@azure/identity 3.0.0-alpha.20220914.2 → 3.0.0-alpha.20220923.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (130) hide show
  1. package/README.md +1 -1
  2. package/dist/index.js +1901 -1857
  3. package/dist/index.js.map +1 -1
  4. package/dist-esm/src/client/identityClient.js +5 -9
  5. package/dist-esm/src/client/identityClient.js.map +1 -1
  6. package/dist-esm/src/constants.js +4 -0
  7. package/dist-esm/src/constants.js.map +1 -1
  8. package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +1 -1
  9. package/dist-esm/src/credentials/authorizationCodeCredential.js +10 -3
  10. package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
  11. package/dist-esm/src/credentials/authorizationCodeCredentialOptions.js +4 -0
  12. package/dist-esm/src/credentials/authorizationCodeCredentialOptions.js.map +1 -0
  13. package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map +1 -1
  14. package/dist-esm/src/credentials/azureApplicationCredential.js +1 -1
  15. package/dist-esm/src/credentials/azureApplicationCredential.js.map +1 -1
  16. package/dist-esm/src/credentials/azureApplicationCredentialOptions.js +4 -0
  17. package/dist-esm/src/credentials/azureApplicationCredentialOptions.js.map +1 -0
  18. package/dist-esm/src/credentials/azureCliCredential.browser.js.map +1 -1
  19. package/dist-esm/src/credentials/azureCliCredential.js +6 -9
  20. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
  22. package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map +1 -1
  23. package/dist-esm/src/credentials/azurePowerShellCredential.js +5 -8
  24. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  25. package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +1 -1
  26. package/dist-esm/src/credentials/chainedTokenCredential.js +1 -1
  27. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  28. package/dist-esm/src/credentials/clientAssertionCredential.js +4 -1
  29. package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
  30. package/dist-esm/src/credentials/clientAssertionCredentialOptions.js +4 -0
  31. package/dist-esm/src/credentials/clientAssertionCredentialOptions.js.map +1 -0
  32. package/dist-esm/src/credentials/clientCertificateCredential.js +4 -0
  33. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  34. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  35. package/dist-esm/src/credentials/clientSecretCredential.browser.js +6 -3
  36. package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
  37. package/dist-esm/src/credentials/clientSecretCredential.js +6 -1
  38. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  39. package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  40. package/dist-esm/src/credentials/defaultAzureCredential.browser.js.map +1 -1
  41. package/dist-esm/src/credentials/defaultAzureCredential.js +2 -2
  42. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  43. package/dist-esm/src/credentials/defaultAzureCredentialOptions.js +4 -0
  44. package/dist-esm/src/credentials/defaultAzureCredentialOptions.js.map +1 -0
  45. package/dist-esm/src/credentials/deviceCodeCredential.js +7 -2
  46. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  47. package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +1 -1
  48. package/dist-esm/src/credentials/environmentCredential.browser.js.map +1 -1
  49. package/dist-esm/src/credentials/environmentCredential.js +18 -7
  50. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  51. package/dist-esm/src/credentials/environmentCredentialOptions.js +4 -0
  52. package/dist-esm/src/credentials/environmentCredentialOptions.js.map +1 -0
  53. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +8 -2
  54. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  55. package/dist-esm/src/credentials/interactiveBrowserCredential.js +8 -3
  56. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  57. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  58. package/dist-esm/src/credentials/interactiveCredentialOptions.js.map +1 -1
  59. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +1 -8
  60. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  61. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js +1 -8
  62. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -1
  63. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +1 -8
  64. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  65. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +1 -18
  66. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  67. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  68. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +23 -0
  69. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  70. package/dist-esm/src/credentials/multiTenantTokenCredentialOptions.js +4 -0
  71. package/dist-esm/src/credentials/multiTenantTokenCredentialOptions.js.map +1 -0
  72. package/dist-esm/src/credentials/onBehalfOfCredential.js +7 -2
  73. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
  74. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -1
  75. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +8 -17
  76. package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
  77. package/dist-esm/src/credentials/usernamePasswordCredential.js +7 -2
  78. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  79. package/dist-esm/src/credentials/usernamePasswordCredentialOptions.js.map +1 -1
  80. package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +1 -1
  81. package/dist-esm/src/credentials/visualStudioCodeCredential.js +9 -7
  82. package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
  83. package/dist-esm/src/credentials/visualStudioCodeCredentialOptions.js +4 -0
  84. package/dist-esm/src/credentials/visualStudioCodeCredentialOptions.js.map +1 -0
  85. package/dist-esm/src/index.js +4 -4
  86. package/dist-esm/src/index.js.map +1 -1
  87. package/dist-esm/src/msal/browserFlows/msalAuthCode.js +2 -2
  88. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  89. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +2 -3
  90. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  91. package/dist-esm/src/msal/credentials.js.map +1 -1
  92. package/dist-esm/src/msal/flows.js.map +1 -1
  93. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +1 -1
  94. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -1
  95. package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js +1 -1
  96. package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js.map +1 -1
  97. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +3 -3
  98. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +1 -1
  99. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +1 -1
  100. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
  101. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +4 -5
  102. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
  103. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js +1 -1
  104. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -1
  105. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +4 -4
  106. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
  107. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
  108. package/dist-esm/src/msal/utils.js +4 -4
  109. package/dist-esm/src/msal/utils.js.map +1 -1
  110. package/dist-esm/src/plugins/provider.js.map +1 -1
  111. package/dist-esm/src/util/processMultiTenantRequest.browser.js +29 -0
  112. package/dist-esm/src/util/processMultiTenantRequest.browser.js.map +1 -0
  113. package/dist-esm/src/util/processMultiTenantRequest.js +32 -0
  114. package/dist-esm/src/util/processMultiTenantRequest.js.map +1 -0
  115. package/dist-esm/src/util/scopeUtils.js +7 -0
  116. package/dist-esm/src/util/scopeUtils.js.map +1 -1
  117. package/dist-esm/src/util/tenantIdUtils.js +44 -0
  118. package/dist-esm/src/util/tenantIdUtils.js.map +1 -0
  119. package/dist-esm/src/util/tracing.js +1 -1
  120. package/dist-esm/src/util/tracing.js.map +1 -1
  121. package/package.json +3 -3
  122. package/types/identity.d.ts +59 -15
  123. package/dist-esm/src/util/checkTenantId.js +0 -11
  124. package/dist-esm/src/util/checkTenantId.js.map +0 -1
  125. package/dist-esm/src/util/resolveTenantId.js +0 -18
  126. package/dist-esm/src/util/resolveTenantId.js.map +0 -1
  127. package/dist-esm/src/util/validateMultiTenant.browser.js +0 -22
  128. package/dist-esm/src/util/validateMultiTenant.browser.js.map +0 -1
  129. package/dist-esm/src/util/validateMultiTenant.js +0 -29
  130. package/dist-esm/src/util/validateMultiTenant.js.map +0 -1
