@azure/identity 2.0.2-alpha.20211108.2 → 2.0.2-alpha.20211206.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (10) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/index.js +19 -12
  3. package/dist/index.js.map +1 -1
  4. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +1 -1
  5. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  6. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +1 -8
  7. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  8. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +15 -1
  9. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  10. package/package.json +2 -3
package/CHANGELOG.md CHANGED
@@ -4,11 +4,14 @@
4
4
 
5
5
  ### Features Added
6
6
 
7
+ - Improved the error message when `InteractiveBrowserCredential` is used with an unavailable port (such as when no `redirectUri` is provided, and the port `80` is busy) and when no browser is available.
8
+
7
9
  ### Breaking Changes
8
10
 
9
11
  ### Bugs Fixed
10
12
 
11
13
  - Challenge claims now are properly being passed through to the outgoing token requests.
14
+ - The `ManagedIdentityCredential` now properly parses expiration dates from token exchange requests.
12
15
 
13
16
  ### Other Changes
14
17
 
package/dist/index.js CHANGED
@@ -2549,13 +2549,6 @@ const arcMsi = {
2549
2549
  const msiName$4 = "ManagedIdentityCredential - Token Exchange";
2550
2550
  const logger$d = credentialLogger(msiName$4);
2551
2551
  const readFileAsync$2 = util.promisify(fs__default.readFile);
2552
- /**
2553
- * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
2554
- */
2555
- function expiresOnParser$2(requestBody) {
2556
- // Parses a string representation of the seconds since epoch into a number value
2557
- return Number(requestBody.expires_on);
2558
- }
2559
2552
  /**
2560
2553
  * Generates the options used on the request for an access token.
2561
2554
  */
@@ -2627,7 +2620,7 @@ function tokenExchangeMsi() {
2627
2620
  const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID)), {
2628
2621
  // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
2629
2622
  allowInsecureConnection: true }));
2630
- const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$2);
2623
+ const tokenResponse = await identityClient.sendTokenRequest(request);
2631
2624
  return (tokenResponse && tokenResponse.accessToken) || null;
2632
2625
  }
2633
2626
  };
@@ -2649,7 +2642,7 @@ const logger$e = credentialLogger(msiName$5);
2649
2642
  /**
2650
2643
  * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
2651
2644
  */
2652
- function expiresOnParser$3(requestBody) {
2645
+ function expiresOnParser$2(requestBody) {
2653
2646
  // Parses a string representation of the milliseconds since epoch into a number value
2654
2647
  return Number(requestBody.expires_on);
2655
2648
  }
@@ -2681,7 +2674,7 @@ function prepareRequestOptions$5(scopes, clientId) {
2681
2674
  method: "GET",
2682
2675
  headers: coreRestPipeline.createHttpHeaders({
2683
2676
  Accept: "application/json",
2684
- Secret: process.env.IDENTITY_HEADER
2677
+ secret: process.env.IDENTITY_HEADER
2685
2678
  })
2686
2679
  };
2687
2680
  }
@@ -2720,7 +2713,7 @@ const fabricMsi = {
2720
2713
  // The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
2721
2714
  rejectUnauthorized: false
2722
2715
  });
2723
- const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$3);
2716
+ const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$2);
2724
2717
  return (tokenResponse && tokenResponse.accessToken) || null;
2725
2718
  }
2726
2719
  };
@@ -3049,6 +3042,20 @@ class MsalOpenBrowser extends MsalNode {
3049
3042
  }
3050
3043
  }
3051
3044
  app.on("connection", (socket) => socketToDestroy.push(socket));
3045
+ app.on("error", (err) => {
3046
+ cleanup();
3047
+ const code = err.code;
3048
+ if (code === "EACCES" || code === "EADDRINUSE") {
3049
+ reject(new CredentialUnavailableError([
3050
+ `InteractiveBrowserCredential: Access denied to port ${this.port}.`,
3051
+ `Try sending a redirect URI with a different port, as follows:`,
3052
+ '`new InteractiveBrowserCredential({ redirectUri: "http://localhost:1337" })`'
3053
+ ].join(" ")));
3054
+ }
3055
+ else {
3056
+ reject(new CredentialUnavailableError(`InteractiveBrowserCredential: Failed to start the necessary web server. Error: ${err.message}`));
3057
+ }
3058
+ });
3052
3059
  app.on("listening", () => {
3053
3060
  const openPromise = this.openAuthCodeUrl(scopes, options);
3054
3061
  const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
@@ -3085,7 +3092,7 @@ class MsalOpenBrowser extends MsalNode {
3085
3092
  await interactiveBrowserMockable.open(response, { wait: true });
3086
3093
  }
3087
3094
  catch (e) {
3088
- throw new CredentialUnavailableError(`Could not open a browser window. Error: ${e.message}`);
3095
+ throw new CredentialUnavailableError(`InteractiveBrowserCredential: Could not open a browser window. Error: ${e.message}`);
3089
3096
  }
3090
3097
  }
3091
3098
  }