@azure/identity 2.1.0-alpha.20220413.2 → 2.1.0-alpha.20220419.3

package/CHANGELOG.md

@@ -8,6 +8,10 @@
 
 ### Bugs Fixed
 
+- Fixed a bug that would break the AzureCliCredential if the Azure CLI reported a warning. See: [21075](https://github.com/Azure/azure-sdk-for-js/issues/21075).
+- Fixed a bug in `AuthorizationCodeCredential` where the tenant id was not being used. The `common` tenant was the only tenant being used by this credential.
+- Fixed a bug in `AuthorizationCodeCredential` where the public client was not being used. Due to this bug, without passing in the client secret, this credential would fail.
+
 ### Other Changes
 
 - Upgraded to `@azure/core-tracing` version `^1.0.0`.

package/README.md

@@ -284,7 +284,10 @@ Credentials raise `AuthenticationError` when they fail to authenticate. This cla
 
 ### Logging
 
-Enabling logging may help uncover useful information about failures. To see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. You can read this environment variable from the *.env* file by explicitly specifying a file path:
+Enabling logging may help uncover useful information about failures.
+
+To see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`.
+You can read this environment variable from the *.env* file by explicitly specifying a file path:
 
 ```javascript
 require("dotenv").config({ path: ".env" });
@@ -297,6 +300,31 @@ import { setLogLevel } from "@azure/logger";
 
 setLogLevel("info");
 ```
+ 
+In cases where the authenticate code might be running in an environment with more than one credential available,
+the `@azure/identity` package offers a unique form of logging. On the optional parameters for every credential,
+developers can set `allowLoggingAccountIdentifiers` to true in the
+`loggingOptions` to log information specific to the authenticated account after
+each successful authentication, including the Client ID, the Tenant ID, the
+Object ID of the authenticated user, and if possible the User Principal Name.
+
+For example, using the `DefaultAzureCredential`:
+
+```js
+import { setLogLevel } from "@azure/logger";
+
+setLogLevel("info");
+
+const credential = new DefaultAzureCredential({
+  loggingOptions: { allowLoggingAccountIdentifiers: true }
+});
+```
+
+Once that credential authenticates, the following message will appear in the logs (with the real information instead of `HIDDEN`):
+
+```
+azure:identity:info [Authenticated account] Client ID: HIDDEN. Tenant ID: HIDDEN. User Principal Name: HIDDEN. Object ID (user): HIDDEN
+```
 
 For assistance with troubleshooting, see the [troubleshooting guide](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/TROUBLESHOOTING.md).
 

package/dist/index.js

@@ -1541,29 +1541,24 @@ class AzureCliCredential {
         logger$h.getToken.info(`Using the scope ${scope}`);
         ensureValidScope(scope, logger$h);
         const resource = getScopeResource(scope);
-        let responseData = "";
         return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
+            var _a, _b, _c;
             try {
                 const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId);
-                if (obj.stderr) {
-                    const isLoginError = obj.stderr.match("(.*)az login(.*)");
-                    const isNotInstallError = obj.stderr.match("az:(.*)not found") || obj.stderr.startsWith("'az' is not recognized");
-                    if (isNotInstallError) {
-                        const error = new CredentialUnavailableError("Azure CLI could not be found.  Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
-                        logger$h.getToken.info(formatError(scopes, error));
-                        throw error;
-                    }
-                    else if (isLoginError) {
-                        const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
-                        logger$h.getToken.info(formatError(scopes, error));
-                        throw error;
-                    }
-                    const error = new CredentialUnavailableError(obj.stderr);
+                const isLoginError = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login(.*)");
+                const isNotInstallError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("az:(.*)not found")) || ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.startsWith("'az' is not recognized"));
+                if (isNotInstallError) {
+                    const error = new CredentialUnavailableError("Azure CLI could not be found.  Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
                     logger$h.getToken.info(formatError(scopes, error));
                     throw error;
                 }
-                else {
-                    responseData = obj.stdout;
+                if (isLoginError) {
+                    const error = new CredentialUnavailableError("Please run 'az login' from a command prompt to authenticate before using this credential.");
+                    logger$h.getToken.info(formatError(scopes, error));
+                    throw error;
+                }
+                try {
+                    const responseData = obj.stdout;
                     const response = JSON.parse(responseData);
                     logger$h.getToken.info(formatSuccess(scopes));
                     const returnValue = {
@@ -1572,9 +1567,17 @@ class AzureCliCredential {
                     };
                     return returnValue;
                 }
+                catch (e) {
+                    if (obj.stderr) {
+                        throw new CredentialUnavailableError(obj.stderr);
+                    }
+                    throw e;
+                }
             }
             catch (err) {
-                const error = new Error(err.message || "Unknown error while trying to retrieve the access token");
+                const error = err.name === "CredentialUnavailableError"
+                    ? err
+                    : new Error(err.message || "Unknown error while trying to retrieve the access token");
                 logger$h.getToken.info(formatError(scopes, error));
                 throw error;
             }
@@ -3440,12 +3443,12 @@ class MsalAuthorizationCode extends MsalNode {
     }
     async getAuthCodeUrl(options) {
         await this.init();
-        return this.confidentialApp.getAuthCodeUrl(options);
+        return (this.confidentialApp || this.publicApp).getAuthCodeUrl(options);
     }
     async doGetToken(scopes, options) {
         var _a;
         try {
-            const result = await ((_a = this.confidentialApp) === null || _a === void 0 ? void 0 : _a.acquireTokenByCode({
+            const result = await ((_a = (this.confidentialApp || this.publicApp)) === null || _a === void 0 ? void 0 : _a.acquireTokenByCode({
                 scopes,
                 redirectUri: this.redirectUri,
                 code: this.authorizationCode,
@@ -3494,7 +3497,8 @@ class AuthorizationCodeCredential {
             options = redirectUriOrOptions;
         }
         this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
-            clientId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
+            clientId,
+            tenantId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
     }
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.