package/dist-esm/src/msal/credentials.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../src/msal/credentials.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\n\nimport { AuthenticationRecord } from \"./types\";\n\n/**\n * The MSAL clients `getToken` requests can receive a `correlationId` and `disableAutomaticAuthentication`.\n * (which is used to prevent `getToken` from triggering the manual authentication if `getTokenSilent` fails).\n * @internal\n */\nexport interface CredentialFlowGetTokenOptions extends GetTokenOptions {\n /**\n * Unique identifier useful to track outgoing requests.\n */\n correlationId?: string;\n /**\n * Makes getToken throw if a manual authentication is necessary.\n */\n disableAutomaticAuthentication?: boolean;\n /**\n * Authority, to overwrite the default one, if necessary.\n */\n authority?: string;\n /**\n * Claims received from challenges.\n */\n claims?: string;\n\n /**\n * Client Assertion\n */\n getAssertion?: () => Promise<string>;\n}\n\n/**\n * Simplified representation of the internal authentication flow.\n * @internal\n */\nexport interface CredentialFlow {\n /**\n * Clears the MSAL cache.\n */\n logout(): Promise<void>;\n /**\n * Tries to load the active account, either from memory or from MSAL.\n */\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n /**\n * Calls to the implementation's doGetToken method.\n */\n getToken(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken | null>;\n}\n"]}
1
+ {"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../src/msal/credentials.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"./types\";\n\n/**\n * The MSAL clients `getToken` requests can receive a `correlationId` and `disableAutomaticAuthentication`.\n * (which is used to prevent `getToken` from triggering the manual authentication if `getTokenSilent` fails).\n * @internal\n */\nexport interface CredentialFlowGetTokenOptions extends GetTokenOptions {\n /**\n * Unique identifier useful to track outgoing requests.\n */\n correlationId?: string;\n /**\n * Makes getToken throw if a manual authentication is necessary.\n */\n disableAutomaticAuthentication?: boolean;\n /**\n * Authority, to overwrite the default one, if necessary.\n */\n authority?: string;\n /**\n * Claims received from challenges.\n */\n claims?: string;\n\n /**\n * Client Assertion\n */\n getAssertion?: () => Promise<string>;\n}\n\n/**\n * Simplified representation of the internal authentication flow.\n * @internal\n */\nexport interface CredentialFlow {\n /**\n * Clears the MSAL cache.\n */\n logout(): Promise<void>;\n /**\n * Tries to load the active account, either from memory or from MSAL.\n */\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n /**\n * Calls to the implementation's doGetToken method.\n */\n getToken(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken | null>;\n}\n"]}
package/dist-esm/src/msal/flows.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"flows.js","sourceRoot":"","sources":["../../../src/msal/flows.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialLogger } from \"../util/logging\";\nimport { AuthenticationRecord } from \"./types\";\nimport { CredentialFlowGetTokenOptions } from \"./credentials\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * @internal\n */\nexport interface MsalFlowOptions {\n logger: CredentialLogger;\n clientId?: string;\n tenantId?: string;\n authorityHost?: string;\n authenticationRecord?: AuthenticationRecord;\n disableAutomaticAuthentication?: boolean;\n getAssertion?: () => Promise<string>;\n}\n\n/**\n * The common methods we use to work with the MSAL flows.\n * @internal\n */\nexport interface MsalFlow {\n /**\n * Allows for any setup before any request is processed.\n */\n init(options?: CredentialFlowGetTokenOptions): Promise<void>;\n /**\n * Tries to load the active account, either from memory or from MSAL.\n */\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n getTokenSilent(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n /**\n * Calls to the implementation's doGetToken method.\n */\n getToken(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n"]}
1
+ {"version":3,"file":"flows.js","sourceRoot":"","sources":["../../../src/msal/flows.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"./types\";\nimport { CredentialFlowGetTokenOptions } from \"./credentials\";\nimport { CredentialLogger } from \"../util/logging\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * @internal\n */\nexport interface MsalFlowOptions {\n logger: CredentialLogger;\n clientId?: string;\n tenantId?: string;\n authorityHost?: string;\n authenticationRecord?: AuthenticationRecord;\n disableAutomaticAuthentication?: boolean;\n getAssertion?: () => Promise<string>;\n}\n\n/**\n * The common methods we use to work with the MSAL flows.\n * @internal\n */\nexport interface MsalFlow {\n /**\n * Allows for any setup before any request is processed.\n */\n init(options?: CredentialFlowGetTokenOptions): Promise<void>;\n /**\n * Tries to load the active account, either from memory or from MSAL.\n */\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n getTokenSilent(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n /**\n * Calls to the implementation's doGetToken method.\n */\n getToken(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { credentialLogger } from "../../util/logging";
4
3
  import { MsalNode } from "./msalNodeCommon";
4
+ import { credentialLogger } from "../../util/logging";
5
5
  /**
6
6
  * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`
7
7
  * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback
package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalAuthorizationCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalAuthorizationCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAY7D;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1D;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAkD;QACrE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAE,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC3E,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;;QAEvC,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,CAAA,MAAA,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAC,0CAAE,kBAAkB,CAAC;gBAChF,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,iBAAiB;gBAC5B,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CAAA,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALAuthorizationCodeOptions extends MsalNodeOptions {\n redirectUri: string;\n authorizationCode: string;\n clientSecret?: string;\n}\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalAuthorizationCode extends MsalNode {\n private redirectUri: string;\n private authorizationCode: string;\n\n constructor(options: MSALAuthorizationCodeOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Authorization Code\");\n this.redirectUri = options.redirectUri;\n this.authorizationCode = options.authorizationCode;\n if (options.clientSecret) {\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n }\n\n async getAuthCodeUrl(options: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.init();\n return (this.confidentialApp || this.publicApp)!.getAuthCodeUrl(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const result = await (this.confidentialApp || this.publicApp)?.acquireTokenByCode({\n scopes,\n redirectUri: this.redirectUri,\n code: this.authorizationCode,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalAuthorizationCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalAuthorizationCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYtD;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1D;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAkD;QACrE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAE,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC3E,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;;QAEvC,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,CAAA,MAAA,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAC,0CAAE,kBAAkB,CAAC;gBAChF,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,iBAAiB;gBAC5B,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CAAA,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { credentialLogger } from \"../../util/logging\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalAuthorizationCodeOptions extends MsalNodeOptions {\n redirectUri: string;\n authorizationCode: string;\n clientSecret?: string;\n}\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalAuthorizationCode extends MsalNode {\n private redirectUri: string;\n private authorizationCode: string;\n\n constructor(options: MsalAuthorizationCodeOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Authorization Code\");\n this.redirectUri = options.redirectUri;\n this.authorizationCode = options.authorizationCode;\n if (options.clientSecret) {\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n }\n\n async getAuthCodeUrl(options: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.init();\n return (this.confidentialApp || this.publicApp)!.getAuthCodeUrl(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const result = await (this.confidentialApp || this.publicApp)?.acquireTokenByCode({\n scopes,\n redirectUri: this.redirectUri,\n code: this.authorizationCode,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { isError } from "@azure/core-util";
