@azure/identity 2.0.2-alpha.20211221.3 → 2.0.3-alpha.20220210.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/CHANGELOG.md +13 -3
- package/dist/index.js +205 -173
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +1 -1
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/package.json +5 -6
package/dist/index.js
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
|
|
6
|
-
|
|
7
5
|
var msalNode = require('@azure/msal-node');
|
|
8
6
|
var coreTracing = require('@azure/core-tracing');
|
|
9
7
|
var coreClient = require('@azure/core-client');
|
|
@@ -14,17 +12,47 @@ var logger$k = require('@azure/logger');
|
|
|
14
12
|
var msalCommon = require('@azure/msal-common');
|
|
15
13
|
var uuid = require('uuid');
|
|
16
14
|
var fs = require('fs');
|
|
17
|
-
var
|
|
18
|
-
var
|
|
19
|
-
var path = _interopDefault(require('path'));
|
|
15
|
+
var os = require('os');
|
|
16
|
+
var path = require('path');
|
|
20
17
|
var child_process = require('child_process');
|
|
21
|
-
var child_process__default = _interopDefault(child_process);
|
|
22
18
|
var crypto = require('crypto');
|
|
23
19
|
var util = require('util');
|
|
24
|
-
var https =
|
|
25
|
-
var http =
|
|
26
|
-
var open =
|
|
27
|
-
var stoppable =
|
|
20
|
+
var https = require('https');
|
|
21
|
+
var http = require('http');
|
|
22
|
+
var open = require('open');
|
|
23
|
+
var stoppable = require('stoppable');
|
|
24
|
+
|
|
25
|
+
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
|
|
26
|
+
|
|
27
|
+
function _interopNamespace(e) {
|
|
28
|
+
if (e && e.__esModule) return e;
|
|
29
|
+
var n = Object.create(null);
|
|
30
|
+
if (e) {
|
|
31
|
+
Object.keys(e).forEach(function (k) {
|
|
32
|
+
if (k !== 'default') {
|
|
33
|
+
var d = Object.getOwnPropertyDescriptor(e, k);
|
|
34
|
+
Object.defineProperty(n, k, d.get ? d : {
|
|
35
|
+
enumerable: true,
|
|
36
|
+
get: function () { return e[k]; }
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
n["default"] = e;
|
|
42
|
+
return Object.freeze(n);
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
var msalNode__namespace = /*#__PURE__*/_interopNamespace(msalNode);
|
|
46
|
+
var msalCommon__namespace = /*#__PURE__*/_interopNamespace(msalCommon);
|
|
47
|
+
var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
|
|
48
|
+
var os__default = /*#__PURE__*/_interopDefaultLegacy(os);
|
|
49
|
+
var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
|
|
50
|
+
var child_process__default = /*#__PURE__*/_interopDefaultLegacy(child_process);
|
|
51
|
+
var child_process__namespace = /*#__PURE__*/_interopNamespace(child_process);
|
|
52
|
+
var https__default = /*#__PURE__*/_interopDefaultLegacy(https);
|
|
53
|
+
var http__default = /*#__PURE__*/_interopDefaultLegacy(http);
|
|
54
|
+
var open__default = /*#__PURE__*/_interopDefaultLegacy(open);
|
|
55
|
+
var stoppable__default = /*#__PURE__*/_interopDefaultLegacy(stoppable);
|
|
28
56
|
|
|
29
57
|
// Copyright (c) Microsoft Corporation.
|
|
30
58
|
// Licensed under the MIT license.
|
|
@@ -171,6 +199,10 @@ const DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
|
|
|
171
199
|
* @internal
|
|
172
200
|
*/
|
|
173
201
|
const DefaultTenantId = "common";
|
|
202
|
+
/**
|
|
203
|
+
* A list of known Azure authority hosts
|
|
204
|
+
*/
|
|
205
|
+
exports.AzureAuthorityHosts = void 0;
|
|
174
206
|
(function (AzureAuthorityHosts) {
|
|
175
207
|
/**
|
|
176
208
|
* China-based Azure Authority Host
|
|
@@ -241,7 +273,7 @@ async function trace(operationName, options, fn, createSpanFn = createSpan) {
|
|
|
241
273
|
/**
|
|
242
274
|
* The AzureLogger used for all clients within the identity package
|
|
243
275
|
*/
|
|
244
|
-
const logger = logger$k.createClientLogger("identity");
|
|
276
|
+
const logger$j = logger$k.createClientLogger("identity");
|
|
245
277
|
/**
|
|
246
278
|
* Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
|
|
247
279
|
* @param supportedEnvVars - List of environment variable names
|
|
@@ -281,7 +313,7 @@ function formatError(scope, error) {
|
|
|
281
313
|
* `[title] => [message]`
|
|
282
314
|
*
|
|
283
315
|
*/
|
|
284
|
-
function credentialLoggerInstance(title, parent, log = logger) {
|
|
316
|
+
function credentialLoggerInstance(title, parent, log = logger$j) {
|
|
285
317
|
const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;
|
|
286
318
|
function info(message) {
|
|
287
319
|
log.info(`${fullTitle} =>`, message);
|
|
@@ -302,7 +334,7 @@ function credentialLoggerInstance(title, parent, log = logger) {
|
|
|
302
334
|
* `[title] => getToken() => [message]`
|
|
303
335
|
*
|
|
304
336
|
*/
|
|
305
|
-
function credentialLogger(title, log = logger) {
|
|
337
|
+
function credentialLogger(title, log = logger$j) {
|
|
306
338
|
const credLogger = credentialLoggerInstance(title, undefined, log);
|
|
307
339
|
return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
|
|
308
340
|
}
|
|
@@ -332,7 +364,7 @@ function getIdentityClientAuthorityHost(options) {
|
|
|
332
364
|
class IdentityClient extends coreClient.ServiceClient {
|
|
333
365
|
constructor(options) {
|
|
334
366
|
var _a;
|
|
335
|
-
const packageDetails = `azsdk-js-identity/2.0.
|
|
367
|
+
const packageDetails = `azsdk-js-identity/2.0.3`;
|
|
336
368
|
const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
|
|
337
369
|
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
|
|
338
370
|
: `${packageDetails}`;
|
|
@@ -347,7 +379,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
347
379
|
this.abortControllers = new Map();
|
|
348
380
|
}
|
|
349
381
|
async sendTokenRequest(request, expiresOnParser) {
|
|
350
|
-
logger.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
382
|
+
logger$j.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
351
383
|
const response = await this.sendRequest(request);
|
|
352
384
|
expiresOnParser =
|
|
353
385
|
expiresOnParser ||
|
|
@@ -366,12 +398,12 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
366
398
|
},
|
|
367
399
|
refreshToken: parsedBody.refresh_token,
|
|
368
400
|
};
|
|
369
|
-
logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
|
|
401
|
+
logger$j.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
|
|
370
402
|
return token;
|
|
371
403
|
}
|
|
372
404
|
else {
|
|
373
405
|
const error = new AuthenticationError(response.status, response.bodyAsText);
|
|
374
|
-
logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
|
|
406
|
+
logger$j.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
|
|
375
407
|
throw error;
|
|
376
408
|
}
|
|
377
409
|
}
|
|
@@ -379,7 +411,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
379
411
|
if (refreshToken === undefined) {
|
|
380
412
|
return null;
|
|
381
413
|
}
|
|
382
|
-
logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
414
|
+
logger$j.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
383
415
|
const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
|
|
384
416
|
const refreshParams = {
|
|
385
417
|
grant_type: "refresh_token",
|
|
@@ -405,7 +437,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
405
437
|
tracingOptions: updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions,
|
|
406
438
|
});
|
|
407
439
|
const response = await this.sendTokenRequest(request, expiresOnParser);
|
|
408
|
-
logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
440
|
+
logger$j.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
409
441
|
return response;
|
|
410
442
|
}
|
|
411
443
|
catch (err) {
|
|
@@ -414,7 +446,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
414
446
|
// It's likely that the refresh token has expired, so
|
|
415
447
|
// return null so that the credential implementation will
|
|
416
448
|
// initiate the authentication flow again.
