@azure/identity 2.1.0-alpha.20220318.2 → 2.1.0-alpha.20220330.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/CHANGELOG.md +4 -5
- package/README.md +1 -1
- package/dist/index.js +233 -179
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/clientCertificateCredential.js +5 -2
- package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +13 -26
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js +77 -0
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -0
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +10 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +0 -21
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -1
- package/dist-esm/src/index.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +5 -1
- package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
- package/package.json +2 -2
- package/types/identity.d.ts +123 -55
package/dist/index.js
CHANGED
|
@@ -8,7 +8,7 @@ var coreClient = require('@azure/core-client');
|
|
|
8
8
|
var coreUtil = require('@azure/core-util');
|
|
9
9
|
var coreRestPipeline = require('@azure/core-rest-pipeline');
|
|
10
10
|
var abortController = require('@azure/abort-controller');
|
|
11
|
-
var logger$
|
|
11
|
+
var logger$l = require('@azure/logger');
|
|
12
12
|
var msalCommon = require('@azure/msal-common');
|
|
13
13
|
var uuid = require('uuid');
|
|
14
14
|
var fs = require('fs');
|
|
@@ -273,7 +273,7 @@ async function trace(operationName, options, fn, createSpanFn = createSpan) {
|
|
|
273
273
|
/**
|
|
274
274
|
* The AzureLogger used for all clients within the identity package
|
|
275
275
|
*/
|
|
276
|
-
const logger$
|
|
276
|
+
const logger$k = logger$l.createClientLogger("identity");
|
|
277
277
|
/**
|
|
278
278
|
* Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.
|
|
279
279
|
* @param supportedEnvVars - List of environment variable names
|
|
@@ -313,7 +313,7 @@ function formatError(scope, error) {
|
|
|
313
313
|
* `[title] => [message]`
|
|
314
314
|
*
|
|
315
315
|
*/
|
|
316
|
-
function credentialLoggerInstance(title, parent, log = logger$
|
|
316
|
+
function credentialLoggerInstance(title, parent, log = logger$k) {
|
|
317
317
|
const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;
|
|
318
318
|
function info(message) {
|
|
319
319
|
log.info(`${fullTitle} =>`, message);
|
|
@@ -338,7 +338,7 @@ function credentialLoggerInstance(title, parent, log = logger$j) {
|
|
|
338
338
|
* `[title] => getToken() => [message]`
|
|
339
339
|
*
|
|
340
340
|
*/
|
|
341
|
-
function credentialLogger(title, log = logger$
|
|
341
|
+
function credentialLogger(title, log = logger$k) {
|
|
342
342
|
const credLogger = credentialLoggerInstance(title, undefined, log);
|
|
343
343
|
return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
|
|
344
344
|
}
|
|
@@ -386,7 +386,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
386
386
|
this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
|
|
387
387
|
}
|
|
388
388
|
async sendTokenRequest(request, expiresOnParser) {
|
|
389
|
-
logger$
|
|
389
|
+
logger$k.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
390
390
|
const response = await this.sendRequest(request);
|
|
391
391
|
expiresOnParser =
|
|
392
392
|
expiresOnParser ||
|
|
@@ -406,12 +406,12 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
406
406
|
},
|
|
407
407
|
refreshToken: parsedBody.refresh_token,
|
|
408
408
|
};
|
|
409
|
-
logger$
|
|
409
|
+
logger$k.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
|
|
410
410
|
return token;
|
|
411
411
|
}
|
|
412
412
|
else {
|
|
413
413
|
const error = new AuthenticationError(response.status, response.bodyAsText);
|
|
414
|
-
logger$
|
|
414
|
+
logger$k.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
|
|
415
415
|
throw error;
|
|
416
416
|
}
|
|
417
417
|
}
|
|
@@ -419,7 +419,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
419
419
|
if (refreshToken === undefined) {
|
|
420
420
|
return null;
|
|
421
421
|
}
|
|
422
|
-
logger$
|
|
422
|
+
logger$k.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
|
|
423
423
|
const { span, updatedOptions } = createSpan("IdentityClient-refreshAccessToken", options);
|
|
424
424
|
const refreshParams = {
|
|
425
425
|
grant_type: "refresh_token",
|
|
@@ -445,7 +445,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
445
445
|
tracingOptions: updatedOptions === null || updatedOptions === void 0 ? void 0 : updatedOptions.tracingOptions,
|
|
446
446
|
});
|
|
447
447
|
const response = await this.sendTokenRequest(request, expiresOnParser);
|
|
448
|
-
logger$
|
|
448
|
+
logger$k.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
|
|
449
449
|
return response;
|
|
450
450
|
}
|
|
451
451
|
catch (err) {
|
|
@@ -454,7 +454,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
454
454
|
// It's likely that the refresh token has expired, so
|
|
455
455
|
// return null so that the credential implementation will
|
|
456
456
|
// initiate the authentication flow again.
|
|
457
|
-
logger$
|
|
457
|
+
logger$k.info(`IdentityClient: interaction required for client ID: ${clientId}`);
|
|
458
458
|
span.setStatus({
|
|
459
459
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
460
460
|
message: err.message,
|
|
@@ -462,7 +462,7 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
462
462
|
return null;
|
|
463
463
|
}
|
|
464
464
|
else {
|
|
465
|
-
logger$
|
|
465
|
+
logger$k.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
|
|
466
466
|
span.setStatus({
|
|
467
467
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
468
468
|
message: err.message,
|
|
@@ -570,10 +570,10 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
570
570
|
}
|
|
571
571
|
const base64Metadata = accessToken.split(".")[1];
|
|
572
572
|
const { appid, upn, tid, oid } = JSON.parse(Buffer.from(base64Metadata, "base64").toString("utf8"));
|
|
573
|
-
logger$
|
|
573
|
+
logger$k.info(`[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || unavailableUpn}. Object ID (user): ${oid}`);
|
|
574
574
|
}
|
|
575
575
|
catch (e) {
|
|
576
|
-
logger$
|
|
576
|
+
logger$k.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
|
|
577
577
|
}
|
|
578
578
|
}
|
|
579
579
|
}
|
|
@@ -1184,7 +1184,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1184
1184
|
// Copyright (c) Microsoft Corporation.
