@azure/identity 2.0.0-beta.5 → 2.0.1

package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,iBAAiB,EAA0B,MAAM,2BAA2B,CAAC;AAEtF,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,aAAa,GAAG,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;AAE7C,SAAS,eAAe,CAAC,WAAgB;IACvC,gFAAgF;IAChF,OAAO,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,eAAuB,EACvB,QAAiB;;IAEjB,MAAM,UAAU,GAAQ;QACtB,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM;QACxD,gBAAgB,EAAE,eAAe;QACjC,qBAAqB,EAAE,wDAAwD;QAC/E,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,oBAAoB;KACjC,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,oBAAoB,EAClD,MAAA,OAAO,CAAC,GAAG,CAAC,oBAAoB,mCAAI,oBAAoB,CACzD,CAAC;IAEF,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;QACnB,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC1B,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;SAC3B,CAAC;KACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,2BAA2B,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC3E,IAAI,8BAA8B,GAAuB,SAAS,CAAC;IACnE,IAAI,SAAS,GAAuB,SAAS,CAAC;IAE9C,0DAA0D;IAC1D,KAAK,UAAU,aAAa;QAC1B,2CAA2C;QAC3C,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YACtE,8BAA8B,GAAG,SAAS,CAAC;SAC5C;QACD,IAAI,CAAC,8BAA8B,EAAE;YACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,2BAA4B,EAAE,MAAM,CAAC,CAAC;YACvE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,KAAK,CACb,0BAA0B,2BAA2B,oEAAoE,CAC1H,CAAC;aACH;iBAAM;gBACL,8BAA8B,GAAG,KAAK,CAAC;gBACvC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aACxB;SACF;QACD,OAAO,8BAA8B,CAAC;IACxC,CAAC;IAED,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,EAAE,QAAQ;YAClD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,eAAe,IAAI,2BAA2B,CACxF,CAAC;YACF,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;aACH;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;YAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;YAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,iEAAiE,CAAC,CAAC;YAEzF,IAAI,SAAiB,CAAC;YAEtB,IAAI;gBACF,SAAS,GAAG,MAAM,aAAa,EAAE,CAAC;aACnC;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,oBAAoB,2BAA2B,oEAAoE,CAC9H,CAAC;aACH;YAED,OAAO,kBAAkB,CACvB,cAAc,EACd,qBAAqB,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EACjF,eAAe,EACf,eAAe,CAChB,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport fs from \"fs\";\nimport { createHttpHeaders, PipelineRequestOptions } from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { promisify } from \"util\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\nimport { DefaultAuthorityHost } from \"../../constants\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\nconst readFileAsync = promisify(fs.readFile);\n\nfunction expiresInParser(requestBody: any): number {\n  // Parses a string representation of the seconds since epoch into a number value\n  return Number(requestBody.expires_on);\n}\n\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientAssertion: string,\n  clientId?: string\n): PipelineRequestOptions {\n  const bodyParams: any = {\n    scope: Array.isArray(scopes) ? scopes.join(\" \") : scopes,\n    client_assertion: clientAssertion,\n    client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n    client_id: clientId,\n    grant_type: \"client_credentials\"\n  };\n\n  const urlParams = new URLSearchParams(bodyParams);\n  const url = new URL(\n    `${process.env.AZURE_TENANT_ID}/oauth2/v2.0/token`,\n    process.env.AZURE_AUTHORITY_HOST ?? DefaultAuthorityHost\n  );\n\n  return {\n    url: url.toString(),\n    method: \"POST\",\n    body: urlParams.toString(),\n    headers: createHttpHeaders({\n      Accept: \"application/json\"\n    })\n  };\n}\n\nexport function tokenExchangeMsi(): MSI {\n  const azureFederatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;\n  let azureFederatedTokenFileContent: string | undefined = undefined;\n  let cacheDate: number | undefined = undefined;\n\n  // Only reads from the assertion file once every 5 minutes\n  async function readAssertion(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (cacheDate !== undefined && Date.now() - cacheDate >= 1000 * 60 * 5) {\n      azureFederatedTokenFileContent = undefined;\n    }\n    if (!azureFederatedTokenFileContent) {\n      const file = await readFileAsync(azureFederatedTokenFilePath!, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new Error(\n          `No content on the file ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`\n        );\n      } else {\n        azureFederatedTokenFileContent = value;\n        cacheDate = Date.now();\n      }\n    }\n    return azureFederatedTokenFileContent;\n  }\n\n  return {\n    async isAvailable(_scopes, _identityClient, clientId): Promise<boolean> {\n      const env = process.env;\n      const result = Boolean(\n        (clientId || env.AZURE_CLIENT_ID) && env.AZURE_TENANT_ID && azureFederatedTokenFilePath\n      );\n      if (!result) {\n        logger.info(\n          `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`\n        );\n      }\n      return result;\n    },\n    async getToken(\n      configuration: MSIConfiguration,\n      getTokenOptions: GetTokenOptions = {}\n    ): Promise<AccessToken | null> {\n      const { identityClient, scopes, clientId } = configuration;\n      logger.info(`${msiName}: Using the client assertion coming from environment variables.`);\n\n      let assertion: string;\n\n      try {\n        assertion = await readAssertion();\n      } catch (err) {\n        throw new Error(\n          `${msiName}: Failed to read ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`\n        );\n      }\n\n      return msiGenericGetToken(\n        identityClient,\n        prepareRequestOptions(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID),\n        expiresInParser,\n        getTokenOptions\n      );\n    }\n  };\n}\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/utils.js