|
|
417
|
-
logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
449
|
+
logger$j.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
418
450
|
span.setStatus({
|
|
419
451
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
420
452
|
message: err.message,
|
|
@@ -422,7 +454,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
422
454
|
return null;
|
|
423
455
|
}
|
|
424
456
|
else {
|
|
425
|
-
logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
457
|
+
logger$j.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
426
458
|
span.setStatus({
|
|
427
459
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
428
460
|
message: err.message,
|
|
@@ -595,16 +627,16 @@ const defaultLoggerCallback = (logger, platform = coreUtil.isNode ? "Node" : "Br
|
|
|
595
627
|
return;
|
|
596
628
|
}
|
|
597
629
|
switch (level) {
|
|
598
|
-
case
|
|
630
|
+
case msalCommon__namespace.LogLevel.Error:
|
|
599
631
|
logger.info(`MSAL ${platform} V2 error: ${message}`);
|
|
600
632
|
return;
|
|
601
|
-
case
|
|
633
|
+
case msalCommon__namespace.LogLevel.Info:
|
|
602
634
|
logger.info(`MSAL ${platform} V2 info message: ${message}`);
|
|
603
635
|
return;
|
|
604
|
-
case
|
|
636
|
+
case msalCommon__namespace.LogLevel.Verbose:
|
|
605
637
|
logger.info(`MSAL ${platform} V2 verbose message: ${message}`);
|
|
606
638
|
return;
|
|
607
|
-
case
|
|
639
|
+
case msalCommon__namespace.LogLevel.Warning:
|
|
608
640
|
logger.info(`MSAL ${platform} V2 warning: ${message}`);
|
|
609
641
|
return;
|
|
610
642
|
}
|
|
@@ -977,12 +1009,12 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
977
1009
|
cachePlugin: await this.createCachePlugin(),
|
|
978
1010
|
};
|
|
979
1011
|
}
|
|
980
|
-
this.publicApp = new
|
|
1012
|
+
this.publicApp = new msalNode__namespace.PublicClientApplication(this.msalConfig);
|
|
981
1013
|
// The confidential client requires either a secret, assertion or certificate.
|
|
982
1014
|
if (this.msalConfig.auth.clientSecret ||
|
|
983
1015
|
this.msalConfig.auth.clientAssertion ||
|
|
984
1016
|
this.msalConfig.auth.clientCertificate) {
|
|
985
|
-
this.confidentialApp = new
|
|
1017
|
+
this.confidentialApp = new msalNode__namespace.ConfidentialClientApplication(this.msalConfig);
|
|
986
1018
|
}
|
|
987
1019
|
else {
|
|
988
1020
|
if (this.requiresConfidential) {
|
|
@@ -1096,7 +1128,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1096
1128
|
// Copyright (c) Microsoft Corporation.
|
|
1097
1129
|
const CommonTenantId = "common";
|
|
1098
1130
|
const AzureAccountClientId = "aebc6443-996d-45c2-90f0-388ff96faa56"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'
|
|
1099
|
-
const logger$
|
|
1131
|
+
const logger$i = credentialLogger("VisualStudioCodeCredential");
|
|
1100
1132
|
let findCredentials = undefined;
|
|
1101
1133
|
const vsCodeCredentialControl = {
|
|
1102
1134
|
setVsCodeCredentialFinder(finder) {
|
|
@@ -1128,10 +1160,10 @@ function getPropertyFromVSCode(property) {
|
|
|
1128
1160
|
const settingsPath = ["User", "settings.json"];
|
|
1129
1161
|
// Eventually we can add more folders for more versions of VSCode.
|
|
1130
1162
|
const vsCodeFolder = "Code";
|
|
1131
|
-
const homedir =
|
|
1163
|
+
const homedir = os__default["default"].homedir();
|
|
1132
1164
|
function loadProperty(...pathSegments) {
|
|
1133
|
-
const fullPath =
|
|
1134
|
-
const settings = JSON.parse(fs__default.readFileSync(fullPath, { encoding: "utf8" }));
|
|
1165
|
+
const fullPath = path__default["default"].join(...pathSegments, vsCodeFolder, ...settingsPath);
|
|
1166
|
+
const settings = JSON.parse(fs__default["default"].readFileSync(fullPath, { encoding: "utf8" }));
|
|
1135
1167
|
return settings[property];
|
|
1136
1168
|
}
|
|
1137
1169
|
try {
|
|
@@ -1149,7 +1181,7 @@ function getPropertyFromVSCode(property) {
|
|
|
1149
1181
|
}
|
|
1150
1182
|
}
|
|
1151
1183
|
catch (e) {
|
|
1152
|
-
logger$
|
|
1184
|
+
logger$i.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);
|
|
1153
1185
|
return;
|
|
1154
1186
|
}
|
|
1155
1187
|
}
|
|
@@ -1177,7 +1209,7 @@ class VisualStudioCodeCredential {
|
|
|
1177
1209
|
const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];
|
|
1178
1210
|
this.identityClient = new IdentityClient(Object.assign({ authorityHost }, options));
|
|
1179
1211
|
if (options && options.tenantId) {
|
|
1180
|
-
checkTenantId(logger$
|
|
1212
|
+
checkTenantId(logger$i, options.tenantId);
|
|
1181
1213
|
this.tenantId = options.tenantId;
|
|
1182
1214
|
}
|
|
1183
1215
|
else {
|
|
@@ -1229,7 +1261,7 @@ class VisualStudioCodeCredential {
|
|
|
1229
1261
|
// Check to make sure the scope we get back is a valid scope
|
|
1230
1262
|
if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {
|
|
1231
1263
|
const error = new Error("Invalid scope was specified by the user or calling client");
|
|
1232
|
-
logger$
|
|
1264
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1233
1265
|
throw error;
|
|
1234
1266
|
}
|
|
1235
1267
|
if (scopeString.indexOf("offline_access") < 0) {
|
|
@@ -1249,18 +1281,18 @@ class VisualStudioCodeCredential {
|
|
|
1249
1281
|
if (refreshToken) {
|
|
1250
1282
|
const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, undefined);
|
|
1251
1283
|
if (tokenResponse) {
|
|
1252
|
-
logger$
|
|
1284
|
+
logger$i.getToken.info(formatSuccess(scopes));
|
|
1253
1285
|
return tokenResponse.accessToken;
|
|
1254
1286
|
}
|
|
1255
1287
|
else {
|
|
1256
1288
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1257
|
-
logger$
|
|
1289
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1258
1290
|
throw error;
|
|
1259
1291
|
}
|
|
1260
1292
|
}
|
|
1261
1293
|
else {
|
|
1262
1294
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1263
|
-
logger$
|
|
1295
|
+
logger$i.getToken.info(formatError(scopes, error));
|
|
1264
1296
|
throw error;
|
|
1265
1297
|
}
|
|
1266
1298
|
}
|
|
@@ -1311,7 +1343,7 @@ function useIdentityPlugin(plugin) {
|
|
|
1311
1343
|
/**
|
|
1312
1344
|
* @internal
|
|
1313
1345
|
*/
|
|
1314
|
-
const logger$
|
|
1346
|
+
const logger$h = credentialLogger("ChainedTokenCredential");
|
|
1315
1347
|
/**
|
|
1316
1348
|
* Enables multiple `TokenCredential` implementations to be tried in order
|
|
1317
1349
|
* until one of the getToken methods returns an access token.
|
|
@@ -1366,7 +1398,7 @@ class ChainedTokenCredential {
|
|
|
1366
1398
|
errors.push(err);
|
|
1367
1399
|
}
|
|
1368
1400
|
else {
|
|
1369
|
-
logger$
|
|
1401
|
+
logger$h.getToken.info(formatError(scopes, err));
|
|
1370
1402
|
throw err;
|
|
1371
1403
|
}
|
|
1372
1404
|
}
|
|
@@ -1377,11 +1409,11 @@ class ChainedTokenCredential {
|
|
|
1377
1409
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1378
1410
|
message: err.message,
|
|
1379
1411
|
});
|
|
1380
|
-
logger$
|
|
1412
|
+
logger$h.getToken.info(formatError(scopes, err));
|
|
1381
1413
|
throw err;
|
|
1382
1414
|
}
|
|
1383
1415
|
span.end();
|
|
1384
|
-
logger$
|
|
1416
|
+
logger$h.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
|
|
1385
1417
|
if (token === null) {
|
|
1386
1418
|
throw new CredentialUnavailableError("Failed to retrieve a valid token");
|
|
1387
1419
|
}
|
|
@@ -1441,7 +1473,7 @@ const cliCredentialInternals = {
|
|
|
1441
1473
|
}
|
|
1442
1474
|
return new Promise((resolve, reject) => {
|
|
1443
1475
|
try {
|
|
1444
|
-
child_process__default.execFile("az", [
|
|
1476
|
+
child_process__default["default"].execFile("az", [
|
|
1445
1477
|
"account",
|
|
1446
1478
|
"get-access-token",
|
|
1447
1479
|
"--output",
|
|
@@ -1459,7 +1491,7 @@ const cliCredentialInternals = {
|
|
|
1459
1491
|
});
|
|
1460
1492
|
},
|
|
1461
1493
|
};
|
|
1462
|
-
const logger$
|
|
1494
|
+
const logger$g = credentialLogger("AzureCliCredential");
|
|
1463
1495
|
/**
|
|
1464
1496
|
* This credential will use the currently logged-in user login information
|
|
1465
1497
|
* via the Azure CLI ('az') commandline tool.
