npm - @azure/identity - Versions diffs - 2.1.1-alpha.20220712.2 → 3.0.0-alpha.20220809.2 - Mend

@azure/identity 2.1.1-alpha.20220712.2 → 3.0.0-alpha.20220809.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (16) hide show

package/README.md CHANGED Viewed

@@ -88,7 +88,7 @@ If interactive authentication cannot be supported in the session, then the `-Use
 #### Authenticate via Visual Studio Code
-Developers using Visual Studio Code can use the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) to authenticate via the editor. Apps using `DefaultAzureCredential` or `VisualStudioCodeCredential` can then use this account to authenticate calls in their app when running locally.
+Developers using Visual Studio Code can use the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) to authenticate via the editor. Apps using `VisualStudioCodeCredential` can then use this account to authenticate calls in their app when running locally.
 To authenticate in Visual Studio Code, ensure the Azure Account extension is installed. Once installed, open the **Command Palette** and run the **Azure: Sign In** command.
@@ -124,11 +124,13 @@ If used from Node.js, the `DefaultAzureCredential` will attempt to authenticate
 1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
 1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
-1. **Visual Studio Code** - If the developer has authenticated with the [Visual Studio Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account), the `DefaultAzureCredential` will authenticate using that account.
-   - In `@azure/identity` version 2.0 or later, the [`@azure/identity-vscode`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-vscode) package must be installed for the Visual Studio Code authentication to work.
 1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
 1. **Azure PowerShell** - If the developer has authenticated using the Azure PowerShell module `Connect-AzAccount` command, the `DefaultAzureCredential` will authenticate with that account.
+#### Note about `VisualStudioCodeCredential`
+Due to a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500), `VisualStudioCodeCredential` has been removed from the `DefaultAzureCredential` token chain. When the issue is resolved in a future release it will return.
 ## Plugins
 Azure Identity for JavaScript provides a plugin API that allows us to provide certain functionality through separate _plugin packages_. The `@azure/identity` package exports a top-level function (`useIdentityPlugin`) that can be used to enable a plugin. We provide two plugin packages:

package/dist/index.js CHANGED Viewed

@@ -189,7 +189,7 @@ function getIdentityTokenEndpointSuffix(tenantId) {
 /**
  * Current version of the `@azure/identity` package.
  */
-const SDK_VERSION = `2.1.1`;
+const SDK_VERSION = `3.0.0-beta.1`;
 /**
  * The default client ID for authentication
  * @internal
@@ -1279,6 +1279,7 @@ class VisualStudioCodeCredential {
                 "You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)",
                 "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
                 "`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.",
+                "To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.",
             ].join(" "));
         }
         let scopeString = typeof scopes === "string" ? scopes : scopes.join(" ");
@@ -1918,9 +1919,26 @@ class MsalClientCertificate extends MsalNode {
     async init(options) {
         try {
             const parts = await parseCertificate(this.configuration, this.sendCertificateChain);
+            let privateKey;
+            if (this.configuration.certificatePassword !== undefined) {
+                const privateKeyObject = crypto.createPrivateKey({
+                    key: parts.certificateContents,
+                    passphrase: this.configuration.certificatePassword,
+                    format: "pem",
+                });
+                privateKey = privateKeyObject
+                    .export({
+                    format: "pem",
+                    type: "pkcs8",
+                })
+                    .toString();
+            }
+            else {
+                privateKey = parts.certificateContents;
+            }
             this.msalConfig.auth.clientCertificate = {
                 thumbprint: parts.thumbprint,
-                privateKey: parts.certificateContents,
+                privateKey: privateKey,
                 x5c: parts.x5c,
             };
         }
@@ -2095,6 +2113,7 @@ const AllSupportedEnvironmentVariables = [
     "AZURE_CLIENT_ID",
     "AZURE_CLIENT_SECRET",
     "AZURE_CLIENT_CERTIFICATE_PATH",
+    "AZURE_CLIENT_CERTIFICATE_PASSWORD",
     "AZURE_USERNAME",
     "AZURE_PASSWORD",
 ];
@@ -2115,6 +2134,7 @@ class EnvironmentCredential {
      * Environment variables used for client credential authentication:
      * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
      * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
+     * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
      *
      * Alternatively, users can provide environment variables for username and password authentication:
      * - `AZURE_USERNAME`: Username to authenticate with.
@@ -2140,9 +2160,10 @@ class EnvironmentCredential {
             return;
         }
         const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
+        const certificatePassword = process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD;
         if (tenantId && clientId && certificatePath) {
             logger$d.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
-            this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath }, options);
+            this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath, certificatePassword }, options);
             return;
         }
         const username = process.env.AZURE_USERNAME;
@@ -3083,7 +3104,6 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
 const defaultCredentials = [
     EnvironmentCredential,
     DefaultManagedIdentityCredential,
-    VisualStudioCodeCredential,
     AzureCliCredential,
     AzurePowerShellCredential,
 ];