@azure/identity 3.2.0-alpha.20230308.2 → 3.2.0-alpha.20230323.2

package/dist/index.js

@@ -667,7 +667,7 @@ function mapScopesToResource(scopes) {
  * Given a token response, return the expiration timestamp as the number of milliseconds from the Unix epoch.
  * @param body - A parsed response body from the authentication endpoint.
  */
-function parseExpiresOn(body) {
+function parseExpirationTimestamp(body) {
     if (typeof body.expires_on === "number") {
         return body.expires_on * 1000;
     }
@@ -686,6 +686,25 @@ function parseExpiresOn(body) {
     }
     throw new Error(`Failed to parse token expiration from body. expires_in="${body.expires_in}", expires_on="${body.expires_on}"`);
 }
+/**
+ * Given a token response, return the timestamp for refreshing token as the number of milliseconds from the Unix epoch.
+ * @param body - A parsed response body from the authentication endpoint.
+ */
+function parseRefreshTimestamp(body) {
+    if (typeof body.refresh_in === "number") {
+        return Date.now() + body.refresh_in * 1000;
+    }
+    else {
+        const durationInMilliseconds = parseExpirationTimestamp(body) - Date.now();
+        const durationInHours = Math.floor(durationInMilliseconds / 1000 / 60 / 60);
+        if (durationInHours >= 2) {
+            return Date.now() + durationInMilliseconds / 2;
+        }
+        else {
+            return Date.now() + durationInMilliseconds;
+        }
+    }
+}
 
 // Copyright (c) Microsoft Corporation.
 const noCorrelationId = "noCorrelationId";
@@ -743,8 +762,9 @@ class IdentityClient extends coreClient.ServiceClient {
             const token = {
                 accessToken: {
                     token: parsedBody.access_token,
-                    expiresOnTimestamp: parseExpiresOn(parsedBody),
+                    expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
                 },
+                refreshesIn: parseRefreshTimestamp(parsedBody),
                 refreshToken: parsedBody.refresh_token,
             };
             logger$n.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
@@ -1548,7 +1568,8 @@ const appServiceMsi2017 = {
             // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
-        return (tokenResponse && tokenResponse.accessToken) || null;
+        return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+            null);
     },
 };
 
@@ -1619,7 +1640,8 @@ const cloudShellMsi = {
             // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
-        return (tokenResponse && tokenResponse.accessToken) || null;
+        return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+            null);
     },
 };
 
@@ -1740,7 +1762,8 @@ const imdsMsi = {
             try {
                 const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$3(scopes, clientId, resourceId)), { allowInsecureConnection: true }));
                 const tokenResponse = await identityClient.sendTokenRequest(request);
-                return (tokenResponse && tokenResponse.accessToken) || null;
+                return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+                    null);
             }
             catch (error) {
                 if (error.statusCode === 404) {
@@ -1861,7 +1884,8 @@ const arcMsi = {
             // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
-        return (tokenResponse && tokenResponse.accessToken) || null;
+        return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+            null);
     },
 };
 
@@ -2160,7 +2184,8 @@ const fabricMsi = {
             rejectUnauthorized: false,
         });
         const tokenResponse = await identityClient.sendTokenRequest(request);
-        return (tokenResponse && tokenResponse.accessToken) || null;
+        return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+            null);
     },
 };
 
@@ -2227,7 +2252,8 @@ const appServiceMsi2019 = {
             // Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
             allowInsecureConnection: true }));
         const tokenResponse = await identityClient.sendTokenRequest(request);
-        return (tokenResponse && tokenResponse.accessToken) || null;
+        return ((tokenResponse && Object.assign(Object.assign({}, tokenResponse.accessToken), { refreshesOn: tokenResponse.refreshesIn })) ||
+            null);
     },
 };
 
@@ -2249,6 +2275,7 @@ class ManagedIdentityCredential {
     constructor(clientIdOrOptions, options) {
         var _a;
         this.isEndpointUnavailable = null;
+        this.isAppTokenProviderInitialized = false;
         let _options;
         if (typeof clientIdOrOptions === "string") {
             this.clientId = clientIdOrOptions;
@@ -2357,27 +2384,37 @@ class ManagedIdentityCredential {
                         scopes: Array.isArray(scopes) ? scopes : [scopes],
                         claims: options === null || options === void 0 ? void 0 : options.claims,
                     };
-                    this.confidentialApp.SetAppTokenProvider(async (appTokenProviderParameters = appTokenParameters) => {
-                        logger$c.info(`SetAppTokenProvider invoked with parameters- ${JSON.stringify(appTokenProviderParameters)}`);
-                        const resultToken = await this.authenticateManagedIdentity(scopes, Object.assign(Object.assign({}, updatedOptions), appTokenProviderParameters));
-                        if (resultToken) {
-                            logger$c.info(`SetAppTokenProvider has saved the token in cache`);
-                            const expiresInSeconds = (resultToken === null || resultToken === void 0 ? void 0 : resultToken.expiresOnTimestamp)
-                                ? Math.floor((resultToken.expiresOnTimestamp - Date.now()) / 1000)
-                                : 0;
-                            return {
-                                accessToken: resultToken === null || resultToken === void 0 ? void 0 : resultToken.token,
-                                expiresInSeconds,
-                            };
-                        }
-                        else {
-                            logger$c.info(`SetAppTokenProvider token has "no_access_token_returned" as the saved token`);
-                            return {
-                                accessToken: "no_access_token_returned",
-                                expiresInSeconds: 0,
-                            };
-                        }
-                    });
+                    // Added a check to see if SetAppTokenProvider was already defined.
+                    // Don't redefine it if it's already defined, since it should be static method.
+                    if (!this.isAppTokenProviderInitialized) {
+                        this.confidentialApp.SetAppTokenProvider(async (appTokenProviderParameters = appTokenParameters) => {
+                            logger$c.info(`SetAppTokenProvider invoked with parameters- ${JSON.stringify(appTokenProviderParameters)}`);
+                            const resultToken = await this.authenticateManagedIdentity(scopes, Object.assign(Object.assign({}, updatedOptions), appTokenProviderParameters));
+                            if (resultToken) {
+                                logger$c.info(`SetAppTokenProvider has saved the token in cache`);
+                                const expiresInSeconds = (resultToken === null || resultToken === void 0 ? void 0 : resultToken.expiresOnTimestamp)
+                                    ? Math.floor((resultToken.expiresOnTimestamp - Date.now()) / 1000)
+                                    : 0;
+                                const refreshInSeconds = (resultToken === null || resultToken === void 0 ? void 0 : resultToken.refreshesOn)
+                                    ? Math.floor((resultToken.refreshesOn - Date.now()) / 1000)
+                                    : 0;
+                                return {
+                                    accessToken: resultToken === null || resultToken === void 0 ? void 0 : resultToken.token,
+                                    expiresInSeconds,
+                                    refreshInSeconds,
+                                };
+                            }
+                            else {
+                                logger$c.info(`SetAppTokenProvider token has "no_access_token_returned" as the saved token`);
+                                return {
+                                    accessToken: "no_access_token_returned",
+                                    expiresInSeconds: 0,
+                                    refreshInSeconds: 0,
+                                };
+                            }
+                        });
+                        this.isAppTokenProviderInitialized = true;
+                    }
                     const authenticationResult = await this.confidentialApp.acquireTokenByClientCredential(Object.assign({}, appTokenParameters));
                     result = this.handleResult(scopes, authenticationResult || undefined);
                 }