@@ -2,11 +2,19 @@
 // Licensed under the MIT license.
 import { createPipelineRequest } from "@azure/core-rest-pipeline";
 import { DefaultScopeSuffix } from "./constants";
+/**
+ * Most MSIs send requests to the IMDS endpoint, or a similar endpoint. These are GET requests that require sending a `resource` parameter on the query.
+ * This resource can be derived from the scopes received through the getToken call, as long as only one scope is received.
+ * Multiple scopes assume that the resulting token will have access to multiple resources, which won't be the case.
+ *
+ * For that reason, when we encounter multiple scopes, we return undefined.
+ * It's up to the individual MSI implementations to throw the errors (which helps us provide less generic errors).
+ */
 export function mapScopesToResource(scopes) {
     let scope = "";
     if (Array.isArray(scopes)) {
         if (scopes.length !== 1) {
-            throw new Error("To convert to a resource string the specified array must be exactly length 1");
+            return;
         }
         scope = scopes[0];
     }
@@ -18,11 +26,11 @@ export function mapScopesToResource(scopes) {
     }
     return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));
 }
-export async function msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions = {}) {
-    const request = createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal, tracingOptions: {
-            spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,
-            tracingContext: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext
-        } }, requestOptions), { allowInsecureConnection: true }));
+export async function msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions = {}, agent) {
+    const request = createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, requestOptions), { allowInsecureConnection: true }));
+    if (agent) {
+        request.agent = agent;
+    }
     const tokenResponse = await identityClient.sendTokenRequest(request, expiresInParser);
     return (tokenResponse && tokenResponse.accessToken) || null;
 }

package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAA0B,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAE1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjD,MAAM,UAAU,mBAAmB,CAAC,MAAyB;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;SACH;QAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;KACnB;SAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QACrC,KAAK,GAAG,MAAM,CAAC;KAChB;IAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QACvC,OAAO,KAAK,CAAC;KACd;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,cAA8B,EAC9B,cAAsC,EACtC,eAA+C,EAC/C,kBAAmC,EAAE;IAErC,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,cAAc,EAAE;YACd,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW;YACzF,cAAc,EACZ,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,cAAc;SAClF,IACE,cAAc,KACjB,uBAAuB,EAAE,IAAI,IAC7B,CAAC;IAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;AAC9D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PipelineRequestOptions, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { DefaultScopeSuffix } from \"./constants\";\nimport { MSIExpiresInParser } from \"./models\";\n\nexport function mapScopesToResource(scopes: string | string[]): string {\n  let scope = \"\";\n  if (Array.isArray(scopes)) {\n    if (scopes.length !== 1) {\n      throw new Error(\n        \"To convert to a resource string the specified array must be exactly length 1\"\n      );\n    }\n\n    scope = scopes[0];\n  } else if (typeof scopes === \"string\") {\n    scope = scopes;\n  }\n\n  if (!scope.endsWith(DefaultScopeSuffix)) {\n    return scope;\n  }\n\n  return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n}\n\nexport async function msiGenericGetToken(\n  identityClient: IdentityClient,\n  requestOptions: PipelineRequestOptions,\n  expiresInParser: MSIExpiresInParser | undefined,\n  getTokenOptions: GetTokenOptions = {}\n): Promise<AccessToken | null> {\n  const request = createPipelineRequest({\n    abortSignal: getTokenOptions.abortSignal,\n    tracingOptions: {\n      spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n      tracingContext:\n        getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext\n    },\n    ...requestOptions,\n    allowInsecureConnection: true\n  });\n\n  const tokenResponse = await identityClient.sendTokenRequest(request, expiresInParser);\n  return (tokenResponse && tokenResponse.accessToken) || null;\n}\n"]}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAA0B,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAG1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjD;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAyB;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,OAAO;SACR;QAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;KACnB;SAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QACrC,KAAK,GAAG,MAAM,CAAC;KAChB;IAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QACvC,OAAO,KAAK,CAAC;KACd;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,cAA8B,EAC9B,cAAsC,EACtC,eAA+C,EAC/C,kBAAmC,EAAE,EACrC,KAAa;IAEb,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,cAAc,KACjB,uBAAuB,EAAE,IAAI,IAC7B,CAAC;IAEH,IAAI,KAAK,EAAE;QACT,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;KACvB;IAED,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;AAC9D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PipelineRequestOptions, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { Agent } from \"http\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { DefaultScopeSuffix } from \"./constants\";\nimport { MSIExpiresInParser } from \"./models\";\n\n/**\n * Most MSIs send requests to the IMDS endpoint, or a similar endpoint. These are GET requests that require sending a `resource` parameter on the query.\n * This resource can be derived from the scopes received through the getToken call, as long as only one scope is received.\n * Multiple scopes assume that the resulting token will have access to multiple resources, which won't be the case.\n *\n * For that reason, when we encounter multiple scopes, we return undefined.\n * It's up to the individual MSI implementations to throw the errors (which helps us provide less generic errors).\n */\nexport function mapScopesToResource(scopes: string | string[]): string | undefined {\n  let scope = \"\";\n  if (Array.isArray(scopes)) {\n    if (scopes.length !== 1) {\n      return;\n    }\n\n    scope = scopes[0];\n  } else if (typeof scopes === \"string\") {\n    scope = scopes;\n  }\n\n  if (!scope.endsWith(DefaultScopeSuffix)) {\n    return scope;\n  }\n\n  return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n}\n\nexport async function msiGenericGetToken(\n  identityClient: IdentityClient,\n  requestOptions: PipelineRequestOptions,\n  expiresInParser: MSIExpiresInParser | undefined,\n  getTokenOptions: GetTokenOptions = {},\n  agent?: Agent\n): Promise<AccessToken | null> {\n  const request = createPipelineRequest({\n    abortSignal: getTokenOptions.abortSignal,\n    ...requestOptions,\n    allowInsecureConnection: true\n  });\n\n  if (agent) {\n    request.agent = agent;\n  }\n\n  const tokenResponse = await identityClient.sendTokenRequest(request, expiresInParser);\n  return (tokenResponse && tokenResponse.accessToken) || null;\n}\n"]}

