@azure/identity 2.0.2-alpha.20211214.3 → 2.0.2-alpha.20220131.1

package/dist-esm/src/credentials/clientSecretCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D,2EAA2E;AAC3E,mGAAmG;AACnG,wDAAwD;AAExD;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,CACR,CAAC;QAEF,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;YAChC,aAAa,EAAE,OAAO;YACtB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9D,CAAC,CAAC;QAEH,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACtB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,cAAc;aAC3C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;SAC7D;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n// This credential is exported on browser bundles for development purposes.\n// For this credential to work in browsers, browsers would need to have security features disabled.\n// Please do not disable your browser security features.\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration.  More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options?: TokenCredentialOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n    this.clientSecret = clientSecret;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const { span, updatedOptions: newOptions } = createSpan(\n      `${this.constructor.name}.getToken`,\n      options\n    );\n\n    const query = new URLSearchParams({\n      response_type: \"token\",\n      grant_type: \"client_credentials\",\n      client_id: this.clientId,\n      client_secret: this.clientSecret,\n      scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n    });\n\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n      const request = createPipelineRequest({\n        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: query.toString(),\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\"\n        }),\n        abortSignal: options && options.abortSignal,\n        tracingOptions: newOptions?.tracingOptions\n      });\n\n      const tokenResponse = await this.identityClient.sendTokenRequest(request);\n      logger.getToken.info(formatSuccess(scopes));\n      return (tokenResponse && tokenResponse.accessToken) || null;\n    } catch (err) {\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    } finally {\n      span.end();\n    }\n  }\n}\n"]}
+{"version":3,"file":"clientSecretCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAE/E,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D,2EAA2E;AAC3E,mGAAmG;AACnG,wDAAwD;AAExD;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,CACR,CAAC;QAEF,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;YAChC,aAAa,EAAE,OAAO;YACtB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,IAAI,CAAC,YAAY;YAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9D,CAAC,CAAC;QAEH,IAAI;YACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACtB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,cAAc;aAC3C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;SAC7D;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,cAAc,CAAC,KAAK;gBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/C,MAAM,GAAG,CAAC;SACX;gBAAS;YACR,IAAI,CAAC,GAAG,EAAE,CAAC;SACZ;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n// This credential is exported on browser bundles for development purposes.\n// For this credential to work in browsers, browsers would need to have security features disabled.\n// Please do not disable your browser security features.\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration.  More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private clientId: string;\n  private clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options?: TokenCredentialOptions\n  ) {\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantId;\n    this.clientId = clientId;\n    this.clientSecret = clientSecret;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    const { span, updatedOptions: newOptions } = createSpan(\n      `${this.constructor.name}.getToken`,\n      options\n    );\n\n    const query = new URLSearchParams({\n      response_type: \"token\",\n      grant_type: \"client_credentials\",\n      client_id: this.clientId,\n      client_secret: this.clientSecret,\n      scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n    });\n\n    try {\n      const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n      const request = createPipelineRequest({\n        url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n        method: \"POST\",\n        body: query.toString(),\n        headers: createHttpHeaders({\n          Accept: \"application/json\",\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n        }),\n        abortSignal: options && options.abortSignal,\n        tracingOptions: newOptions?.tracingOptions,\n      });\n\n      const tokenResponse = await this.identityClient.sendTokenRequest(request);\n      logger.getToken.info(formatSuccess(scopes));\n      return (tokenResponse && tokenResponse.accessToken) || null;\n    } catch (err) {\n      span.setStatus({\n        code: SpanStatusCode.ERROR,\n        message: err.message,\n      });\n      logger.getToken.info(formatError(scopes, err));\n      throw err;\n    } finally {\n      span.end();\n    }\n  }\n}\n"]}

package/dist-esm/src/credentials/clientSecretCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE;QAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;YAC3C,MAAM,IAAI,KAAK,CACb,4LAA4L,CAC7L,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,iCAC/B,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,YAAY,EACZ,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientSecret } from \"../msal/nodeFlows/msalClientSecret\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options: ClientSecretCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !clientSecret) {\n      throw new Error(\n        \"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\"\n      );\n    }\n    this.msalFlow = new MsalClientSecret({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      clientSecret,\n      tokenCredentialOptions: options\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}
+{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE;QAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;YAC3C,MAAM,IAAI,KAAK,CACb,4LAA4L,CAC7L,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,iCAC/B,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,YAAY,EACZ,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { MsalClientSecret } from \"../msal/nodeFlows/msalClientSecret\";\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Azure Active Directory with a client\n   * secret.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options: ClientSecretCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !clientSecret) {\n      throw new Error(\n        \"ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\"\n      );\n    }\n    this.msalFlow = new MsalClientSecret({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      clientSecret,\n      tokenCredentialOptions: options,\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, newOptions);\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/defaultAzureCredential.js

@@ -29,7 +29,7 @@ export const defaultCredentials = [
     DefaultManagedIdentityCredential,
     VisualStudioCodeCredential,
     AzureCliCredential,
-    AzurePowerShellCredential
+    AzurePowerShellCredential,
 ];
 /**
  * Provides a default {@link ChainedTokenCredential} configuration that should