|
|
@@ -1489,11 +1521,11 @@ class AzureCliCredential {
|
|
|
1489
1521
|
async getToken(scopes, options) {
|
|
1490
1522
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1491
1523
|
if (tenantId) {
|
|
1492
|
-
checkTenantId(logger$
|
|
1524
|
+
checkTenantId(logger$g, tenantId);
|
|
1493
1525
|
}
|
|
1494
1526
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1495
|
-
logger$
|
|
1496
|
-
ensureValidScope(scope, logger$
|
|
1527
|
+
logger$g.getToken.info(`Using the scope ${scope}`);
|
|
1528
|
+
ensureValidScope(scope, logger$g);
|
|
1497
1529
|
const resource = getScopeResource(scope);
|
|
1498
1530
|
let responseData = "";
|
|
1499
1531
|
const { span } = createSpan(`${this.constructor.name}.getToken`, options);
|
|
@@ -1504,22 +1536,22 @@ class AzureCliCredential {
|
|
|
1504
1536
|
const isNotInstallError = obj.stderr.match("az:(.*)not found") || obj.stderr.startsWith("'az' is not recognized");
|
|
1505
1537
|
if (isNotInstallError) {
|
|
1506
1538
|
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
1507
|
-
logger$
|
|
1539
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1508
1540
|
throw error;
|
|
1509
1541
|
}
|
|
1510
1542
|
else if (isLoginError) {
|
|
1511
1543
|
const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
|
|
1512
|
-
logger$
|
|
1544
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1513
1545
|
throw error;
|
|
1514
1546
|
}
|
|
1515
1547
|
const error = new CredentialUnavailableError(obj.stderr);
|
|
1516
|
-
logger$
|
|
1548
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1517
1549
|
throw error;
|
|
1518
1550
|
}
|
|
1519
1551
|
else {
|
|
1520
1552
|
responseData = obj.stdout;
|
|
1521
1553
|
const response = JSON.parse(responseData);
|
|
1522
|
-
logger$
|
|
1554
|
+
logger$g.getToken.info(formatSuccess(scopes));
|
|
1523
1555
|
const returnValue = {
|
|
1524
1556
|
token: response.accessToken,
|
|
1525
1557
|
expiresOnTimestamp: new Date(response.expiresOn).getTime(),
|
|
@@ -1533,7 +1565,7 @@ class AzureCliCredential {
|
|
|
1533
1565
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1534
1566
|
message: error.message,
|
|
1535
1567
|
});
|
|
1536
|
-
logger$
|
|
1568
|
+
logger$g.getToken.info(formatError(scopes, error));
|
|
1537
1569
|
throw error;
|
|
1538
1570
|
}
|
|
1539
1571
|
}
|
|
@@ -1551,7 +1583,7 @@ const processUtils = {
|
|
|
1551
1583
|
*/
|
|
1552
1584
|
execFile(file, params, options) {
|
|
1553
1585
|
return new Promise((resolve, reject) => {
|
|
1554
|
-
|
|
1586
|
+
child_process__namespace.execFile(file, params, options, (error, stdout, stderr) => {
|
|
1555
1587
|
if (Buffer.isBuffer(stdout)) {
|
|
1556
1588
|
stdout = stdout.toString("utf8");
|
|
1557
1589
|
}
|
|
@@ -1570,7 +1602,7 @@ const processUtils = {
|
|
|
1570
1602
|
};
|
|
1571
1603
|
|
|
1572
1604
|
// Copyright (c) Microsoft Corporation.
|
|
1573
|
-
const logger$
|
|
1605
|
+
const logger$f = credentialLogger("AzurePowerShellCredential");
|
|
1574
1606
|
const isWindows = process.platform === "win32";
|
|
1575
1607
|
/**
|
|
1576
1608
|
* Returns a platform-appropriate command name by appending ".exe" on Windows.
|
|
@@ -1701,15 +1733,15 @@ class AzurePowerShellCredential {
|
|
|
1701
1733
|
return trace(`${this.constructor.name}.getToken`, options, async () => {
|
|
1702
1734
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1703
1735
|
if (tenantId) {
|
|
1704
|
-
checkTenantId(logger$
|
|
1736
|
+
checkTenantId(logger$f, tenantId);
|
|
1705
1737
|
}
|
|
1706
1738
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1707
|
-
ensureValidScope(scope, logger$
|
|
1708
|
-
logger$
|
|
1739
|
+
ensureValidScope(scope, logger$f);
|
|
1740
|
+
logger$f.getToken.info(`Using the scope ${scope}`);
|
|
1709
1741
|
const resource = getScopeResource(scope);
|
|
1710
1742
|
try {
|
|
1711
1743
|
const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
|
|
1712
|
-
logger$
|
|
1744
|
+
logger$f.getToken.info(formatSuccess(scopes));
|
|
1713
1745
|
return {
|
|
1714
1746
|
token: response.Token,
|
|
1715
1747
|
expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),
|
|
@@ -1718,16 +1750,16 @@ class AzurePowerShellCredential {
|
|
|
1718
1750
|
catch (err) {
|
|
1719
1751
|
if (isNotInstalledError(err)) {
|
|
1720
1752
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
|
|
1721
|
-
logger$
|
|
1753
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1722
1754
|
throw error;
|
|
1723
1755
|
}
|
|
1724
1756
|
else if (isLoginError(err)) {
|
|
1725
1757
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
|
|
1726
|
-
logger$
|
|
1758
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1727
1759
|
throw error;
|
|
1728
1760
|
}
|
|
1729
1761
|
const error = new CredentialUnavailableError(`${err}. ${powerShellPublicErrorMessages.troubleshoot}`);
|
|
1730
|
-
logger$
|
|
1762
|
+
logger$f.getToken.info(formatError(scope, error));
|
|
1731
1763
|
throw error;
|
|
1732
1764
|
}
|
|
1733
1765
|
});
|
|
@@ -1765,7 +1797,7 @@ class MsalClientSecret extends MsalNode {
|
|
|
1765
1797
|
}
|
|
1766
1798
|
|
|
1767
1799
|
// Copyright (c) Microsoft Corporation.
|
|
1768
|
-
const logger$
|
|
1800
|
+
const logger$e = credentialLogger("ClientSecretCredential");
|
|
1769
1801
|
/**
|
|
1770
1802
|
* Enables authentication to Azure Active Directory using a client secret
|
|
1771
1803
|
* that was generated for an App Registration. More information on how
|
|
@@ -1789,7 +1821,7 @@ class ClientSecretCredential {
|
|
|
1789
1821
|
if (!tenantId || !clientId || !clientSecret) {
|
|
1790
1822
|
throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
|
|
1791
1823
|
}
|
|
1792
|
-
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$
|
|
1824
|
+
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$e,
|
|
1793
1825
|
clientId,
|
|
1794
1826
|
tenantId,
|
|
1795
1827
|
clientSecret, tokenCredentialOptions: options }));
|
|
@@ -1811,7 +1843,7 @@ class ClientSecretCredential {
|
|
|
1811
1843
|
}
|
|
1812
1844
|
|
|
1813
1845
|
// Copyright (c) Microsoft Corporation.
|
|
1814
|
-
const readFileAsync = util.promisify(fs.readFile);
|
|
1846
|
+
const readFileAsync$2 = util.promisify(fs.readFile);
|
|
1815
1847
|
/**
|
|
1816
1848
|
* Tries to asynchronously load a certificate from the given path.