package/dist-esm/src/credentials/onBehalfOfCredential.browser.js

@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { credentialLogger, formatError } from "../util/logging";
+const credentialName = "OnBehalfOfCredential";
+const BrowserNotSupportedError = new Error(`${credentialName}: Not supported in the browser.`);
+const logger = credentialLogger(credentialName);
+/**
+ * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ */
+export class OnBehalfOfCredential {
+    /**
+     * Only available in Node.js
+     */
+    constructor() {
+        logger.info(formatError("", BrowserNotSupportedError));
+        throw BrowserNotSupportedError;
+    }
+    getToken() {
+        logger.getToken.info(formatError("", BrowserNotSupportedError));
+        throw BrowserNotSupportedError;
+    }
+}
+//# sourceMappingURL=onBehalfOfCredential.browser.js.map

package/dist-esm/src/credentials/onBehalfOfCredential.browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onBehalfOfCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/onBehalfOfCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,wBAAwB,GAAG,IAAI,KAAK,CAAC,GAAG,cAAc,iCAAiC,CAAC,CAAC;AAC/F,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst BrowserNotSupportedError = new Error(`${credentialName}: Not supported in the browser.`);\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).\n */\nexport class OnBehalfOfCredential implements TokenCredential {\n  /**\n   * Only available in Node.js\n   */\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}

package/dist-esm/src/credentials/onBehalfOfCredential.js

@@ -0,0 +1,57 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { MsalOnBehalfOf } from "../msal/nodeFlows/msalOnBehalfOf";
+import { credentialLogger } from "../util/logging";
+import { trace } from "../util/tracing";
+const credentialName = "OnBehalfOfCredential";
+const logger = credentialLogger(credentialName);
+/**
+ * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ */
+export class OnBehalfOfCredential {
+    /**
+     * Creates an instance of the {@link OnBehalfOfCredential} with the details
+     * needed to authenticate against Azure Active Directory with a client
+     * secret or a path to a PEM certificate, and an user assertion.
+     *
+     * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
+     *
+     * ```ts
+     * const tokenCredential = new OnBehalfOfCredential({
+     *   tenantId,
+     *   clientId,
+     *   clientSecret, // or `certificatePath: "/path/to/certificate.pem"
+     *   userAssertionToken: "access-token"
+     * });
+     * const client = new KeyClient("vault-url", tokenCredential);
+     *
+     * await client.getKey("key-name");
+     * ```
+     *
+     * @param options - Optional parameters, generally common across credentials.
+     */
+    constructor(options) {
+        this.options = options;
+        const { clientSecret } = options;
+        const { certificatePath } = options;
+        const { tenantId, clientId, userAssertionToken } = options;
+        if (!tenantId || !clientId || !(clientSecret || certificatePath) || !userAssertionToken) {
+            throw new Error(`${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`);
+        }
+        this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger, tokenCredentialOptions: this.options }));
+    }
+    /**
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure the underlying network requests.
+     */
+    async getToken(scopes, options = {}) {
+        return trace(`${credentialName}.getToken`, options, async (newOptions) => {
+            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+            return this.msalFlow.getToken(arrayScopes, newOptions);
+        });
+    }
+}
+//# sourceMappingURL=onBehalfOfCredential.js.map

package/dist-esm/src/credentials/onBehalfOfCredential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onBehalfOfCredential.js","sourceRoot":"","sources":["../../../src/credentials/onBehalfOfCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAQxC,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,OAAO,oBAAoB;IAG/B;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,YAAoB,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;QACtD,MAAM,EAAE,YAAY,EAAE,GAAG,OAA4C,CAAC;QACtE,MAAM,EAAE,eAAe,EAAE,GAAG,OAAiD,CAAC;QAC9E,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;QAC3D,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,YAAY,IAAI,eAAe,CAAC,IAAI,CAAC,kBAAkB,EAAE;YACvF,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,yGAAyG,CAC3H,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,iCAC7B,IAAI,CAAC,OAAO,KACf,MAAM,EACN,sBAAsB,EAAE,IAAI,CAAC,OAAO,IACpC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalOnBehalfOf } from \"../msal/nodeFlows/msalOnBehalfOf\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport {\n  OnBehalfOfCredentialCertificateOptions,\n  OnBehalfOfCredentialOptions,\n  OnBehalfOfCredentialSecretOptions\n} from \"./onBehalfOfCredentialOptions\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).\n */\nexport class OnBehalfOfCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the {@link OnBehalfOfCredential} with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret or a path to a PEM certificate, and an user assertion.\n   *\n   * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n   *\n   * ```ts\n   * const tokenCredential = new OnBehalfOfCredential({\n   *   tenantId,\n   *   clientId,\n   *   clientSecret, // or `certificatePath: \"/path/to/certificate.pem\"\n   *   userAssertionToken: \"access-token\"\n   * });\n   * const client = new KeyClient(\"vault-url\", tokenCredential);\n   *\n   * await client.getKey(\"key-name\");\n   * ```\n   *\n   * @param options - Optional parameters, generally common across credentials.\n   */\n  constructor(private options: OnBehalfOfCredentialOptions) {\n    const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n    const { certificatePath } = options as OnBehalfOfCredentialCertificateOptions;\n    const { tenantId, clientId, userAssertionToken } = options;\n    if (!tenantId || !clientId || !(clientSecret || certificatePath) || !userAssertionToken) {\n      throw new Error(\n        `${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`\n      );\n    }\n    this.msalFlow = new MsalOnBehalfOf({\n      ...this.options,\n      logger,\n      tokenCredentialOptions: this.options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure the underlying network requests.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${credentialName}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow!.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/{visualStudioCodeCredentialExtension.js → onBehalfOfCredentialOptions.js}