|
|
1185
1185
|
const CommonTenantId = "common";
|
|
1186
1186
|
const AzureAccountClientId = "aebc6443-996d-45c2-90f0-388ff96faa56"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'
|
|
1187
|
-
const logger$
|
|
1187
|
+
const logger$j = credentialLogger("VisualStudioCodeCredential");
|
|
1188
1188
|
let findCredentials = undefined;
|
|
1189
1189
|
const vsCodeCredentialControl = {
|
|
1190
1190
|
setVsCodeCredentialFinder(finder) {
|
|
@@ -1237,7 +1237,7 @@ function getPropertyFromVSCode(property) {
|
|
|
1237
1237
|
}
|
|
1238
1238
|
}
|
|
1239
1239
|
catch (e) {
|
|
1240
|
-
logger$
|
|
1240
|
+
logger$j.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);
|
|
1241
1241
|
return;
|
|
1242
1242
|
}
|
|
1243
1243
|
}
|
|
@@ -1265,7 +1265,7 @@ class VisualStudioCodeCredential {
|
|
|
1265
1265
|
const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];
|
|
1266
1266
|
this.identityClient = new IdentityClient(Object.assign({ authorityHost }, options));
|
|
1267
1267
|
if (options && options.tenantId) {
|
|
1268
|
-
checkTenantId(logger$
|
|
1268
|
+
checkTenantId(logger$j, options.tenantId);
|
|
1269
1269
|
this.tenantId = options.tenantId;
|
|
1270
1270
|
}
|
|
1271
1271
|
else {
|
|
@@ -1317,7 +1317,7 @@ class VisualStudioCodeCredential {
|
|
|
1317
1317
|
// Check to make sure the scope we get back is a valid scope
|
|
1318
1318
|
if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {
|
|
1319
1319
|
const error = new Error("Invalid scope was specified by the user or calling client");
|
|
1320
|
-
logger$
|
|
1320
|
+
logger$j.getToken.info(formatError(scopes, error));
|
|
1321
1321
|
throw error;
|
|
1322
1322
|
}
|
|
1323
1323
|
if (scopeString.indexOf("offline_access") < 0) {
|
|
@@ -1337,18 +1337,18 @@ class VisualStudioCodeCredential {
|
|
|
1337
1337
|
if (refreshToken) {
|
|
1338
1338
|
const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, undefined);
|
|
1339
1339
|
if (tokenResponse) {
|
|
1340
|
-
logger$
|
|
1340
|
+
logger$j.getToken.info(formatSuccess(scopes));
|
|
1341
1341
|
return tokenResponse.accessToken;
|
|
1342
1342
|
}
|
|
1343
1343
|
else {
|
|
1344
1344
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1345
|
-
logger$
|
|
1345
|
+
logger$j.getToken.info(formatError(scopes, error));
|
|
1346
1346
|
throw error;
|
|
1347
1347
|
}
|
|
1348
1348
|
}
|
|
1349
1349
|
else {
|
|
1350
1350
|
const error = new CredentialUnavailableError("Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.");
|
|
1351
|
-
logger$
|
|
1351
|
+
logger$j.getToken.info(formatError(scopes, error));
|
|
1352
1352
|
throw error;
|
|
1353
1353
|
}
|
|
1354
1354
|
}
|
|
@@ -1399,7 +1399,7 @@ function useIdentityPlugin(plugin) {
|
|
|
1399
1399
|
/**
|
|
1400
1400
|
* @internal
|
|
1401
1401
|
*/
|
|
1402
|
-
const logger$
|
|
1402
|
+
const logger$i = credentialLogger("ChainedTokenCredential");
|
|
1403
1403
|
/**
|
|
1404
1404
|
* Enables multiple `TokenCredential` implementations to be tried in order
|
|
1405
1405
|
* until one of the getToken methods returns an access token.
|
|
@@ -1454,7 +1454,7 @@ class ChainedTokenCredential {
|
|
|
1454
1454
|
errors.push(err);
|
|
1455
1455
|
}
|
|
1456
1456
|
else {
|
|
1457
|
-
logger$
|
|
1457
|
+
logger$i.getToken.info(formatError(scopes, err));
|
|
1458
1458
|
throw err;
|
|
1459
1459
|
}
|
|
1460
1460
|
}
|
|
@@ -1465,11 +1465,11 @@ class ChainedTokenCredential {
|
|
|
1465
1465
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1466
1466
|
message: err.message,
|
|
1467
1467
|
});
|
|
1468
|
-
logger$
|
|
1468
|
+
logger$i.getToken.info(formatError(scopes, err));
|
|
1469
1469
|
throw err;
|
|
1470
1470
|
}
|
|
1471
1471
|
span.end();
|
|
1472
|
-
logger$
|
|
1472
|
+
logger$i.getToken.info(`Result for ${successfulCredentialName}: ${formatSuccess(scopes)}`);
|
|
1473
1473
|
if (token === null) {
|
|
1474
1474
|
throw new CredentialUnavailableError("Failed to retrieve a valid token");
|
|
1475
1475
|
}
|
|
@@ -1547,7 +1547,7 @@ const cliCredentialInternals = {
|
|
|
1547
1547
|
});
|
|
1548
1548
|
},
|
|
1549
1549
|
};
|
|
1550
|
-
const logger$
|
|
1550
|
+
const logger$h = credentialLogger("AzureCliCredential");
|
|
1551
1551
|
/**
|
|
1552
1552
|
* This credential will use the currently logged-in user login information
|
|
1553
1553
|
* via the Azure CLI ('az') commandline tool.
|
|
@@ -1577,11 +1577,11 @@ class AzureCliCredential {
|
|
|
1577
1577
|
async getToken(scopes, options) {
|
|
1578
1578
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1579
1579
|
if (tenantId) {
|
|
1580
|
-
checkTenantId(logger$
|
|
1580
|
+
checkTenantId(logger$h, tenantId);
|
|
1581
1581
|
}
|
|
1582
1582
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1583
|
-
logger$
|
|
1584
|
-
ensureValidScope(scope, logger$
|
|
1583
|
+
logger$h.getToken.info(`Using the scope ${scope}`);
|
|
1584
|
+
ensureValidScope(scope, logger$h);
|
|
1585
1585
|
const resource = getScopeResource(scope);
|
|
1586
1586
|
let responseData = "";
|
|
1587
1587
|
const { span } = createSpan(`${this.constructor.name}.getToken`, options);
|
|
@@ -1592,22 +1592,22 @@ class AzureCliCredential {
|
|
|
1592
1592
|
const isNotInstallError = obj.stderr.match("az:(.*)not found") || obj.stderr.startsWith("'az' is not recognized");
|
|
1593
1593
|
if (isNotInstallError) {
|
|
1594
1594
|
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
1595
|
-
logger$
|
|
1595
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1596
1596
|
throw error;
|
|
1597
1597
|
}
|
|
1598
1598
|
else if (isLoginError) {
|
|
1599
1599
|
const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
|
|
1600
|
-
logger$
|
|
1600
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1601
1601
|
throw error;
|
|
1602
1602
|
}
|
|
1603
1603
|
const error = new CredentialUnavailableError(obj.stderr);
|
|
1604
|
-
logger$
|
|
1604
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1605
1605
|
throw error;
|
|
1606
1606
|
}
|
|
1607
1607
|
else {
|
|
1608
1608
|
responseData = obj.stdout;
|
|
1609
1609
|
const response = JSON.parse(responseData);
|
|
1610
|
-
logger$
|
|
1610
|
+
logger$h.getToken.info(formatSuccess(scopes));
|
|
1611
1611
|
const returnValue = {
|
|
1612
1612
|
token: response.accessToken,
|
|
1613
1613
|
expiresOnTimestamp: new Date(response.expiresOn).getTime(),
|
|
@@ -1621,7 +1621,7 @@ class AzureCliCredential {
|
|
|
1621
1621
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
1622
1622
|
message: error.message,
|
|
1623
1623
|
});
|
|
1624
|
-
logger$
|
|
1624
|
+
logger$h.getToken.info(formatError(scopes, error));
|
|
1625
1625
|
throw error;
|
|
1626
1626
|
}
|
|
1627
1627
|
}
|
|
@@ -1658,7 +1658,7 @@ const processUtils = {
|
|
|
1658
1658
|
};
|
|
1659
1659
|
|
|
1660
1660
|
// Copyright (c) Microsoft Corporation.
|
|
1661
|
-
const logger$
|
|
1661
|
+
const logger$g = credentialLogger("AzurePowerShellCredential");
|
|
1662
1662
|
const isWindows = process.platform === "win32";
|
|
1663
1663
|
/**
|
|
1664
1664
|
* Returns a platform-appropriate command name by appending ".exe" on Windows.