|
|
1817
1849
|
*
|
|
@@ -1823,7 +1855,7 @@ const readFileAsync = util.promisify(fs.readFile);
|
|
|
1823
1855
|
async function parseCertificate(configuration, sendCertificateChain) {
|
|
1824
1856
|
const certificateParts = {};
|
|
1825
1857
|
certificateParts.certificateContents =
|
|
1826
|
-
configuration.certificate || (await readFileAsync(configuration.certificatePath, "utf8"));
|
|
1858
|
+
configuration.certificate || (await readFileAsync$2(configuration.certificatePath, "utf8"));
|
|
1827
1859
|
if (sendCertificateChain) {
|
|
1828
1860
|
certificateParts.x5c = certificateParts.certificateContents;
|
|
1829
1861
|
}
|
|
@@ -1894,8 +1926,8 @@ class MsalClientCertificate extends MsalNode {
|
|
|
1894
1926
|
}
|
|
1895
1927
|
|
|
1896
1928
|
// Copyright (c) Microsoft Corporation.
|
|
1897
|
-
const credentialName = "ClientCertificateCredential";
|
|
1898
|
-
const logger$
|
|
1929
|
+
const credentialName$2 = "ClientCertificateCredential";
|
|
1930
|
+
const logger$d = credentialLogger(credentialName$2);
|
|
1899
1931
|
/**
|
|
1900
1932
|
* Enables authentication to Azure Active Directory using a PEM-encoded
|
|
1901
1933
|
* certificate that is assigned to an App Registration. More information
|
|
@@ -1907,7 +1939,7 @@ const logger$6 = credentialLogger(credentialName);
|
|
|
1907
1939
|
class ClientCertificateCredential {
|
|
1908
1940
|
constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
|
|
1909
1941
|
if (!tenantId || !clientId) {
|
|
1910
|
-
throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
|
|
1942
|
+
throw new Error(`${credentialName$2}: tenantId and clientId are required parameters.`);
|
|
1911
1943
|
}
|
|
1912
1944
|
const configuration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
|
|
1913
1945
|
? {
|
|
@@ -1915,13 +1947,13 @@ class ClientCertificateCredential {
|
|
|
1915
1947
|
}
|
|
1916
1948
|
: certificatePathOrConfiguration));
|
|
1917
1949
|
if (!configuration || !(configuration.certificate || configuration.certificatePath)) {
|
|
1918
|
-
throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1950
|
+
throw new Error(`${credentialName$2}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1919
1951
|
}
|
|
1920
1952
|
if (configuration.certificate && configuration.certificatePath) {
|
|
1921
|
-
throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1953
|
+
throw new Error(`${credentialName$2}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
1922
1954
|
}
|
|
1923
1955
|
this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { configuration,
|
|
1924
|
-
logger: logger$
|
|
1956
|
+
logger: logger$d,
|
|
1925
1957
|
clientId,
|
|
1926
1958
|
tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
|
|
1927
1959
|
}
|
|
@@ -1934,7 +1966,7 @@ class ClientCertificateCredential {
|
|
|
1934
1966
|
* TokenCredential implementation might make.
|
|
1935
1967
|
*/
|
|
1936
1968
|
async getToken(scopes, options = {}) {
|
|
1937
|
-
return trace(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
1969
|
+
return trace(`${credentialName$2}.getToken`, options, async (newOptions) => {
|
|
1938
1970
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
1939
1971
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
1940
1972
|
});
|
|
@@ -1972,7 +2004,7 @@ class MsalUsernamePassword extends MsalNode {
|
|
|
1972
2004
|
}
|
|
1973
2005
|
|
|
1974
2006
|
// Copyright (c) Microsoft Corporation.
|
|
1975
|
-
const logger$
|
|
2007
|
+
const logger$c = credentialLogger("UsernamePasswordCredential");
|
|
1976
2008
|
/**
|
|
1977
2009
|
* Enables authentication to Azure Active Directory with a user's
|
|
1978
2010
|
* username and password. This credential requires a high degree of
|
|
@@ -1995,7 +2027,7 @@ class UsernamePasswordCredential {
|
|
|
1995
2027
|
if (!tenantId || !clientId || !username || !password) {
|
|
1996
2028
|
throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
1997
2029
|
}
|
|
1998
|
-
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$
|
|
2030
|
+
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$c,
|
|
1999
2031
|
clientId,
|
|
2000
2032
|
tenantId,
|
|
2001
2033
|
username,
|
|
@@ -2038,7 +2070,7 @@ const AllSupportedEnvironmentVariables = [
|
|
|
2038
2070
|
"AZURE_PASSWORD",
|
|
2039
2071
|
];
|
|
2040
2072
|
const credentialName$1 = "EnvironmentCredential";
|
|
2041
|
-
const logger$
|
|
2073
|
+
const logger$b = credentialLogger(credentialName$1);
|
|
2042
2074
|
/**
|
|
2043
2075
|
* Enables authentication to Azure Active Directory using client secret
|
|
2044
2076
|
* details configured in environment variables
|
|
@@ -2068,26 +2100,26 @@ class EnvironmentCredential {
|
|
|
2068
2100
|
// Keep track of any missing environment variables for error details
|
|
2069
2101
|
this._credential = undefined;
|
|
2070
2102
|
const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(", ");
|
|
2071
|
-
logger$
|
|
2103
|
+
logger$b.info(`Found the following environment variables: ${assigned}`);
|
|
2072
2104
|
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
|
|
2073
2105
|
if (tenantId) {
|
|
2074
|
-
checkTenantId(logger$
|
|
2106
|
+
checkTenantId(logger$b, tenantId);
|
|
2075
2107
|
}
|
|
2076
2108
|
if (tenantId && clientId && clientSecret) {
|
|
2077
|
-
logger$
|
|
2109
|
+
logger$b.info(`Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`);
|
|
2078
2110
|
this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
|
|
2079
2111
|
return;
|
|
2080
2112
|
}
|
|
2081
2113
|
const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
|
|
2082
2114
|
if (tenantId && clientId && certificatePath) {
|
|
2083
|
-
logger$
|
|
2115
|
+
logger$b.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
|
|
2084
2116
|
this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath }, options);
|
|
2085
2117
|
return;
|
|
2086
2118
|
}
|
|
2087
2119
|
const username = process.env.AZURE_USERNAME;
|
|
2088
2120
|
const password = process.env.AZURE_PASSWORD;
|
|
2089
2121
|
if (tenantId && clientId && username && password) {
|
|
2090
|
-
logger$
|
|
2122
|
+
logger$b.info(`Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`);
|
|
2091
2123
|
this._credential = new UsernamePasswordCredential(tenantId, clientId, username, password, options);
|
|
2092
2124
|
}
|
|
2093
2125
|
}
|
|
@@ -2102,7 +2134,7 @@ class EnvironmentCredential {
|
|
|
2102
2134
|
if (this._credential) {
|
|
2103
2135
|
try {
|
|
2104
2136
|
const result = await this._credential.getToken(scopes, newOptions);
|
|
2105
|
-
logger$
|
|
2137
|
+
logger$b.getToken.info(formatSuccess(scopes));
|
|
2106
2138
|
return result;
|
|
2107
2139
|
}
|
|
2108
2140
|
catch (err) {
|
|
@@ -2110,7 +2142,7 @@ class EnvironmentCredential {
|
|
|
2110
2142
|
error: `${credentialName$1} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
|
|
2111
2143
|
error_description: err.message.toString().split("More details:").join(""),
|
|
2112
2144
|
});
|
|
2113
|
-
logger$
|
|
2145
|
+
logger$b.getToken.info(formatError(scopes, authenticationError));
|
|
2114
2146
|
throw authenticationError;
|
|
2115
2147
|
}
|
|
2116
2148
|
}
|
|
@@ -2156,22 +2188,22 @@ function mapScopesToResource(scopes) {
|
|
|
2156
2188
|
}
|
|
2157
2189
|
|
|
2158
2190
|
// Copyright (c) Microsoft Corporation.
|
|
2159
|
-
const msiName = "ManagedIdentityCredential - AppServiceMSI 2017";
|
|
2160
|
-
const logger$
|
|
2191
|
+
const msiName$5 = "ManagedIdentityCredential - AppServiceMSI 2017";
|
|
2192
|
+
const logger$a = credentialLogger(msiName$5);
|
|
2161
2193
|
/**
|
|
2162
2194
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2163
2195
|
*/
|
|
2164
|
-
function expiresOnParser(requestBody) {
|
|
2196
|
+
function expiresOnParser$2(requestBody) {
|
|
2165
2197
|
// App Service always returns string expires_on values.
|
|
2166
2198
|
return Date.parse(requestBody.expires_on);
|
|
2167
2199
|
}
|
|
2168
2200
|
/**
|
|
2169
2201
|
* Generates the options used on the request for an access token.