4
3
  import { MsalNode } from "./msalNodeCommon";
4
+ import { isError } from "@azure/core-util";
5
5
  /**
6
6
  * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
7
7
  * @internal
package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClientAssertion.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientAssertion.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAE3C,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,QAAQ;IAE/C,YAAY,OAAmC;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,eAAe,EAAE,SAAS;aAC3B,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAY,EAAE;YACrB,IAAI,IAAI,GAAG,GAAG,CAAC;YACf,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE;gBACrC,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;aACvC;iBAAM;gBACL,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;aACpD;YACD,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAa,EAAE,OAAO,CAAC,CAAC;SACxD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { isError } from \"@azure/core-util\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client assertions.\n * @internal\n */\nexport interface MSALClientAssertionOptions extends MsalNodeOptions {\n /**\n * A function that retrieves the assertion for the credential to use.\n */\n getAssertion: () => Promise<string>;\n}\n\n/**\n * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientAssertion extends MsalNode {\n getAssertion: () => Promise<string>;\n constructor(options: MSALClientAssertionOptions) {\n super(options);\n this.requiresConfidential = true;\n this.getAssertion = options.getAssertion;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const assertion = await this.getAssertion();\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n clientAssertion: assertion,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: unknown) {\n let err2 = err;\n if (err === null || err === undefined) {\n err2 = new Error(JSON.stringify(err));\n } else {\n err2 = isError(err) ? err : new Error(String(err));\n }\n throw this.handleError(scopes, err2 as Error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalClientAssertion.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientAssertion.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAG7D,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAa3C;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,QAAQ;IAE/C,YAAY,OAAmC;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,eAAe,EAAE,SAAS;aAC3B,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAY,EAAE;YACrB,IAAI,IAAI,GAAG,GAAG,CAAC;YACf,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE;gBACrC,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;aACvC;iBAAM;gBACL,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;aACpD;YACD,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAa,EAAE,OAAO,CAAC,CAAC;SACxD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { isError } from \"@azure/core-util\";\n\n/**\n * Options that can be passed to configure MSAL to handle client assertions.\n * @internal\n */\nexport interface MsalClientAssertionOptions extends MsalNodeOptions {\n /**\n * A function that retrieves the assertion for the credential to use.\n */\n getAssertion: () => Promise<string>;\n}\n\n/**\n * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientAssertion extends MsalNode {\n getAssertion: () => Promise<string>;\n constructor(options: MsalClientAssertionOptions) {\n super(options);\n this.requiresConfidential = true;\n this.getAssertion = options.getAssertion;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const assertion = await this.getAssertion();\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n clientAssertion: assertion,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: unknown) {\n let err2 = err;\n if (err === null || err === undefined) {\n err2 = new Error(JSON.stringify(err));\n } else {\n err2 = isError(err) ? err : new Error(String(err));\n }\n throw this.handleError(scopes, err2 as Error, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js CHANGED
@@ -1,10 +1,10 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { readFile } from "fs";
4
- import { createHash, createPrivateKey } from "crypto";
5
- import { promisify } from "util";
6
3
  import { MsalNode } from "./msalNodeCommon";
4
+ import { createHash, createPrivateKey } from "crypto";
7
5
  import { formatError } from "../../util/logging";
6
+ import { promisify } from "util";
7
+ import { readFile } from "fs";
8
8
  const readFileAsync = promisify(readFile);
9
9
  /**
10
10
  * Tries to asynchronously load a certificate from the given path.
package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClientCertificate.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientCertificate.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAGjC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AASjD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAqC1C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,aAA0D,EAC1D,oBAA8B;IAE9B,MAAM,gBAAgB,GAA8B,EAAE,CAAC;IAEvD,MAAM,WAAW,GAAwB,aAAiD;SACvF,WAAW,CAAC;IACf,MAAM,eAAe,GAAwB,aAAqD;SAC/F,eAAe,CAAC;IACnB,gBAAgB,CAAC,mBAAmB;QAClC,WAAW,IAAI,CAAC,MAAM,aAAa,CAAC,eAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;IACjE,IAAI,oBAAoB,EAAE;QACxB,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;KAC7D;IAED,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG;QACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QACtE,IAAI,KAAK,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B;KACF,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;KAC/F;IAED,gBAAgB,CAAC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;SAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;SACb,WAAW,EAAE,CAAC;IAEjB,OAAO,gBAAoC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAEpF,IAAI,UAA8B,CAAC;YACnC,IAAI,IAAI,CAAC,aAAa,CAAC,mBAAmB,KAAK,SAAS,EAAE;gBACxD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;oBACxC,GAAG,EAAE,KAAK,CAAC,mBAAmB;oBAC9B,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,mBAAmB;oBAClD,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBAEH,UAAU,GAAG,gBAAgB;qBAC1B,MAAM,CAAC;oBACN,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,OAAO;iBACd,CAAC;qBACD,QAAQ,EAAE,CAAC;aACf;iBAAM;gBACL,UAAU,GAAG,KAAK,CAAC,mBAAmB,CAAC;aACxC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;gBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,UAAU;gBACtB,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;SACH;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC;SACb;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,aAAa,GAA4B;gBAC7C,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;YACzF,iHAAiH;YACjH,sGAAsG;YACtG,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { readFile } from \"fs\";\nimport { createHash, createPrivateKey } from \"crypto\";\nimport { promisify } from \"util\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport {\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificate,\n ClientCertificatePEMCertificatePath,\n} from \"../../credentials/clientCertificateCredential\";\nimport { ClientCredentialRequest } from \"@azure/msal-node\";\n\nconst readFileAsync = promisify(readFile);\n\n/**\n * Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n */\nexport interface MSALClientCertificateOptions extends MsalNodeOptions {\n /**\n * Location of the PEM certificate.\n */\n configuration: ClientCertificateCredentialPEMConfiguration;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n\n/**\n * Parts of a certificate, as understood by MSAL.\n * @internal\n */\ninterface CertificateParts {\n /**\n * Hex encoded X.509 SHA-1 thumbprint of the certificate\n */\n thumbprint: string;\n /**\n * The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n */\n certificateContents: string;\n /**\n * x5c header.\n */\n x5c: string;\n}\n\n/**\n * Tries to asynchronously load a certificate from the given path.\n *\n * @param configuration - Either the PEM value or the path to the certificate.\n * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.\n * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.\n * @internal\n */\nexport async function parseCertificate(\n configuration: ClientCertificateCredentialPEMConfiguration,\n sendCertificateChain?: boolean\n): Promise<CertificateParts> {\n const certificateParts: Partial<CertificateParts> = {};\n\n const certificate: string | undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string | undefined = (configuration as ClientCertificatePEMCertificatePath)\n .certificatePath;\n certificateParts.certificateContents =\n certificate || (await readFileAsync(certificatePath!, \"utf8\"));\n if (sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n}\n\n/**\n * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientCertificate extends MsalNode {\n private configuration: ClientCertificateCredentialPEMConfiguration;\n private sendCertificateChain?: boolean;\n\n constructor(options: MSALClientCertificateOptions) {\n super(options);\n this.requiresConfidential = true;\n this.configuration = options.configuration;\n this.sendCertificateChain = options.sendCertificateChain;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n try {\n const parts = await parseCertificate(this.configuration, this.sendCertificateChain);\n\n let privateKey: string | undefined;\n if (this.configuration.certificatePassword !