@azure/identity 3.0.0-beta.1 → 3.1.0-alpha.20221010.2

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "3.0.0-beta.1",
+  "version": "3.1.0-alpha.20221010.2",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -25,7 +25,7 @@
     "./dist-esm/src/credentials/azureApplicationCredential.js": "./dist-esm/src/credentials/azureApplicationCredential.browser.js",
     "./dist-esm/src/credentials/onBehalfOfCredential.js": "./dist-esm/src/credentials/onBehalfOfCredential.browser.js",
     "./dist-esm/src/util/authHostEnv.js": "./dist-esm/src/util/authHostEnv.browser.js",
-    "./dist-esm/src/util/validateMultiTenant.js": "./dist-esm/src/util/validateMultiTenant.browser.js",
+    "./dist-esm/src/util/processMultiTenantRequest.js": "./dist-esm/src/util/processMultiTenantRequest.browser.js",
     "./dist-esm/src/tokenCache/TokenCachePersistence.js": "./dist-esm/src/tokenCache/TokenCachePersistence.browser.js",
     "./dist-esm/src/plugins/consumer.js": "./dist-esm/src/plugins/consumer.browser.js",
     "./dist-esm/test/httpRequests.js": "./dist-esm/test/httpRequests.browser.js"
@@ -122,11 +122,11 @@
   },
   "devDependencies": {
     "@azure-tools/test-recorder": "^2.0.0",
-    "@azure/dev-tool": "^1.0.0",
-    "@azure/eslint-plugin-azure-sdk": "^3.0.0",
+    "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
+    "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
     "@azure/keyvault-keys": "4.2.0",
-    "@azure/test-utils": "^1.0.0",
-    "@microsoft/api-extractor": "7.18.11",
+    "@azure/test-utils": ">=1.0.0-alpha <1.0.0-alphb",
+    "@microsoft/api-extractor": "^7.31.1",
     "@types/chai": "^4.1.6",
     "@types/jsonwebtoken": "~8.5.0",
     "@types/jws": "^3.2.2",

package/types/identity.d.ts

@@ -122,6 +122,8 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     private disableAutomaticAuthentication?;
     private authorizationCode;
     private redirectUri;
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
@@ -144,7 +146,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
-    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
+    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
@@ -166,7 +168,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
-    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
+    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -178,6 +180,12 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
 
+/**
+ * Options for the {@link AuthorizationCodeCredential}
+ */
+export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
+}
+
 /**
  * A list of known Azure authority hosts
  */
@@ -208,6 +216,7 @@ export declare enum AzureAuthorityHosts {
  */
 export declare class AzureCliCredential implements TokenCredential {
     private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of the {@link AzureCliCredential}.
      *
@@ -231,7 +240,7 @@ export declare class AzureCliCredential implements TokenCredential {
 /**
  * Options for the {@link AzureCliCredential}
  */
-export declare interface AzureCliCredentialOptions extends TokenCredentialOptions {
+export declare interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Allows specifying a tenant ID
      */
@@ -245,6 +254,7 @@ export declare interface AzureCliCredentialOptions extends TokenCredentialOption
  */
 export declare class AzurePowerShellCredential implements TokenCredential {
     private tenantId?;
+    private additionallyAllowedTenantIds;
     /**
      * Creates an instance of the {@link AzurePowerShellCredential}.
      *
@@ -275,7 +285,7 @@ export declare class AzurePowerShellCredential implements TokenCredential {
 /**
  * Options for the {@link AzurePowerShellCredential}
  */
-export declare interface AzurePowerShellCredentialOptions extends TokenCredentialOptions {
+export declare interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Allows specifying a tenant ID
      */
@@ -338,6 +348,7 @@ export declare class ChainedTokenCredential implements TokenCredential {
 export declare class ClientAssertionCredential implements TokenCredential {
     private msalFlow;
     private tenantId;
+    private additionallyAllowedTenantIds;
     private clientId;
     private options;
     /**
@@ -350,7 +361,7 @@ export declare class ClientAssertionCredential implements TokenCredential {
      * @param getAssertion - A function that retrieves the assertion for the credential to use.
      * @param options - Options for configuring the client which makes the authentication request.
      */
-    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: TokenCredentialOptions);
+    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -362,6 +373,12 @@ export declare class ClientAssertionCredential implements TokenCredential {
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
 
