@azure/identity 3.1.3 → 3.2.0-alpha.20230224.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (66) hide show
  1. package/README.md +10 -1
  2. package/dist/index.js +360 -206
  3. package/dist/index.js.map +1 -1
  4. package/dist-esm/src/client/identityClient.js +9 -0
  5. package/dist-esm/src/client/identityClient.js.map +1 -1
  6. package/dist-esm/src/constants.js +1 -1
  7. package/dist-esm/src/constants.js.map +1 -1
  8. package/dist-esm/src/credentials/authorityValidationOptions.js +4 -0
  9. package/dist-esm/src/credentials/authorityValidationOptions.js.map +1 -0
  10. package/dist-esm/src/credentials/authorizationCodeCredentialOptions.js.map +1 -1
  11. package/dist-esm/src/credentials/azureApplicationCredential.js +0 -2
  12. package/dist-esm/src/credentials/azureApplicationCredential.js.map +1 -1
  13. package/dist-esm/src/credentials/azureDeveloperCliCredential.browser.js +23 -0
  14. package/dist-esm/src/credentials/azureDeveloperCliCredential.browser.js.map +1 -0
  15. package/dist-esm/src/credentials/azureDeveloperCliCredential.js +136 -0
  16. package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -0
  17. package/dist-esm/src/credentials/azureDeveloperCliCredentialOptions.js +4 -0
  18. package/dist-esm/src/credentials/azureDeveloperCliCredentialOptions.js.map +1 -0
  19. package/dist-esm/src/credentials/chainedTokenCredential.js +0 -4
  20. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  21. package/dist-esm/src/credentials/clientAssertionCredentialOptions.js.map +1 -1
  22. package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +1 -1
  23. package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +1 -1
  24. package/dist-esm/src/credentials/defaultAzureCredential.js +9 -2
  25. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  26. package/dist-esm/src/credentials/defaultAzureCredentialOptions.js.map +1 -1
  27. package/dist-esm/src/credentials/environmentCredentialOptions.js.map +1 -1
  28. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  29. package/dist-esm/src/credentials/interactiveCredentialOptions.js.map +1 -1
  30. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +1 -0
  31. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
  32. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js +1 -0
  33. package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -1
  34. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +1 -0
  35. package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
  36. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +1 -0
  37. package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
  38. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +1 -0
  39. package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
  40. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +1 -0
  41. package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  42. package/dist-esm/src/credentials/managedIdentityCredential/index.js +7 -2
  43. package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
  44. package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +1 -1
  45. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +10 -65
  46. package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  47. package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -1
  48. package/dist-esm/src/credentials/workloadIdentityCredential.browser.js +27 -0
  49. package/dist-esm/src/credentials/workloadIdentityCredential.browser.js.map +1 -0
  50. package/dist-esm/src/credentials/workloadIdentityCredential.js +55 -0
  51. package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -0
  52. package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js +4 -0
  53. package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map +1 -0
  54. package/dist-esm/src/index.js +1 -0
  55. package/dist-esm/src/index.js.map +1 -1
  56. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +1 -1
  57. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  58. package/dist-esm/src/msal/flows.js.map +1 -1
  59. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +1 -1
  60. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
  61. package/dist-esm/src/msal/utils.js +2 -2
  62. package/dist-esm/src/msal/utils.js.map +1 -1
  63. package/dist-esm/src/util/processMultiTenantRequest.js +1 -0
  64. package/dist-esm/src/util/processMultiTenantRequest.js.map +1 -1
  65. package/package.json +10 -8
  66. package/types/identity.d.ts +73 -13
package/types/identity.d.ts CHANGED
@@ -110,6 +110,18 @@ export declare interface AuthenticationRequiredErrorOptions {
110
110
  message?: string;
111
111
  }
112
112
 
113
+ /**
114
+ * Provides options to configure how the Identity library
115
+ * does authority validation during authentication requests
116
+ * to Azure Active Directory.
117
+ */
118
+ export declare interface AuthorityValidationOptions {
119
+ /**
120
+ * Setting this flag to `true` disables both authority validation and instance discovery.
121
+ */
122
+ disableInstanceDiscovery?: boolean;
123
+ }
124
+
113
125
  /**
114
126
  * Enables authentication to Azure Active Directory using an authorization code
115
127
  * that was obtained through the authorization code flow, described in more detail
@@ -183,7 +195,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
183
195
  /**
184
196
  * Options for the {@link AuthorizationCodeCredential}
185
197
  */
186
- export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
198
+ export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
187
199
  }
188
200
 
189
201
  /**
@@ -308,10 +320,6 @@ export declare type BrowserLoginStyle = "redirect" | "popup";
308
320
  * until one of the getToken methods returns an access token.
309
321
  */
310
322
  export declare class ChainedTokenCredential implements TokenCredential {
311
- /**
312
- * The message to use when the chained token fails to get a token
313
- */
314
- protected UnavailableMessage: string;
315
323
  private _sources;
316
324
  /**
317
325
  * Creates an instance of ChainedTokenCredential using the given credentials.
@@ -376,7 +384,7 @@ export declare class ClientAssertionCredential implements TokenCredential {
376
384
  /**
377
385
  * Options for the {@link ClientAssertionCredential}
378
386
  */
379
- export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions {
387
+ export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
380
388
  }
381
389
 