== undefined) {\n const privateKeyObject = createPrivateKey({\n key: parts.certificateContents,\n passphrase: this.configuration.certificatePassword,\n format: \"pem\",\n });\n\n privateKey = privateKeyObject\n .export({\n format: \"pem\",\n type: \"pkcs8\",\n })\n .toString();\n } else {\n privateKey = parts.certificateContents;\n }\n\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: privateKey,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const clientCredReq: ClientCredentialRequest = {\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n };\n const result = await this.confidentialApp!.acquireTokenByClientCredential(clientCredReq);\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalClientCertificate.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientCertificate.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAItD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAqC1C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,aAA0D,EAC1D,oBAA8B;IAE9B,MAAM,gBAAgB,GAA8B,EAAE,CAAC;IAEvD,MAAM,WAAW,GAAwB,aAAiD;SACvF,WAAW,CAAC;IACf,MAAM,eAAe,GAAwB,aAAqD;SAC/F,eAAe,CAAC;IACnB,gBAAgB,CAAC,mBAAmB;QAClC,WAAW,IAAI,CAAC,MAAM,aAAa,CAAC,eAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;IACjE,IAAI,oBAAoB,EAAE;QACxB,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;KAC7D;IAED,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG;QACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QACtE,IAAI,KAAK,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B;KACF,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;KAC/F;IAED,gBAAgB,CAAC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;SAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;SACb,WAAW,EAAE,CAAC;IAEjB,OAAO,gBAAoC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAEpF,IAAI,UAA8B,CAAC;YACnC,IAAI,IAAI,CAAC,aAAa,CAAC,mBAAmB,KAAK,SAAS,EAAE;gBACxD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;oBACxC,GAAG,EAAE,KAAK,CAAC,mBAAmB;oBAC9B,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,mBAAmB;oBAClD,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBAEH,UAAU,GAAG,gBAAgB;qBAC1B,MAAM,CAAC;oBACN,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,OAAO;iBACd,CAAC;qBACD,QAAQ,EAAE,CAAC;aACf;iBAAM;gBACL,UAAU,GAAG,KAAK,CAAC,mBAAmB,CAAC;aACxC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;gBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,UAAU;gBACtB,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;SACH;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC;SACb;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,aAAa,GAA4B;gBAC7C,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;YACzF,iHAAiH;YACjH,sGAAsG;YACtG,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificate,\n ClientCertificatePEMCertificatePath,\n} from \"../../credentials/clientCertificateCredential\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { createHash, createPrivateKey } from \"crypto\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { ClientCredentialRequest } from \"@azure/msal-node\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { formatError } from \"../../util/logging\";\nimport { promisify } from \"util\";\nimport { readFile } from \"fs\";\n\nconst readFileAsync = promisify(readFile);\n\n/**\n * Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n */\nexport interface MsalClientCertificateOptions extends MsalNodeOptions {\n /**\n * Location of the PEM certificate.\n */\n configuration: ClientCertificateCredentialPEMConfiguration;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n\n/**\n * Parts of a certificate, as understood by MSAL.\n * @internal\n */\ninterface CertificateParts {\n /**\n * Hex encoded X.509 SHA-1 thumbprint of the certificate\n */\n thumbprint: string;\n /**\n * The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n */\n certificateContents: string;\n /**\n * x5c header.\n */\n x5c: string;\n}\n\n/**\n * Tries to asynchronously load a certificate from the given path.\n *\n * @param configuration - Either the PEM value or the path to the certificate.\n * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.\n * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.\n * @internal\n */\nexport async function parseCertificate(\n configuration: ClientCertificateCredentialPEMConfiguration,\n sendCertificateChain?: boolean\n): Promise<CertificateParts> {\n const certificateParts: Partial<CertificateParts> = {};\n\n const certificate: string | undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string | undefined = (configuration as ClientCertificatePEMCertificatePath)\n .certificatePath;\n certificateParts.certificateContents =\n certificate || (await readFileAsync(certificatePath!, \"utf8\"));\n if (sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n}\n\n/**\n * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientCertificate extends MsalNode {\n private configuration: ClientCertificateCredentialPEMConfiguration;\n private sendCertificateChain?: boolean;\n\n constructor(options: MsalClientCertificateOptions) {\n super(options);\n this.requiresConfidential = true;\n this.configuration = options.configuration;\n this.sendCertificateChain = options.sendCertificateChain;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n try {\n const parts = await parseCertificate(this.configuration, this.sendCertificateChain);\n\n let privateKey: string | undefined;\n if (this.configuration.certificatePassword !== undefined) {\n const privateKeyObject = createPrivateKey({\n key: parts.certificateContents,\n passphrase: this.configuration.certificatePassword,\n format: \"pem\",\n });\n\n privateKey = privateKeyObject\n .export({\n format: \"pem\",\n type: \"pkcs8\",\n })\n .toString();\n } else {\n privateKey = parts.certificateContents;\n }\n\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: privateKey,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const clientCredReq: ClientCredentialRequest = {\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n };\n const result = await this.confidentialApp!.acquireTokenByClientCredential(clientCredReq);\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MSALClientSecretOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MSALClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAe7D;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,8BAA8B,CAAC;gBACxE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MsalClientSecretOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MsalClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAU7D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YACzE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;SAC9E;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MSALDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MSALDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAU,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YACzE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;SAC9E;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MsalDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MsalDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const promise = this.publicApp!.acquireTokenByDeviceCode(requestOptions);\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js CHANGED
@@ -1,13 +1,12 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
3
  import * as msalNode from "@azure/msal-node";
4
- import { IdentityClient } from "../../client/identityClient";
5
- import { DeveloperSignOnClientId } from "../../constants";
6
- import { resolveTenantId } from "../../util/resolveTenantId";
7
- import { AuthenticationRequiredError } from "../../errors";
8
4
  import { MsalBaseUtilities, defaultLoggerCallback, getAuthority, getKnownAuthorities, msalToPublic, publicToMsal, } from "../utils";
9
- import { processMultiTenantRequest } from "../../util/validateMultiTenant";
5
+ import { AuthenticationRequiredError } from "../../errors";
6
+ import { DeveloperSignOnClientId } from "../../constants";
7
+ import { IdentityClient } from "../../client/identityClient";
10
8
  import { RegionalAuthority } from "../../regionalAuthority";
9
+ import { processMultiTenantRequest, resolveTenantId } from "../../util/tenantIdUtils";
11
10
  /**
12
11
  * The current persistence provider, undefined by default.
