npm - @azure/identity - Versions diffs - 2.1.0-beta.1 → 2.1.1-alpha.20220712.2 - Mend

@azure/identity 2.1.0-beta.1 → 2.1.1-alpha.20220712.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (92) hide show

package/types/identity.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { AccessToken } from '@azure/core-auth';
 import { AzureLogger } from '@azure/logger';
 import { CommonClientOptions } from '@azure/core-client';
 import { GetTokenOptions } from '@azure/core-auth';
+import { LogPolicyOptions } from '@azure/core-rest-pipeline';
 import { TokenCredential } from '@azure/core-auth';
 export { AccessToken }
@@ -122,7 +123,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     private authorizationCode;
     private redirectUri;
     /**
-     * Creates an instance of CodeFlowCredential with the details needed
+     * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
      * from Azure Active Directory.
      *
@@ -145,7 +146,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      */
     constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
     /**
-     * Creates an instance of CodeFlowCredential with the details needed
+     * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
      * from Azure Active Directory.
      *
@@ -331,6 +332,36 @@ export declare class ChainedTokenCredential implements TokenCredential {
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
+/**
+ * Authenticates a service principal with a JWT assertion.
+ */
+export declare class ClientAssertionCredential implements TokenCredential {
+    private msalFlow;
+    private tenantId;
+    private clientId;
+    private options;
+    /**
+     * Creates an instance of the ClientAssertionCredential with the details
+     * needed to authenticate against Azure Active Directory with a client
+     * assertion provided by the developer through the `getAssertion` function parameter.
+     *
+     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param getAssertion - A function that retrieves the assertion for the credential to use.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: TokenCredentialOptions);
+    /**
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
 /**
  * Enables authentication to Azure Active Directory using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
@@ -357,11 +388,22 @@ export declare class ClientCertificateCredential implements TokenCredential {
      *
      * @param tenantId - The Azure Active Directory tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string, or as a path on the filesystem.
-     *                        If the type is ignored, we will throw if both the value of the PEM certificate and the path to a PEM certificate are provided at the same time.
+     * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
+     *                        If the type is ignored, we will throw the value of the path to a PEM certificate.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
+    /**
+     * Creates an instance of the ClientCertificateCredential with the details
+     * needed to authenticate against Azure Active Directory with a certificate.
+     *
+     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
+     *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.
      * @param options - Options for configuring the client which makes the authentication request.
      */
-    constructor(tenantId: string, clientId: string, configuration: ClientCertificateCredentialPEMConfiguration, options?: ClientCertificateCredentialOptions);
+    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -387,25 +429,27 @@ export declare interface ClientCertificateCredentialOptions extends TokenCredent
 /**
  * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
  */
-export declare type ClientCertificateCredentialPEMConfiguration = {
+export declare type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
+/**
+ * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
+ */
+export declare interface ClientCertificatePEMCertificate {
     /**
      * The PEM-encoded public/private key certificate on the filesystem.
      */
     certificate: string;
-    /**
-     * The PEM-encoded public/private key certificate on the filesystem     should not be provided if `certificate` is provided.
-     */
-    certificatePath?: never;
-} | {
-    /**
-     * The PEM-encoded public/private key certificate on the filesystem should not be provided if `certificatePath` is provided.
-     */
-    certificate?: never;
+}
+/**
+ * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
+ */
+export declare interface ClientCertificatePEMCertificatePath {
     /**
      * The path to the PEM-encoded public/private key certificate on the filesystem.
      */
     certificatePath: string;
-};
+}
 /**
  * Enables authentication to Azure Active Directory using a client secret
@@ -502,7 +546,55 @@ export declare const CredentialUnavailableErrorName = "CredentialUnavailableErro
  */
 export declare class DefaultAzureCredential extends ChainedTokenCredential {
     /**
-     * Creates an instance of the DefaultAzureCredential class.
+     * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}
+     *
+     * This credential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications that use the Azure SDK.
