npm - @azure/identity - Versions diffs - 3.0.0-beta.1 → 3.0.1 - Mend

@azure/identity 3.0.0-beta.1 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (132) hide show

package/types/identity.d.ts CHANGED Viewed

@@ -122,6 +122,8 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     private disableAutomaticAuthentication?;
     private authorizationCode;
     private redirectUri;
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
@@ -144,7 +146,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
-    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
+    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
@@ -166,7 +168,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
-    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
+    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -178,6 +180,12 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
+/**
+ * Options for the {@link AuthorizationCodeCredential}
+ */
+export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
+}
 /**
  * A list of known Azure authority hosts
  */
@@ -208,6 +216,7 @@ export declare enum AzureAuthorityHosts {
  */
 export declare class AzureCliCredential implements TokenCredential {
     private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of the {@link AzureCliCredential}.
      *
@@ -231,7 +240,7 @@ export declare class AzureCliCredential implements TokenCredential {
 /**
  * Options for the {@link AzureCliCredential}
  */
-export declare interface AzureCliCredentialOptions extends TokenCredentialOptions {
+export declare interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Allows specifying a tenant ID
      */
@@ -245,6 +254,7 @@ export declare interface AzureCliCredentialOptions extends TokenCredentialOption
  */
 export declare class AzurePowerShellCredential implements TokenCredential {
     private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of the {@link AzurePowerShellCredential}.
      *
@@ -275,7 +285,7 @@ export declare class AzurePowerShellCredential implements TokenCredential {
 /**
  * Options for the {@link AzurePowerShellCredential}
  */
-export declare interface AzurePowerShellCredentialOptions extends TokenCredentialOptions {
+export declare interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Allows specifying a tenant ID
      */
@@ -338,6 +348,7 @@ export declare class ChainedTokenCredential implements TokenCredential {
 export declare class ClientAssertionCredential implements TokenCredential {
     private msalFlow;
     private tenantId;
+    private additionallyAllowedTenantIds;
     private clientId;
     private options;
     /**
@@ -350,7 +361,7 @@ export declare class ClientAssertionCredential implements TokenCredential {
      * @param getAssertion - A function that retrieves the assertion for the credential to use.
      * @param options - Options for configuring the client which makes the authentication request.
      */
-    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: TokenCredentialOptions);
+    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -362,6 +373,12 @@ export declare class ClientAssertionCredential implements TokenCredential {
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
+/**
+ * Options for the {@link ClientAssertionCredential}
+ */
+export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions {
+}
 /**
  * Enables authentication to Azure Active Directory using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
@@ -371,6 +388,8 @@ export declare class ClientAssertionCredential implements TokenCredential {
  *
  */
 export declare class ClientCertificateCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the ClientCertificateCredential with the details
@@ -418,7 +437,7 @@ export declare class ClientCertificateCredential implements TokenCredential {
 /**
  * Optional parameters for the {@link ClientCertificateCredential} class.
  */
-export declare interface ClientCertificateCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
     /**
      * Option to include x5c header for SubjectName and Issuer name authorization.
      * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
@@ -468,6 +487,8 @@ export declare interface ClientCertificatePEMCertificatePath {
  *
  */
 export declare class ClientSecretCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the ClientSecretCredential with the details
@@ -494,7 +515,7 @@ export declare class ClientSecretCredential implements TokenCredential {
 /**
  * Optional parameters for the {@link ClientSecretCredential} class.
  */
-export declare interface ClientSecretCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
 }
 /**
@@ -627,7 +648,7 @@ export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAz
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
  */
-export declare interface DefaultAzureCredentialOptions extends TokenCredentialOptions {
+export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential.