|
|
2170
2202
|
*/
|
|
2171
|
-
function prepareRequestOptions(scopes, clientId) {
|
|
2203
|
+
function prepareRequestOptions$5(scopes, clientId) {
|
|
2172
2204
|
const resource = mapScopesToResource(scopes);
|
|
2173
2205
|
if (!resource) {
|
|
2174
|
-
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2206
|
+
throw new Error(`${msiName$5}: Multiple scopes are not supported.`);
|
|
2175
2207
|
}
|
|
2176
2208
|
const queryParameters = {
|
|
2177
2209
|
resource,
|
|
@@ -2183,10 +2215,10 @@ function prepareRequestOptions(scopes, clientId) {
|
|
|
2183
2215
|
const query = new URLSearchParams(queryParameters);
|
|
2184
2216
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2185
2217
|
if (!process.env.MSI_ENDPOINT) {
|
|
2186
|
-
throw new Error(`${msiName}: Missing environment variable: MSI_ENDPOINT`);
|
|
2218
|
+
throw new Error(`${msiName$5}: Missing environment variable: MSI_ENDPOINT`);
|
|
2187
2219
|
}
|
|
2188
2220
|
if (!process.env.MSI_SECRET) {
|
|
2189
|
-
throw new Error(`${msiName}: Missing environment variable: MSI_SECRET`);
|
|
2221
|
+
throw new Error(`${msiName$5}: Missing environment variable: MSI_SECRET`);
|
|
2190
2222
|
}
|
|
2191
2223
|
return {
|
|
2192
2224
|
url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,
|
|
@@ -2204,37 +2236,37 @@ const appServiceMsi2017 = {
|
|
|
2204
2236
|
async isAvailable(scopes) {
|
|
2205
2237
|
const resource = mapScopesToResource(scopes);
|
|
2206
2238
|
if (!resource) {
|
|
2207
|
-
logger$
|
|
2239
|
+
logger$a.info(`${msiName$5}: Unavailable. Multiple scopes are not supported.`);
|
|
2208
2240
|
return false;
|
|
2209
2241
|
}
|
|
2210
2242
|
const env = process.env;
|
|
2211
2243
|
const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);
|
|
2212
2244
|
if (!result) {
|
|
2213
|
-
logger$
|
|
2245
|
+
logger$a.info(`${msiName$5}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`);
|
|
2214
2246
|
}
|
|
2215
2247
|
return result;
|
|
2216
2248
|
},
|
|
2217
2249
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2218
2250
|
const { identityClient, scopes, clientId } = configuration;
|
|
2219
|
-
logger$
|
|
2220
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)), {
|
|
2251
|
+
logger$a.info(`${msiName$5}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`);
|
|
2252
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$5(scopes, clientId)), {
|
|
2221
2253
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2222
2254
|
allowInsecureConnection: true }));
|
|
2223
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
|
|
2255
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$2);
|
|
2224
2256
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2225
2257
|
},
|
|
2226
2258
|
};
|
|
2227
2259
|
|
|
2228
2260
|
// Copyright (c) Microsoft Corporation.
|
|
2229
|
-
const msiName$
|
|
2230
|
-
const logger$
|
|
2261
|
+
const msiName$4 = "ManagedIdentityCredential - CloudShellMSI";
|
|
2262
|
+
const logger$9 = credentialLogger(msiName$4);
|
|
2231
2263
|
/**
|
|
2232
2264
|
* Generates the options used on the request for an access token.
|
|
2233
2265
|
*/
|
|
2234
|
-
function prepareRequestOptions$
|
|
2266
|
+
function prepareRequestOptions$4(scopes, clientId) {
|
|
2235
2267
|
const resource = mapScopesToResource(scopes);
|
|
2236
2268
|
if (!resource) {
|
|
2237
|
-
throw new Error(`${msiName$
|
|
2269
|
+
throw new Error(`${msiName$4}: Multiple scopes are not supported.`);
|
|
2238
2270
|
}
|
|
2239
2271
|
const body = {
|
|
2240
2272
|
resource,
|
|
@@ -2244,7 +2276,7 @@ function prepareRequestOptions$1(scopes, clientId) {
|
|
|
2244
2276
|
}
|
|
2245
2277
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2246
2278
|
if (!process.env.MSI_ENDPOINT) {
|
|
2247
|
-
throw new Error(`${msiName$
|
|
2279
|
+
throw new Error(`${msiName$4}: Missing environment variable: MSI_ENDPOINT`);
|
|
2248
2280
|
}
|
|
2249
2281
|
const params = new URLSearchParams(body);
|
|
2250
2282
|
return {
|
|
@@ -2265,19 +2297,19 @@ const cloudShellMsi = {
|
|
|
2265
2297
|
async isAvailable(scopes) {
|
|
2266
2298
|
const resource = mapScopesToResource(scopes);
|
|
2267
2299
|
if (!resource) {
|
|
2268
|
-
logger$
|
|
2300
|
+
logger$9.info(`${msiName$4}: Unavailable. Multiple scopes are not supported.`);
|
|
2269
2301
|
return false;
|
|
2270
2302
|
}
|
|
2271
2303
|
const result = Boolean(process.env.MSI_ENDPOINT);
|
|
2272
2304
|
if (!result) {
|
|
2273
|
-
logger$
|
|
2305
|
+
logger$9.info(`${msiName$4}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);
|
|
2274
2306
|
}
|
|
2275
2307
|
return result;
|
|
2276
2308
|
},
|
|
2277
2309
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2278
2310
|
const { identityClient, scopes, clientId } = configuration;
|
|
2279
|
-
logger$
|
|
2280
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2311
|
+
logger$9.info(`${msiName$4}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`);
|
|
2312
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, clientId)), {
|
|
2281
2313
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2282
2314
|
allowInsecureConnection: true }));
|
|
2283
2315
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2286,8 +2318,8 @@ const cloudShellMsi = {
|
|
|
2286
2318
|
};
|
|
2287
2319
|
|
|
2288
2320
|
// Copyright (c) Microsoft Corporation.
|
|
2289
|
-
const msiName$
|
|
2290
|
-
const logger$
|
|
2321
|
+
const msiName$3 = "ManagedIdentityCredential - IMDS";
|
|
2322
|
+
const logger$8 = credentialLogger(msiName$3);
|
|
2291
2323
|
/**
|
|
2292
2324
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2293
2325
|
*/
|
|
@@ -2295,24 +2327,24 @@ function expiresOnParser$1(requestBody) {
|
|
|
2295
2327
|
if (requestBody.expires_on) {
|
|
2296
2328
|
// Use the expires_on timestamp if it's available
|
|
2297
2329
|
const expires = +requestBody.expires_on * 1000;
|
|
2298
|
-
logger$
|
|
2330
|
+
logger$8.info(`${msiName$3}: Using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
|
|
2299
2331
|
return expires;
|
|
2300
2332
|
}
|
|
2301
2333
|
else {
|
|
2302
2334
|
// If these aren't possible, use expires_in and calculate a timestamp
|
|
2303
2335
|
const expires = Date.now() + requestBody.expires_in * 1000;
|
|
2304
|
-
logger$
|
|
2336
|
+
logger$8.info(`${msiName$3}: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
|
|
2305
2337
|
return expires;
|
|
2306
2338
|
}
|
|
2307
2339
|
}
|
|
2308
2340
|
/**
|
|
2309
2341
|
* Generates the options used on the request for an access token.