+     *
+     * The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     * - {@link VisualStudioCodeCredential}
+     * - {@link AzureCliCredential}
+     * - {@link AzurePowerShellCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
+     * `@azure/identity-vscode`. If this package is not installed and registered
+     * using the plugin API (`useIdentityPlugin`), then authentication using
+     * `VisualStudioCodeCredential` will not be available.
+     * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.
+     */
+    constructor(options?: DefaultAzureCredentialClientIdOptions);
+    /**
+     *  Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}
+     *
+     * This credential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications that use the Azure SDK.
+     *
+     * The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     * - {@link VisualStudioCodeCredential}
+     * - {@link AzureCliCredential}
+     * - {@link AzurePowerShellCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
+     * `@azure/identity-vscode`. If this package is not installed and registered
+     * using the plugin API (`useIdentityPlugin`), then authentication using
+     * `VisualStudioCodeCredential` will not be available.
+     * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.
+     */
+    constructor(options?: DefaultAzureCredentialResourceIdOptions);
+    /**
+     * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}
      *
      * This credential provides a default {@link ChainedTokenCredential} configuration that should
      * work for most applications that use the Azure SDK.
@@ -532,12 +624,7 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
  * Provides options to configure the {@link DefaultAzureCredential} class.
  * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.
  */
-export declare interface DefaultAzureCredentialClientIdOptions extends TokenCredentialOptions {
-    /**
-     * Optionally pass in a Tenant ID to be used as part of the credential.
-     * By default it may use a generic tenant ID depending on the underlying credential.
-     */
-    tenantId?: string;
+export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {
     /**
      * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
      * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
@@ -548,18 +635,19 @@ export declare interface DefaultAzureCredentialClientIdOptions extends TokenCred
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
  */
-export declare type DefaultAzureCredentialOptions = DefaultAzureCredentialClientIdOptions | DefaultAzureCredentialResourceIdOptions;
-/**
- * Provides options to configure the {@link DefaultAzureCredential} class.
- * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.
- */
-export declare interface DefaultAzureCredentialResourceIdOptions extends TokenCredentialOptions {
+export declare interface DefaultAzureCredentialOptions extends TokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential.
      * By default it may use a generic tenant ID depending on the underlying credential.
      */
     tenantId?: string;
+}
+/**
+ * Provides options to configure the {@link DefaultAzureCredential} class.
+ * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.
+ */
+export declare interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {
     /**
      * Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.
      * In scenarios such as when user assigned identities are created using an ARM template,
@@ -567,7 +655,7 @@ export declare interface DefaultAzureCredentialResourceIdOptions extends TokenCr
      * this parameter allows programs to use these user assigned identities
      * without having to first determine the client Id of the created identity.
      */
-    managedIdentityResourceId?: string;
+    managedIdentityResourceId: string;
 }
 /**
@@ -940,11 +1028,17 @@ export declare class ManagedIdentityCredential implements TokenCredential {
      */
     constructor(clientId: string, options?: TokenCredentialOptions);
     /**
-     * Creates an instance of ManagedIdentityCredential
+     * Creates an instance of ManagedIdentityCredential with clientId
      *
      * @param options - Options for configuring the client which makes the access token request.
      */
-    constructor(options?: ManagedIdentityCredentialOptions);
+    constructor(options?: ManagedIdentityCredentialClientIdOptions);
+    /**
+     * Creates an instance of ManagedIdentityCredential with Resource Id
+     *
+     * @param options - Options for configuring the resource which makes the access token request.
+     */
+    constructor(options?: ManagedIdentityCredentialResourceIdOptions);
     private cachedMSI;
     private cachedAvailableMSI;
     private authenticateManagedIdentity;
@@ -971,11 +1065,6 @@ export declare interface ManagedIdentityCredentialClientIdOptions extends TokenC
     clientId?: string;
 }
-/**
- * Options to send on the {@link ManagedIdentityCredential} constructor.