|
|
@@ -1789,15 +1789,15 @@ class AzurePowerShellCredential {
|
|
|
1789
1789
|
return trace(`${this.constructor.name}.getToken`, options, async () => {
|
|
1790
1790
|
const tenantId = processMultiTenantRequest(this.tenantId, options);
|
|
1791
1791
|
if (tenantId) {
|
|
1792
|
-
checkTenantId(logger$
|
|
1792
|
+
checkTenantId(logger$g, tenantId);
|
|
1793
1793
|
}
|
|
1794
1794
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
1795
|
-
ensureValidScope(scope, logger$
|
|
1796
|
-
logger$
|
|
1795
|
+
ensureValidScope(scope, logger$g);
|
|
1796
|
+
logger$g.getToken.info(`Using the scope ${scope}`);
|
|
1797
1797
|
const resource = getScopeResource(scope);
|
|
1798
1798
|
try {
|
|
1799
1799
|
const response = await this.getAzurePowerShellAccessToken(resource, tenantId);
|
|
1800
|
-
logger$
|
|
1800
|
+
logger$g.getToken.info(formatSuccess(scopes));
|
|
1801
1801
|
return {
|
|
1802
1802
|
token: response.Token,
|
|
1803
1803
|
expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),
|
|
@@ -1806,16 +1806,16 @@ class AzurePowerShellCredential {
|
|
|
1806
1806
|
catch (err) {
|
|
1807
1807
|
if (isNotInstalledError(err)) {
|
|
1808
1808
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);
|
|
1809
|
-
logger$
|
|
1809
|
+
logger$g.getToken.info(formatError(scope, error));
|
|
1810
1810
|
throw error;
|
|
1811
1811
|
}
|
|
1812
1812
|
else if (isLoginError(err)) {
|
|
1813
1813
|
const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);
|
|
1814
|
-
logger$
|
|
1814
|
+
logger$g.getToken.info(formatError(scope, error));
|
|
1815
1815
|
throw error;
|
|
1816
1816
|
}
|
|
1817
1817
|
const error = new CredentialUnavailableError(`${err}. ${powerShellPublicErrorMessages.troubleshoot}`);
|
|
1818
|
-
logger$
|
|
1818
|
+
logger$g.getToken.info(formatError(scope, error));
|
|
1819
1819
|
throw error;
|
|
1820
1820
|
}
|
|
1821
1821
|
});
|
|
@@ -1853,7 +1853,7 @@ class MsalClientSecret extends MsalNode {
|
|
|
1853
1853
|
}
|
|
1854
1854
|
|
|
1855
1855
|
// Copyright (c) Microsoft Corporation.
|
|
1856
|
-
const logger$
|
|
1856
|
+
const logger$f = credentialLogger("ClientSecretCredential");
|
|
1857
1857
|
/**
|
|
1858
1858
|
* Enables authentication to Azure Active Directory using a client secret
|
|
1859
1859
|
* that was generated for an App Registration. More information on how
|
|
@@ -1877,7 +1877,7 @@ class ClientSecretCredential {
|
|
|
1877
1877
|
if (!tenantId || !clientId || !clientSecret) {
|
|
1878
1878
|
throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
|
|
1879
1879
|
}
|
|
1880
|
-
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$
|
|
1880
|
+
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$f,
|
|
1881
1881
|
clientId,
|
|
1882
1882
|
tenantId,
|
|
1883
1883
|
clientSecret, tokenCredentialOptions: options }));
|
|
@@ -1910,8 +1910,12 @@ const readFileAsync$2 = util.promisify(fs.readFile);
|
|
|
1910
1910
|
*/
|
|
1911
1911
|
async function parseCertificate(configuration, sendCertificateChain) {
|
|
1912
1912
|
const certificateParts = {};
|
|
1913
|
+
const certificate = configuration
|
|
1914
|
+
.certificate;
|
|
1915
|
+
const certificatePath = configuration
|
|
1916
|
+
.certificatePath;
|
|
1913
1917
|
certificateParts.certificateContents =
|
|
1914
|
-
|
|
1918
|
+
certificate || (await readFileAsync$2(certificatePath, "utf8"));
|
|
1915
1919
|
if (sendCertificateChain) {
|
|
1916
1920
|
certificateParts.x5c = certificateParts.certificateContents;
|
|
1917
1921
|
}
|
|
@@ -1983,7 +1987,7 @@ class MsalClientCertificate extends MsalNode {
|
|
|
1983
1987
|
|
|
1984
1988
|
// Copyright (c) Microsoft Corporation.
|
|
1985
1989
|
const credentialName$2 = "ClientCertificateCredential";
|
|
1986
|
-
const logger$
|
|
1990
|
+
const logger$e = credentialLogger(credentialName$2);
|
|
1987
1991
|
/**
|
|
1988
1992
|
* Enables authentication to Azure Active Directory using a PEM-encoded
|
|
1989
1993
|
* certificate that is assigned to an App Registration. More information
|
|
@@ -2002,14 +2006,17 @@ class ClientCertificateCredential {
|
|
|
2002
2006
|
certificatePath: certificatePathOrConfiguration,
|
|
2003
2007
|
}
|
|
2004
2008
|
: certificatePathOrConfiguration));
|
|
2005
|
-
|
|
2009
|
+
const certificate = configuration
|
|
2010
|
+
.certificate;
|
|
2011
|
+
const certificatePath = configuration.certificatePath;
|
|
2012
|
+
if (!configuration || !(certificate || certificatePath)) {
|
|
2006
2013
|
throw new Error(`${credentialName$2}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
2007
2014
|
}
|
|
2008
|
-
if (
|
|
2015
|
+
if (certificate && certificatePath) {
|
|
2009
2016
|
throw new Error(`${credentialName$2}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
2010
2017
|
}
|
|
2011
2018
|
this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { configuration,
|
|
2012
|
-
logger: logger$
|
|
2019
|
+
logger: logger$e,
|
|
2013
2020
|
clientId,
|
|
2014
2021
|
tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
|
|
2015
2022
|
}
|
|
@@ -2060,7 +2067,7 @@ class MsalUsernamePassword extends MsalNode {
|
|
|
2060
2067
|
}
|
|
2061
2068
|
|
|
2062
2069
|
// Copyright (c) Microsoft Corporation.
|
|
2063
|
-
const logger$
|
|
2070
|
+
const logger$d = credentialLogger("UsernamePasswordCredential");
|
|
2064
2071
|
/**
|
|
2065
2072
|
* Enables authentication to Azure Active Directory with a user's
|
|
2066
2073
|
* username and password. This credential requires a high degree of
|
|
@@ -2083,7 +2090,7 @@ class UsernamePasswordCredential {
|
|
|
2083
2090
|
if (!tenantId || !clientId || !username || !password) {
|
|
2084
2091
|
throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
2085
2092
|
}
|
|
2086
|
-
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$
|
|
2093
|
+
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$d,
|
|
2087
2094
|
clientId,
|
|
2088
2095
|
tenantId,
|
|
2089
2096
|
username,
|
|
@@ -2126,7 +2133,7 @@ const AllSupportedEnvironmentVariables = [
|
|
|
2126
2133
|
"AZURE_PASSWORD",
|
|
2127
2134
|
];
|
|
2128
2135
|
const credentialName$1 = "EnvironmentCredential";
|
|
2129
|
-
const logger$
|
|
2136
|
+
const logger$c = credentialLogger(credentialName$1);
|
|
2130
2137
|
/**
|
|
2131
2138
|
* Enables authentication to Azure Active Directory using client secret
|
|
2132
2139
|
* details configured in environment variables
|
|
@@ -2156,26 +2163,26 @@ class EnvironmentCredential {
|
|
|
2156
2163
|
// Keep track of any missing environment variables for error details
|
|
2157
2164
|
this._credential = undefined;
|
|
2158
2165
|
const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(", ");
|
|
2159
|
-
logger$
|
|
2166
|
+
logger$c.info(`Found the following environment variables: ${assigned}`);
|
|
2160
2167
|
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
|
|
2161
2168
|
if (tenantId) {
|
|
2162
|
-
checkTenantId(logger$
|
|
2169
|
+
checkTenantId(logger$c, tenantId);
|
|
2163
2170
|
}
|
|
2164
2171
|
if (tenantId && clientId && clientSecret) {
|
|
2165
|
-
logger$
|
|
2172
|
+
logger$c.info(`Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`);
|
|
2166
2173
|
this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
|
|
2167
2174
|
return;
|
|
2168
2175
|
}
|
|
2169
2176
|
const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
|
|
2170
2177
|
if (tenantId && clientId && certificatePath) {
|
|
2171
|
-
logger$
|
|
2178
|
+
logger$c.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
|
|
2172
2179
|
this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath }, options);
|
|
2173
2180
|
return;
|
|
2174
2181
|
}
|
|
2175
2182
|
const username = process.env.AZURE_USERNAME;
|
|
2176
2183
|
const password = process.env.AZURE_PASSWORD;
|
|
2177
2184
|
if (tenantId && clientId && username && password) {
|
|
2178
|
-
logger$
|
|
2185
|
+
logger$c.info(`Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`);
|
|
2179
2186
|
this._credential = new UsernamePasswordCredential(tenantId, clientId, username, password, options);
|
|
2180
2187
|
}
|
|
2181
2188
|
}
|
|
@@ -2190,7 +2197,7 @@ class EnvironmentCredential {
|
|
|
2190
2197
|
if (this._credential) {
|
|
2191
2198
|
try {
|
|
2192
2199
|
const result = await this._credential.getToken(scopes, newOptions);
|
|
2193
|
-
logger$
|
|
2200
|
+
logger$c.getToken.info(formatSuccess(scopes));
|
|
2194
2201
|
return result;
|
|
2195
2202
|
}
|
|
2196
2203
|
catch (err) {
|
|
@@ -2198,7 +2205,7 @@ class EnvironmentCredential {
|
|
|
2198
2205
|
error: `${credentialName$1} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
|
|
2199
2206
|
error_description: err.message.toString().split("More details:").join(""),
|
|
2200
2207
|
});
|
|
2201
|
-
logger$
|
|
2208
|
+
logger$c.getToken.info(formatError(scopes, authenticationError));
|
|
2202
2209
|
throw authenticationError;
|
|
2203
2210
|
}
|
|
2204
2211
|
}
|
|
@@ -2244,22 +2251,22 @@ function mapScopesToResource(scopes) {
|
|
|
2244
2251
|
}
|
|
2245
2252
|
|
|
2246
2253
|
// Copyright (c) Microsoft Corporation.