|
|
2310
2342
|
*/
|
|
2311
|
-
function prepareRequestOptions$
|
|
2343
|
+
function prepareRequestOptions$3(scopes, clientId, options) {
|
|
2312
2344
|
var _a;
|
|
2313
2345
|
const resource = mapScopesToResource(scopes);
|
|
2314
2346
|
if (!resource) {
|
|
2315
|
-
throw new Error(`${msiName$
|
|
2347
|
+
throw new Error(`${msiName$3}: Multiple scopes are not supported.`);
|
|
2316
2348
|
}
|
|
2317
2349
|
const { skipQuery, skipMetadataHeader } = options || {};
|
|
2318
2350
|
let query = "";
|
|
@@ -2359,7 +2391,7 @@ const imdsMsi = {
|
|
|
2359
2391
|
var _a, _b;
|
|
2360
2392
|
const resource = mapScopesToResource(scopes);
|
|
2361
2393
|
if (!resource) {
|
|
2362
|
-
logger$
|
|
2394
|
+
logger$8.info(`${msiName$3}: Unavailable. Multiple scopes are not supported.`);
|
|
2363
2395
|
return false;
|
|
2364
2396
|
}
|
|
2365
2397
|
const { span, updatedOptions: options } = createSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions);
|
|
@@ -2367,7 +2399,7 @@ const imdsMsi = {
|
|
|
2367
2399
|
if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
|
|
2368
2400
|
return true;
|
|
2369
2401
|
}
|
|
2370
|
-
const requestOptions = prepareRequestOptions$
|
|
2402
|
+
const requestOptions = prepareRequestOptions$3(resource, clientId, {
|
|
2371
2403
|
skipMetadataHeader: true,
|
|
2372
2404
|
skipQuery: true,
|
|
2373
2405
|
});
|
|
@@ -2381,7 +2413,7 @@ const imdsMsi = {
|
|
|
2381
2413
|
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
2382
2414
|
request.allowInsecureConnection = true;
|
|
2383
2415
|
try {
|
|
2384
|
-
logger$
|
|
2416
|
+
logger$8.info(`${msiName$3}: Pinging the Azure IMDS endpoint`);
|
|
2385
2417
|
await identityClient.sendRequest(request);
|
|
2386
2418
|
}
|
|
2387
2419
|
catch (err) {
|
|
@@ -2393,7 +2425,7 @@ const imdsMsi = {
|
|
|
2393
2425
|
) {
|
|
2394
2426
|
// If the request failed, or Node.js was unable to establish a connection,
|
|
2395
2427
|
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
|
2396
|
-
logger$
|
|
2428
|
+
logger$8.info(`${msiName$3}: The Azure IMDS endpoint is unavailable`);
|
|
2397
2429
|
span.setStatus({
|
|
2398
2430
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2399
2431
|
message: err.message,
|
|
@@ -2402,13 +2434,13 @@ const imdsMsi = {
|
|
|
2402
2434
|
}
|
|
2403
2435
|
}
|
|
2404
2436
|
// If we received any response, the endpoint is available
|
|
2405
|
-
logger$
|
|
2437
|
+
logger$8.info(`${msiName$3}: The Azure IMDS endpoint is available`);
|
|
2406
2438
|
return true;
|
|
2407
2439
|
}
|
|
2408
2440
|
catch (err) {
|
|
2409
2441
|
// createWebResource failed.
|
|
2410
2442
|
// This error should bubble up to the user.
|
|
2411
|
-
logger$
|
|
2443
|
+
logger$8.info(`${msiName$3}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
|
|
2412
2444
|
span.setStatus({
|
|
2413
2445
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2414
2446
|
message: err.message,
|
|
@@ -2421,11 +2453,11 @@ const imdsMsi = {
|
|
|
2421
2453
|
},
|
|
2422
2454
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2423
2455
|
const { identityClient, scopes, clientId } = configuration;
|
|
2424
|
-
logger$
|
|
2456
|
+
logger$8.info(`${msiName$3}: Using the Azure IMDS endpoint coming from the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`);
|
|
2425
2457
|
let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
|
|
2426
2458
|
for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
|
|
2427
2459
|
try {
|
|
2428
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2460
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$3(scopes, clientId)), { allowInsecureConnection: true }));
|
|
2429
2461
|
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$1);
|
|
2430
2462
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2431
2463
|
}
|
|
@@ -2438,20 +2470,20 @@ const imdsMsi = {
|
|
|
2438
2470
|
throw error;
|
|
2439
2471
|
}
|
|
2440
2472
|
}
|
|
2441
|
-
throw new AuthenticationError(404, `${msiName$
|
|
2473
|
+
throw new AuthenticationError(404, `${msiName$3}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`);
|
|
2442
2474
|
},
|
|
2443
2475
|
};
|
|
2444
2476
|
|
|
2445
2477
|
// Copyright (c) Microsoft Corporation.
|
|
2446
|
-
const msiName$
|
|
2447
|
-
const logger$
|
|
2478
|
+
const msiName$2 = "ManagedIdentityCredential - Azure Arc MSI";
|
|
2479
|
+
const logger$7 = credentialLogger(msiName$2);
|
|
2448
2480
|
/**
|
|
2449
2481
|
* Generates the options used on the request for an access token.
|
|
2450
2482
|
*/
|
|
2451
|
-
function prepareRequestOptions$
|
|
2483
|
+
function prepareRequestOptions$2(scopes) {
|
|
2452
2484
|
const resource = mapScopesToResource(scopes);
|
|
2453
2485
|
if (!resource) {
|
|
2454
|
-
throw new Error(`${msiName$
|
|
2486
|
+
throw new Error(`${msiName$2}: Multiple scopes are not supported.`);
|
|
2455
2487
|
}
|
|
2456
2488
|
const queryParameters = {
|
|
2457
2489
|
resource,
|
|
@@ -2460,7 +2492,7 @@ function prepareRequestOptions$3(scopes) {
|
|
|
2460
2492
|
const query = new URLSearchParams(queryParameters);
|
|
2461
2493
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2462
2494
|
if (!process.env.IDENTITY_ENDPOINT) {
|
|
2463
|
-
throw new Error(`${msiName$
|
|
2495
|
+
throw new Error(`${msiName$2}: Missing environment variable: IDENTITY_ENDPOINT`);
|
|
2464
2496
|
}
|
|
2465
2497
|
return coreRestPipeline.createPipelineRequest({
|
|
2466
2498
|
// Should be similar to: http://localhost:40342/metadata/identity/oauth2/token
|
|
@@ -2494,7 +2526,7 @@ async function filePathRequest(identityClient, requestPrepareOptions) {
|
|
|
2494
2526
|
if (response.bodyAsText) {
|
|
2495
2527
|
message = ` Response: ${response.bodyAsText}`;
|
|
2496
2528
|
}
|
|
2497
|
-
throw new AuthenticationError(response.status, `${msiName$
|
|
2529
|
+
throw new AuthenticationError(response.status, `${msiName$2}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`);
|
|
2498
2530
|
}
|
|
2499
2531
|
const authHeader = response.headers.get("www-authenticate") || "";
|
|
2500
2532
|
try {
|
|
@@ -2511,26 +2543,26 @@ const arcMsi = {
|
|
|
2511
2543
|
async isAvailable(scopes) {
|
|
2512
2544
|
const resource = mapScopesToResource(scopes);
|
|
2513
2545
|
if (!resource) {
|
|
2514
|
-
logger$
|
|
2546
|
+
logger$7.info(`${msiName$2}: Unavailable. Multiple scopes are not supported.`);
|
|
2515
2547
|
return false;
|
|
2516
2548
|
}
|
|
2517
2549
|
const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);
|
|
2518
2550
|
if (!result) {
|
|
2519
|
-
logger$
|
|
2551
|
+
logger$7.info(`${msiName$2}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`);
|
|
2520
2552
|
}
|
|
2521
2553
|
return result;
|
|
2522
2554
|
},
|
|
2523
2555
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2524
2556
|
var _a;
|
|
2525
2557
|
const { identityClient, scopes, clientId } = configuration;
|
|
2526
|
-
logger$
|
|
2558
|
+
logger$7.info(`${msiName$2}: Authenticating.`);
|
|
2527
2559
|
if (clientId) {
|
|
2528
|
-
throw new Error(`${msiName$
|
|
2560
|
+
throw new Error(`${msiName$2}: User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity, omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.`);
|
|
2529
2561
|
}
|
|
2530
|
-
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2562
|
+
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$2(scopes)), { allowInsecureConnection: true });
|
|
2531
2563
|
const filePath = await filePathRequest(identityClient, requestOptions);
|
|
2532
2564
|
if (!filePath) {
|
|
2533
|
-
throw new Error(`${msiName$
|
|
2565
|
+
throw new Error(`${msiName$2}: Failed to find the token file.`);
|
|
2534
2566
|
}
|
|
2535
2567
|
const key = await readFileAsync$1(filePath, { encoding: "utf-8" });
|
|
2536
2568
|
(_a = requestOptions.headers) === null || _a === void 0 ? void 0 : _a.set("Authorization", `Basic ${key}`);
|
|
@@ -2543,13 +2575,13 @@ const arcMsi = {
|
|
|
2543
2575
|
};
|
|
2544
2576
|
|
|
2545
2577
|
// Copyright (c) Microsoft Corporation.
|
|
2546
|
-
const msiName$
|
|
2547
|
-
const logger$
|
|
2548
|
-
const readFileAsync
|
|
2578
|
+
const msiName$1 = "ManagedIdentityCredential - Token Exchange";
|
|
2579
|
+
const logger$6 = credentialLogger(msiName$1);
|
|
2580
|
+
const readFileAsync = util.promisify(fs__default["default"].readFile);
|
|
2549
2581
|
/**
|
|
2550
2582
|
* Generates the options used on the request for an access token.