package/dist-esm/src/credentials/defaultAzureCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AA0B1E;;;;;GAKG;AACH,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAC7E,YAAY,OAAuC;;QACjD,MAAM,uBAAuB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,uBAAuB,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAChG,IAAI,uBAAuB,KAAK,SAAS,EAAE;YACzC,KAAK,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC;SACzC;aAAM;YACL,KAAK,CAAC,OAAO,CAAC,CAAC;SAChB;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAmC;IAChE,qBAAqB;IACrB,gCAAgC;IAChC,0BAA0B;IAC1B,kBAAkB;IAClB,yBAAyB;CAC1B,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAChE;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,YAAY,OAAuC;QACjD,KAAK,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,kBAAkB;YACrB,kLAAkL,CAAC;IACvL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\n\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential\";\n\n/**\n * Provides options to configure the {@link DefaultAzureCredential} class.\n */\nexport interface DefaultAzureCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Optionally pass in a Tenant ID to be used as part of the credential.\n   * By default it may use a generic tenant ID depending on the underlying credential.\n   */\n  tenantId?: string;\n  /**\n   * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n   * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n   */\n  managedIdentityClientId?: string;\n}\n\n/**\n * The type of a class that implements TokenCredential and accepts\n * `DefaultAzureCredentialOptions`.\n */\ninterface DefaultCredentialConstructor {\n  new (options?: DefaultAzureCredentialOptions): TokenCredential;\n}\n\n/**\n * A shim around ManagedIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultManagedIdentityCredential extends ManagedIdentityCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const managedIdentityClientId = options?.managedIdentityClientId ?? process.env.AZURE_CLIENT_ID;\n    if (managedIdentityClientId !== undefined) {\n      super(managedIdentityClientId, options);\n    } else {\n      super(options);\n    }\n  }\n}\n\nexport const defaultCredentials: DefaultCredentialConstructor[] = [\n  EnvironmentCredential,\n  DefaultManagedIdentityCredential,\n  VisualStudioCodeCredential,\n  AzureCliCredential,\n  AzurePowerShellCredential\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class.\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link VisualStudioCodeCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super(...defaultCredentials.map((ctor) => new ctor(options)));\n    this.UnavailableMessage =\n      \"DefaultAzureCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.\";\n  }\n}\n"]}
+{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AA0B1E;;;;;GAKG;AACH,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAC7E,YAAY,OAAuC;;QACjD,MAAM,uBAAuB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,uBAAuB,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAChG,IAAI,uBAAuB,KAAK,SAAS,EAAE;YACzC,KAAK,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC;SACzC;aAAM;YACL,KAAK,CAAC,OAAO,CAAC,CAAC;SAChB;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAmC;IAChE,qBAAqB;IACrB,gCAAgC;IAChC,0BAA0B;IAC1B,kBAAkB;IAClB,yBAAyB;CAC1B,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAChE;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,YAAY,OAAuC;QACjD,KAAK,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,kBAAkB;YACrB,kLAAkL,CAAC;IACvL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\n\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential\";\n\n/**\n * Provides options to configure the {@link DefaultAzureCredential} class.\n */\nexport interface DefaultAzureCredentialOptions extends TokenCredentialOptions {\n  /**\n   * Optionally pass in a Tenant ID to be used as part of the credential.\n   * By default it may use a generic tenant ID depending on the underlying credential.\n   */\n  tenantId?: string;\n  /**\n   * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n   * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n   */\n  managedIdentityClientId?: string;\n}\n\n/**\n * The type of a class that implements TokenCredential and accepts\n * `DefaultAzureCredentialOptions`.\n */\ninterface DefaultCredentialConstructor {\n  new (options?: DefaultAzureCredentialOptions): TokenCredential;\n}\n\n/**\n * A shim around ManagedIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultManagedIdentityCredential extends ManagedIdentityCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const managedIdentityClientId = options?.managedIdentityClientId ?? process.env.AZURE_CLIENT_ID;\n    if (managedIdentityClientId !== undefined) {\n      super(managedIdentityClientId, options);\n    } else {\n      super(options);\n    }\n  }\n}\n\nexport const defaultCredentials: DefaultCredentialConstructor[] = [\n  EnvironmentCredential,\n  DefaultManagedIdentityCredential,\n  VisualStudioCodeCredential,\n  AzureCliCredential,\n  AzurePowerShellCredential,\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class.\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link VisualStudioCodeCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super(...defaultCredentials.map((ctor) => new ctor(options)));\n    this.UnavailableMessage =\n      \"DefaultAzureCredential => failed to retrieve a token from the included credentials. To troubleshoot, visit https://aka.ms/azsdk/js/identity/defaultazurecredential/troubleshoot.\";\n  }\n}\n"]}

package/dist-esm/src/credentials/deviceCodeCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAGlE,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAI/B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,OAAqC;QAC/C,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,iCAC7B,OAAO,KACV,MAAM,EACN,kBAAkB,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,KAAI,+BAA+B,EAClF,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalDeviceCode } from \"../msal/nodeFlows/msalDeviceCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { trace } from \"../util/tracing\";\nimport { DeviceCodeCredentialOptions, DeviceCodeInfo } from \"./deviceCodeCredentialOptions\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n  console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of DeviceCodeCredential with the details needed\n   * to initiate the device code authorization flow with Azure Active Directory.\n   *\n   * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n   *\n   * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n   *\n   * ```js\n   * const credential = new DeviceCodeCredential({\n   *   tenantId: env.AZURE_TENANT_ID,\n   *   clientId: env.AZURE_CLIENT_ID,\n   *   userPromptCallback: (info) => {\n   *     console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n   *   }\n   * });\n   * ```\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(options?: DeviceCodeCredentialOptions) {\n    this.msalFlow = new MsalDeviceCode({\n      ...options,\n      logger,\n      userPromptCallback: options?.userPromptCallback || defaultDeviceCodePromptCallback,\n      tokenCredentialOptions: options || {}\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}
+{"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAGlE,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAI/B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,OAAqC;QAC/C,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,iCAC7B,OAAO,KACV,MAAM,EACN,kBAAkB,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,KAAI,+BAA+B,EAClF,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { MsalDeviceCode } from \"../msal/nodeFlows/msalDeviceCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { trace } from \"../util/tracing\";\nimport { DeviceCodeCredentialOptions, DeviceCodeInfo } from \"./deviceCodeCredentialOptions\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n  console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of DeviceCodeCredential with the details needed\n   * to initiate the device code authorization flow with Azure Active Directory.\n   *\n   * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n   *\n   * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n   *\n   * ```js\n   * const credential = new DeviceCodeCredential({\n   *   tenantId: env.AZURE_TENANT_ID,\n   *   clientId: env.AZURE_CLIENT_ID,\n   *   userPromptCallback: (info) => {\n   *     console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n   *   }\n   * });\n   * ```\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(options?: DeviceCodeCredentialOptions) {\n    this.msalFlow = new MsalDeviceCode({\n      ...options,\n      logger,\n      userPromptCallback: options?.userPromptCallback || defaultDeviceCodePromptCallback,\n      tokenCredentialOptions: options || {},\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/environmentCredential.js

@@ -20,7 +20,7 @@ export const AllSupportedEnvironmentVariables = [
     "AZURE_CLIENT_SECRET",
     "AZURE_CLIENT_CERTIFICATE_PATH",
     "AZURE_USERNAME",
-    "AZURE_PASSWORD"
+    "AZURE_PASSWORD",
 ];
 const credentialName = "EnvironmentCredential";
 const logger = credentialLogger(credentialName);
@@ -93,10 +93,7 @@ export class EnvironmentCredential {
                 catch (err) {
                     const authenticationError = new AuthenticationError(400, {
                         error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
-                        error_description: err.message
-                            .toString()
-                            .split("More details:")
-                            .join("")
+                        error_description: err.message.toString().split("More details:").join(""),
                     });
                     logger.getToken.info(formatError(scopes, authenticationError));
                     throw authenticationError;