|
|
2247
|
-
const msiName$
|
|
2248
|
-
const logger$
|
|
2254
|
+
const msiName$6 = "ManagedIdentityCredential - AppServiceMSI 2017";
|
|
2255
|
+
const logger$b = credentialLogger(msiName$6);
|
|
2249
2256
|
/**
|
|
2250
2257
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2251
2258
|
*/
|
|
2252
|
-
function expiresOnParser$
|
|
2259
|
+
function expiresOnParser$3(requestBody) {
|
|
2253
2260
|
// App Service always returns string expires_on values.
|
|
2254
2261
|
return Date.parse(requestBody.expires_on);
|
|
2255
2262
|
}
|
|
2256
2263
|
/**
|
|
2257
2264
|
* Generates the options used on the request for an access token.
|
|
2258
2265
|
*/
|
|
2259
|
-
function prepareRequestOptions$
|
|
2266
|
+
function prepareRequestOptions$6(scopes, clientId) {
|
|
2260
2267
|
const resource = mapScopesToResource(scopes);
|
|
2261
2268
|
if (!resource) {
|
|
2262
|
-
throw new Error(`${msiName$
|
|
2269
|
+
throw new Error(`${msiName$6}: Multiple scopes are not supported.`);
|
|
2263
2270
|
}
|
|
2264
2271
|
const queryParameters = {
|
|
2265
2272
|
resource,
|
|
@@ -2271,10 +2278,10 @@ function prepareRequestOptions$5(scopes, clientId) {
|
|
|
2271
2278
|
const query = new URLSearchParams(queryParameters);
|
|
2272
2279
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2273
2280
|
if (!process.env.MSI_ENDPOINT) {
|
|
2274
|
-
throw new Error(`${msiName$
|
|
2281
|
+
throw new Error(`${msiName$6}: Missing environment variable: MSI_ENDPOINT`);
|
|
2275
2282
|
}
|
|
2276
2283
|
if (!process.env.MSI_SECRET) {
|
|
2277
|
-
throw new Error(`${msiName$
|
|
2284
|
+
throw new Error(`${msiName$6}: Missing environment variable: MSI_SECRET`);
|
|
2278
2285
|
}
|
|
2279
2286
|
return {
|
|
2280
2287
|
url: `${process.env.MSI_ENDPOINT}?${query.toString()}`,
|
|
@@ -2292,40 +2299,40 @@ const appServiceMsi2017 = {
|
|
|
2292
2299
|
async isAvailable({ scopes }) {
|
|
2293
2300
|
const resource = mapScopesToResource(scopes);
|
|
2294
2301
|
if (!resource) {
|
|
2295
|
-
logger$
|
|
2302
|
+
logger$b.info(`${msiName$6}: Unavailable. Multiple scopes are not supported.`);
|
|
2296
2303
|
return false;
|
|
2297
2304
|
}
|
|
2298
2305
|
const env = process.env;
|
|
2299
2306
|
const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);
|
|
2300
2307
|
if (!result) {
|
|
2301
|
-
logger$
|
|
2308
|
+
logger$b.info(`${msiName$6}: Unavailable. The environment variables needed are: MSI_ENDPOINT and MSI_SECRET.`);
|
|
2302
2309
|
}
|
|
2303
2310
|
return result;
|
|
2304
2311
|
},
|
|
2305
2312
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2306
2313
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2307
2314
|
if (resourceId) {
|
|
2308
|
-
logger$
|
|
2315
|
+
logger$b.warning(`${msiName$6}: managed Identity by resource Id is not supported. Argument resourceId might be ignored by the service.`);
|
|
2309
2316
|
}
|
|
2310
|
-
logger$
|
|
2311
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2317
|
+
logger$b.info(`${msiName$6}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`);
|
|
2318
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$6(scopes, clientId)), {
|
|
2312
2319
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2313
2320
|
allowInsecureConnection: true }));
|
|
2314
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$
|
|
2321
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$3);
|
|
2315
2322
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2316
2323
|
},
|
|
2317
2324
|
};
|
|
2318
2325
|
|
|
2319
2326
|
// Copyright (c) Microsoft Corporation.
|
|
2320
|
-
const msiName$
|
|
2321
|
-
const logger$
|
|
2327
|
+
const msiName$5 = "ManagedIdentityCredential - CloudShellMSI";
|
|
2328
|
+
const logger$a = credentialLogger(msiName$5);
|
|
2322
2329
|
/**
|
|
2323
2330
|
* Generates the options used on the request for an access token.