|
|
2551
2583
|
*/
|
|
2552
|
-
function prepareRequestOptions$
|
|
2584
|
+
function prepareRequestOptions$1(scopes, clientAssertion, clientId) {
|
|
2553
2585
|
var _a;
|
|
2554
2586
|
const bodyParams = {
|
|
2555
2587
|
scope: Array.isArray(scopes) ? scopes.join(" ") : scopes,
|
|
@@ -2583,7 +2615,7 @@ function tokenExchangeMsi() {
|
|
|
2583
2615
|
azureFederatedTokenFileContent = undefined;
|
|
2584
2616
|
}
|
|
2585
2617
|
if (!azureFederatedTokenFileContent) {
|
|
2586
|
-
const file = await readFileAsync
|
|
2618
|
+
const file = await readFileAsync(azureFederatedTokenFilePath, "utf8");
|
|
2587
2619
|
const value = file.trim();
|
|
2588
2620
|
if (!value) {
|
|
2589
2621
|
throw new Error(`No content on the file ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`);
|
|
@@ -2600,21 +2632,21 @@ function tokenExchangeMsi() {
|
|
|
2600
2632
|
const env = process.env;
|
|
2601
2633
|
const result = Boolean((clientId || env.AZURE_CLIENT_ID) && env.AZURE_TENANT_ID && azureFederatedTokenFilePath);
|
|
2602
2634
|
if (!result) {
|
|
2603
|
-
logger$
|
|
2635
|
+
logger$6.info(`${msiName$1}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`);
|
|
2604
2636
|
}
|
|
2605
2637
|
return result;
|
|
2606
2638
|
},
|
|
2607
2639
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2608
2640
|
const { identityClient, scopes, clientId } = configuration;
|
|
2609
|
-
logger$
|
|
2641
|
+
logger$6.info(`${msiName$1}: Using the client assertion coming from environment variables.`);
|
|
2610
2642
|
let assertion;
|
|
2611
2643
|
try {
|
|
2612
2644
|
assertion = await readAssertion();
|
|
2613
2645
|
}
|
|
2614
2646
|
catch (err) {
|
|
2615
|
-
throw new Error(`${msiName$
|
|
2647
|
+
throw new Error(`${msiName$1}: Failed to read ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`);
|
|
2616
2648
|
}
|
|
2617
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2649
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$1(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID)), {
|
|
2618
2650
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2619
2651
|
allowInsecureConnection: true }));
|
|
2620
2652
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2634,22 +2666,22 @@ function tokenExchangeMsi() {
|
|
|
2634
2666
|
//
|
|
2635
2667
|
// curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H "Secret: $IDENTITY_HEADER"
|
|
2636
2668
|
//
|
|
2637
|
-
const msiName
|
|
2638
|
-
const logger$
|
|
2669
|
+
const msiName = "ManagedIdentityCredential - Fabric MSI";
|
|
2670
|
+
const logger$5 = credentialLogger(msiName);
|
|
2639
2671
|
/**
|
|
2640
2672
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2641
2673
|
*/
|
|
2642
|
-
function expiresOnParser
|
|
2674
|
+
function expiresOnParser(requestBody) {
|
|
2643
2675
|
// Parses a string representation of the milliseconds since epoch into a number value
|
|
2644
2676
|
return Number(requestBody.expires_on);
|
|
2645
2677
|
}
|
|
2646
2678
|
/**
|
|
2647
2679
|
* Generates the options used on the request for an access token.
|
|
2648
2680
|
*/
|
|
2649
|
-
function prepareRequestOptions
|
|
2681
|
+
function prepareRequestOptions(scopes, clientId) {
|
|
2650
2682
|
const resource = mapScopesToResource(scopes);
|
|
2651
2683
|
if (!resource) {
|
|
2652
|
-
throw new Error(`${msiName
|
|
2684
|
+
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2653
2685
|
}
|
|
2654
2686
|
const queryParameters = {
|
|
2655
2687
|
resource,
|
|
@@ -2682,38 +2714,38 @@ const fabricMsi = {
|
|
|
2682
2714
|
async isAvailable(scopes) {
|
|
2683
2715
|
const resource = mapScopesToResource(scopes);
|
|
2684
2716
|
if (!resource) {
|
|
2685
|
-
logger$
|
|
2717
|
+
logger$5.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
|
|
2686
2718
|
return false;
|
|
2687
2719
|
}
|
|
2688
2720
|
const env = process.env;
|
|
2689
2721
|
const result = Boolean(env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT);
|
|
2690
2722
|
if (!result) {
|
|
2691
|
-
logger$
|
|
2723
|
+
logger$5.info(`${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`);
|
|
2692
2724
|
}
|
|
2693
2725
|
return result;
|
|
2694
2726
|
},
|
|
2695
2727
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2696
2728
|
const { scopes, identityClient, clientId } = configuration;
|
|
2697
|
-
logger$
|
|
2698
|
-
`${msiName
|
|
2729
|
+
logger$5.info([
|
|
2730
|
+
`${msiName}:`,
|
|
2699
2731
|
"Using the endpoint and the secret coming from the environment variables:",
|
|
2700
2732
|
`IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,
|
|
2701
2733
|
"IDENTITY_HEADER=[REDACTED] and",
|
|
2702
2734
|
"IDENTITY_SERVER_THUMBPRINT=[REDACTED].",
|
|
2703
2735
|
].join(" "));
|
|
2704
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions
|
|
2705
|
-
request.agent = new
|
|
2736
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId)));
|
|
2737
|
+
request.agent = new https__default["default"].Agent({
|
|
2706
2738
|
// This is necessary because Service Fabric provides a self-signed certificate.
|
|
2707
2739
|
// The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
|
|
2708
2740
|
rejectUnauthorized: false,
|
|
2709
2741
|
});
|
|
2710
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser
|
|
2742
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
|
|
2711
2743
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2712
2744
|
},
|
|
2713
2745
|
};
|
|
2714
2746
|
|
|
2715
2747
|
// Copyright (c) Microsoft Corporation.
|
|
2716
|
-
const logger$
|
|
2748
|
+
const logger$4 = credentialLogger("ManagedIdentityCredential");
|
|
2717
2749
|
/**
|
|
2718
2750
|
* Attempts authentication using a managed identity available at the deployment environment.
|
|
2719
2751
|
* This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
|
|
@@ -2800,7 +2832,7 @@ class ManagedIdentityCredential {
|
|
|
2800
2832
|
// It also means that the endpoint answered with either 200 or 201 (see the sendTokenRequest method),
|
|
2801
2833
|
// yet we had no access token. For this reason, we'll throw once with a specific message:
|
|
2802
2834
|
const error = new CredentialUnavailableError("The managed identity endpoint was reached, yet no tokens were received.");
|
|
2803
|
-
logger$
|
|
2835
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2804
2836
|
throw error;
|
|
2805
2837
|
}
|
|
2806
2838
|
// Since `authenticateManagedIdentity` didn't throw, and the result was not null,
|
|
@@ -2812,10 +2844,10 @@ class ManagedIdentityCredential {
|
|
|
2812
2844
|
// We've previously determined that the endpoint was unavailable,
|
|
2813
2845
|
// either because it was unreachable or permanently unable to authenticate.
|
|
2814
2846
|
const error = new CredentialUnavailableError("The managed identity endpoint is not currently available");
|
|
2815
|
-
logger$
|
|
2847
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2816
2848
|
throw error;
|
|
2817
2849
|
}
|
|
2818
|
-
logger$
|
|
2850
|
+
logger$4.getToken.info(formatSuccess(scopes));
|
|
2819
2851
|
return result;
|
|
2820
2852
|
}
|
|
2821
2853
|
catch (err) {
|
|
@@ -2837,14 +2869,14 @@ class ManagedIdentityCredential {
|
|
|
2837
2869
|
// we can safely assume the credential is unavailable.
|
|
2838
2870
|
if (err.code === "ENETUNREACH") {
|
|
2839
2871
|
const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`);
|
|
2840
|
-
logger$
|
|
2872
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2841
2873
|
throw error;
|
|
2842
2874
|
}
|
|
2843
2875
|
// If either the host was unreachable,
|
|
2844
2876
|
// we can safely assume the credential is unavailable.