@@ -1,4 +1,4 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 export {};
-//# sourceMappingURL=visualStudioCodeCredentialExtension.js.map
+//# sourceMappingURL=onBehalfOfCredentialOptions.js.map

package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onBehalfOfCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/onBehalfOfCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { CredentialPersistenceOptions } from \"./credentialPersistenceOptions\";\n\n/**\n * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.\n */\nexport interface OnBehalfOfCredentialSecretOptions {\n  /**\n   * The Azure Active Directory tenant (directory) ID.\n   */\n  tenantId: string;\n  /**\n   * The client (application) ID of an App Registration in the tenant.\n   */\n  clientId: string;\n  /**\n   * A client secret that was generated for the App Registration.\n   */\n  clientSecret: string;\n  /**\n   * The user assertion for the On-Behalf-Of flow.\n   */\n  userAssertionToken: string;\n  /**\n   * The path to a PEM-encoded certificate should not be provided when the secret options are provided.\n   */\n  certificatePath?: never;\n  /**\n   * Option to include x5c header should not be provided when the secret options are provided.\n   */\n  sendCertificateChain?: never;\n}\n\n/**\n * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.\n */\nexport interface OnBehalfOfCredentialCertificateOptions {\n  /**\n   * The Azure Active Directory tenant (directory) ID.\n   */\n  tenantId: string;\n  /**\n   * The client (application) ID of an App Registration in the tenant.\n   */\n  clientId: string;\n  /**\n   * The path to a PEM-encoded public/private key certificate on the filesystem.\n   */\n  certificatePath: string;\n  /**\n   * Option to include x5c header for SubjectName and Issuer name authorization.\n   * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n   */\n  sendCertificateChain?: boolean;\n  /**\n   * The user assertion for the On-Behalf-Of flow.\n   */\n  userAssertionToken: string;\n  /**\n   * Client secret should not be provided when certificate options are provided.\n   */\n  clientSecret?: never;\n}\n\n/**\n * Optional parameters for the {@link OnBehalfOfCredential} class.\n */\nexport type OnBehalfOfCredentialOptions = (\n  | OnBehalfOfCredentialSecretOptions\n  | OnBehalfOfCredentialCertificateOptions\n) &\n  TokenCredentialOptions &\n  CredentialPersistenceOptions;\n"]}

package/dist-esm/src/credentials/usernamePasswordCredential.browser.js

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import qs from "qs";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 import { SpanStatusCode } from "@azure/core-tracing";
 import { IdentityClient } from "../client/identityClient";
@@ -46,29 +45,27 @@ export class UsernamePasswordCredential {
      *                TokenCredential implementation might make.
      */
     async getToken(scopes, options) {
-        const { span, updatedOptions: newOptions } = createSpan("UsernamePasswordCredential-getToken", options);
+        const { span, updatedOptions: newOptions } = createSpan("UsernamePasswordCredential.getToken", options);
         try {
             const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);
+            const params = new URLSearchParams({
+                response_type: "token",
+                grant_type: "password",
+                client_id: this.clientId,
+                username: this.username,
+                password: this.password,
+                scope: typeof scopes === "string" ? scopes : scopes.join(" ")
+            });
             const webResource = createPipelineRequest({
                 url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,
                 method: "POST",
-                body: qs.stringify({
-                    response_type: "token",
-                    grant_type: "password",
-                    client_id: this.clientId,
-                    username: this.username,
-                    password: this.password,
-                    scope: typeof scopes === "string" ? scopes : scopes.join(" ")
-                }),
+                body: params.toString(),
                 headers: createHttpHeaders({
                     Accept: "application/json",
                     "Content-Type": "application/x-www-form-urlencoded"
                 }),
                 abortSignal: options && options.abortSignal,
-                tracingOptions: {
-                    spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,
-                    tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext
-                }
+                tracingOptions: newOptions.tracingOptions
             });
             const tokenResponse = await this.identityClient.sendTokenRequest(webResource);
             logger.getToken.info(formatSuccess(scopes));