package/dist-esm/src/credentials/environmentCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/F,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAE1E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,cAAc,GAAG,uBAAuB,CAAC;AAC/C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAQhD;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IAKhC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,OAAsC;QAChD,oEAAoE;QAzB9D,gBAAW,GAGc,SAAS,CAAC;QAwBzC,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,EAAE,eAAe,EAAE,EACnB,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACvE,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,GAAG,cAAc,qHAAqH;wBAC7I,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;aACF;YACD,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,sJAAsJ,CACxK,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\n\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { AuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { trace } from \"../util/tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\n\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const AllSupportedEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_CLIENT_SECRET\",\n  \"AZURE_CLIENT_CERTIFICATE_PATH\",\n  \"AZURE_USERNAME\",\n  \"AZURE_PASSWORD\"\n];\n\nconst credentialName = \"EnvironmentCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory depending on the available environment variables.\n * Defines options for the EnvironmentCredential class.\n */\nexport interface EnvironmentCredentialOptions extends TokenCredentialOptions {}\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in environment variables\n */\nexport class EnvironmentCredential implements TokenCredential {\n  private _credential?:\n    | ClientSecretCredential\n    | ClientCertificateCredential\n    | UsernamePasswordCredential = undefined;\n  /**\n   * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.\n   *\n   * Required environment variables:\n   * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.\n   * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.\n   *\n   * Environment variables used for client credential authentication:\n   * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.\n   * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.\n   *\n   * Alternatively, users can provide environment variables for username and password authentication:\n   * - `AZURE_USERNAME`: Username to authenticate with.\n   * - `AZURE_PASSWORD`: Password to authenticate with.\n   *\n   * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.\n   * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: EnvironmentCredentialOptions) {\n    // Keep track of any missing environment variables for error details\n\n    const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assigned}`);\n\n    const tenantId = process.env.AZURE_TENANT_ID,\n      clientId = process.env.AZURE_CLIENT_ID,\n      clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n\n    if (tenantId && clientId && clientSecret) {\n      logger.info(\n        `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n      );\n      this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n      return;\n    }\n\n    const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n    if (tenantId && clientId && certificatePath) {\n      logger.info(\n        `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n      );\n      this._credential = new ClientCertificateCredential(\n        tenantId,\n        clientId,\n        { certificatePath },\n        options\n      );\n      return;\n    }\n\n    const username = process.env.AZURE_USERNAME;\n    const password = process.env.AZURE_PASSWORD;\n    if (tenantId && clientId && username && password) {\n      logger.info(\n        `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n      );\n      this._credential = new UsernamePasswordCredential(\n        tenantId,\n        clientId,\n        username,\n        password,\n        options\n      );\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - Optional parameters. See {@link GetTokenOptions}.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${credentialName}.getToken`, options, async (newOptions) => {\n      if (this._credential) {\n        try {\n          const result = await this._credential.getToken(scopes, newOptions);\n          logger.getToken.info(formatSuccess(scopes));\n          return result;\n        } catch (err) {\n          const authenticationError = new AuthenticationError(400, {\n            error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,\n            error_description: err.message\n              .toString()\n              .split(\"More details:\")\n              .join(\"\")\n          });\n          logger.getToken.info(formatError(scopes, authenticationError));\n          throw authenticationError;\n        }\n      }\n      throw new CredentialUnavailableError(\n        `${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`\n      );\n    });\n  }\n}\n"]}
+{"version":3,"file":"environmentCredential.js","sourceRoot":"","sources":["../../../src/credentials/environmentCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE/F,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAE1E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAM,cAAc,GAAG,uBAAuB,CAAC;AAC/C,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAQhD;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IAKhC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,OAAsC;QAChD,oEAAoE;QAzB9D,gBAAW,GAGc,SAAS,CAAC;QAwBzC,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxC,MAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3C,MAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,EAAE,eAAe,EAAE,EACnB,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChD,MAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACvE,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,GAAG,cAAc,qHAAqH;wBAC7I,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;qBAC1E,CAAC,CAAC;oBACH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;aACF;YACD,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,sJAAsJ,CACxK,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\n\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { AuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { trace } from \"../util/tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\n\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const AllSupportedEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_CLIENT_SECRET\",\n  \"AZURE_CLIENT_CERTIFICATE_PATH\",\n  \"AZURE_USERNAME\",\n  \"AZURE_PASSWORD\",\n];\n\nconst credentialName = \"EnvironmentCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Azure Active Directory depending on the available environment variables.\n * Defines options for the EnvironmentCredential class.\n */\nexport interface EnvironmentCredentialOptions extends TokenCredentialOptions {}\n\n/**\n * Enables authentication to Azure Active Directory using client secret\n * details configured in environment variables\n */\nexport class EnvironmentCredential implements TokenCredential {\n  private _credential?:\n    | ClientSecretCredential\n    | ClientCertificateCredential\n    | UsernamePasswordCredential = undefined;\n  /**\n   * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.\n   *\n   * Required environment variables:\n   * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.\n   * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.\n   *\n   * Environment variables used for client credential authentication:\n   * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.\n   * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.\n   *\n   * Alternatively, users can provide environment variables for username and password authentication:\n   * - `AZURE_USERNAME`: Username to authenticate with.\n   * - `AZURE_PASSWORD`: Password to authenticate with.\n   *\n   * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.\n   * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: EnvironmentCredentialOptions) {\n    // Keep track of any missing environment variables for error details\n\n    const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assigned}`);\n\n    const tenantId = process.env.AZURE_TENANT_ID,\n      clientId = process.env.AZURE_CLIENT_ID,\n      clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n\n    if (tenantId && clientId && clientSecret) {\n      logger.info(\n        `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n      );\n      this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n      return;\n    }\n\n    const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n    if (tenantId && clientId && certificatePath) {\n      logger.info(\n        `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n      );\n      this._credential = new ClientCertificateCredential(\n        tenantId,\n        clientId,\n        { certificatePath },\n        options\n      );\n      return;\n    }\n\n    const username = process.env.AZURE_USERNAME;\n    const password = process.env.AZURE_PASSWORD;\n    if (tenantId && clientId && username && password) {\n      logger.info(\n        `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n      );\n      this._credential = new UsernamePasswordCredential(\n        tenantId,\n        clientId,\n        username,\n        password,\n        options\n      );\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - Optional parameters. See {@link GetTokenOptions}.