|
|
2845
2877
|
if (err.code === "EHOSTUNREACH") {
|
|
2846
2878
|
const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. No managed identity endpoint found. Message: ${err.message}`);
|
|
2847
|
-
logger$
|
|
2879
|
+
logger$4.getToken.info(formatError(scopes, error));
|
|
2848
2880
|
throw error;
|
|
2849
2881
|
}
|
|
2850
2882
|
// If err.statusCode has a value of 400, it comes from sendTokenRequest,
|
|
@@ -2938,7 +2970,7 @@ class DefaultAzureCredential extends ChainedTokenCredential {
|
|
|
2938
2970
|
* @internal
|
|
2939
2971
|
*/
|
|
2940
2972
|
const interactiveBrowserMockable = {
|
|
2941
|
-
open,
|
|
2973
|
+
open: open__default["default"],
|
|
2942
2974
|
};
|
|
2943
2975
|
/**
|
|
2944
2976
|
* This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`
|
|
@@ -3020,8 +3052,8 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3020
3052
|
cleanup();
|
|
3021
3053
|
});
|
|
3022
3054
|
};
|
|
3023
|
-
const app =
|
|
3024
|
-
const server =
|
|
3055
|
+
const app = http__default["default"].createServer(requestListener);
|
|
3056
|
+
const server = stoppable__default["default"](app);
|
|
3025
3057
|
const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
|
|
3026
3058
|
function cleanup() {
|
|
3027
3059
|
if (listen) {
|
|
@@ -3068,7 +3100,7 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3068
3100
|
}
|
|
3069
3101
|
async openAuthCodeUrl(scopeArray, options) {
|
|
3070
3102
|
// Initialize CryptoProvider instance
|
|
3071
|
-
const cryptoProvider = new
|
|
3103
|
+
const cryptoProvider = new msalNode__namespace.CryptoProvider();
|
|
3072
3104
|
// Generate PKCE Codes before starting the authorization flow
|
|
3073
3105
|
this.pkceCodes = await cryptoProvider.generatePkceCodes();
|
|
3074
3106
|
const authCodeUrlParameters = {
|
|
@@ -3092,7 +3124,7 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3092
3124
|
}
|
|
3093
3125
|
|
|
3094
3126
|
// Copyright (c) Microsoft Corporation.
|
|
3095
|
-
const logger$
|
|
3127
|
+
const logger$3 = credentialLogger("InteractiveBrowserCredential");
|
|
3096
3128
|
/**
|
|
3097
3129
|
* Enables authentication to Azure Active Directory inside of the web browser
|
|
3098
3130
|
* using the interactive login flow.
|
|
@@ -3114,7 +3146,7 @@ class InteractiveBrowserCredential {
|
|
|
3114
3146
|
const redirectUri = typeof options.redirectUri === "function"
|
|
3115
3147
|
? options.redirectUri()
|
|
3116
3148
|
: options.redirectUri || "http://localhost";
|
|
3117
|
-
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$
|
|
3149
|
+
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$3,
|
|
3118
3150
|
redirectUri }));
|
|
3119
3151
|
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
3120
3152
|
}
|
|
@@ -3193,7 +3225,7 @@ class MsalDeviceCode extends MsalNode {
|
|
|
3193
3225
|
}
|
|
3194
3226
|
|
|
3195
3227
|
// Copyright (c) Microsoft Corporation.
|
|
3196
|
-
const logger$
|
|
3228
|
+
const logger$2 = credentialLogger("DeviceCodeCredential");
|
|
3197
3229
|
/**
|
|
3198
3230
|
* Method that logs the user code from the DeviceCodeCredential.
|
|
3199
3231
|
* @param deviceCodeInfo - The device code.
|
|
@@ -3227,7 +3259,7 @@ class DeviceCodeCredential {
|
|
|
3227
3259
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
3228
3260
|
*/
|
|
3229
3261
|
constructor(options) {
|
|
3230
|
-
this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$
|
|
3262
|
+
this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$2, userPromptCallback: (options === null || options === void 0 ? void 0 : options.userPromptCallback) || defaultDeviceCodePromptCallback, tokenCredentialOptions: options || {} }));
|
|
3231
3263
|
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
3232
3264
|
}
|
|
3233
3265
|
/**
|
|
@@ -3309,7 +3341,7 @@ class MsalAuthorizationCode extends MsalNode {
|
|
|
3309
3341
|
}
|
|
3310
3342
|
|
|
3311
3343
|
// Copyright (c) Microsoft Corporation.
|
|
3312
|
-
const logger$
|
|
3344
|
+
const logger$1 = credentialLogger("AuthorizationCodeCredential");
|
|
3313
3345
|
/**
|
|
3314
3346
|
* Enables authentication to Azure Active Directory using an authorization code
|
|
3315
3347
|
* that was obtained through the authorization code flow, described in more detail
|
|
@@ -3323,7 +3355,7 @@ class AuthorizationCodeCredential {
|
|
|
3323
3355
|
* @internal
|
|
3324
3356
|
*/
|
|
3325
3357
|
constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
|
|
3326
|
-
checkTenantId(logger$
|
|
3358
|
+
checkTenantId(logger$1, tenantId);
|
|
3327
3359
|
let clientSecret = clientSecretOrAuthorizationCode;
|
|
3328
3360
|
if (typeof redirectUriOrOptions === "string") {
|
|
3329
3361
|
// the clientId+clientSecret constructor
|
|
@@ -3339,7 +3371,7 @@ class AuthorizationCodeCredential {
|
|
|
3339
3371
|
options = redirectUriOrOptions;
|
|
3340
3372
|
}
|
|
3341
3373
|
this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
|
|
3342
|
-
clientId, tokenCredentialOptions: options || {}, logger: logger$
|
|
3374
|
+
clientId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
|
|
3343
3375
|
}
|
|
3344
3376
|
/**
|
|
3345
3377
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -3411,8 +3443,8 @@ class MsalOnBehalfOf extends MsalNode {
|
|
|
3411
3443
|
}
|
|
3412
3444
|
|
|
3413
3445
|
// Copyright (c) Microsoft Corporation.
|
|
3414
|
-
const credentialName
|
|
3415
|
-
const logger
|
|
3446
|
+
const credentialName = "OnBehalfOfCredential";
|
|
3447
|
+
const logger = credentialLogger(credentialName);
|
|
3416
3448
|
/**
|
|
3417
3449
|
* Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
|
|
3418
3450
|
*/
|
|
@@ -3444,9 +3476,9 @@ class OnBehalfOfCredential {
|
|
|
3444
3476
|
const { certificatePath } = options;
|
|
3445
3477
|
const { tenantId, clientId, userAssertionToken } = options;
|
|
3446
3478
|
if (!tenantId || !clientId || !(clientSecret || certificatePath) || !userAssertionToken) {
|
|
3447
|
-
throw new Error(`${credentialName
|
|
3479
|
+
throw new Error(`${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`);
|
|
3448
3480
|
}
|
|
3449
|
-
this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger
|
|
3481
|
+
this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger, tokenCredentialOptions: this.options }));
|
|
3450
3482
|
}
|
|
3451
3483
|
/**
|
|
3452
3484
|
* Authenticates with Azure Active Directory and returns an access token if successful.
|
|
@@ -3456,7 +3488,7 @@ class OnBehalfOfCredential {
|
|
|
3456
3488
|
* @param options - The options used to configure the underlying network requests.
|
|
3457
3489
|
*/
|
|
3458
3490
|
async getToken(scopes, options = {}) {
|
|
3459
|
-
return trace(`${credentialName
|
|
3491
|
+
return trace(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
3460
3492
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
3461
3493
|
return this.msalFlow.getToken(arrayScopes, newOptions);
|
|
3462
3494
|
});
|
|
@@ -3494,7 +3526,7 @@ exports.UsernamePasswordCredential = UsernamePasswordCredential;
|
|
|
3494
3526
|
exports.VisualStudioCodeCredential = VisualStudioCodeCredential;
|
|
3495
3527
|
exports.deserializeAuthenticationRecord = deserializeAuthenticationRecord;
|
|
3496
3528
|
exports.getDefaultAzureCredential = getDefaultAzureCredential;
|
|
3497
|
-
exports.logger = logger;
|
|
3529
|
+
exports.logger = logger$j;
|
|
3498
3530
|
exports.serializeAuthenticationRecord = serializeAuthenticationRecord;
|
|
3499
3531
|
exports.useIdentityPlugin = useIdentityPlugin;
|
|
3500
3532
|
//# sourceMappingURL=index.js.map
|