13
12
  * @internal
package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAM7C,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAI3D,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAuB5D;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAoBtD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAbP,yBAAoB,GAAY,KAAK,CAAC;QAc9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;YACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1C;QAED,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;SACJ;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;SACR;QAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;SACH;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,YAAY,EAAE;YACrB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAClE;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;YACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACpF;aAAM;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;gBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;aACH;SACF;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;QACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;SACR;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;SACjE;aAAM;YACL,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;SACR;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;SACxE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QAEpF,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;YACF,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE;gBACjB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;aACnC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;gBACtC,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;aAC7C;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAAC,OAAO,GAAQ,EAAE;YACjB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACzC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport * as msalCommon from \"@azure/msal-common\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { TokenCredentialOptions } from \"../../tokenCredentialOptions\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { resolveTenantId } from \"../../util/resolveTenantId\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AuthenticationRecord } from \"../types\";\nimport {\n MsalBaseUtilities,\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n msalToPublic,\n publicToMsal,\n} from \"../utils\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { processMultiTenantRequest } from \"../../util/validateMultiTenant\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n loggingOptions?: LogPolicyOptions & {\n allowLoggingAccountIdentifiers?: boolean;\n };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n persistenceProvider = pluginProvider;\n },\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n /**\n * MSAL currently caches the tokens depending on the claims used to retrieve them.\n * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n * To ensure we always get the latest token, we have to keep track of the claims.\n */\n private cachedClaims: string | undefined;\n\n protected getAssertion: (() => Promise<string>) | undefined;\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.clientId = this.msalConfig.auth.clientId;\n if (options?.getAssertion) {\n this.getAssertion = options.getAssertion;\n }\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority,\n loggingOptions: options.loggingOptions,\n });\n\n let clientCapabilities: string[] = [\"cp1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities,\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger),\n },\n },\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin(),\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n if (this.getAssertion) {\n this.msalConfig.auth.clientAssertion = await this.getAssertion();\n }\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n // MSAL now caches tokens based on their claims,\n // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n const optionsClaims = (options as any).claims;\n if (optionsClaims) {\n this.cachedClaims = optionsClaims;\n }\n if (this.cachedClaims && !optionsClaims) {\n (options as any).claims = this.cachedClaims;\n }\n // We don't return the promise since we want to catch errors right here.\n return await this.getTokenSilent(scopes, options);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,YAAY,GACb,MAAM,UAAU,CAAC;AAIlB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAuBtF;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAoBtD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAbP,yBAAoB,GAAY,KAAK,CAAC;QAc9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;YACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1C;QAED,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC;gBAC1D,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;iBACtD;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;SACJ;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;SACR;QAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;SACH;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,YAAY,EAAE;YACrB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAClE;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;YACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACpF;aAAM;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;gBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;aACH;SACF;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;QACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;SACR;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;SACjE;aAAM;YACL,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;SACR;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;SACxE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QAEpF,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;YACF,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE;gBACjB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;aACnC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;gBACtC,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;aAC7C;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAAC,OAAO,GAAQ,EAAE;YACjB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACzC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport {\n MsalBaseUtilities,\n defaultLoggerCallback,\n getAuthority,\n getKnownAuthorities,\n msalToPublic,\n publicToMsal,\n} from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { TokenCredentialOptions } from \"../../tokenCredentialOptions\";\nimport { processMultiTenantRequest, resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n tokenCredentialOptions: TokenCredentialOptions;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n loggingOptions?: LogPolicyOptions & {\n allowLoggingAccountIdentifiers?: boolean;\n };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n persistenceProvider = pluginProvider;\n },\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n protected publicApp: msalNode.PublicClientApplication | undefined;\n protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n /**\n * MSAL currently caches the tokens depending on the claims used to retrieve them.\n * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n * To ensure we always get the latest token, we have to keep track of the claims.\n */\n private cachedClaims: string | undefined;\n\n protected getAssertion: (() => Promise<string>) | undefined;\n constructor(options: MsalNodeOptions) {\n super(options);\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.clientId = this.msalConfig.auth.clientId;\n if (options?.getAssertion) {\n this.getAssertion = options.getAssertion;\n }\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n ].join(\" \")\n );\n }\n\n this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n this.azureRegion = \"AUTO_DISCOVER\";\n }\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority,\n loggingOptions: options.loggingOptions,\n });\n\n let clientCapabilities: string[] = [\"cp1\"];\n if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n clientCapabilities = [];\n }\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority),\n clientCapabilities,\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger),\n },\n },\n };\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n if (this.publicApp || this.confidentialApp) {\n return;\n }\n\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin(),\n };\n }\n\n this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n if (this.getAssertion) {\n this.msalConfig.auth.clientAssertion = await this.getAssertion();\n }\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalCommon.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void\n ): Promise<msalCommon.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n await this.getActiveAccount();\n if (!this.account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response =\n (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n (await this.publicApp!.acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, this.clientId, response || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || this.generateUuid();\n await this.init(options);\n\n try {\n // MSAL now caches tokens based on their claims,\n // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n const optionsClaims = (options as any).claims;\n if (optionsClaims) {\n this.cachedClaims = optionsClaims;\n }\n if (this.cachedClaims && !optionsClaims) {\n (options as any).claims = this.cachedClaims;\n }\n // We don't return the promise since we want to catch errors right here.\n return await this.getTokenSilent(scopes, options);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js CHANGED
@@ -1,8 +1,8 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
+ import { MsalNode } from "./msalNodeCommon";
3
4
  import { formatError } from "../../util/logging";
4
5
  import { parseCertificate } from "./msalClientCertificate";
5
- import { MsalNode } from "./msalNodeCommon";
6
6
  /**
7
7
  * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.