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${credentialName}.getToken`, options, async (newOptions) => {\n      if (this._credential) {\n        try {\n          const result = await this._credential.getToken(scopes, newOptions);\n          logger.getToken.info(formatSuccess(scopes));\n          return result;\n        } catch (err) {\n          const authenticationError = new AuthenticationError(400, {\n            error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,\n            error_description: err.message.toString().split(\"More details:\").join(\"\"),\n          });\n          logger.getToken.info(formatError(scopes, authenticationError));\n          throw authenticationError;\n        }\n      }\n      throw new CredentialUnavailableError(\n        `${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`\n      );\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAOjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC;;;;;;;;;;;;;OAaG;IACH,YACE,OAA+F;QAE/F,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAA,EAAE;YACtB,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,0FAA0F,CAC3F,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,cAAc,GAAG,OAAuD,CAAC;QAC/E,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC;QACxD,MAAM,WAAW,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YAC1C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uBACE,cAAc,CAAC,UACjB,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/D,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,WAAW,mCACZ,OAAO,KACV,MAAM,EACN,UAAU,EAAE,UAAU,EACtB,WAAW,EACT,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,GAC1F,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC;QAC9C,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MSALAuthCode } from \"../msal/browserFlows/msalAuthCode\";\nimport { MsalBrowserFlowOptions } from \"../msal/browserFlows/msalBrowserCommon\";\nimport {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions\n} from \"./interactiveBrowserCredentialOptions\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of the InteractiveBrowserCredential with the\n   * details needed to authenticate against Azure Active Directory with\n   * a user identity.\n   *\n   * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications.\n   * More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    options: InteractiveBrowserCredentialInBrowserOptions | InteractiveBrowserCredentialNodeOptions\n  ) {\n    if (!options?.clientId) {\n      const error = new Error(\n        \"The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`\"\n      );\n      logger.info(formatError(\"\", error));\n      throw error;\n    }\n\n    const browserOptions = options as InteractiveBrowserCredentialInBrowserOptions;\n    const loginStyle = browserOptions.loginStyle || \"popup\";\n    const loginStyles = [\"redirect\", \"popup\"];\n\n    if (loginStyles.indexOf(loginStyle) === -1) {\n      const error = new Error(\n        `Invalid loginStyle: ${\n          browserOptions.loginStyle\n        }. Should be any of the following: ${loginStyles.join(\", \")}.`\n      );\n      logger.info(formatError(\"\", error));\n      throw error;\n    }\n\n    const msalOptions: MsalBrowserFlowOptions = {\n      ...options,\n      logger,\n      loginStyle: loginStyle,\n      redirectUri:\n        typeof options.redirectUri === \"function\" ? options.redirectUri() : options.redirectUri\n    };\n\n    this.msalFlow = new MSALAuthCode(msalOptions);\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}
+{"version":3,"file":"interactiveBrowserCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAOjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC;;;;;;;;;;;;;OAaG;IACH,YACE,OAA+F;QAE/F,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAA,EAAE;YACtB,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,0FAA0F,CAC3F,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,cAAc,GAAG,OAAuD,CAAC;QAC/E,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC;QACxD,MAAM,WAAW,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE;YAC1C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uBACE,cAAc,CAAC,UACjB,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/D,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,MAAM,WAAW,mCACZ,OAAO,KACV,MAAM,EACN,UAAU,EAAE,UAAU,EACtB,WAAW,EACT,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,GAC1F,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC;QAC9C,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MSALAuthCode } from \"../msal/browserFlows/msalAuthCode\";\nimport { MsalBrowserFlowOptions } from \"../msal/browserFlows/msalBrowserCommon\";\nimport {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of the InteractiveBrowserCredential with the\n   * details needed to authenticate against Azure Active Directory with\n   * a user identity.\n   *\n   * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * It's recommended that the AAD Applications used are configured to authenticate using Single Page Applications.\n   * More information here: [link](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    options: InteractiveBrowserCredentialInBrowserOptions | InteractiveBrowserCredentialNodeOptions\n  ) {\n    if (!options?.clientId) {\n      const error = new Error(\n        \"The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`\"\n      );\n      logger.info(formatError(\"\", error));\n      throw error;\n    }\n\n    const browserOptions = options as InteractiveBrowserCredentialInBrowserOptions;\n    const loginStyle = browserOptions.loginStyle || \"popup\";\n    const loginStyles = [\"redirect\", \"popup\"];\n\n    if (loginStyles.indexOf(loginStyle) === -1) {\n      const error = new Error(\n        `Invalid loginStyle: ${\n          browserOptions.loginStyle\n        }. Should be any of the following: ${loginStyles.join(\", \")}.`\n      );\n      logger.info(formatError(\"\", error));\n      throw error;\n    }\n\n    const msalOptions: MsalBrowserFlowOptions = {\n      ...options,\n      logger,\n      loginStyle: loginStyle,\n      redirectUri:\n        typeof options.redirectUri === \"function\" ? options.redirectUri() : options.redirectUri,\n    };\n\n    this.msalFlow = new MSALAuthCode(msalOptions);\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/interactiveBrowserCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAExC,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAOpE,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC;;;;;;;;;;;OAWG;IACH,YACE,UAEmD,EAAE;QAErD,MAAM,WAAW,GACf,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU;YACvC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE;YACvB,CAAC,CAAC,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;QAEhD,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,iCAC9B,OAAO,KACV,sBAAsB,EAAE,OAAO,EAC/B,MAAM;YACN,WAAW,IACX,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MsalOpenBrowser } from \"../msal/nodeFlows/msalOpenBrowser\";\nimport { MsalFlow } from \"../msal/flows\";\nimport {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions\n} from \"./interactiveBrowserCredentialOptions\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of InteractiveBrowserCredential with the details needed.\n   *\n   * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n   * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(\n    options:\n      | InteractiveBrowserCredentialNodeOptions\n      | InteractiveBrowserCredentialInBrowserOptions = {}\n  ) {\n    const redirectUri =\n      typeof options.redirectUri === \"function\"\n        ? options.redirectUri()\n        : options.redirectUri || \"http://localhost\";\n\n    this.msalFlow = new MsalOpenBrowser({\n      ...options,\n      tokenCredentialOptions: options,\n      logger,\n      redirectUri\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n   * PKCE is a security feature that mitigates authentication code interception attacks.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}
+{"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAMlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAExC,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAOpE,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC;;;;;;;;;;;OAWG;IACH,YACE,UAEmD,EAAE;QAErD,MAAM,WAAW,GACf,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU;YACvC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE;YACvB,CAAC,CAAC,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;QAEhD,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,iCAC9B,OAAO,KACV,sBAAsB,EAAE,OAAO,EAC/B,MAAM;YACN,WAAW,IACX,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YAClF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport { credentialLogger } from \"../util/logging\";\nimport { trace } from \"../util/tracing\";\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MsalOpenBrowser } from \"../msal/nodeFlows/msalOpenBrowser\";\nimport { MsalFlow } from \"../msal/flows\";\nimport {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private msalFlow: MsalFlow;\n  private disableAutomaticAuthentication?: boolean;\n\n  /**\n   * Creates an instance of InteractiveBrowserCredential with the details needed.\n   *\n   * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n   * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(\n    options:\n      | InteractiveBrowserCredentialNodeOptions\n      | InteractiveBrowserCredentialInBrowserOptions = {}\n  ) {\n    const redirectUri =\n      typeof options.redirectUri === \"function\"\n        ? options.redirectUri()\n        : options.redirectUri || \"http://localhost\";\n\n    this.msalFlow = new MsalOpenBrowser({\n      ...options,\n      tokenCredentialOptions: options,\n      logger,\n      redirectUri,\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return trace(`${this.constructor.name}.getToken`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      return this.msalFlow.getToken(arrayScopes, {\n        ...newOptions,\n        disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n      });\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n   *\n   * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n   * PKCE is a security feature that mitigates authentication code interception attacks.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AuthenticationRecord | undefined> {\n    return trace(`${this.constructor.name}.authenticate`, options, async (newOptions) => {\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      await this.msalFlow.getToken(arrayScopes, newOptions);\n      return this.msalFlow.getActiveAccount();\n    });\n  }\n}\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
 import { credentialLogger } from "../../util/logging";
 import { mapScopesToResource } from "./utils";
 const msiName = "ManagedIdentityCredential - AppServiceMSI 2017";
@@ -22,7 +22,7 @@ function prepareRequestOptions(scopes, clientId) {
     }
     const queryParameters = {
         resource,
-        "api-version": "2017-09-01"
+        "api-version": "2017-09-01",
     };
     if (clientId) {
         queryParameters.clientid = clientId;
@@ -40,8 +40,8 @@ function prepareRequestOptions(scopes, clientId) {
         method: "GET",
         headers: createHttpHeaders({
             Accept: "application/json",
-            secret: process.env.MSI_SECRET
-        })
+            secret: process.env.MSI_SECRET,
+        }),
     };
 }
 /**
@@ -69,6 +69,6 @@ export const appServiceMsi2017 = {
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
         return (tokenResponse && tokenResponse.accessToken) || null;
-    }
+    },
 };
 //# sourceMappingURL=appServiceMsi2017.js.map

