@azure/identity 3.1.0-alpha.20221021.2 → 3.1.0-alpha.20221104.2

package/README.md

@@ -277,11 +277,12 @@ Not all credentials require this configuration. Credentials that authenticate th
 
 #### Username and password
 
-| Variable name     | Value                                 |
-| ----------------- | ------------------------------------- |
-| `AZURE_CLIENT_ID` | ID of an Azure AD application         |
-| `AZURE_USERNAME`  | a username (usually an email address) |
-| `AZURE_PASSWORD`  | that user's password                  |
+| Variable name     | Value                                   |
+| ----------------- | --------------------------------------- |
+| `AZURE_CLIENT_ID` | ID of an Azure AD application           |
+| `AZURE_TENANT_ID` | ID of the application's Azure AD tenant |
+| `AZURE_USERNAME`  | a username (usually an email address)   |
+| `AZURE_PASSWORD`  | that user's password                    |
 
 Configuration is attempted in the above order. For example, if values for a client secret and certificate are both present, the client secret will be used.
 

package/dist/index.js

@@ -512,6 +512,78 @@ function deserializeAuthenticationRecord(serializedRecord) {
     return parsed;
 }
 
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+function createConfigurationErrorMessage(tenantId) {
+    return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
+}
+/**
+ * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
+ * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
+ * or unless the original tenant Id is `adfs`.
+ * @internal
+ */
+function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = []) {
+    var _a;
+    let resolvedTenantId;
+    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
+        resolvedTenantId = tenantId;
+    }
+    else if (tenantId === "adfs") {
+        resolvedTenantId = tenantId;
+    }
+    else {
+        resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
+    }
+    if (tenantId &&
+        resolvedTenantId !== tenantId &&
+        !additionallyAllowedTenantIds.includes("*") &&
+        !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
+        throw new Error(createConfigurationErrorMessage(tenantId));
+    }
+    return resolvedTenantId;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
+function checkTenantId(logger, tenantId) {
+    if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {
+        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.");
+        logger.info(formatError("", error));
+        throw error;
+    }
+}
+/**
+ * @internal
+ */
+function resolveTenantId(logger, tenantId, clientId) {
+    if (tenantId) {
+        checkTenantId(logger, tenantId);
+        return tenantId;
+    }
+    if (!clientId) {
+        clientId = DeveloperSignOnClientId;
+    }
+    if (clientId !== DeveloperSignOnClientId) {
+        return "common";
+    }
+    return "organizations";
+}
+/**
+ * @internal
+ */
+function resolveAddionallyAllowedTenantIds(additionallyAllowedTenants) {
+    if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {
+        return [];
+    }
+    if (additionallyAllowedTenants.includes("*")) {
+        return ALL_TENANTS;
+    }
+    return additionallyAllowedTenants;
+}
+
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 function getIdentityTokenEndpointSuffix(tenantId) {
@@ -928,78 +1000,6 @@ var RegionalAuthority;
     RegionalAuthority["GovernmentUSDodCentral"] = "usdodcentral";
 })(RegionalAuthority || (RegionalAuthority = {}));
 
