30
+ constructor(options) {
31
+ super(...AzureApplicationCredentials.map((ctor) => new ctor(options)));
32
+ this.UnavailableMessage =
33
+ "ApplicationCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/applicationcredential/troubleshoot.";
34
+ }
35
+ }
36
+ //# sourceMappingURL=azureApplicationCredential.js.map
package/dist-esm/src/credentials/azureApplicationCredential.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"azureApplicationCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,EAAE,gCAAgC,EAAE,MAAM,0BAA0B,CAAC;AAuB5E,MAAM,CAAC,MAAM,2BAA2B,GAA4C;IAClF,qBAAqB;IACrB,gCAAgC;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;;OAcG;IACH,YAAY,OAA2C;QACrD,KAAK,CAAC,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,kBAAkB;YACrB,gLAAgL,CAAC;IACrL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\nimport { DefaultManagedIdentityCredential } from \"./defaultAzureCredential\";\n\n/**\n * Provides options to configure the {@link AzureApplicationCredential} class.\n */\nexport interface AzureApplicationCredentialOptions\n extends TokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n\n/**\n * The type of a class that implements TokenCredential and accepts\n * `ApplicationCredentialOptions`.\n */\ninterface AzureApplicationCredentialConstructor {\n new (options?: AzureApplicationCredentialOptions): TokenCredential;\n}\n\nexport const AzureApplicationCredentials: AzureApplicationCredentialConstructor[] = [\n EnvironmentCredential,\n DefaultManagedIdentityCredential\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK. The following credential\n * types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.\n */\n constructor(options?: AzureApplicationCredentialOptions) {\n super(...AzureApplicationCredentials.map((ctor) => new ctor(options)));\n this.UnavailableMessage =\n \"ApplicationCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/applicationcredential/troubleshoot.\";\n }\n}\n"]}
package/dist-esm/src/credentials/azureCliCredential.browser.js CHANGED
@@ -3,7 +3,14 @@
3
3
  import { credentialLogger, formatError } from "../util/logging";
4
4
  const BrowserNotSupportedError = new Error("AzureCliCredential is not supported in the browser.");
5
5
  const logger = credentialLogger("AzureCliCredential");
6
+ /**
7
+ * This credential will use the currently logged-in user login information
8
+ * via the Azure CLI ('az') commandline tool.
9
+ */
6
10
  export class AzureCliCredential {
11
+ /**
12
+ * Only available in Node.js
13
+ */
7
14
  constructor() {
8
15
  logger.info(formatError("", BrowserNotSupportedError));
9
16
  throw BrowserNotSupportedError;
package/dist-esm/src/credentials/azureCliCredential.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"azureCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD,MAAM,OAAO,kBAAkB;IAC7B;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"AzureCliCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"AzureCliCredential\");\n\nexport class AzureCliCredential implements TokenCredential {\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1
+ {"version":3,"file":"azureCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\"AzureCliCredential is not supported in the browser.\");\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/**\n * This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n */\nexport class AzureCliCredential implements TokenCredential {\n /**\n * Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken | null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}