      * By default it may use a generic tenant ID depending on the underlying credential.
@@ -676,6 +697,8 @@ export declare function deserializeAuthenticationRecord(serializedRecord: string
  * that the user can enter into https://microsoft.com/devicelogin.
  */
 export declare class DeviceCodeCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     private disableAutomaticAuthentication?;
     /**
@@ -787,6 +810,9 @@ export declare class EnvironmentCredential implements TokenCredential {
      * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
      * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
      *
+     * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
+     * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
+     *
      * Environment variables used for client credential authentication:
      * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
      * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
@@ -815,7 +841,7 @@ export declare class EnvironmentCredential implements TokenCredential {
  * Enables authentication to Azure Active Directory depending on the available environment variables.
  * Defines options for the EnvironmentCredential class.
  */
-export declare interface EnvironmentCredentialOptions extends TokenCredentialOptions {
+export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions {
 }
 /**
@@ -871,6 +897,8 @@ export declare type IdentityPlugin = (context: unknown) => void;
  * using the interactive login flow.
  */
 export declare class InteractiveBrowserCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     private disableAutomaticAuthentication?;
     /**
@@ -974,7 +1002,7 @@ export declare interface InteractiveBrowserCredentialNodeOptions extends Interac
 /**
  * Common constructor options for the Identity credentials that requires user interaction.
  */
-export declare interface InteractiveCredentialOptions extends TokenCredentialOptions {
+export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
      * This is necessary to provide in case the application wants to work with more than one account per
@@ -1073,11 +1101,24 @@ export declare interface ManagedIdentityCredentialResourceIdOptions extends Toke
     resourceId: string;
 }
+/**
+ * Options for multi-tenant applications which allows for additionally allowed tenants.
+ */
+export declare interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {
+    /**
+     * For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
+     * Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+     */
+    additionallyAllowedTenants?: string[];
+}
 /**
  * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
  */
 export declare class OnBehalfOfCredential implements TokenCredential {
     private options;
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
@@ -1100,7 +1141,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      *
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(options: OnBehalfOfCredentialCertificateOptions & TokenCredentialOptions & CredentialPersistenceOptions);
+    constructor(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
      * needed to authenticate against Azure Active Directory with a client
@@ -1122,7 +1163,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      *
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(options: OnBehalfOfCredentialSecretOptions & TokenCredentialOptions & CredentialPersistenceOptions);
+    constructor(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1163,7 +1204,7 @@ export declare interface OnBehalfOfCredentialCertificateOptions {
 /**
  * Optional parameters for the {@link OnBehalfOfCredential} class.
  */
-export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & TokenCredentialOptions & CredentialPersistenceOptions;
+export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions;
 /**
  * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
@@ -1284,6 +1325,8 @@ export declare function useIdentityPlugin(plugin: IdentityPlugin): void;
  * types can't be used.
  */
 export declare class UsernamePasswordCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
@@ -1315,7 +1358,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.
  */
-export declare interface UsernamePasswordCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
 }
 /**
@@ -1326,6 +1369,7 @@ export declare interface UsernamePasswordCredentialOptions extends TokenCredenti
 export declare class VisualStudioCodeCredential implements TokenCredential {
     private identityClient;
     private tenantId;
+    private additionallyAllowedTenantIds;
     private cloudName;
     /**
      * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
@@ -1364,7 +1408,7 @@ export declare class VisualStudioCodeCredential implements TokenCredential {
 /**
  * Provides options to configure the Visual Studio Code credential.
  */
-export declare interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {
+export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential
      */