382
390
  /**
@@ -437,7 +445,7 @@ export declare class ClientCertificateCredential implements TokenCredential {
437
445
  /**
438
446
  * Optional parameters for the {@link ClientCertificateCredential} class.
439
447
  */
440
- export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
448
+ export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
441
449
  /**
442
450
  * Option to include x5c header for SubjectName and Issuer name authorization.
443
451
  * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
@@ -515,7 +523,7 @@ export declare class ClientSecretCredential implements TokenCredential {
515
523
  /**
516
524
  * Optional parameters for the {@link ClientSecretCredential} class.
517
525
  */
518
- export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
526
+ export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
519
527
  }
520
528
 
521
529
  /**
@@ -583,7 +591,9 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
583
591
  * The following credential types will be tried, in order:
584
592
  *
585
593
  * - {@link EnvironmentCredential}
594
+ * - {@link WorkloadIdentityCredential}
586
595
  * - {@link ManagedIdentityCredential}
596
+ * - {@link AzureDeveloperCliCredential}
587
597
  * - {@link AzureCliCredential}
588
598
  * - {@link AzurePowerShellCredential}
589
599
  *
@@ -602,7 +612,9 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
602
612
  * The following credential types will be tried, in order:
603
613
  *
604
614
  * - {@link EnvironmentCredential}
615
+ * - {@link WorkloadIdentityCredential}
605
616
  * - {@link ManagedIdentityCredential}
617
+ * - {@link AzureDeveloperCliCredential}
606
618
  * - {@link AzureCliCredential}
607
619
  * - {@link AzurePowerShellCredential}
608
620
  *
@@ -621,7 +633,9 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
621
633
  * The following credential types will be tried, in order:
622
634
  *
623
635
  * - {@link EnvironmentCredential}
636
+ * - {@link WorkloadIdentityCredential}
624
637
  * - {@link ManagedIdentityCredential}
638
+ * - {@link AzureDeveloperCliCredential}
625
639
  * - {@link AzureCliCredential}
626
640
  * - {@link AzurePowerShellCredential}
627
641
  *
@@ -648,7 +662,7 @@ export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAz
648
662
  /**
649
663
  * Provides options to configure the {@link DefaultAzureCredential} class.
650
664
  */
651
- export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions {
665
+ export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
652
666
  /**
653
667
  * Optionally pass in a Tenant ID to be used as part of the credential.
654
668
  * By default it may use a generic tenant ID depending on the underlying credential.
@@ -841,7 +855,7 @@ export declare class EnvironmentCredential implements TokenCredential {
841
855
  * Enables authentication to Azure Active Directory depending on the available environment variables.
842
856
  * Defines options for the EnvironmentCredential class.
843
857
  */
844
- export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions {
858
+ export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
845
859
  }
846
860
 
847
861
  /**
@@ -978,7 +992,7 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
978
992
  /**
979
993
  * Defines the common options for the InteractiveBrowserCredential class.
980
994
  */
981
- export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
995
+ export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
982
996
  /**
983
997
  * Gets the redirect URI of the application. This should be same as the value
984
998
  * in the application registration portal. Defaults to `window.location.href`.
@@ -1002,7 +1016,7 @@ export declare interface InteractiveBrowserCredentialNodeOptions extends Interac
1002
1016
  /**
1003
1017
  * Common constructor options for the Identity credentials that requires user interaction.
1004
1018
  */
1005
- export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions {
1019
+ export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
1006
1020
  /**
1007
1021
  * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
1008
1022
  * This is necessary to provide in case the application wants to work with more than one account per
@@ -1212,7 +1226,7 @@ export declare interface OnBehalfOfCredentialCertificateOptions {
1212
1226
  /**
1213
1227
  * Optional parameters for the {@link OnBehalfOfCredential} class.
1214
1228
  */
1215
- export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions;
1229
+ export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions & AuthorityValidationOptions;
1216
1230
 
1217
1231
  /**
1218
1232
  * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
@@ -1428,4 +1442,50 @@ export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTo
1428
1442
  tenantId?: string;
1429
1443
  }
1430
1444
 
1445
+ /**
1446
+ * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
1447
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory Workload Identity</a>
1448
+ * for more information.
1449
+ */
1450
+ export declare class WorkloadIdentityCredential implements TokenCredential {
1451
+ private client;
1452
+ private federatedTokenFilePath;
1453
+ private azureFederatedTokenFileContent;
1454
+ private cacheDate;
1455
+ /**
1456
+ * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
1457
+ *
1458
+ * @param options - The identity client options to use for authentication.
1459
+ */
1460
+ constructor(options?: WorkloadIdentityCredentialOptions);
1461
+ /**
1462
+ * Authenticates with Azure Active Directory and returns an access token if successful.
1463
+ * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
1464
+ *
1465
+ * @param scopes - The list of scopes for which the token will have access.
1466
+ * @param options - The options used to configure any requests this
1467
+ * TokenCredential implementation might make.
1468
+ */
1469
+ getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
1470
+ private readFileContents;
1471
+ }
1472
+
1473
+ /**
1474
+ * Options for the {@link WorkloadIdentityCredential}
1475
+ */
1476
+ export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
1477
+ /**
1478
+ * ID of the application's Azure Active Directory tenant. Also called its directory ID.
1479
+ */
1480
+ tenantId?: string;
1481
+ /**
1482
+ * The client ID of an Azure AD app registration.
1483
+ */
1484
+ clientId?: string;
1485
+ /**
1486
+ * The path to a file containing a Kubernetes service account token that authenticates the identity.
1487
+ */
1488
+ federatedTokenFilePath?: string;
1489
+ }
1490
+
1431
1491
  export { }