package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map

@@ -1 +1 @@
-{"version":3,"file":"appServiceMsi2017.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/appServiceMsi2017.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,OAAO,GAAG,gDAAgD,CAAC;AACjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,eAAe,CAAC,WAAoC;IAC3D,uDAAuD;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAqB,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;QAC7B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,8CAA8C,CAAC,CAAC;KAC3E;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,4CAA4C,CAAC,CAAC;KACzE;IAED,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QACtD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SAC/B,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAQ;IACpC,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,mFAAmF,CAC9F,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,2FAA2F,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC3J,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1C,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - AppServiceMSI 2017\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n  // App Service always returns string expires_on values.\n  return Date.parse(requestBody.expires_on! as string);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": \"2017-09-01\"\n  };\n\n  if (clientId) {\n    queryParameters.clientid = clientId;\n  }\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.MSI_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n  }\n  if (!process.env.MSI_SECRET) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_SECRET`);\n  }\n\n  return {\n    url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      secret: process.env.MSI_SECRET\n    })\n  };\n}\n\n/**\n * Defines how to determine whether the Azure App Service MSI is available, and also how to retrieve a token from the Azure App Service MSI.\n */\nexport const appServiceMsi2017: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const env = process.env;\n    const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n    if (!result) {\n      logger.info(\n        `${msiName}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(\n      `${msiName}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId),\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n};\n"]}
+{"version":3,"file":"appServiceMsi2017.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/appServiceMsi2017.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,OAAO,GAAG,gDAAgD,CAAC;AACjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,eAAe,CAAC,WAAoC;IAC3D,uDAAuD;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAqB,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;QAC7B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,8CAA8C,CAAC,CAAC;KAC3E;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,4CAA4C,CAAC,CAAC;KACzE;IAED,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QACtD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SAC/B,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAQ;IACpC,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,mFAAmF,CAC9F,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,2FAA2F,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC3J,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1C,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - AppServiceMSI 2017\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n  // App Service always returns string expires_on values.\n  return Date.parse(requestBody.expires_on! as string);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": \"2017-09-01\",\n  };\n\n  if (clientId) {\n    queryParameters.clientid = clientId;\n  }\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.MSI_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n  }\n  if (!process.env.MSI_SECRET) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_SECRET`);\n  }\n\n  return {\n    url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      secret: process.env.MSI_SECRET,\n    }),\n  };\n}\n\n/**\n * Defines how to determine whether the Azure App Service MSI is available, and also how to retrieve a token from the Azure App Service MSI.\n */\nexport const appServiceMsi2017: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const env = process.env;\n    const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n    if (!result) {\n      logger.info(\n        `${msiName}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(\n      `${msiName}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId),\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true,\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  },\n};\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
 import { readFile } from "fs";
 import { AuthenticationError } from "../../errors";
 import { credentialLogger } from "../../util/logging";
@@ -18,7 +18,7 @@ function prepareRequestOptions(scopes) {
     }
     const queryParameters = {
         resource,
-        "api-version": azureArcAPIVersion
+        "api-version": azureArcAPIVersion,
     };
     const query = new URLSearchParams(queryParameters);
     // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
@@ -31,8 +31,8 @@ function prepareRequestOptions(scopes) {
         method: "GET",
         headers: createHttpHeaders({
             Accept: "application/json",
-            Metadata: "true"
-        })
+            Metadata: "true",
+        }),
     });
 }
 /**
@@ -102,6 +102,6 @@ export const arcMsi = {
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
         return (tokenResponse && tokenResponse.accessToken) || null;
-    }
+    },
 };
 //# sourceMappingURL=arcMsi.js.map