8
8
  * @internal
package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalOnBehalfOf.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOnBehalfOf.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AA0B7D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAM1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE;YACxB,IAAI;gBACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,EACzC,IAAI,CAAC,oBAAoB,CAC1B,CAAC;gBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;aACH;YAAC,OAAO,KAAU,EAAE;gBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;SACvD;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,sBAAsB,CAAC;gBAChE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,IAAI,CAAC,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { formatError } from \"../../util/logging\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { parseCertificate } from \"./msalClientCertificate\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MSALOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MSALOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(\n { certificatePath: this.certificatePath },\n this.sendCertificateChain\n );\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n claims: options.claims,\n oboAssertion: this.userAssertionToken,\n });\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalOnBehalfOf.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOnBehalfOf.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAG7D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AA0B3D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAM1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE;YACxB,IAAI;gBACF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,EACzC,IAAI,CAAC,oBAAoB,CAC1B,CAAC;gBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;aACH;YAAC,OAAO,KAAU,EAAE;gBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;SACvD;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAgB,CAAC,sBAAsB,CAAC;gBAChE,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,IAAI,CAAC,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { formatError } from \"../../util/logging\";\nimport { parseCertificate } from \"./msalClientCertificate\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MsalOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MsalOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(\n { certificatePath: this.certificatePath },\n this.sendCertificateChain\n );\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {}\n ): Promise<AccessToken> {\n try {\n const result = await this.confidentialApp!.acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n claims: options.claims,\n oboAssertion: this.userAssertionToken,\n });\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js CHANGED
@@ -1,13 +1,13 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
3
  import * as msalNode from "@azure/msal-node";
4
- import http from "http";
5
- import open from "open";
6
- import stoppable from "stoppable";
4
+ import { MsalNode } from "./msalNodeCommon";
7
5
  import { credentialLogger, formatError, formatSuccess } from "../../util/logging";
8
6
  import { CredentialUnavailableError } from "../../errors";
9
- import { MsalNode } from "./msalNodeCommon";
7
+ import http from "http";
10
8
  import { msalToPublic } from "../utils";
9
+ import open from "open";
10
+ import stoppable from "stoppable";
11
11
  /**
12
12
  * A call to open(), but mockable
13
13
  * @internal
package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAK7C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAE7D,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAWxC;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA0C;QAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAM,EAAE;oBACf,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtB,OAAO,EAAE,CAAC;gBACV,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;gBAC/B,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,YAAY,EAAE;oBAC9C,MAAM,CACJ,IAAI,0BAA0B,CAC5B;wBACE,uDAAuD,IAAI,CAAC,IAAI,GAAG;wBACnE,+DAA+D;wBAC/D,8EAA8E;qBAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CACF,CAAC;iBACH;qBAAM;oBACL,MAAM,CACJ,IAAI,0BAA0B,CAC5B,kFAAkF,GAAG,CAAC,OAAO,EAAE,CAChG,CACF,CAAC;iBACH;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOO,KAAK,CAAC,eAAe,CAC3B,UAAoB,EACpB,OAAuC;QAEvC,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QACrD,6DAA6D;QAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;QAE1D,MAAM,qBAAqB,GAAqC;YAC9D,MAAM,EAAE,UAAU;YAClB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACvC,mBAAmB,EAAE,MAAM,EAAE,uBAAuB;SACrD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QAE7E,IAAI;YACF,4FAA4F;YAC5F,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;SACpF;QAAC,OAAO,CAAM,EAAE;YACf,MAAM,IAAI,0BAA0B,CAClC,yEAAyE,CAAC,CAAC,OAAO,EAAE,CACrF,CAAC;SACH;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { CredentialUnavailableError } from \"../../errors\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { msalToPublic } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MSALOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open,\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MSALOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e: any) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier,\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken,\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"error\", (err) => {\n cleanup();\n const code = (err as any).code;\n if (code === \"EACCES\" || code === \"EADDRINUSE\") {\n reject(\n new CredentialUnavailableError(\n [\n `InteractiveBrowserCredential: Access denied to port ${this.port}.`,\n `Try sending a redirect URI with a different port, as follows:`,\n '`new InteractiveBrowserCredential({ redirectUri: \"http://localhost:1337\" })`',\n ].join(\" \")\n )\n );\n } else {\n reject(\n new CredentialUnavailableError(\n `InteractiveBrowserCredential: Failed to start the necessary web server. Error: ${err.message}`\n )\n );\n }\n });\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n correlationId: options?.correlationId,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n claims: options?.claims,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\", // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n // A new instance on macOS only which allows it to not hang, does not fix the issue on linux\n await interactiveBrowserMockable.open(response, { wait: true, newInstance: true });\n } catch (e: any) {\n throw new CredentialUnavailableError(\n `InteractiveBrowserCredential: Could not open a browser window. Error: ${e.message}`\n );\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGlF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,SAAS,MAAM,WAAW,CAAC;AAWlC;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QACD,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA0C;QAE1C,OAAO,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAES,UAAU,CAClB,MAAgB,EAChB,OAAuC;QAEvC,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB,EAAQ,EAAE;;gBACpF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAM,EAAE;oBACf,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAAsC;oBACtD,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;oBAC7B,YAAY,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;iBACvC,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;qBAClC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;oBACrB,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,OAAO,EAAE;wBACzB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;qBAClE;oBACD,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAEjD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACV,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,EACN,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAExC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CACvD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,IAAI,CAAC,IAAI,GAAG,CAAC,CACjF,CAAC;YAEF,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;YACH,CAAC;YAED,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAE/D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtB,OAAO,EAAE,CAAC;gBACV,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;gBAC/B,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,YAAY,EAAE;oBAC9C,MAAM,CACJ,IAAI,0BAA0B,CAC5B;wBACE,uDAAuD,IAAI,CAAC,IAAI,GAAG;wBACnE,+DAA+D;wBAC/D,8EAA8E;qBAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CACF,CAAC;iBACH;qBAAM;oBACL,MAAM,CACJ,IAAI,0BAA0B,CAC5B,kFAAkF,GAAG,CAAC,OAAO,EAAE,CAChG,CACF,CAAC;iBACH;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE1D,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAC;gBACzC,IAAI,WAAW,EAAE;oBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;wBACzC,OAAO,EAAE,CAAC;wBACV,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;iBACJ;gBAED,WAAW,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC7B,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,CAAC,CAAC,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAOO,KAAK,CAAC,eAAe,CAC3B,UAAoB,EACpB,OAAuC;QAEvC,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QACrD,6DAA6D;QAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;QAE1D,MAAM,qBAAqB,GAAqC;YAC9D,MAAM,EAAE,UAAU;YAClB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACvC,mBAAmB,EAAE,MAAM,EAAE,uBAAuB;SACrD,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QAE7E,IAAI;YACF,4FAA4F;YAC5F,MAAM,0BAA0B,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;SACpF;QAAC,OAAO,CAAM,EAAE;YACf,MAAM,IAAI,0BAA0B,CAClC,yEAAyE,CAAC,CAAC,OAAO,EAAE,CACrF,CAAC;SACH;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { credentialLogger, formatError, formatSuccess } from \"../../util/logging\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { CredentialUnavailableError } from \"../../errors\";\nimport { Socket } from \"net\";\nimport http from \"http\";\nimport { msalToPublic } from \"../utils\";\nimport open from \"open\";\nimport stoppable from \"stoppable\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalOpenBrowserOptions extends MsalNodeOptions {\n redirectUri: string;\n loginHint?: string;\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open,\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private loginHint?: string;\n\n constructor(options: MsalOpenBrowserOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.redirectUri = options.redirectUri;\n this.loginHint = options.loginHint;\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n this.hostname = url.hostname;\n }\n\n private async acquireTokenByCode(\n request: msalNode.AuthorizationCodeRequest\n ): Promise<msalNode.AuthenticationResult | null> {\n return this.publicApp!.acquireTokenByCode(request);\n }\n\n protected doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n return new Promise<AccessToken>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse): void => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e: any) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: msalNode.AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopes,\n authority: options?.authority,\n codeVerifier: this.pkceCodes?.verifier,\n };\n\n this.acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n if (authResponse?.account) {\n this.account = msalToPublic(this.clientId, authResponse.account);\n }\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n this.logger.getToken.info(formatSuccess(scopes));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken,\n });\n } else {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopes,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n this.logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n\n const app = http.createServer(requestListener);\n const server = stoppable(app);\n\n const listen = app.listen(this.port, this.hostname, () =>\n this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`)\n );\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n\n app.on(\"error\", (err) => {\n cleanup();\n const code = (err as any).code;\n if (code === \"EACCES\" || code === \"EADDRINUSE\") {\n reject(\n new CredentialUnavailableError(\n [\n `InteractiveBrowserCredential: Access denied to port ${this.port}.`,\n `Try sending a redirect URI with a different port, as follows:`,\n '`new InteractiveBrowserCredential({ redirectUri: \"http://localhost:1337\" })`',\n ].join(\" \")\n )\n );\n } else {\n reject(\n new CredentialUnavailableError(\n `InteractiveBrowserCredential: Failed to start the necessary web server. Error: ${err.message}`\n )\n );\n }\n });\n\n app.on(\"listening\", () => {\n const openPromise = this.openAuthCodeUrl(scopes, options);\n\n const abortSignal = options?.abortSignal;\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n cleanup();\n reject(new Error(\"Aborted\"));\n });\n }\n\n openPromise.then().catch((e) => {\n cleanup();\n reject(e);\n });\n });\n });\n }\n\n private pkceCodes?: {\n verifier: string;\n challenge: string;\n };\n\n private async openAuthCodeUrl(\n scopeArray: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<void> {\n // Initialize CryptoProvider instance\n const cryptoProvider = new msalNode.CryptoProvider();\n // Generate PKCE Codes before starting the authorization flow\n this.pkceCodes = await cryptoProvider.generatePkceCodes();\n\n const authCodeUrlParameters: msalNode.AuthorizationUrlRequest = {\n scopes: scopeArray,\n correlationId: options?.correlationId,\n redirectUri: this.redirectUri,\n authority: options?.authority,\n claims: options?.claims,\n loginHint: this.loginHint,\n codeChallenge: this.pkceCodes.challenge,\n codeChallengeMethod: \"S256\", // Use SHA256 Algorithm\n };\n\n const response = await this.publicApp!.getAuthCodeUrl(authCodeUrlParameters);\n\n try {\n // A new instance on macOS only which allows it to not hang, does not fix the issue on linux\n await interactiveBrowserMockable.open(response, { wait: true, newInstance: true });\n } catch (e: any) {\n throw new CredentialUnavailableError(\n `InteractiveBrowserCredential: Could not open a browser window. Error: ${e.message}`\n );\n }\n }\n}\n"]}
package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAY7D;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;YACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MSALUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MSALUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAU,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;YACpF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MsalUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MsalUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const result = await this.publicApp!.acquireTokenByUsernamePassword(requestOptions);\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
package/dist-esm/src/msal/utils.js CHANGED
@@ -1,12 +1,12 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
3
  import * as msalCommon from "@azure/msal-common";
4
- import { isNode } from "@azure/core-util";
5
- import { AbortError } from "@azure/abort-controller";
6
- import { v4 as uuidv4 } from "uuid";
7
- import { formatError, formatSuccess } from "../util/logging";
8
4
  import { AuthenticationRequiredError, CredentialUnavailableError } from "../errors";
5
+ import { formatError, formatSuccess } from "../util/logging";
9
6
  import { DefaultAuthorityHost, DefaultTenantId } from "../constants";
7
+ import { AbortError } from "@azure/abort-controller";
8
+ import { isNode } from "@azure/core-util";
9
+ import { v4 as uuidv4 } from "uuid";
10
10
  /**
11
11
  * Latest AuthenticationRecord version
12
12
  * @internal
package/dist-esm/src/msal/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAIrE;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;KAC7B;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3C,OAAO,IAAI,CAAC;KACb;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,MAAwB,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CACzF,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO;KACV;AACH,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;YAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS,EAAE;gBAC3B,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,+BAA+B;oBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;gBAC9E,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;YAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;YACA,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9F,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport { isNode } from \"@azure/core-util\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AbortError } from \"@azure/abort-controller\";\n\nimport { v4 as uuidv4 } from \"uuid\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { MsalFlowOptions } from \"./flows\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback =\n (logger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime(),\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
1