+/**
+ * Options for the {@link ClientAssertionCredential}
+ */
+export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions {
+}
+
 /**
  * Enables authentication to Azure Active Directory using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
@@ -371,6 +388,8 @@ export declare class ClientAssertionCredential implements TokenCredential {
  *
  */
 export declare class ClientCertificateCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the ClientCertificateCredential with the details
@@ -418,7 +437,7 @@ export declare class ClientCertificateCredential implements TokenCredential {
 /**
  * Optional parameters for the {@link ClientCertificateCredential} class.
  */
-export declare interface ClientCertificateCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
     /**
      * Option to include x5c header for SubjectName and Issuer name authorization.
      * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
@@ -468,6 +487,8 @@ export declare interface ClientCertificatePEMCertificatePath {
  *
  */
 export declare class ClientSecretCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the ClientSecretCredential with the details
@@ -494,7 +515,7 @@ export declare class ClientSecretCredential implements TokenCredential {
 /**
  * Optional parameters for the {@link ClientSecretCredential} class.
  */
-export declare interface ClientSecretCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
 }
 
 /**
@@ -627,7 +648,7 @@ export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAz
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
  */
-export declare interface DefaultAzureCredentialOptions extends TokenCredentialOptions {
+export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential.
      * By default it may use a generic tenant ID depending on the underlying credential.
@@ -676,6 +697,8 @@ export declare function deserializeAuthenticationRecord(serializedRecord: string
  * that the user can enter into https://microsoft.com/devicelogin.
  */
 export declare class DeviceCodeCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     private disableAutomaticAuthentication?;
     /**
@@ -787,6 +810,9 @@ export declare class EnvironmentCredential implements TokenCredential {
      * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
      * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
      *
+     * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
+     * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
+     *
      * Environment variables used for client credential authentication:
      * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
      * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
@@ -815,7 +841,7 @@ export declare class EnvironmentCredential implements TokenCredential {
  * Enables authentication to Azure Active Directory depending on the available environment variables.
  * Defines options for the EnvironmentCredential class.
  */
-export declare interface EnvironmentCredentialOptions extends TokenCredentialOptions {
+export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions {
 }
 
 /**
@@ -871,6 +897,8 @@ export declare type IdentityPlugin = (context: unknown) => void;
  * using the interactive login flow.
  */
 export declare class InteractiveBrowserCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     private disableAutomaticAuthentication?;
     /**
@@ -974,7 +1002,7 @@ export declare interface InteractiveBrowserCredentialNodeOptions extends Interac
 /**
  * Common constructor options for the Identity credentials that requires user interaction.
  */
-export declare interface InteractiveCredentialOptions extends TokenCredentialOptions {
+export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
      * This is necessary to provide in case the application wants to work with more than one account per
@@ -1012,6 +1040,7 @@ export declare class ManagedIdentityCredential implements TokenCredential {
     private resourceId;
     private isEndpointUnavailable;
     private isAvailableIdentityClient;
+    private confidentialApp;
     /**
      * Creates an instance of ManagedIdentityCredential with the client ID of a
      * user-assigned identity, or app registration (when working with AKS pod-identity).
@@ -1045,6 +1074,13 @@ export declare class ManagedIdentityCredential implements TokenCredential {
      *                TokenCredential implementation might make.
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    /**
+     * Handles the MSAL authentication result.
+     * If the result has an account, we update the local account reference.
+     * If the token received is invalid, an error will be thrown depending on what's missing.
+     */
+    private handleResult;
+    /* Excluded from this release type: ensureValidMsalToken */
 }
 