package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map

@@ -1 +1 @@
-{"version":3,"file":"arcMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/arcMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,MAAM,OAAO,GAAG,2CAA2C,CAAC;AAC5D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,qBAAqB,CAAC,MAAyB;IACtD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IACD,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;KAChF;IAED,OAAO,qBAAqB,CAAC;QAC3B,8EAA8E;QAC9E,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;KACH,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CACrC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,cAA8B,EAC9B,qBAA6C;IAE7C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAEhG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;QAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;YACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;SAC/C;QACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,GAAG,OAAO,2FAA2F,OAAO,EAAE,CAC/G,CAAC;KACH;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IAClE,IAAI;QACF,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC1C;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,KAAK,CAAC,2CAA2C,UAAU,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAQ;IACzB,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,6EAA6E,CACxF,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mBAAmB,CAAC,CAAC;QAE3C,IAAI,QAAQ,EAAE;YACZ,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,+TAA+T,CAC1U,CAAC;SACH;QAED,MAAM,cAAc,iCAClB,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,CAAC,KAChC,uBAAuB,EAAE,IAAI,GAC9B,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAEvE,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,kCAAkC,CAAC,CAAC;SAC/D;QAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,MAAA,cAAc,CAAC,OAAO,0CAAE,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,OAAO,GAAG,qBAAqB,iCAChC,cAAc;YACjB,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { readFile } from \"fs\";\nimport { AuthenticationError } from \"../../errors\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { mapScopesToResource } from \"./utils\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { azureArcAPIVersion } from \"./constants\";\n\nconst msiName = \"ManagedIdentityCredential - Azure Arc MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(scopes: string | string[]): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": azureArcAPIVersion\n  };\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.IDENTITY_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: IDENTITY_ENDPOINT`);\n  }\n\n  return createPipelineRequest({\n    // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n    url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      Metadata: \"true\"\n    })\n  });\n}\n\n/**\n * Retrieves the file contents at the given path using promises.\n * Useful since `fs`'s readFileSync locks the thread, and to avoid extra dependencies.\n */\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n  return new Promise((resolve, reject) =>\n    readFile(path, options, (err, data) => {\n      if (err) {\n        reject(err);\n      }\n      resolve(data);\n    })\n  );\n}\n\n/**\n * Does a request to the authentication provider that results in a file path.\n */\nasync function filePathRequest(\n  identityClient: IdentityClient,\n  requestPrepareOptions: PipelineRequestOptions\n): Promise<string | undefined> {\n  const response = await identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));\n\n  if (response.status !== 401) {\n    let message = \"\";\n    if (response.bodyAsText) {\n      message = ` Response: ${response.bodyAsText}`;\n    }\n    throw new AuthenticationError(\n      response.status,\n      `${msiName}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`\n    );\n  }\n\n  const authHeader = response.headers.get(\"www-authenticate\") || \"\";\n  try {\n    return authHeader.split(\"=\").slice(1)[0];\n  } catch (e) {\n    throw Error(`Invalid www-authenticate header format: ${authHeader}`);\n  }\n}\n\n/**\n * Defines how to determine whether the Azure Arc MSI is available, and also how to retrieve a token from the Azure Arc MSI.\n */\nexport const arcMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n    if (!result) {\n      logger.info(\n        `${msiName}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(`${msiName}: Authenticating.`);\n\n    if (clientId) {\n      throw new Error(\n        `${msiName}: User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity, omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.`\n      );\n    }\n\n    const requestOptions = {\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes),\n      allowInsecureConnection: true\n    };\n\n    const filePath = await filePathRequest(identityClient, requestOptions);\n\n    if (!filePath) {\n      throw new Error(`${msiName}: Failed to find the token file.`);\n    }\n\n    const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n    requestOptions.headers?.set(\"Authorization\", `Basic ${key}`);\n\n    const request = createPipelineRequest({\n      ...requestOptions,\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n};\n"]}
+{"version":3,"file":"arcMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/arcMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,MAAM,OAAO,GAAG,2CAA2C,CAAC;AAC5D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,qBAAqB,CAAC,MAAyB;IACtD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IACD,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;KAChF;IAED,OAAO,qBAAqB,CAAC;QAC3B,8EAA8E;QAC9E,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;KACH,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CACrC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,cAA8B,EAC9B,qBAA6C;IAE7C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,qBAAqB,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAEhG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;QAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;YACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;SAC/C;QACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,GAAG,OAAO,2FAA2F,OAAO,EAAE,CAC/G,CAAC;KACH;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IAClE,IAAI;QACF,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC1C;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,KAAK,CAAC,2CAA2C,UAAU,EAAE,CAAC,CAAC;KACtE;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAQ;IACzB,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,6EAA6E,CACxF,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mBAAmB,CAAC,CAAC;QAE3C,IAAI,QAAQ,EAAE;YACZ,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,+TAA+T,CAC1U,CAAC;SACH;QAED,MAAM,cAAc,iCAClB,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,CAAC,KAChC,uBAAuB,EAAE,IAAI,GAC9B,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAEvE,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,kCAAkC,CAAC,CAAC;SAC/D;QAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,MAAA,cAAc,CAAC,OAAO,0CAAE,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,OAAO,GAAG,qBAAqB,iCAChC,cAAc;YACjB,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { readFile } from \"fs\";\nimport { AuthenticationError } from \"../../errors\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { mapScopesToResource } from \"./utils\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { azureArcAPIVersion } from \"./constants\";\n\nconst msiName = \"ManagedIdentityCredential - Azure Arc MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(scopes: string | string[]): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": azureArcAPIVersion,\n  };\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.IDENTITY_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: IDENTITY_ENDPOINT`);\n  }\n\n  return createPipelineRequest({\n    // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n    url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      Metadata: \"true\",\n    }),\n  });\n}\n\n/**\n * Retrieves the file contents at the given path using promises.\n * Useful since `fs`'s readFileSync locks the thread, and to avoid extra dependencies.\n */\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n  return new Promise((resolve, reject) =>\n    readFile(path, options, (err, data) => {\n      if (err) {\n        reject(err);\n      }\n      resolve(data);\n    })\n  );\n}\n\n/**\n * Does a request to the authentication provider that results in a file path.\n */\nasync function filePathRequest(\n  identityClient: IdentityClient,\n  requestPrepareOptions: PipelineRequestOptions\n): Promise<string | undefined> {\n  const response = await identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));\n\n  if (response.status !== 401) {\n    let message = \"\";\n    if (response.bodyAsText) {\n      message = ` Response: ${response.bodyAsText}`;\n    }\n    throw new AuthenticationError(\n      response.status,\n      `${msiName}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`\n    );\n  }\n\n  const authHeader = response.headers.get(\"www-authenticate\") || \"\";\n  try {\n    return authHeader.split(\"=\").slice(1)[0];\n  } catch (e) {\n    throw Error(`Invalid www-authenticate header format: ${authHeader}`);\n  }\n}\n\n/**\n * Defines how to determine whether the Azure Arc MSI is available, and also how to retrieve a token from the Azure Arc MSI.\n */\nexport const arcMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n    if (!result) {\n      logger.info(\n        `${msiName}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(`${msiName}: Authenticating.`);\n\n    if (clientId) {\n      throw new Error(\n        `${msiName}: User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity, omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.`\n      );\n    }\n\n    const requestOptions = {\n      disableJsonStringifyOnBody: true,\n      deserializationMapper: undefined,\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes),\n      allowInsecureConnection: true,\n    };\n\n    const filePath = await filePathRequest(identityClient, requestOptions);\n\n    if (!filePath) {\n      throw new Error(`${msiName}: Failed to find the token file.`);\n    }\n\n    const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n    requestOptions.headers?.set(\"Authorization\", `Basic ${key}`);\n\n    const request = createPipelineRequest({\n      ...requestOptions,\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true,\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  },\n};\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
 import { credentialLogger } from "../../util/logging";
 import { mapScopesToResource } from "./utils";
 const msiName = "ManagedIdentityCredential - CloudShellMSI";
@@ -14,7 +14,7 @@ function prepareRequestOptions(scopes, clientId) {
         throw new Error(`${msiName}: Multiple scopes are not supported.`);
     }
     const body = {
-        resource
+        resource,
     };
     if (clientId) {
         body.client_id = clientId;
@@ -31,8 +31,8 @@ function prepareRequestOptions(scopes, clientId) {
         headers: createHttpHeaders({
             Accept: "application/json",
             Metadata: "true",
-            "Content-Type": "application/x-www-form-urlencoded"
-        })
+            "Content-Type": "application/x-www-form-urlencoded",
+        }),
     };
 }
 /**
@@ -59,6 +59,6 @@ export const cloudShellMsi = {
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
         return (tokenResponse && tokenResponse.accessToken) || null;
-    }
+    },
 };
 //# sourceMappingURL=cloudShellMsi.js.map

