@azure/identity 2.1.0-alpha.20220415.2 → 2.1.0-alpha.20220422.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of @azure/identity might be problematic. Click here for more details.

Files changed (29) hide show
  1. package/CHANGELOG.md +1 -0
  2. package/README.md +36 -8
  3. package/dist/index.js +6 -5
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/src/client/identityClient.js.map +1 -1
  6. package/dist-esm/src/credentials/azureCliCredential.js +5 -4
  7. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  8. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  9. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  10. package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
  11. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  12. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  13. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  14. package/dist-esm/src/credentials/managedIdentityCredential/index.js +1 -1
  15. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  16. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  17. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
  18. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  19. package/dist-esm/src/errors.js.map +1 -1
  20. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  21. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -1
  22. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  23. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +1 -1
  24. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
  25. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
  26. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -1
  27. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  28. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
  29. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -15,6 +15,7 @@
15
15
  ### Other Changes
16
16
 
17
17
  - Upgraded to `@azure/core-tracing` version `^1.0.0`.
18
+ - Improved the errors displayed on the `AzureCliCredential`.
18
19
 
19
20
  ## 2.1.0-beta.2 (2022-03-22)
20
21
 
package/README.md CHANGED
@@ -120,12 +120,12 @@ If used from Node.js, the `DefaultAzureCredential` will attempt to authenticate
120
120
 
121
121
  ![DefaultAzureCredential authentication flow][defaultauthflow_image]
122
122
 
123
- - Environment - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
124
- - Managed Identity - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
125
- - Visual Studio Code - If the developer has authenticated with the [Visual Studio Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account), the `DefaultAzureCredential` will authenticate using that account.
126
- - In `@azure/identity` version 2.0 or later, the [`@azure/identity-vscode`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-vscode) package must be installed for the Visual Studio Code authentication to work.
127
- - Azure CLI - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
128
- - Azure PowerShell - If the developer has authenticated using the Azure PowerShell module `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
123
+ 1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
124
+ 1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
125
+ 1. **Visual Studio Code** - If the developer has authenticated with the [Visual Studio Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account), the `DefaultAzureCredential` will authenticate using that account.
126
+ - In `@azure/identity` version 2.0 or later, the [`@azure/identity-vscode`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-vscode) package must be installed for the Visual Studio Code authentication to work.
127
+ 1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
128
+ 1. **Azure PowerShell** - If the developer has authenticated using the Azure PowerShell module `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
129
129
 
130
130
  ## Plugins
131
131
 
@@ -284,7 +284,10 @@ Credentials raise `AuthenticationError` when they fail to authenticate. This cla
284
284
 
285
285
  ### Logging
286
286
 
287
- Enabling logging may help uncover useful information about failures. To see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. You can read this environment variable from the *.env* file by explicitly specifying a file path:
287
+ Enabling logging may help uncover useful information about failures.
288
+
289
+ To see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`.
290
+ You can read this environment variable from the *.env* file by explicitly specifying a file path:
288
291
 
289
292
  ```javascript
290
293
  require("dotenv").config({ path: ".env" });
@@ -297,6 +300,31 @@ import { setLogLevel } from "@azure/logger";
297
300
 
298
301
  setLogLevel("info");
299
302
  ```
303
+
304
+ In cases where the authenticate code might be running in an environment with more than one credential available,
305
+ the `@azure/identity` package offers a unique form of logging. On the optional parameters for every credential,
306
+ developers can set `allowLoggingAccountIdentifiers` to true in the
307
+ `loggingOptions` to log information specific to the authenticated account after
308
+ each successful authentication, including the Client ID, the Tenant ID, the
309
+ Object ID of the authenticated user, and if possible the User Principal Name.
310
+
311
+ For example, using the `DefaultAzureCredential`:
312
+
313
+ ```js
314
+ import { setLogLevel } from "@azure/logger";
315
+
316
+ setLogLevel("info");
317
+
318
+ const credential = new DefaultAzureCredential({
319
+ loggingOptions: { allowLoggingAccountIdentifiers: true }
320
+ });
321
+ ```
322
+
323
+ Once that credential authenticates, the following message will appear in the logs (with the real information instead of `HIDDEN`):
324
+
325
+ ```
326
+ azure:identity:info [Authenticated account] Client ID: HIDDEN. Tenant ID: HIDDEN. User Principal Name: HIDDEN. Object ID (user): HIDDEN
327
+ ```
300
328
 
301
329
  For assistance with troubleshooting, see the [troubleshooting guide](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/TROUBLESHOOTING.md).
302
330
 
@@ -338,6 +366,6 @@ If you'd like to contribute to this library, please read the [contributing guide
338
366
  [azureclilogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLogin.png
339
367
  [azureclilogindevicecode_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLoginDeviceCode.png
340
368
  [azurepowershelllogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzurePowerShellLogin.png
341
- [defaultauthflow_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/DefaultAzureCredentialAuthenticationFlow.png
369
+ [defaultauthflow_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
342
370
 
343
371
  ![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js%2Fsdk%2Fidentity%2Fidentity%2FREADME.png)
package/dist/index.js CHANGED
@@ -1542,13 +1542,14 @@ class AzureCliCredential {
1542
1542
  ensureValidScope(scope, logger$h);
1543
1543
  const resource = getScopeResource(scope);
1544
1544
  return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
1545
- var _a, _b, _c;
1545
+ var _a, _b, _c, _d;
1546
1546
  try {
1547
1547
  const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId);
1548
- const isLoginError = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login(.*)");
1549
- const isNotInstallError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("az:(.*)not found")) || ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.startsWith("'az' is not recognized"));
1548
+ const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
1549
+ const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
1550
+ const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
1550
1551
  if (isNotInstallError) {
1551
- const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
1552
+ const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
1552
1553
  logger$h.getToken.info(formatError(scopes, error));
1553
1554
  throw error;
1554
1555
  }
@@ -2904,11 +2905,11 @@ class ManagedIdentityCredential {
2904
2905
  return this.cachedMSI;
2905
2906
  }
2906
2907
  const MSIs = [
2908
+ arcMsi,
2907
2909
  fabricMsi,
2908
2910
  appServiceMsi2019,
2909
2911
  appServiceMsi2017,
2910
2912
  cloudShellMsi,
2911
- arcMsi,
2912
2913
  tokenExchangeMsi(),
2913
2914
  imdsMsi,
2914
2915
  ];