package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"usernamePasswordCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,MAAM,IAAI,CAAC;AAGpB,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;OAUG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,qCAAqC,EACrC,OAAO,CACR,CAAC;QACF,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;oBACjB,aAAa,EAAE,OAAO;oBACtB,UAAU,EAAE,UAAU;oBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBAC9D,CAAC;gBACF,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE;oBACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;iBACtF;aACF,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;SAC7D;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { createSpan } from \"../util/tracing\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantIdOrName: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options?: TokenCredentialOptions\n  ) {\n    checkTenantId(logger, tenantIdOrName);\n\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantIdOrName;\n    this.clientId = clientId;\n    this.username = username;\n    this.password = password;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const { span, updatedOptions: newOptions } = createSpan(\n      \"UsernamePasswordCredential-getToken\",\n      options\n    );\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n      const webResource = createPipelineRequest({\n        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: qs.stringify({\n          response_type: \"token\",\n          grant_type: \"password\",\n          client_id: this.clientId,\n          username: this.username,\n          password: this.password,\n          scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n        }),\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        }),\n        abortSignal: options && options.abortSignal,\n        tracingOptions: {\n          spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n          tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n        }\n      });\n\n      const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n      logger.getToken.info(formatSuccess(scopes));\n      return (tokenResponse && tokenResponse.accessToken) || null;\n    } catch (err) {\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    } finally {\n      span.end();\n    }\n  }\n}\n"]}
+{"version":3,"file":"usernamePasswordCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAA0B,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAOrC;;;;;;;;;;OAUG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAgC;QAEhC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,qCAAqC,EACrC,OAAO,CACR,CAAC;QACF,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;SAC7D;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { createSpan } from \"../util/tracing\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantIdOrName: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options?: TokenCredentialOptions\n  ) {\n    checkTenantId(logger, tenantIdOrName);\n\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantIdOrName;\n    this.clientId = clientId;\n    this.username = username;\n    this.password = password;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const { span, updatedOptions: newOptions } = createSpan(\n      \"UsernamePasswordCredential.getToken\",\n      options\n    );\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n      const params = new URLSearchParams({\n        response_type: \"token\",\n        grant_type: \"password\",\n        client_id: this.clientId,\n        username: this.username,\n        password: this.password,\n        scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n      });\n      const webResource = createPipelineRequest({\n        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: params.toString(),\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        }),\n        abortSignal: options && options.abortSignal,\n        tracingOptions: newOptions.tracingOptions\n      });\n\n      const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n      logger.getToken.info(formatSuccess(scopes));\n      return (tokenResponse && tokenResponse.accessToken) || null;\n    } catch (err) {\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    } finally {\n      span.end();\n    }\n  }\n}\n"]}

package/dist-esm/src/credentials/usernamePasswordCredential.js

@@ -10,8 +10,6 @@ const logger = credentialLogger("UsernamePasswordCredential");
  * trust so you should only use it when other, more secure credential
  * types can't be used.
  */
-// We'll be using InteractiveCredential as the base of this class, which requires us to support authenticate(),
-// to reduce the number of times we send the password over the network.
 export class UsernamePasswordCredential {
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
@@ -25,6 +23,9 @@ export class UsernamePasswordCredential {
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId, clientId, username, password, options = {}) {
+        if (!tenantId || !clientId || !username || !password) {
+            throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
+        }
         this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger,
             clientId,
             tenantId,

package/dist-esm/src/credentials/usernamePasswordCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,+GAA+G;AAC/G,uEAAuE;AACvE,MAAM,OAAO,0BAA0B;IAGrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAoB,iCACnC,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalUsernamePassword } from \"../msal/nodeFlows/msalUsernamePassword\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { trace } from \"../util/tracing\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\n// We'll be using InteractiveCredential as the base of this class, which requires us to support authenticate(),\n// to reduce the number of times we send the password over the network.\nexport class UsernamePasswordCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory).\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options: UsernamePasswordCredentialOptions = {}\n  ) {\n    this.msalFlow = new MsalUsernamePassword({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      username,\n      password,\n      tokenCredentialOptions: options || {}\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}
+{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAGrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,iMAAiM,CAClM,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAoB,iCACnC,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalUsernamePassword } from \"../msal/nodeFlows/msalUsernamePassword\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { trace } from \"../util/tracing\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory).\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options: UsernamePasswordCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !username || !password) {\n      throw new Error(\n        \"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\"\n      );\n    }\n    this.msalFlow = new MsalUsernamePassword({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      username,\n      password,\n      tokenCredentialOptions: options || {}\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js

@@ -5,10 +5,16 @@ const BrowserNotSupportedError = new Error("VisualStudioCodeCredential is not su
 const logger = credentialLogger("VisualStudioCodeCredential");
 export const vsCodeCredentialControl = {
     set vsCodeCredentialFinder(_finder) {
-        throw new Error("Attempted to register a VisualStudioCodeCredential provider extension in the browser. This environment is not supported by VisualStudioCodeCredential.");
+        throw new Error("Attempted to register a VisualStudioCodeCredential provider plugin in the browser. This environment is not supported by VisualStudioCodeCredential.");
     }
 };
+/**
+ * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
+ */
 export class VisualStudioCodeCredential {
+    /**
+     * Only available in Node.js
+     */
     constructor() {
         logger.info(formatError("", BrowserNotSupportedError));
         throw BrowserNotSupportedError;

package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"visualStudioCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,6DAA6D,CAC9D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,IAAI,sBAAsB,CAAC,OAAc;QACvC,MAAM,IAAI,KAAK,CACb,wJAAwJ,CACzJ,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,OAAO,0BAA0B;IACrC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"VisualStudioCodeCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nexport const vsCodeCredentialControl = {\n  set vsCodeCredentialFinder(_finder: never) {\n    throw new Error(\n      \"Attempted to register a VisualStudioCodeCredential provider extension in the browser. This environment is not supported by VisualStudioCodeCredential.\"\n    );\n  }\n};\n\nexport class VisualStudioCodeCredential implements TokenCredential {\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}
+{"version":3,"file":"visualStudioCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,6DAA6D,CAC9D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,IAAI,sBAAsB,CAAC,OAAc;QACvC,MAAM,IAAI,KAAK,CACb,qJAAqJ,CACtJ,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,0BAA0B;IACrC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"VisualStudioCodeCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nexport const vsCodeCredentialControl = {\n  set vsCodeCredentialFinder(_finder: never) {\n    throw new Error(\n      \"Attempted to register a VisualStudioCodeCredential provider plugin in the browser. This environment is not supported by VisualStudioCodeCredential.\"\n    );\n  }\n};\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  /**\n   * Only available in Node.js\n   */\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}