package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map

@@ -1 +1 @@
-{"version":3,"file":"cloudShellMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/cloudShellMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,OAAO,GAAG,2CAA2C,CAAC;AAC5D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,IAAI,GAA2B;QACnC,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;KAC3B;IAED,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;QAC7B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,8CAA8C,CAAC,CAAC;KAC3E;IACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7B,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;QACvB,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;YAChB,cAAc,EAAE,mCAAmC;SACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAQ;IAChC,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,iEAAiE,CAAC,CAAC;SAC1F;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,4EAA4E,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,CAClH,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1C,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - CloudShellMSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const body: Record<string, string> = {\n    resource\n  };\n\n  if (clientId) {\n    body.client_id = clientId;\n  }\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.MSI_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n  }\n  const params = new URLSearchParams(body);\n  return {\n    url: process.env.MSI_ENDPOINT,\n    method: \"POST\",\n    body: params.toString(),\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      Metadata: \"true\",\n      \"Content-Type\": \"application/x-www-form-urlencoded\"\n    })\n  };\n}\n\n/**\n * Defines how to determine whether the Azure Cloud Shell MSI is available, and also how to retrieve a token from the Azure Cloud Shell MSI.\n */\nexport const cloudShellMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const result = Boolean(process.env.MSI_ENDPOINT);\n    if (!result) {\n      logger.info(`${msiName}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(\n      `${msiName}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId),\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n};\n"]}
+{"version":3,"file":"cloudShellMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/cloudShellMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,OAAO,GAAG,2CAA2C,CAAC;AAC5D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,IAAI,GAA2B;QACnC,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;KAC3B;IAED,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE;QAC7B,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,8CAA8C,CAAC,CAAC;KAC3E;IACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7B,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;QACvB,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;YAChB,cAAc,EAAE,mCAAmC;SACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAQ;IAChC,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,iEAAiE,CAAC,CAAC;SAC1F;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,4EAA4E,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,CAClH,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1C,0FAA0F;YAC1F,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions,\n} from \"@azure/core-rest-pipeline\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\n\nconst msiName = \"ManagedIdentityCredential - CloudShellMSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const body: Record<string, string> = {\n    resource,\n  };\n\n  if (clientId) {\n    body.client_id = clientId;\n  }\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.MSI_ENDPOINT) {\n    throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);\n  }\n  const params = new URLSearchParams(body);\n  return {\n    url: process.env.MSI_ENDPOINT,\n    method: \"POST\",\n    body: params.toString(),\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      Metadata: \"true\",\n      \"Content-Type\": \"application/x-www-form-urlencoded\",\n    }),\n  };\n}\n\n/**\n * Defines how to determine whether the Azure Cloud Shell MSI is available, and also how to retrieve a token from the Azure Cloud Shell MSI.\n */\nexport const cloudShellMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const result = Boolean(process.env.MSI_ENDPOINT);\n    if (!result) {\n      logger.info(`${msiName}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { identityClient, scopes, clientId } = configuration;\n\n    logger.info(\n      `${msiName}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId),\n      // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).\n      allowInsecureConnection: true,\n    });\n    const tokenResponse = await identityClient.sendTokenRequest(request);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  },\n};\n"]}

package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import https from "https";
-import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { createHttpHeaders, createPipelineRequest, } from "@azure/core-rest-pipeline";
 import { credentialLogger } from "../../util/logging";
 import { mapScopesToResource } from "./utils";
 import { azureFabricVersion } from "./constants";
@@ -34,7 +34,7 @@ function prepareRequestOptions(scopes, clientId) {
     }
     const queryParameters = {
         resource,
-        "api-version": azureFabricVersion
+        "api-version": azureFabricVersion,
     };
     if (clientId) {
         queryParameters.client_id = clientId;
@@ -52,8 +52,8 @@ function prepareRequestOptions(scopes, clientId) {
         method: "GET",
         headers: createHttpHeaders({
             Accept: "application/json",
-            secret: process.env.IDENTITY_HEADER
-        })
+            secret: process.env.IDENTITY_HEADER,
+        }),
     };
 }
 /**
@@ -80,19 +80,16 @@ export const fabricMsi = {
             "Using the endpoint and the secret coming from the environment variables:",
             `IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,
             "IDENTITY_HEADER=[REDACTED] and",
-            "IDENTITY_SERVER_THUMBPRINT=[REDACTED]."
+            "IDENTITY_SERVER_THUMBPRINT=[REDACTED].",
         ].join(" "));
-        const request = createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)
-        // The service fabric MSI endpoint will be HTTPS (however, the certificate will be self-signed).
-        // allowInsecureConnection: true
-        ));
+        const request = createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)));
         request.agent = new https.Agent({
             // This is necessary because Service Fabric provides a self-signed certificate.
             // The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
-            rejectUnauthorized: false
+            rejectUnauthorized: false,
         });
         const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
         return (tokenResponse && tokenResponse.accessToken) || null;
-    }
+    },
 };
 //# sourceMappingURL=fabricMsi.js.map