|
|
2324
2331
|
*/
|
|
2325
|
-
function prepareRequestOptions$
|
|
2332
|
+
function prepareRequestOptions$5(scopes, clientId, resourceId) {
|
|
2326
2333
|
const resource = mapScopesToResource(scopes);
|
|
2327
2334
|
if (!resource) {
|
|
2328
|
-
throw new Error(`${msiName$
|
|
2335
|
+
throw new Error(`${msiName$5}: Multiple scopes are not supported.`);
|
|
2329
2336
|
}
|
|
2330
2337
|
const body = {
|
|
2331
2338
|
resource,
|
|
@@ -2338,7 +2345,7 @@ function prepareRequestOptions$4(scopes, clientId, resourceId) {
|
|
|
2338
2345
|
}
|
|
2339
2346
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2340
2347
|
if (!process.env.MSI_ENDPOINT) {
|
|
2341
|
-
throw new Error(`${msiName$
|
|
2348
|
+
throw new Error(`${msiName$5}: Missing environment variable: MSI_ENDPOINT`);
|
|
2342
2349
|
}
|
|
2343
2350
|
const params = new URLSearchParams(body);
|
|
2344
2351
|
return {
|
|
@@ -2360,25 +2367,25 @@ const cloudShellMsi = {
|
|
|
2360
2367
|
async isAvailable({ scopes }) {
|
|
2361
2368
|
const resource = mapScopesToResource(scopes);
|
|
2362
2369
|
if (!resource) {
|
|
2363
|
-
logger$
|
|
2370
|
+
logger$a.info(`${msiName$5}: Unavailable. Multiple scopes are not supported.`);
|
|
2364
2371
|
return false;
|
|
2365
2372
|
}
|
|
2366
2373
|
const result = Boolean(process.env.MSI_ENDPOINT);
|
|
2367
2374
|
if (!result) {
|
|
2368
|
-
logger$
|
|
2375
|
+
logger$a.info(`${msiName$5}: Unavailable. The environment variable MSI_ENDPOINT is needed.`);
|
|
2369
2376
|
}
|
|
2370
2377
|
return result;
|
|
2371
2378
|
},
|
|
2372
2379
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2373
2380
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2374
2381
|
if (clientId) {
|
|
2375
|
-
logger$
|
|
2382
|
+
logger$a.warning(`${msiName$5}: user-assigned identities not supported. The argument clientId might be ignored by the service.`);
|
|
2376
2383
|
}
|
|
2377
2384
|
if (resourceId) {
|
|
2378
|
-
logger$
|
|
2385
|
+
logger$a.warning(`${msiName$5}: user defined managed Identity by resource Id not supported. The argument resourceId might be ignored by the service.`);
|
|
2379
2386
|
}
|
|
2380
|
-
logger$
|
|
2381
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2387
|
+
logger$a.info(`${msiName$5}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`);
|
|
2388
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$5(scopes, clientId, resourceId)), {
|
|
2382
2389
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2383
2390
|
allowInsecureConnection: true }));
|
|
2384
2391
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2387,33 +2394,33 @@ const cloudShellMsi = {
|
|
|
2387
2394
|
};
|
|
2388
2395
|
|
|
2389
2396
|
// Copyright (c) Microsoft Corporation.
|
|
2390
|
-
const msiName$
|
|
2391
|
-
const logger$
|
|
2397
|
+
const msiName$4 = "ManagedIdentityCredential - IMDS";
|
|
2398
|
+
const logger$9 = credentialLogger(msiName$4);
|
|
2392
2399
|
/**
|
|
2393
2400
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2394
2401
|
*/
|
|
2395
|
-
function expiresOnParser$
|
|
2402
|
+
function expiresOnParser$2(requestBody) {
|
|
2396
2403
|
if (requestBody.expires_on) {
|
|
2397
2404
|
// Use the expires_on timestamp if it's available
|
|
2398
2405
|
const expires = +requestBody.expires_on * 1000;
|
|
2399
|
-
logger$
|
|
2406
|
+
logger$9.info(`${msiName$4}: Using expires_on: ${expires} (original value: ${requestBody.expires_on})`);
|
|
2400
2407
|
return expires;
|
|
2401
2408
|
}
|
|
2402
2409
|
else {
|
|
2403
2410
|
// If these aren't possible, use expires_in and calculate a timestamp
|
|
2404
2411
|
const expires = Date.now() + requestBody.expires_in * 1000;
|
|
2405
|
-
logger$
|
|
2412
|
+
logger$9.info(`${msiName$4}: IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);
|
|
2406
2413
|
return expires;
|
|
2407
2414
|
}
|
|
2408
2415
|
}
|
|
2409
2416
|
/**
|
|
2410
2417
|
* Generates the options used on the request for an access token.
|
|
2411
2418
|
*/
|
|
2412
|
-
function prepareRequestOptions$
|
|
2419
|
+
function prepareRequestOptions$4(scopes, clientId, resourceId, options) {
|
|
2413
2420
|
var _a;
|
|
2414
2421
|
const resource = mapScopesToResource(scopes);
|
|
2415
2422
|
if (!resource) {
|
|
2416
|
-
throw new Error(`${msiName$
|
|
2423
|
+
throw new Error(`${msiName$4}: Multiple scopes are not supported.`);
|
|
2417
2424
|
}
|
|
2418
2425
|
const { skipQuery, skipMetadataHeader } = options || {};
|
|
2419
2426
|
let query = "";
|
|
@@ -2463,7 +2470,7 @@ const imdsMsi = {
|
|
|
2463
2470
|
var _a, _b;
|
|
2464
2471
|
const resource = mapScopesToResource(scopes);
|
|
2465
2472
|
if (!resource) {
|
|
2466
|
-
logger$
|
|
2473
|
+
logger$9.info(`${msiName$4}: Unavailable. Multiple scopes are not supported.`);
|
|
2467
2474
|
return false;
|
|
2468
2475
|
}
|
|
2469
2476
|
const { span, updatedOptions: options } = createSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions);
|
|
@@ -2474,7 +2481,7 @@ const imdsMsi = {
|
|
|
2474
2481
|
if (!identityClient) {
|
|
2475
2482
|
throw new Error("Missing IdentityClient");
|
|
2476
2483
|
}
|
|
2477
|
-
const requestOptions = prepareRequestOptions$
|
|
2484
|
+
const requestOptions = prepareRequestOptions$4(resource, clientId, resourceId, {
|
|
2478
2485
|
skipMetadataHeader: true,
|
|
2479
2486
|
skipQuery: true,
|
|
2480
2487
|
});
|
|
@@ -2488,7 +2495,7 @@ const imdsMsi = {
|
|
|
2488
2495
|
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
2489
2496
|
request.allowInsecureConnection = true;
|
|
2490
2497
|
try {
|
|
2491
|
-
logger$
|
|
2498
|
+
logger$9.info(`${msiName$4}: Pinging the Azure IMDS endpoint`);
|
|
2492
2499
|
await identityClient.sendRequest(request);
|
|
2493
2500
|
}
|
|
2494
2501
|
catch (err) {
|
|
@@ -2500,7 +2507,7 @@ const imdsMsi = {
|
|
|
2500
2507
|
) {
|
|
2501
2508
|
// If the request failed, or Node.js was unable to establish a connection,
|
|
2502
2509
|
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
|
2503
|
-
logger$
|
|
2510
|
+
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
|
|
2504
2511
|
span.setStatus({
|
|
2505
2512
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2506
2513
|
message: err.message,
|
|
@@ -2509,13 +2516,13 @@ const imdsMsi = {
|
|
|
2509
2516
|
}
|
|
2510
2517
|
}
|
|
2511
2518
|
// If we received any response, the endpoint is available
|
|
2512
|
-
logger$
|
|
2519
|
+
logger$9.info(`${msiName$4}: The Azure IMDS endpoint is available`);
|
|
2513
2520
|
return true;
|
|
2514
2521
|
}
|
|
2515
2522
|
catch (err) {
|
|
2516
2523
|
// createWebResource failed.
|
|
2517
2524
|
// This error should bubble up to the user.
|
|
2518
|
-
logger$
|
|
2525
|
+
logger$9.info(`${msiName$4}: Error when creating the WebResource for the Azure IMDS endpoint: ${err.message}`);
|
|
2519
2526
|
span.setStatus({
|
|
2520
2527
|
code: coreTracing.SpanStatusCode.ERROR,
|
|
2521
2528
|
message: err.message,
|
|
@@ -2528,12 +2535,12 @@ const imdsMsi = {
|
|
|
2528
2535
|
},
|
|
2529
2536
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2530
2537
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2531
|
-
logger$
|
|
2538
|
+
logger$9.info(`${msiName$4}: Using the Azure IMDS endpoint coming from the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`);
|
|
2532
2539
|
let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
|
|
2533
2540
|
for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
|
|
2534
2541
|
try {
|
|
2535
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2536
|
-
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$
|
|
2542
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, clientId, resourceId)), { allowInsecureConnection: true }));
|
|
2543
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$2);
|
|
2537
2544
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2538
2545
|
}
|
|
2539
2546
|
catch (error) {
|
|
@@ -2545,20 +2552,20 @@ const imdsMsi = {
|
|
|
2545
2552
|
throw error;
|
|
2546
2553
|
}
|
|
2547
2554
|
}
|
|
2548
|
-
throw new AuthenticationError(404, `${msiName$
|
|
2555
|
+
throw new AuthenticationError(404, `${msiName$4}: Failed to retrieve IMDS token after ${imdsMsiRetryConfig.maxRetries} retries.`);
|
|
2549
2556
|
},
|
|
2550
2557
|
};
|
|
2551
2558
|
|
|
2552
2559
|
// Copyright (c) Microsoft Corporation.