- */
-export declare type ManagedIdentityCredentialOptions = ManagedIdentityCredentialClientIdOptions | ManagedIdentityCredentialResourceIdOptions;
 /**
  * Options to send on the {@link ManagedIdentityCredential} constructor.
  * This variation supports `resourceId` and not `clientId`, since only one of both is supported.
@@ -988,7 +1077,7 @@ export declare interface ManagedIdentityCredentialResourceIdOptions extends Toke
      * this parameter allows programs to use these user assigned identities
      * without having to first determine the client Id of the created identity.
      */
-    resourceId?: string;
+    resourceId: string;
 }
 /**
@@ -997,10 +1086,32 @@ export declare interface ManagedIdentityCredentialResourceIdOptions extends Toke
 export declare class OnBehalfOfCredential implements TokenCredential {
     private options;
     private msalFlow;
+    /**
+     * Creates an instance of the {@link OnBehalfOfCredential} with the details
+     * needed to authenticate against Azure Active Directory with path to a PEM certificate,
+     * and an user assertion.
+     *
+     * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
+     *
+     * ```ts
+     * const tokenCredential = new OnBehalfOfCredential({
+     *   tenantId,
+     *   clientId,
+     *   certificatePath: "/path/to/certificate.pem",
+     *   userAssertionToken: "access-token"
+     * });
+     * const client = new KeyClient("vault-url", tokenCredential);
+     *
+     * await client.getKey("key-name");
+     * ```
+     *
+     * @param options - Optional parameters, generally common across credentials.
+     */
+    constructor(options: OnBehalfOfCredentialCertificateOptions & TokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
      * needed to authenticate against Azure Active Directory with a client
-     * secret or a path to a PEM certificate, and an user assertion.
+     * secret and an user assertion.
      *
      * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
      *
@@ -1008,7 +1119,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      * const tokenCredential = new OnBehalfOfCredential({
      *   tenantId,
      *   clientId,
-     *   clientSecret, // or `certificatePath: "/path/to/certificate.pem"
+     *   clientSecret,
      *   userAssertionToken: "access-token"
      * });
      * const client = new KeyClient("vault-url", tokenCredential);
@@ -1018,7 +1129,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      *
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(options: OnBehalfOfCredentialOptions);
+    constructor(options: OnBehalfOfCredentialSecretOptions & TokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1045,19 +1156,15 @@ export declare interface OnBehalfOfCredentialCertificateOptions {
      * The path to a PEM-encoded public/private key certificate on the filesystem.
      */
     certificatePath: string;
-    /**
-     * Option to include x5c header for SubjectName and Issuer name authorization.
-     * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
-     */
-    sendCertificateChain?: boolean;
     /**
      * The user assertion for the On-Behalf-Of flow.
      */
     userAssertionToken: string;
     /**
-     * Client secret should not be provided when certificate options are provided.
+     * Option to include x5c header for SubjectName and Issuer name authorization.
+     * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
      */
-    clientSecret?: never;
+    sendCertificateChain?: boolean;
 }
 /**
@@ -1085,14 +1192,6 @@ export declare interface OnBehalfOfCredentialSecretOptions {
      * The user assertion for the On-Behalf-Of flow.
      */
     userAssertionToken: string;
-    /**
-     * The path to a PEM-encoded certificate should not be provided when the secret options are provided.
-     */
-    certificatePath?: never;
-    /**
-     * Option to include x5c header should not be provided when the secret options are provided.
-     */
-    sendCertificateChain?: never;
 }
 /**
@@ -1148,6 +1247,12 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
      * The default is "https://login.microsoftonline.com".
      */
     authorityHost?: string;
+    /**
+     * Allows logging account information once the authentication flow succeeds.
+     */
+    loggingOptions?: LogPolicyOptions & {
+        allowLoggingAccountIdentifiers?: boolean;
+    };
 }
 /**