package/dist-esm/src/credentials/visualStudioCodeCredential.js

@@ -3,7 +3,7 @@
 import fs from "fs";
 import os from "os";
 import path from "path";
-import { CredentialUnavailableError } from "../client/errors";
+import { CredentialUnavailableError } from "../errors";
 import { IdentityClient } from "../client/identityClient";
 import { AzureAuthorityHosts } from "../constants";
 import { checkTenantId } from "../util/checkTenantId";
@@ -69,7 +69,7 @@ export function getPropertyFromVSCode(property) {
     }
 }
 /**
- * Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.
+ * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
  * Once the user has logged in via the extension, this credential can share the same refresh token
  * that is cached by the extension.
  */
@@ -77,6 +77,11 @@ export class VisualStudioCodeCredential {
     /**
      * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
      *
+     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
+     * `@azure/identity-vscode`. If this package is not installed and registered
+     * using the plugin API (`useIdentityPlugin`), then authentication using
+     * `VisualStudioCodeCredential` will not be available.
+     *
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(options) {
@@ -93,7 +98,6 @@ export class VisualStudioCodeCredential {
         else {
             this.tenantId = CommonTenantId;
         }
-        this.allowMultiTenantAuthentication = options === null || options === void 0 ? void 0 : options.allowMultiTenantAuthentication;
         checkUnsupportedTenant(this.tenantId);
     }
     /**
@@ -127,10 +131,14 @@ export class VisualStudioCodeCredential {
     async getToken(scopes, options) {
         var _a, _b;
         await this.prepareOnce();
-        const tenantId = processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||
-            this.tenantId;
+        const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;
         if (findCredentials === undefined) {
-            throw new CredentialUnavailableError("No implementation of VisualStudioCodeCredential is available (do you need to install and use the `@azure/identity-vscode` extension package?)");
+            throw new CredentialUnavailableError([
+                "No implementation of `VisualStudioCodeCredential` is available.",
+                "You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)",
+                "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
+                "`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`."
+            ].join(" "));
         }
         let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
         // Check to make sure the scope we get back is a valid scope
@@ -160,13 +168,13 @@ export class VisualStudioCodeCredential {
                 return tokenResponse.accessToken;
             }
             else {
-                const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently?");
+                const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot.");
                 logger.getToken.info(formatError(scopes, error));
                 throw error;
             }
         }
         else {
-            const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension?");
+            const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot.");
             logger.getToken.info(formatError(scopes, error));
             throw error;
         }