|
|
2553
|
-
const msiName$
|
|
2554
|
-
const logger$
|
|
2560
|
+
const msiName$3 = "ManagedIdentityCredential - Azure Arc MSI";
|
|
2561
|
+
const logger$8 = credentialLogger(msiName$3);
|
|
2555
2562
|
/**
|
|
2556
2563
|
* Generates the options used on the request for an access token.
|
|
2557
2564
|
*/
|
|
2558
|
-
function prepareRequestOptions$
|
|
2565
|
+
function prepareRequestOptions$3(scopes, clientId, resourceId) {
|
|
2559
2566
|
const resource = mapScopesToResource(scopes);
|
|
2560
2567
|
if (!resource) {
|
|
2561
|
-
throw new Error(`${msiName$
|
|
2568
|
+
throw new Error(`${msiName$3}: Multiple scopes are not supported.`);
|
|
2562
2569
|
}
|
|
2563
2570
|
const queryParameters = {
|
|
2564
2571
|
resource,
|
|
@@ -2572,7 +2579,7 @@ function prepareRequestOptions$2(scopes, clientId, resourceId) {
|
|
|
2572
2579
|
}
|
|
2573
2580
|
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2574
2581
|
if (!process.env.IDENTITY_ENDPOINT) {
|
|
2575
|
-
throw new Error(`${msiName$
|
|
2582
|
+
throw new Error(`${msiName$3}: Missing environment variable: IDENTITY_ENDPOINT`);
|
|
2576
2583
|
}
|
|
2577
2584
|
const query = new URLSearchParams(queryParameters);
|
|
2578
2585
|
return coreRestPipeline.createPipelineRequest({
|
|
@@ -2607,7 +2614,7 @@ async function filePathRequest(identityClient, requestPrepareOptions) {
|
|
|
2607
2614
|
if (response.bodyAsText) {
|
|
2608
2615
|
message = ` Response: ${response.bodyAsText}`;
|
|
2609
2616
|
}
|
|
2610
|
-
throw new AuthenticationError(response.status, `${msiName$
|
|
2617
|
+
throw new AuthenticationError(response.status, `${msiName$3}: To authenticate with Azure Arc MSI, status code 401 is expected on the first request. ${message}`);
|
|
2611
2618
|
}
|
|
2612
2619
|
const authHeader = response.headers.get("www-authenticate") || "";
|
|
2613
2620
|
try {
|
|
@@ -2624,12 +2631,12 @@ const arcMsi = {
|
|
|
2624
2631
|
async isAvailable({ scopes }) {
|
|
2625
2632
|
const resource = mapScopesToResource(scopes);
|
|
2626
2633
|
if (!resource) {
|
|
2627
|
-
logger$
|
|
2634
|
+
logger$8.info(`${msiName$3}: Unavailable. Multiple scopes are not supported.`);
|
|
2628
2635
|
return false;
|
|
2629
2636
|
}
|
|
2630
2637
|
const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);
|
|
2631
2638
|
if (!result) {
|
|
2632
|
-
logger$
|
|
2639
|
+
logger$8.info(`${msiName$3}: The environment variables needed are: IMDS_ENDPOINT and IDENTITY_ENDPOINT`);
|
|
2633
2640
|
}
|
|
2634
2641
|
return result;
|
|
2635
2642
|
},
|
|
@@ -2637,16 +2644,16 @@ const arcMsi = {
|
|
|
2637
2644
|
var _a;
|
|
2638
2645
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2639
2646
|
if (clientId) {
|
|
2640
|
-
logger$
|
|
2647
|
+
logger$8.warning(`${msiName$3}: user-assigned identities not supported. The argument clientId might be ignored by the service.`);
|
|
2641
2648
|
}
|
|
2642
2649
|
if (resourceId) {
|
|
2643
|
-
logger$
|
|
2650
|
+
logger$8.warning(`${msiName$3}: user defined managed Identity by resource Id is not supported. Argument resourceId will be ignored.`);
|
|
2644
2651
|
}
|
|
2645
|
-
logger$
|
|
2646
|
-
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2652
|
+
logger$8.info(`${msiName$3}: Authenticating.`);
|
|
2653
|
+
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$3(scopes, clientId, resourceId)), { allowInsecureConnection: true });
|
|
2647
2654
|
const filePath = await filePathRequest(identityClient, requestOptions);
|
|
2648
2655
|
if (!filePath) {
|
|
2649
|
-
throw new Error(`${msiName$
|
|
2656
|
+
throw new Error(`${msiName$3}: Failed to find the token file.`);
|
|
2650
2657
|
}
|
|
2651
2658
|
const key = await readFileAsync$1(filePath, { encoding: "utf-8" });
|
|
2652
2659
|
(_a = requestOptions.headers) === null || _a === void 0 ? void 0 : _a.set("Authorization", `Basic ${key}`);
|
|
@@ -2659,13 +2666,13 @@ const arcMsi = {
|
|
|
2659
2666
|
};
|
|
2660
2667
|
|
|
2661
2668
|
// Copyright (c) Microsoft Corporation.
|
|
2662
|
-
const msiName$
|
|
2663
|
-
const logger$
|
|
2669
|
+
const msiName$2 = "ManagedIdentityCredential - Token Exchange";
|
|
2670
|
+
const logger$7 = credentialLogger(msiName$2);
|
|
2664
2671
|
const readFileAsync = util.promisify(fs__default["default"].readFile);
|
|
2665
2672
|
/**
|
|
2666
2673
|
* Generates the options used on the request for an access token.
|
|
2667
2674
|
*/
|
|
2668
|
-
function prepareRequestOptions$
|
|
2675
|
+
function prepareRequestOptions$2(scopes, clientAssertion, clientId) {
|
|
2669
2676
|
var _a;
|
|
2670
2677
|
const bodyParams = {
|
|
2671
2678
|
scope: Array.isArray(scopes) ? scopes.join(" ") : scopes,
|
|
@@ -2716,21 +2723,21 @@ function tokenExchangeMsi() {
|
|
|
2716
2723
|
const env = process.env;
|
|
2717
2724
|
const result = Boolean((clientId || env.AZURE_CLIENT_ID) && env.AZURE_TENANT_ID && azureFederatedTokenFilePath);
|
|
2718
2725
|
if (!result) {
|
|
2719
|
-
logger$
|
|
2726
|
+
logger$7.info(`${msiName$2}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`);
|
|
2720
2727
|
}
|
|
2721
2728
|
return result;
|
|
2722
2729
|
},
|
|
2723
2730
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2724
2731
|
const { identityClient, scopes, clientId } = configuration;
|
|
2725
|
-
logger$
|
|
2732
|
+
logger$7.info(`${msiName$2}: Using the client assertion coming from environment variables.`);
|
|
2726
2733
|
let assertion;
|
|
2727
2734
|
try {
|
|
2728
2735
|
assertion = await readAssertion();
|
|
2729
2736
|
}
|
|
2730
2737
|
catch (err) {
|
|
2731
|
-
throw new Error(`${msiName$
|
|
2738
|
+
throw new Error(`${msiName$2}: Failed to read ${azureFederatedTokenFilePath}, indicated by the environment variable AZURE_FEDERATED_TOKEN_FILE`);
|
|
2732
2739
|
}
|
|
2733
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$
|
|
2740
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$2(scopes, assertion, clientId || process.env.AZURE_CLIENT_ID)), {
|
|
2734
2741
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2735
2742
|
allowInsecureConnection: true }));
|
|
2736
2743
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
@@ -2750,22 +2757,22 @@ function tokenExchangeMsi() {
|
|
|
2750
2757
|
//
|
|
2751
2758
|
// curl --insecure $IDENTITY_ENDPOINT'?api-version=2019-07-01-preview&resource=https://vault.azure.net/' -H "Secret: $IDENTITY_HEADER"
|
|
2752
2759
|
//
|
|
2753
|
-
const msiName = "ManagedIdentityCredential - Fabric MSI";
|
|
2754
|
-
const logger$
|
|
2760
|
+
const msiName$1 = "ManagedIdentityCredential - Fabric MSI";
|
|
2761
|
+
const logger$6 = credentialLogger(msiName$1);
|
|
2755
2762
|
/**
|
|
2756
2763
|
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2757
2764
|
*/
|
|
2758
|
-
function expiresOnParser(requestBody) {
|
|
2765
|
+
function expiresOnParser$1(requestBody) {
|
|
2759
2766
|
// Parses a string representation of the milliseconds since epoch into a number value
|
|
2760
2767
|
return Number(requestBody.expires_on);
|
|
2761
2768
|
}
|
|
2762
2769
|
/**
|
|
2763
2770
|
* Generates the options used on the request for an access token.