+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,UAAU,MAAM,oBAAoB,CAAC;AAIjD,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,MAAwB,EACxB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;KAC5B;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QACxB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;KACtD;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;QAC1B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;KACxD;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE;QACT,IAAI,GAAG,oBAAoB,CAAC;KAC7B;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3C,OAAO,IAAI,CAAC;KACb;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,IAAI,GAAG,QAAQ,CAAC;KACxB;SAAM;QACL,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;KAC9B;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,aAAqB;IACzE,IAAI,QAAQ,KAAK,MAAM,IAAI,aAAa,EAAE;QACxC,OAAO,CAAC,aAAa,CAAC,CAAC;KACxB;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,MAAwB,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CACzF,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE;QACf,OAAO;KACR;IACD,QAAQ,KAAK,EAAE;QACb,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO;KACV;AACH,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAI5B,YAAY,OAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,QAAgB,EAChB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE;YACnB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;SACvD;QACD,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAO,CAAC,WAAY;YAC3B,kBAAkB,EAAE,MAAO,CAAC,SAAU,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAgB,EAAE,KAAY,EAAE,eAAiC;QACrF,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;YAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;YAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC;YACA,MAAM,SAAS,GAAG,KAA6B,CAAC;YAChD,QAAQ,SAAS,CAAC,SAAS,EAAE;gBAC3B,KAAK,4BAA4B;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;oBACrD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,+BAA+B;oBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;gBAC9E,KAAK,kBAAkB,CAAC;gBACxB,KAAK,sBAAsB,CAAC;gBAC5B,KAAK,gBAAgB;oBACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;oBACF,MAAM;gBACR;oBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACnF,MAAM;aACT;SACF;QACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;YACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;YAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B;YACA,OAAO,KAAK,CAAC;SACd;QACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9F,CAAC;CACF;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,EAAE,CAAC;IAChF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE;QAC1E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;KACzD;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AuthenticationRecord, MsalAccountInfo, MsalResult, MsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { AbortError } from \"@azure/abort-controller\";\nimport { MsalFlowOptions } from \"./flows\";\nimport { isNode } from \"@azure/core-util\";\nimport { v4 as uuidv4 } from \"uuid\";\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n logger: CredentialLogger,\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions\n): void {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(tenantId: string, authorityHost: string): string[] {\n if (tenantId === \"adfs\" && authorityHost) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param logger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\"\n) => msalCommon.ILoggerCallback =\n (logger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n logger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n logger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n logger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n logger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * The common utility functions for the MSAL clients.\n * Defined as a class so that the classes extending this one can have access to its methods and protected properties.\n *\n * It keeps track of a logger and an in-memory copy of the AuthenticationRecord.\n *\n * @internal\n */\nexport class MsalBaseUtilities {\n protected logger: CredentialLogger;\n protected account: AuthenticationRecord | undefined;\n\n constructor(options: MsalFlowOptions) {\n this.logger = options.logger;\n this.account = options.authenticationRecord;\n }\n\n /**\n * Generates a UUID\n */\n generateUuid(): string {\n return uuidv4();\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n clientId: string,\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result!.accessToken!,\n expiresOnTimestamp: result!.expiresOn!.getTime(),\n };\n }\n\n /**\n * Handles MSAL errors.\n */\n protected handleError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n this.logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n this.logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`)\n );\n break;\n default:\n this.logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n }\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
package/dist-esm/src/plugins/provider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { VSCodeCredentialFinder } from \"../credentials/visualStudioCodeCredentialPlugin\";\nimport { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions\";\n\n/**\n * The type of an Azure Identity plugin, a function accepting a plugin\n * context.\n */\nexport type IdentityPlugin = (context: unknown) => void;\n\n/**\n * Plugin context entries for controlling cache plugins.\n */\nexport interface CachePluginControl {\n setPersistence(\n persistenceFactory: (\n options?: TokenCachePersistenceOptions\n ) => Promise<import(\"@azure/msal-common\").ICachePlugin>\n ): void;\n}\n\n/**\n * Plugin context entries for controlling VisualStudioCodeCredential.\n */\nexport interface VisualStudioCodeCredentialControl {\n setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;\n}\n\n/**\n * Context options passed to a plugin during initialization.\n *\n * Plugin authors are responsible for casting their plugin context values\n * to this type.\n *\n * @internal\n */\nexport interface AzurePluginContext {\n cachePluginControl: CachePluginControl;\n vsCodeCredentialControl: VisualStudioCodeCredentialControl;\n}\n"]}
1
+ {"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions\";\nimport { VSCodeCredentialFinder } from \"../credentials/visualStudioCodeCredentialPlugin\";\n\n/**\n * The type of an Azure Identity plugin, a function accepting a plugin\n * context.\n */\nexport type IdentityPlugin = (context: unknown) => void;\n\n/**\n * Plugin context entries for controlling cache plugins.\n */\nexport interface CachePluginControl {\n setPersistence(\n persistenceFactory: (\n options?: TokenCachePersistenceOptions\n ) => Promise<import(\"@azure/msal-common\").ICachePlugin>\n ): void;\n}\n\n/**\n * Plugin context entries for controlling VisualStudioCodeCredential.\n */\nexport interface VisualStudioCodeCredentialControl {\n setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;\n}\n\n/**\n * Context options passed to a plugin during initialization.\n *\n * Plugin authors are responsible for casting their plugin context values\n * to this type.\n *\n * @internal\n */\nexport interface AzurePluginContext {\n cachePluginControl: CachePluginControl;\n vsCodeCredentialControl: VisualStudioCodeCredentialControl;\n}\n"]}
package/dist-esm/src/util/processMultiTenantRequest.browser.js ADDED
@@ -0,0 +1,29 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT license.
3
+ function createConfigurationErrorMessage(tenantId) {
4
+ return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
5
+ }
6
+ /**
7
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
8
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
9
+ * or unless the original tenant Id is `adfs`.
10
+ * @internal
11
+ */
12
+ export function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = []) {
13
+ var _a;
14
+ let resolvedTenantId;
15
+ if (tenantId === "adfs") {
16
+ resolvedTenantId = tenantId;
17
+ }
18
+ else {
19
+ resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
20
+ }
21
+ if (tenantId &&
22
+ resolvedTenantId !== tenantId &&
23
+ !additionallyAllowedTenantIds.includes("*") &&
24
+ !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
25
+ throw new Error(createConfigurationErrorMessage(tenantId));
26
+ }
27
+ return resolvedTenantId;
28
+ }
29
+ //# sourceMappingURL=processMultiTenantRequest.browser.js.map