package/dist-esm/src/credentials/visualStudioCodeCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAA0B,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAGxE,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;KAC9D;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAYD;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;QAE9E,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO;QACnB,kEAAkE;QAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,cAAc,EAAE;YAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,8BAA8B,EAAE,OAAO,CAAC;YACtF,IAAI,CAAC,QAAQ,CAAC;QAEhB,IAAI,eAAe,KAAK,SAAS,EAAE;YACjC,MAAM,IAAI,0BAA0B,CAClC,+IAA+I,CAChJ,CAAC;SACH;QAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzE,4DAA4D;QAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;YAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;YAC7C,WAAW,IAAI,iBAAiB,CAAC;SAClC;QAED,+CAA+C;QAC/C,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,oBAAoB;QACpB,OAAO;QACP,cAAc;QACd,IAAI;QACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;QAE5C,yFAAyF;QACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAExF,IAAI,YAAY,EAAE;YAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;YAEF,IAAI,aAAa,EAAE;gBACjB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;aAClC;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,mIAAmI,CACpI,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,uHAAuH,CACxH,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken, GetTokenOptions } from \"@azure/core-auth\";\n\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nimport { CredentialUnavailableError } from \"../client/errors\";\nimport { IdentityClient, TokenCredentialOptions } from \"../client/identityClient\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialExtension\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n    findCredentials = finder;\n  }\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n  adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\"\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n  // If the Tenant ID isn't supported, we throw.\n  const unsupportedTenantError = unsupportedTenantIds[tenantId];\n  if (unsupportedTenantError) {\n    throw new CredentialUnavailableError(unsupportedTenantError);\n  }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n  AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n  AzureChina: AzureAuthorityHosts.AzureChina,\n  AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n  AzureUSGovernment: AzureAuthorityHosts.AzureGovernment\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n  const settingsPath = [\"User\", \"settings.json\"];\n  // Eventually we can add more folders for more versions of VSCode.\n  const vsCodeFolder = \"Code\";\n  const homedir = os.homedir();\n\n  function loadProperty(...pathSegments: string[]): string | undefined {\n    const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n    const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n    return settings[property];\n  }\n\n  try {\n    let appData: string;\n    switch (process.platform) {\n      case \"win32\":\n        appData = process.env.APPDATA!;\n        return appData ? loadProperty(appData) : undefined;\n      case \"darwin\":\n        return loadProperty(homedir, \"Library\", \"Application Support\");\n      case \"linux\":\n        return loadProperty(homedir, \".config\");\n      default:\n        return;\n    }\n  } catch (e) {\n    logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n    return;\n  }\n}\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n */\nexport interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Optionally pass in a Tenant ID to be used as part of the credential\n   */\n  tenantId?: string;\n}\n\n/**\n * Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private cloudName: VSCodeCloudNames;\n  private allowMultiTenantAuthentication?: boolean;\n\n  /**\n   * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: VisualStudioCodeCredentialOptions) {\n    // We want to make sure we use the one assigned by the user on the VSCode settings.\n    // Or just `AzureCloud` by default.\n    this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n    // Picking an authority host based on the cloud name.\n    const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n    this.identityClient = new IdentityClient({\n      authorityHost,\n      ...options\n    });\n\n    if (options && options.tenantId) {\n      checkTenantId(logger, options.tenantId);\n      this.tenantId = options.tenantId;\n    } else {\n      this.tenantId = CommonTenantId;\n    }\n    this.allowMultiTenantAuthentication = options?.allowMultiTenantAuthentication;\n\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * Runs preparations for any further getToken request.\n   */\n  private async prepare(): Promise<void> {\n    // Attempts to load the tenant from the VSCode configuration file.\n    const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n    if (settingsTenant) {\n      this.tenantId = settingsTenant;\n    }\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n   */\n  private preparePromise: Promise<void> | undefined;\n\n  /**\n   * Runs preparations for any further getToken, but only once.\n   */\n  private prepareOnce(): Promise<void> | undefined {\n    if (!this.preparePromise) {\n      this.preparePromise = this.prepare();\n    }\n    return this.preparePromise;\n  }\n\n  /**\n   * Returns the token found by searching VSCode's authentication cache or\n   * returns null if no token could be found.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken> {\n    await this.prepareOnce();\n\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, this.allowMultiTenantAuthentication, options) ||\n      this.tenantId;\n\n    if (findCredentials === undefined) {\n      throw new CredentialUnavailableError(\n        \"No implementation of VisualStudioCodeCredential is available (do you need to install and use the `@azure/identity-vscode` extension package?)\"\n      );\n    }\n\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n    // Check to make sure the scope we get back is a valid scope\n    if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n      const error = new Error(\"Invalid scope was specified by the user or calling client\");\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // findCredentials returns an array similar to:\n    // [\n    //   {\n    //     account: \"\",\n    //     password: \"\",\n    //   },\n    //   /* ... */\n    // ]\n    const credentials = await findCredentials();\n\n    // If we can't find the credential based on the name, we'll pick the first one available.\n    const { password: refreshToken } =\n      credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n    if (refreshToken) {\n      const tokenResponse = await this.identityClient.refreshAccessToken(\n        tenantId,\n        AzureAccountClientId,\n        scopeString,\n        refreshToken,\n        undefined\n      );\n\n      if (tokenResponse) {\n        logger.getToken.info(formatSuccess(scopes));\n        return tokenResponse.accessToken;\n      } else {\n        const error = new CredentialUnavailableError(\n          \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently?\"\n        );\n        logger.getToken.info(formatError(scopes, error));\n        throw error;\n      }\n    } else {\n      const error = new CredentialUnavailableError(\n        \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension?\"\n      );\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n  }\n}\n"]}
+{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,cAAc,EAA0B,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAGxE,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;KAC9D;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAYD;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAKrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QAED,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO;QACnB,kEAAkE;QAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,cAAc,EAAE;YAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QAEpF,IAAI,eAAe,KAAK,SAAS,EAAE;YACjC,MAAM,IAAI,0BAA0B,CAClC;gBACE,iEAAiE;gBACjE,uGAAuG;gBACvG,mFAAmF;gBACnF,mFAAmF;aACpF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzE,4DAA4D;QAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;YAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;YAC7C,WAAW,IAAI,iBAAiB,CAAC;SAClC;QAED,+CAA+C;QAC/C,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,oBAAoB;QACpB,OAAO;QACP,cAAc;QACd,IAAI;QACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;QAE5C,yFAAyF;QACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAExF,IAAI,YAAY,EAAE;YAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;YAEF,IAAI,aAAa,EAAE;gBACjB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;aAClC;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,oOAAoO,CACrO,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,wNAAwN,CACzN,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken, GetTokenOptions } from \"@azure/core-auth\";\n\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient, TokenCredentialOptions } from \"../client/identityClient\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { processMultiTenantRequest } from \"../util/validateMultiTenant\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n    findCredentials = finder;\n  }\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n  adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\"\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n  // If the Tenant ID isn't supported, we throw.\n  const unsupportedTenantError = unsupportedTenantIds[tenantId];\n  if (unsupportedTenantError) {\n    throw new CredentialUnavailableError(unsupportedTenantError);\n  }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n  AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n  AzureChina: AzureAuthorityHosts.AzureChina,\n  AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n  AzureUSGovernment: AzureAuthorityHosts.AzureGovernment\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n  const settingsPath = [\"User\", \"settings.json\"];\n  // Eventually we can add more folders for more versions of VSCode.\n  const vsCodeFolder = \"Code\";\n  const homedir = os.homedir();\n\n  function loadProperty(...pathSegments: string[]): string | undefined {\n    const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n    const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n    return settings[property];\n  }\n\n  try {\n    let appData: string;\n    switch (process.platform) {\n      case \"win32\":\n        appData = process.env.APPDATA!;\n        return appData ? loadProperty(appData) : undefined;\n      case \"darwin\":\n        return loadProperty(homedir, \"Library\", \"Application Support\");\n      case \"linux\":\n        return loadProperty(homedir, \".config\");\n      default:\n        return;\n    }\n  } catch (e) {\n    logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n    return;\n  }\n}\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n */\nexport interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Optionally pass in a Tenant ID to be used as part of the credential\n   */\n  tenantId?: string;\n}\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private cloudName: VSCodeCloudNames;\n\n  /**\n   * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: VisualStudioCodeCredentialOptions) {\n    // We want to make sure we use the one assigned by the user on the VSCode settings.\n    // Or just `AzureCloud` by default.\n    this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n    // Picking an authority host based on the cloud name.\n    const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n    this.identityClient = new IdentityClient({\n      authorityHost,\n      ...options\n    });\n\n    if (options && options.tenantId) {\n      checkTenantId(logger, options.tenantId);\n      this.tenantId = options.tenantId;\n    } else {\n      this.tenantId = CommonTenantId;\n    }\n\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * Runs preparations for any further getToken request.\n   */\n  private async prepare(): Promise<void> {\n    // Attempts to load the tenant from the VSCode configuration file.\n    const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n    if (settingsTenant) {\n      this.tenantId = settingsTenant;\n    }\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n   */\n  private preparePromise: Promise<void> | undefined;\n\n  /**\n   * Runs preparations for any further getToken, but only once.\n   */\n  private prepareOnce(): Promise<void> | undefined {\n    if (!this.preparePromise) {\n      this.preparePromise = this.prepare();\n    }\n    return this.preparePromise;\n  }\n\n  /**\n   * Returns the token found by searching VSCode's authentication cache or\n   * returns null if no token could be found.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken> {\n    await this.prepareOnce();\n\n    const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n    if (findCredentials === undefined) {\n      throw new CredentialUnavailableError(\n        [\n          \"No implementation of `VisualStudioCodeCredential` is available.\",\n          \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\"\n        ].join(\" \")\n      );\n    }\n\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n    // Check to make sure the scope we get back is a valid scope\n    if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n      const error = new Error(\"Invalid scope was specified by the user or calling client\");\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // findCredentials returns an array similar to:\n    // [\n    //   {\n    //     account: \"\",\n    //     password: \"\",\n    //   },\n    //   /* ... */\n    // ]\n    const credentials = await findCredentials();\n\n    // If we can't find the credential based on the name, we'll pick the first one available.\n    const { password: refreshToken } =\n      credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n    if (refreshToken) {\n      const tokenResponse = await this.identityClient.refreshAccessToken(\n        tenantId,\n        AzureAccountClientId,\n        scopeString,\n        refreshToken,\n        undefined\n      );\n\n      if (tokenResponse) {\n        logger.getToken.info(formatSuccess(scopes));\n        return tokenResponse.accessToken;\n      } else {\n        const error = new CredentialUnavailableError(\n          \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot.\"\n        );\n        logger.getToken.info(formatError(scopes, error));\n        throw error;\n      }\n    } else {\n      const error = new CredentialUnavailableError(\n        \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/visualstudiocodecredential/troubleshoot.\"\n      );\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n  }\n}\n"]}