|
|
2764
2771
|
*/
|
|
2765
|
-
function prepareRequestOptions(scopes, clientId, resourceId) {
|
|
2772
|
+
function prepareRequestOptions$1(scopes, clientId, resourceId) {
|
|
2766
2773
|
const resource = mapScopesToResource(scopes);
|
|
2767
2774
|
if (!resource) {
|
|
2768
|
-
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2775
|
+
throw new Error(`${msiName$1}: Multiple scopes are not supported.`);
|
|
2769
2776
|
}
|
|
2770
2777
|
const queryParameters = {
|
|
2771
2778
|
resource,
|
|
@@ -2801,34 +2808,107 @@ const fabricMsi = {
|
|
|
2801
2808
|
async isAvailable({ scopes }) {
|
|
2802
2809
|
const resource = mapScopesToResource(scopes);
|
|
2803
2810
|
if (!resource) {
|
|
2804
|
-
logger$
|
|
2811
|
+
logger$6.info(`${msiName$1}: Unavailable. Multiple scopes are not supported.`);
|
|
2805
2812
|
return false;
|
|
2806
2813
|
}
|
|
2807
2814
|
const env = process.env;
|
|
2808
2815
|
const result = Boolean(env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER && env.IDENTITY_SERVER_THUMBPRINT);
|
|
2809
2816
|
if (!result) {
|
|
2810
|
-
logger$
|
|
2817
|
+
logger$6.info(`${msiName$1}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT, IDENTITY_HEADER and IDENTITY_SERVER_THUMBPRINT`);
|
|
2811
2818
|
}
|
|
2812
2819
|
return result;
|
|
2813
2820
|
},
|
|
2814
2821
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2815
2822
|
const { scopes, identityClient, clientId, resourceId } = configuration;
|
|
2816
2823
|
if (resourceId) {
|
|
2817
|
-
logger$
|
|
2824
|
+
logger$6.warning(`${msiName$1}: user defined managed Identity by resource Id is not supported. Argument resourceId might be ignored by the service.`);
|
|
2818
2825
|
}
|
|
2819
|
-
logger$
|
|
2820
|
-
`${msiName}:`,
|
|
2826
|
+
logger$6.info([
|
|
2827
|
+
`${msiName$1}:`,
|
|
2821
2828
|
"Using the endpoint and the secret coming from the environment variables:",
|
|
2822
2829
|
`IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT},`,
|
|
2823
2830
|
"IDENTITY_HEADER=[REDACTED] and",
|
|
2824
2831
|
"IDENTITY_SERVER_THUMBPRINT=[REDACTED].",
|
|
2825
2832
|
].join(" "));
|
|
2826
|
-
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId, resourceId)));
|
|
2833
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$1(scopes, clientId, resourceId)));
|
|
2827
2834
|
request.agent = new https__default["default"].Agent({
|
|
2828
2835
|
// This is necessary because Service Fabric provides a self-signed certificate.
|
|
2829
2836
|
// The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
|
|
2830
2837
|
rejectUnauthorized: false,
|
|
2831
2838
|
});
|
|
2839
|
+
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser$1);
|
|
2840
|
+
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2841
|
+
},
|
|
2842
|
+
};
|
|
2843
|
+
|
|
2844
|
+
// Copyright (c) Microsoft Corporation.
|
|
2845
|
+
const msiName = "ManagedIdentityCredential - AppServiceMSI 2019";
|
|
2846
|
+
const logger$5 = credentialLogger(msiName);
|
|
2847
|
+
/**
|
|
2848
|
+
* Formats the expiration date of the received token into the number of milliseconds between that date and midnight, January 1, 1970.
|
|
2849
|
+
*/
|
|
2850
|
+
function expiresOnParser(requestBody) {
|
|
2851
|
+
// App Service always returns string expires_on values.
|
|
2852
|
+
return Date.parse(requestBody.expires_on);
|
|
2853
|
+
}
|
|
2854
|
+
/**
|
|
2855
|
+
* Generates the options used on the request for an access token.
|
|
2856
|
+
*/
|
|
2857
|
+
function prepareRequestOptions(scopes, clientId, resourceId) {
|
|
2858
|
+
const resource = mapScopesToResource(scopes);
|
|
2859
|
+
if (!resource) {
|
|
2860
|
+
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
2861
|
+
}
|
|
2862
|
+
const queryParameters = {
|
|
2863
|
+
resource,
|
|
2864
|
+
"api-version": "2019-08-01",
|
|
2865
|
+
};
|
|
2866
|
+
if (clientId) {
|
|
2867
|
+
queryParameters.client_id = clientId;
|
|
2868
|
+
}
|
|
2869
|
+
if (resourceId) {
|
|
2870
|
+
queryParameters.mi_res_id = resourceId;
|
|
2871
|
+
}
|
|
2872
|
+
const query = new URLSearchParams(queryParameters);
|
|
2873
|
+
// This error should not bubble up, since we verify that this environment variable is defined in the isAvailable() method defined below.
|
|
2874
|
+
if (!process.env.IDENTITY_ENDPOINT) {
|
|
2875
|
+
throw new Error(`${msiName}: Missing environment variable: IDENTITY_ENDPOINT`);
|
|
2876
|
+
}
|
|
2877
|
+
if (!process.env.IDENTITY_HEADER) {
|
|
2878
|
+
throw new Error(`${msiName}: Missing environment variable: IDENTITY_HEADER`);
|
|
2879
|
+
}
|
|
2880
|
+
return {
|
|
2881
|
+
url: `${process.env.IDENTITY_ENDPOINT}?${query.toString()}`,
|
|
2882
|
+
method: "GET",
|
|
2883
|
+
headers: coreRestPipeline.createHttpHeaders({
|
|
2884
|
+
Accept: "application/json",
|
|
2885
|
+
"X-IDENTITY-HEADER": process.env.IDENTITY_HEADER,
|
|
2886
|
+
}),
|
|
2887
|
+
};
|
|
2888
|
+
}
|
|
2889
|
+
/**
|
|
2890
|
+
* Defines how to determine whether the Azure App Service MSI is available, and also how to retrieve a token from the Azure App Service MSI.