package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map

@@ -1 +1 @@
-{"version":3,"file":"fabricMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/fabricMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,sGAAsG;AACtG,EAAE;AACF,iBAAiB;AACjB,2CAA2C;AAC3C,4BAA4B;AAC5B,EAAE;AACF,kCAAkC;AAClC,EAAE;AACF,wIAAwI;AACxI,EAAE;AAEF,MAAM,OAAO,GAAG,wCAAwC,CAAC;AACzD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,eAAe,CAAC,WAAoC;IAC3D,qFAAqF;IACrF,OAAO,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;KACtC;IAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;QAChC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IAED,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;SACpC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAQ;IAC5B,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,0BAA0B,CAC/E,CAAC;QACF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,wHAAwH,CACnI,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT;YACE,GAAG,OAAO,GAAG;YACb,0EAA0E;YAC1E,qBAAqB,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG;YACrD,gCAAgC;YAChC,wCAAwC;SACzC,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,iBACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC;QAC1C,gGAAgG;QAChG,gCAAgC;UAChC,CAAC;QAEH,OAAO,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC;YAC9B,+EAA+E;YAC/E,uGAAuG;YACvG,kBAAkB,EAAE,KAAK;SAC1B,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport https from \"https\";\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\nimport { azureFabricVersion } from \"./constants\";\n\n// This MSI can be easily tested by deploying a container to Azure Service Fabric with the Dockerfile:\n//\n//   FROM node:12\n//   RUN wget https://host.any/path/bash.sh\n//   CMD [\"bash\", \"bash.sh\"]\n//\n// Where the bash script contains:\n//\n//   curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H \"Secret: $IDENTITY_HEADER\"\n//\n\nconst msiName = \"ManagedIdentityCredential - Fabric MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n  // Parses a string representation of the milliseconds since epoch into a number value\n  return Number(requestBody.expires_on);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": azureFabricVersion\n  };\n\n  if (clientId) {\n    queryParameters.client_id = clientId;\n  }\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.IDENTITY_ENDPOINT) {\n    throw new Error(\"Missing environment variable: IDENTITY_ENDPOINT\");\n  }\n  if (!process.env.IDENTITY_HEADER) {\n    throw new Error(\"Missing environment variable: IDENTITY_HEADER\");\n  }\n\n  return {\n    url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      secret: process.env.IDENTITY_HEADER\n    })\n  };\n}\n\n/**\n * Defines how to determine whether the Azure Service Fabric MSI is available, and also how to retrieve a token from the Azure Service Fabric MSI.\n */\nexport const fabricMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const env = process.env;\n    const result = Boolean(\n      env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT\n    );\n    if (!result) {\n      logger.info(\n        `${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { scopes, identityClient, clientId } = configuration;\n\n    logger.info(\n      [\n        `${msiName}:`,\n        \"Using the endpoint and the secret coming from the environment variables:\",\n        `IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,\n        \"IDENTITY_HEADER=[REDACTED] and\",\n        \"IDENTITY_SERVER_THUMBPRINT=[REDACTED].\"\n      ].join(\" \")\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId)\n      // The service fabric MSI endpoint will be HTTPS (however, the certificate will be self-signed).\n      // allowInsecureConnection: true\n    });\n\n    request.agent = new https.Agent({\n      // This is necessary because Service Fabric provides a self-signed certificate.\n      // The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.\n      rejectUnauthorized: false\n    });\n\n    const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  }\n};\n"]}
+{"version":3,"file":"fabricMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/fabricMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,sGAAsG;AACtG,EAAE;AACF,iBAAiB;AACjB,2CAA2C;AAC3C,4BAA4B;AAC5B,EAAE;AACF,kCAAkC;AAClC,EAAE;AACF,wIAAwI;AACxI,EAAE;AAEF,MAAM,OAAO,GAAG,wCAAwC,CAAC;AACzD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;GAEG;AACH,SAAS,eAAe,CAAC,WAAoC;IAC3D,qFAAqF;IACrF,OAAO,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;KACnE;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;KACtC;IAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;IAEnD,wIAAwI;IACxI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE;QAChC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IAED,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;SACpC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAQ;IAC5B,KAAK,CAAC,WAAW,CAAC,MAAM;QACtB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;SACd;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,0BAA0B,CAC/E,CAAC;QACF,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,wHAAwH,CACnI,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAE3D,MAAM,CAAC,IAAI,CACT;YACE,GAAG,OAAO,GAAG;YACb,0EAA0E;YAC1E,qBAAqB,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG;YACrD,gCAAgC;YAChC,wCAAwC;SACzC,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,iBACnC,WAAW,EAAE,eAAe,CAAC,WAAW,IACrC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAG1C,CAAC;QAEH,OAAO,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC;YAC9B,+EAA+E;YAC/E,uGAAuG;YACvG,kBAAkB,EAAE,KAAK;SAC1B,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport https from \"https\";\nimport {\n  createHttpHeaders,\n  createPipelineRequest,\n  PipelineRequestOptions,\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenResponseParsedBody } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI, MSIConfiguration } from \"./models\";\nimport { mapScopesToResource } from \"./utils\";\nimport { azureFabricVersion } from \"./constants\";\n\n// This MSI can be easily tested by deploying a container to Azure Service Fabric with the Dockerfile:\n//\n//   FROM node:12\n//   RUN wget https://host.any/path/bash.sh\n//   CMD [\"bash\", \"bash.sh\"]\n//\n// Where the bash script contains:\n//\n//   curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H \"Secret: $IDENTITY_HEADER\"\n//\n\nconst msiName = \"ManagedIdentityCredential - Fabric MSI\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.\n */\nfunction expiresOnParser(requestBody: TokenResponseParsedBody): number {\n  // Parses a string representation of the milliseconds since epoch into a number value\n  return Number(requestBody.expires_on);\n}\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n  scopes: string | string[],\n  clientId?: string\n): PipelineRequestOptions {\n  const resource = mapScopesToResource(scopes);\n  if (!resource) {\n    throw new Error(`${msiName}: Multiple scopes are not supported.`);\n  }\n\n  const queryParameters: Record<string, string> = {\n    resource,\n    \"api-version\": azureFabricVersion,\n  };\n\n  if (clientId) {\n    queryParameters.client_id = clientId;\n  }\n\n  const query = new URLSearchParams(queryParameters);\n\n  // This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.\n  if (!process.env.IDENTITY_ENDPOINT) {\n    throw new Error(\"Missing environment variable: IDENTITY_ENDPOINT\");\n  }\n  if (!process.env.IDENTITY_HEADER) {\n    throw new Error(\"Missing environment variable: IDENTITY_HEADER\");\n  }\n\n  return {\n    url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,\n    method: \"GET\",\n    headers: createHttpHeaders({\n      Accept: \"application/json\",\n      secret: process.env.IDENTITY_HEADER,\n    }),\n  };\n}\n\n/**\n * Defines how to determine whether the Azure Service Fabric MSI is available, and also how to retrieve a token from the Azure Service Fabric MSI.\n */\nexport const fabricMsi: MSI = {\n  async isAvailable(scopes): Promise<boolean> {\n    const resource = mapScopesToResource(scopes);\n    if (!resource) {\n      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n      return false;\n    }\n    const env = process.env;\n    const result = Boolean(\n      env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT\n    );\n    if (!result) {\n      logger.info(\n        `${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`\n      );\n    }\n    return result;\n  },\n  async getToken(\n    configuration: MSIConfiguration,\n    getTokenOptions: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    const { scopes, identityClient, clientId } = configuration;\n\n    logger.info(\n      [\n        `${msiName}:`,\n        \"Using the endpoint and the secret coming from the environment variables:\",\n        `IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,\n        \"IDENTITY_HEADER=[REDACTED] and\",\n        \"IDENTITY_SERVER_THUMBPRINT=[REDACTED].\",\n      ].join(\" \")\n    );\n\n    const request = createPipelineRequest({\n      abortSignal: getTokenOptions.abortSignal,\n      ...prepareRequestOptions(scopes, clientId),\n      // The service fabric MSI endpoint will be HTTPS (however, the certificate will be self-signed).\n      // allowInsecureConnection: true\n    });\n\n    request.agent = new https.Agent({\n      // This is necessary because Service Fabric provides a self-signed certificate.\n      // The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.\n      rejectUnauthorized: false,\n    });\n\n    const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);\n    return (tokenResponse && tokenResponse.accessToken) || null;\n  },\n};\n"]}