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-function createConfigurationErrorMessage(tenantId) {
-    return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;
-}
-/**
- * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,
- * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),
- * or unless the original tenant Id is `adfs`.
- * @internal
- */
-function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = []) {
-    var _a;
-    let resolvedTenantId;
-    if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
-        resolvedTenantId = tenantId;
-    }
-    else if (tenantId === "adfs") {
-        resolvedTenantId = tenantId;
-    }
-    else {
-        resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
-    }
-    if (tenantId &&
-        resolvedTenantId !== tenantId &&
-        !additionallyAllowedTenantIds.includes("*") &&
-        !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
-        throw new Error(createConfigurationErrorMessage(tenantId));
-    }
-    return resolvedTenantId;
-}
-
-// Copyright (c) Microsoft Corporation.
-/**
- * @internal
- */
-function checkTenantId(logger, tenantId) {
-    if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {
-        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.");
-        logger.info(formatError("", error));
-        throw error;
-    }
-}
-/**
- * @internal
- */
-function resolveTenantId(logger, tenantId, clientId) {
-    if (tenantId) {
-        checkTenantId(logger, tenantId);
-        return tenantId;
-    }
-    if (!clientId) {
-        clientId = DeveloperSignOnClientId;
-    }
-    if (clientId !== DeveloperSignOnClientId) {
-        return "common";
-    }
-    return "organizations";
-}
-/**
- * @internal
- */
-function resolveAddionallyAllowedTenantIds(additionallyAllowedTenants) {
-    if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {
-        return [];
-    }
-    if (additionallyAllowedTenants.includes("*")) {
-        return ALL_TENANTS;
-    }
-    return additionallyAllowedTenants;
-}
-
 // Copyright (c) Microsoft Corporation.
 /**
  * The current persistence provider, undefined by default.
@@ -1026,20 +1026,21 @@ const msalNodeFlowCacheControl = {
  */
 class MsalNode extends MsalBaseUtilities {
     constructor(options) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         super(options);
         this.requiresConfidential = false;
         this.msalConfig = this.defaultNodeMsalConfig(options);
         this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
+        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
         this.clientId = this.msalConfig.auth.clientId;
         if (options === null || options === void 0 ? void 0 : options.getAssertion) {
             this.getAssertion = options.getAssertion;
         }
         // If persistence has been configured
-        if (persistenceProvider !== undefined && ((_a = options.tokenCachePersistenceOptions) === null || _a === void 0 ? void 0 : _a.enabled)) {
+        if (persistenceProvider !== undefined && ((_b = options.tokenCachePersistenceOptions) === null || _b === void 0 ? void 0 : _b.enabled)) {
             this.createCachePlugin = () => persistenceProvider(options.tokenCachePersistenceOptions);
         }
-        else if ((_b = options.tokenCachePersistenceOptions) === null || _b === void 0 ? void 0 : _b.enabled) {
+        else if ((_c = options.tokenCachePersistenceOptions) === null || _c === void 0 ? void 0 : _c.enabled) {
             throw new Error([
                 "Persistent token caching was requested, but no persistence provider was configured.",
                 "You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
@@ -1047,7 +1048,7 @@ class MsalNode extends MsalBaseUtilities {
                 "`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.",
             ].join(" "));
         }
-        this.azureRegion = (_c = options.regionalAuthority) !== null && _c !== void 0 ? _c : process.env.AZURE_REGIONAL_AUTHORITY_NAME;
+        this.azureRegion = (_d = options.regionalAuthority) !== null && _d !== void 0 ? _d : process.env.AZURE_REGIONAL_AUTHORITY_NAME;
         if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {
             this.azureRegion = "AUTO_DISCOVER";
         }
@@ -1195,7 +1196,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
      * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.
      */
     async getToken(scopes, options = {}) {
-        const tenantId = processMultiTenantRequest(this.tenantId, options) || this.tenantId;
+        const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||
+            this.tenantId;
         options.authority = getAuthority(tenantId, this.authorityHost);
         options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
         await this.init(options);
@@ -1294,6 +1296,11 @@ function getPropertyFromVSCode(property) {
  * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
  * Once the user has logged in via the extension, this credential can share the same refresh token
  * that is cached by the extension.
+ *
+ * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't
+ * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
+ * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider
+ * authenticating with {@link AzureCliCredential}.
  */
 class VisualStudioCodeCredential {
     /**
@@ -3088,8 +3095,8 @@ function getAdditionallyAllowedTenants() {
 const credentialName$1 = "EnvironmentCredential";
 const logger$5 = credentialLogger(credentialName$1);
 /**
- * Enables authentication to Azure Active Directory using client secret
- * details configured in environment variables
+ * Enables authentication to Azure Active Directory using a client secret or certificate, or as a user
+ * with a username and password.
  */
 class EnvironmentCredential {
     /**
@@ -3429,7 +3436,7 @@ class MsalOpenBrowser extends MsalNode {
                         reject(new Error("Aborted"));
                     });
                 }
-                openPromise.then().catch((e) => {
+                openPromise.catch((e) => {
                     cleanup();
                     reject(e);
                 });