|
|
2891
|
+
*/
|
|
2892
|
+
const appServiceMsi2019 = {
|
|
2893
|
+
async isAvailable({ scopes }) {
|
|
2894
|
+
const resource = mapScopesToResource(scopes);
|
|
2895
|
+
if (!resource) {
|
|
2896
|
+
logger$5.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
|
|
2897
|
+
return false;
|
|
2898
|
+
}
|
|
2899
|
+
const env = process.env;
|
|
2900
|
+
const result = Boolean(env.IDENTITY_ENDPOINT && env.IDENTITY_HEADER);
|
|
2901
|
+
if (!result) {
|
|
2902
|
+
logger$5.info(`${msiName}: Unavailable. The environment variables needed are: IDENTITY_ENDPOINT and IDENTITY_HEADER.`);
|
|
2903
|
+
}
|
|
2904
|
+
return result;
|
|
2905
|
+
},
|
|
2906
|
+
async getToken(configuration, getTokenOptions = {}) {
|
|
2907
|
+
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2908
|
+
logger$5.info(`${msiName}: Using the endpoint and the secret coming form the environment variables: IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT} and IDENTITY_HEADER=[REDACTED].`);
|
|
2909
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId, resourceId)), {
|
|
2910
|
+
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2911
|
+
allowInsecureConnection: true }));
|
|
2832
2912
|
const tokenResponse = await identityClient.sendTokenRequest(request, expiresOnParser);
|
|
2833
2913
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2834
2914
|
},
|
|
@@ -2875,7 +2955,15 @@ class ManagedIdentityCredential {
|
|
|
2875
2955
|
if (this.cachedMSI) {
|
|
2876
2956
|
return this.cachedMSI;
|
|
2877
2957
|
}
|
|
2878
|
-
const MSIs = [
|
|
2958
|
+
const MSIs = [
|
|
2959
|
+
fabricMsi,
|
|
2960
|
+
appServiceMsi2019,
|
|
2961
|
+
appServiceMsi2017,
|
|
2962
|
+
cloudShellMsi,
|
|
2963
|
+
arcMsi,
|
|
2964
|
+
tokenExchangeMsi(),
|
|
2965
|
+
imdsMsi,
|
|
2966
|
+
];
|
|
2879
2967
|
for (const msi of MSIs) {
|
|
2880
2968
|
if (await msi.isAvailable({
|
|
2881
2969
|
scopes,
|
|
@@ -3017,13 +3105,24 @@ class ManagedIdentityCredential {
|
|
|
3017
3105
|
* @internal
|
|
3018
3106
|
*/
|
|
3019
3107
|
class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
|
|
3108
|
+
// Constructor overload with just the other default options
|
|
3109
|
+
// Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
|
|
3020
3110
|
constructor(options) {
|
|
3021
3111
|
var _a, _b, _c;
|
|
3022
3112
|
const managedIdentityClientId = (_b = (_a = options) === null || _a === void 0 ? void 0 : _a.managedIdentityClientId) !== null && _b !== void 0 ? _b : process.env.AZURE_CLIENT_ID;
|
|
3023
3113
|
const managedResourceId = (_c = options) === null || _c === void 0 ? void 0 : _c.managedIdentityResourceId;
|
|
3024
3114
|
// ManagedIdentityCredential throws if both the resourceId and the clientId are provided.
|
|
3025
|
-
|
|
3026
|
-
|
|
3115
|
+
if (managedResourceId) {
|
|
3116
|
+
const managedIdentityResourceIdOptions = Object.assign(Object.assign({}, options), { resourceId: managedResourceId });
|
|
3117
|
+
super(managedIdentityResourceIdOptions);
|
|
3118
|
+
}
|
|
3119
|
+
else if (managedIdentityClientId) {
|
|
3120
|
+
const managedIdentityClientOptions = Object.assign(Object.assign({}, options), { clientId: managedIdentityClientId });
|
|
3121
|
+
super(managedIdentityClientOptions);
|
|
3122
|
+
}
|
|
3123
|
+
else {
|
|
3124
|
+
super(options);
|
|
3125
|
+
}
|
|
3027
3126
|
}
|
|
3028
3127
|
}
|
|
3029
3128
|
const defaultCredentials = [
|
|
@@ -3038,30 +3137,6 @@ const defaultCredentials = [
|
|
|
3038
3137
|
* work for most applications that use the Azure SDK.
|
|
3039
3138
|
*/
|
|
3040
3139
|
class DefaultAzureCredential extends ChainedTokenCredential {
|
|
3041
|
-
/**
|
|
3042
|
-
* Creates an instance of the DefaultAzureCredential class.
|
|
3043
|
-
*
|
|
3044
|
-
* This credential provides a default {@link ChainedTokenCredential} configuration that should
|
|
3045
|
-
* work for most applications that use the Azure SDK.
|
|
3046
|
-
*
|
|
3047
|
-
* The following credential types will be tried, in order:
|
|
3048
|
-
*
|
|
3049
|
-
* - {@link EnvironmentCredential}
|
|
3050
|
-
* - {@link ManagedIdentityCredential}
|
|
3051
|
-
* - {@link VisualStudioCodeCredential}
|
|
3052
|
-
* - {@link AzureCliCredential}
|
|
3053
|
-
* - {@link AzurePowerShellCredential}
|
|
3054
|
-
*
|
|
3055
|
-
* Consult the documentation of these credential types for more information
|
|
3056
|
-
* on how they attempt authentication.
|
|
3057
|
-
*
|
|
3058
|
-
* **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
|
|
3059
|
-
* `@azure/identity-vscode`. If this package is not installed and registered
|
|
3060
|
-
* using the plugin API (`useIdentityPlugin`), then authentication using
|
|
3061
|
-
* `VisualStudioCodeCredential` will not be available.
|
|
3062
|
-
*
|
|
3063
|
-
* @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.
|
|
3064
|
-
*/
|
|
3065
3140
|
constructor(options) {
|
|
3066
3141
|
super(...defaultCredentials.map((ctor) => new ctor(options)));
|
|
3067
3142
|
this.UnavailableMessage =
|
|
@@ -3552,27 +3627,6 @@ const logger = credentialLogger(credentialName);
|
|
|
3552
3627
|
* Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
|
|
3553
3628
|
*/
|
|
3554
3629
|
class OnBehalfOfCredential {
|
|
3555
|
-
/**
|
|
3556
|
-
* Creates an instance of the {@link OnBehalfOfCredential} with the details
|
|
3557
|
-
* needed to authenticate against Azure Active Directory with a client
|
|
3558
|
-
* secret or a path to a PEM certificate, and an user assertion.
|
|
3559
|
-
*
|
|
3560
|
-
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
|
3561
|
-
*
|
|
3562
|
-
* ```ts
|
|
3563
|
-
* const tokenCredential = new OnBehalfOfCredential({
|
|
3564
|
-
* tenantId,
|
|
3565
|
-
* clientId,
|
|
3566
|
-
* clientSecret, // or `certificatePath: "/path/to/certificate.pem"
|
|
3567
|
-
* userAssertionToken: "access-token"
|
|
3568
|
-
* });
|
|
3569
|
-
* const client = new KeyClient("vault-url", tokenCredential);
|
|
3570
|
-
*
|
|
3571
|
-
* await client.getKey("key-name");
|
|
3572
|
-
* ```
|
|
3573
|
-
*
|
|
3574
|
-
* @param options - Optional parameters, generally common across credentials.
|
|
3575
|
-
*/
|
|
3576
3630
|
constructor(options) {
|
|
3577
3631
|
this.options = options;
|
|
3578
3632
|
const { clientSecret } = options;
|
|
@@ -3629,7 +3683,7 @@ exports.UsernamePasswordCredential = UsernamePasswordCredential;
|
|
|
3629
3683
|
exports.VisualStudioCodeCredential = VisualStudioCodeCredential;
|
|
3630
3684
|
exports.deserializeAuthenticationRecord = deserializeAuthenticationRecord;
|
|
3631
3685
|
exports.getDefaultAzureCredential = getDefaultAzureCredential;
|
|
3632
|
-
exports.logger = logger$
|
|
3686
|
+
exports.logger = logger$k;
|
|
3633
3687
|
exports.serializeAuthenticationRecord = serializeAuthenticationRecord;
|
|
3634
3688
|
exports.useIdentityPlugin = useIdentityPlugin;
|
|
3635
3689
|
//# sourceMappingURL=index.js.map
|