package/dist-esm/src/util/checkTenantId.js DELETED Viewed

@@ -1,11 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { formatError } from "../util/logging";
-export function checkTenantId(logger, tenantId) {
-    if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {
-        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.");
-        logger.info(formatError("", error));
-        throw error;
-    }
-}
-//# sourceMappingURL=checkTenantId.js.map

package/dist-esm/src/util/checkTenantId.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"checkTenantId.js","sourceRoot":"","sources":["../../../src/util/checkTenantId.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAoB,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,UAAU,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;QACzC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2KAA2K,CAC5K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;KACb;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"../util/logging\";\n\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\n \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n"]}

package/dist-esm/src/util/resolveTenantId.js DELETED Viewed

@@ -1,18 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { DeveloperSignOnClientId } from "../constants";
-import { checkTenantId } from "./checkTenantId";
-export function resolveTenantId(logger, tenantId, clientId) {
-    if (tenantId) {
-        checkTenantId(logger, tenantId);
-        return tenantId;
-    }
-    if (!clientId) {
-        clientId = DeveloperSignOnClientId;
-    }
-    if (clientId !== DeveloperSignOnClientId) {
-        return "common";
-    }
-    return "organizations";
-}
-//# sourceMappingURL=resolveTenantId.js.map

package/dist-esm/src/util/resolveTenantId.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"resolveTenantId.js","sourceRoot":"","sources":["../../../src/util/resolveTenantId.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGhD,MAAM,UAAU,eAAe,CAC7B,MAAwB,EACxB,QAAiB,EACjB,QAAiB;IAEjB,IAAI,QAAQ,EAAE;QACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG,uBAAuB,CAAC;KACpC;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { DeveloperSignOnClientId } from \"../constants\";\nimport { checkTenantId } from \"./checkTenantId\";\nimport { CredentialLogger } from \"./logging\";\n\nexport function resolveTenantId(\n logger: CredentialLogger,\n tenantId?: string,\n clientId?: string\n): string {\n if (tenantId) {\n checkTenantId(logger, tenantId);\n return tenantId;\n }\n if (!clientId) {\n clientId = DeveloperSignOnClientId;\n }\n if (clientId !== DeveloperSignOnClientId) {\n return \"common\";\n }\n return \"organizations\";\n}\n"]}

package/dist-esm/src/util/validateMultiTenant.browser.js DELETED Viewed

@@ -1,22 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * @internal
- */
-export const multiTenantADFSErrorMessage = "A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.";
-/**
- * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
- * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
- * or unless the original tenant Id is `adfs`.
- * @internal
- */
-export function processMultiTenantRequest(tenantId, getTokenOptions) {
-    if (!(getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
-        return tenantId;
-    }
-    if (tenantId === "adfs") {
-        throw new Error(multiTenantADFSErrorMessage);
-    }
-    return getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId;
-}
-//# sourceMappingURL=validateMultiTenant.browser.js.map

package/dist-esm/src/util/validateMultiTenant.browser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"validateMultiTenant.browser.js","sourceRoot":"","sources":["../../../src/util/validateMultiTenant.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC;IAEjC,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;KAC9C;IACD,OAAO,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions\n): string | undefined {\n if (!getTokenOptions?.tenantId) {\n return tenantId;\n }\n if (tenantId === \"adfs\") {\n throw new Error(multiTenantADFSErrorMessage);\n }\n return getTokenOptions?.tenantId;\n}\n"]}

package/dist-esm/src/util/validateMultiTenant.js DELETED Viewed

@@ -1,29 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * @internal
- */
-export const multiTenantDisabledErrorMessage = "A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.";
-/**
- * @internal
- */
-export const multiTenantADFSErrorMessage = "A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.";
-/**
- * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
- * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
- * or unless the original tenant Id is `adfs`.
- * @internal
- */
-export function processMultiTenantRequest(tenantId, getTokenOptions) {
-    if (!(getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
-        return tenantId;
-    }
-    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
-        throw new Error(multiTenantDisabledErrorMessage);
-    }
-    if (tenantId === "adfs") {
-        throw new Error(multiTenantADFSErrorMessage);
-    }
-    return getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId;
-}
-//# sourceMappingURL=validateMultiTenant.js.map

package/dist-esm/src/util/validateMultiTenant.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"validateMultiTenant.js","sourceRoot":"","sources":["../../../src/util/validateMultiTenant.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAC1C,oPAAoP,CAAC;AAEvP;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC;IAEjC,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;KAC9C;IACD,OAAO,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantDisabledErrorMessage =\n \"A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n tenantId?: string,\n getTokenOptions?: GetTokenOptions\n): string | undefined {\n if (!getTokenOptions?.tenantId) {\n return tenantId;\n }\n if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n throw new Error(multiTenantDisabledErrorMessage);\n }\n if (tenantId === \"adfs\") {\n throw new Error(multiTenantADFSErrorMessage);\n }\n return getTokenOptions?.tenantId;\n}\n"]}