 /**
@@ -1073,11 +1109,24 @@ export declare interface ManagedIdentityCredentialResourceIdOptions extends Toke
     resourceId: string;
 }
 
+/**
+ * Options for multi-tenant applications which allows for additionally allowed tenants.
+ */
+export declare interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {
+    /**
+     * For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
+     * Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
+     */
+    additionallyAllowedTenants?: string[];
+}
+
 /**
  * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
  */
 export declare class OnBehalfOfCredential implements TokenCredential {
     private options;
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
@@ -1100,7 +1149,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      *
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(options: OnBehalfOfCredentialCertificateOptions & TokenCredentialOptions & CredentialPersistenceOptions);
+    constructor(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
      * needed to authenticate against Azure Active Directory with a client
@@ -1122,7 +1171,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      *
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(options: OnBehalfOfCredentialSecretOptions & TokenCredentialOptions & CredentialPersistenceOptions);
+    constructor(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1163,7 +1212,7 @@ export declare interface OnBehalfOfCredentialCertificateOptions {
 /**
  * Optional parameters for the {@link OnBehalfOfCredential} class.
  */
-export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & TokenCredentialOptions & CredentialPersistenceOptions;
+export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions;
 
 /**
  * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
@@ -1284,6 +1333,8 @@ export declare function useIdentityPlugin(plugin: IdentityPlugin): void;
  * types can't be used.
  */
 export declare class UsernamePasswordCredential implements TokenCredential {
+    private tenantId;
+    private additionallyAllowedTenantIds;
     private msalFlow;
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
@@ -1315,7 +1366,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.
  */
-export declare interface UsernamePasswordCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
 }
 
 /**
@@ -1326,6 +1377,7 @@ export declare interface UsernamePasswordCredentialOptions extends TokenCredenti
 export declare class VisualStudioCodeCredential implements TokenCredential {
     private identityClient;
     private tenantId;
+    private additionallyAllowedTenantIds;
     private cloudName;
     /**
      * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
@@ -1364,7 +1416,7 @@ export declare class VisualStudioCodeCredential implements TokenCredential {
 /**
  * Provides options to configure the Visual Studio Code credential.
  */
-export declare interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {
+export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential
      */

package/dist-esm/src/util/checkTenantId.js

@@ -1,11 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { formatError } from "../util/logging";
-export function checkTenantId(logger, tenantId) {
-    if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {
-        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.");
-        logger.info(formatError("", error));
-        throw error;
-    }
-}
-//# sourceMappingURL=checkTenantId.js.map

package/dist-esm/src/util/checkTenantId.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"checkTenantId.js","sourceRoot":"","sources":["../../../src/util/checkTenantId.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAoB,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,UAAU,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;QACzC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2KAA2K,CAC5K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;KACb;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"../util/logging\";\n\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n  if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {\n    const error = new Error(\n      \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.\"\n    );\n    logger.info(formatError(\"\", error));\n    throw error;\n  }\n}\n"]}

package/dist-esm/src/util/resolveTenantId.js

@@ -1,18 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { DeveloperSignOnClientId } from "../constants";
-import { checkTenantId } from "./checkTenantId";
-export function resolveTenantId(logger, tenantId, clientId) {
-    if (tenantId) {
-        checkTenantId(logger, tenantId);
-        return tenantId;
-    }
-    if (!clientId) {
-        clientId = DeveloperSignOnClientId;
-    }
-    if (clientId !== DeveloperSignOnClientId) {
-        return "common";
-    }
-    return "organizations";
-}
-//# sourceMappingURL=resolveTenantId.js.map