package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js

@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+export {};
+//# sourceMappingURL=visualStudioCodeCredentialPlugin.js.map

package/dist-esm/src/credentials/visualStudioCodeCredentialPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}

package/dist-esm/src/{client/errors.js → errors.js}

@@ -85,7 +85,7 @@ export const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
 export class AggregateAuthenticationError extends Error {
     constructor(errors, errorMessage) {
         const errorDetail = errors.join("\n");
-        super(`${errorMessage}\n\n${errorDetail}`);
+        super(`${errorMessage}\n${errorDetail}`);
         this.errors = errors;
         // Ensure that this type reports the correct name
         this.name = AggregateAuthenticationErrorName;
@@ -101,4 +101,19 @@ function convertOAuthErrorResponseToErrorResponse(errorBody) {
         traceId: errorBody.trace_id
     };
 }
+/**
+ * Error used to enforce authentication after trying to retrieve a token silently.
+ */
+export class AuthenticationRequiredError extends Error {
+    constructor(
+    /**
+     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
+     */
+    options) {
+        super(options.message);
+        this.scopes = options.scopes;
+        this.getTokenOptions = options.getTokenOptions;
+        this.name = "AuthenticationRequiredError";
+    }
+}
 //# sourceMappingURL=errors.js.map

package/dist-esm/src/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,wDAAwD;IACxD,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,gBAAgB,UAAU,sBAAsB,aAAa,CAAC,gBAAgB,EAAE,CACvG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAoBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string) {\n    super(message);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  // eslint-disable-next-line @typescript-eslint/ban-types\n  constructor(statusCode: number, errorBody: object | string | undefined | null) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\"\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            errorDescription: \"The specified authority URL was not found.\"\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\"\n      };\n    }\n\n    super(\n      `${errorResponse.error}(status code ${statusCode}).\\nMore details:\\n${errorResponse.errorDescription}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id\n  };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  getTokenOptions?: GetTokenOptions;\n  /**\n   * The message of the error.\n   */\n  message?: string;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  public scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  public getTokenOptions?: GetTokenOptions;\n\n  constructor(\n    /**\n     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n     */\n    options: AuthenticationRequiredErrorOptions\n  ) {\n    super(options.message);\n    this.scopes = options.scopes;\n    this.getTokenOptions = options.getTokenOptions;\n    this.name = \"AuthenticationRequiredError\";\n  }\n}\n"]}

package/dist-esm/src/index.js

@@ -1,10 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-export * from "./extensions/consumer";
+export * from "./plugins/consumer";
 import { DefaultAzureCredential } from "./credentials/defaultAzureCredential";
-export { AuthenticationRequiredError } from "./msal/errors";
+export { AuthenticationError, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError } from "./errors";
 export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils";
-export { RegionalAuthority } from "./regionalAuthority";
 export { ChainedTokenCredential } from "./credentials/chainedTokenCredential";
 export { DefaultAzureCredential } from "./credentials/defaultAzureCredential";
 export { EnvironmentCredential } from "./credentials/environmentCredential";
@@ -17,9 +16,8 @@ export { DeviceCodeCredential } from "./credentials/deviceCodeCredential";
 export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential";
 export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential";
 export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential";
-export { ApplicationCredential } from "./credentials/applicationCredential";
 export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential";
-export { AuthenticationError, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName } from "./client/errors";
+export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential";
 export { logger } from "./util/logging";
 export { AzureAuthorityHosts } from "./constants";
 /**