package/dist-esm/src/util/resolveTenantId.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"resolveTenantId.js","sourceRoot":"","sources":["../../../src/util/resolveTenantId.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGhD,MAAM,UAAU,eAAe,CAC7B,MAAwB,EACxB,QAAiB,EACjB,QAAiB;IAEjB,IAAI,QAAQ,EAAE;QACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG,uBAAuB,CAAC;KACpC;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { DeveloperSignOnClientId } from \"../constants\";\nimport { checkTenantId } from \"./checkTenantId\";\nimport { CredentialLogger } from \"./logging\";\n\nexport function resolveTenantId(\n  logger: CredentialLogger,\n  tenantId?: string,\n  clientId?: string\n): string {\n  if (tenantId) {\n    checkTenantId(logger, tenantId);\n    return tenantId;\n  }\n  if (!clientId) {\n    clientId = DeveloperSignOnClientId;\n  }\n  if (clientId !== DeveloperSignOnClientId) {\n    return \"common\";\n  }\n  return \"organizations\";\n}\n"]}

package/dist-esm/src/util/validateMultiTenant.browser.js

@@ -1,22 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * @internal
- */
-export const multiTenantADFSErrorMessage = "A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.";
-/**
- * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
- * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
- * or unless the original tenant Id is `adfs`.
- * @internal
- */
-export function processMultiTenantRequest(tenantId, getTokenOptions) {
-    if (!(getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
-        return tenantId;
-    }
-    if (tenantId === "adfs") {
-        throw new Error(multiTenantADFSErrorMessage);
-    }
-    return getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId;
-}
-//# sourceMappingURL=validateMultiTenant.browser.js.map

package/dist-esm/src/util/validateMultiTenant.browser.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"validateMultiTenant.browser.js","sourceRoot":"","sources":["../../../src/util/validateMultiTenant.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC;IAEjC,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;KAC9C;IACD,OAAO,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n  \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions\n): string | undefined {\n  if (!getTokenOptions?.tenantId) {\n    return tenantId;\n  }\n  if (tenantId === \"adfs\") {\n    throw new Error(multiTenantADFSErrorMessage);\n  }\n  return getTokenOptions?.tenantId;\n}\n"]}

package/dist-esm/src/util/validateMultiTenant.js

@@ -1,29 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * @internal
- */
-export const multiTenantDisabledErrorMessage = "A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.";
-/**
- * @internal
- */
-export const multiTenantADFSErrorMessage = "A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.";
-/**
- * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
- * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
- * or unless the original tenant Id is `adfs`.
- * @internal
- */
-export function processMultiTenantRequest(tenantId, getTokenOptions) {
-    if (!(getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId)) {
-        return tenantId;
-    }
-    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
-        throw new Error(multiTenantDisabledErrorMessage);
-    }
-    if (tenantId === "adfs") {
-        throw new Error(multiTenantADFSErrorMessage);
-    }
-    return getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId;
-}
-//# sourceMappingURL=validateMultiTenant.js.map

package/dist-esm/src/util/validateMultiTenant.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"validateMultiTenant.js","sourceRoot":"","sources":["../../../src/util/validateMultiTenant.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAC1C,oPAAoP,CAAC;AAEvP;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GACtC,0IAA0I,CAAC;AAE7I;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAiB,EACjB,eAAiC;IAEjC,IAAI,CAAC,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAA,EAAE;QAC9B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;KAC9C;IACD,OAAO,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n */\nexport const multiTenantDisabledErrorMessage =\n  \"A getToken request was attempted with a tenant different than the tenant configured at the initialization of the credential, but multi-tenant authentication has been disabled by the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH.\";\n\n/**\n * @internal\n */\nexport const multiTenantADFSErrorMessage =\n  \"A new tenant Id can't be assigned through the GetTokenOptions when a credential has been originally configured to use the tenant `adfs`.\";\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions\n): string | undefined {\n  if (!getTokenOptions?.tenantId) {\n    return tenantId;\n  }\n  if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n    throw new Error(multiTenantDisabledErrorMessage);\n  }\n  if (tenantId === \"adfs\") {\n    throw new Error(multiTenantADFSErrorMessage);\n  }\n  return getTokenOptions?.tenantId;\n}\n"]}