@azure/identity 3.2.0-alpha.20230405.1 → 3.2.0-alpha.20230413.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (13) hide show
  1. package/dist/index.js +55 -28
  2. package/dist/index.js.map +1 -1
  3. package/dist-esm/src/credentials/defaultAzureCredential.js +29 -1
  4. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  5. package/dist-esm/src/credentials/workloadIdentityCredential.js +16 -25
  6. package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
  7. package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map +1 -1
  8. package/dist-esm/src/index.js +1 -0
  9. package/dist-esm/src/index.js.map +1 -1
  10. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +9 -2
  11. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
  12. package/package.json +1 -1
  13. package/types/identity.d.ts +48 -11
package/dist/index.js CHANGED
@@ -1217,7 +1217,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1217
1217
  * Attempts to retrieve a token from cache.
1218
1218
  */
1219
1219
  async getTokenSilent(scopes, options) {
1220
- var _a, _b;
1220
+ var _a, _b, _c;
1221
1221
  await this.getActiveAccount();
1222
1222
  if (!this.account) {
1223
1223
  throw new AuthenticationRequiredError({
@@ -1236,7 +1236,14 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1236
1236
  };
1237
1237
  try {
1238
1238
  this.logger.info("Attempting to acquire token silently");
1239
- const response = (_b = (await ((_a = this.confidentialApp) === null || _a === void 0 ? void 0 : _a.acquireTokenSilent(silentRequest)))) !== null && _b !== void 0 ? _b : (await this.publicApp.acquireTokenSilent(silentRequest));
1239
+ /**
1240
+ * The following code to retrieve all accounts is done as a workaround in an attempt to force the
1241
+ * refresh of the token cache with the token and the account passed in through the
1242
+ * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
1243
+ * This workaround serves as a workoaround for silent authentication not happening when authenticationRecord is passed.
1244
+ */
1245
+ await ((_a = (this.publicApp || this.confidentialApp)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
1246
+ const response = (_c = (await ((_b = this.confidentialApp) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.publicApp.acquireTokenSilent(silentRequest));
1240
1247
  return this.handleResult(scopes, this.clientId, response || undefined);
1241
1248
  }
1242
1249
  catch (err) {
@@ -1993,37 +2000,28 @@ const logger$g = credentialLogger(credentialName$3);
1993
2000
  */
1994
2001
  class WorkloadIdentityCredential {
1995
2002
  /**
1996
- * @internal
1997
- * @hidden
2003
+ * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
2004
+ *
2005
+ * @param options - The identity client options to use for authentication.
1998
2006
  */
1999
2007
  constructor(options) {
2000
2008
  this.azureFederatedTokenFileContent = undefined;
2001
2009
  this.cacheDate = undefined;
2010
+ // Logging environment variables for error details
2011
+ const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
2012
+ logger$g.info(`Found the following environment variables: ${assignedEnv}`);
2002
2013
  const workloadIdentityCredentialOptions = options;
2003
- if ((workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.clientId) &&
2004
- (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.tenantId) &&
2005
- (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.federatedTokenFilePath)) {
2006
- const tenantId = workloadIdentityCredentialOptions.tenantId;
2007
- if (tenantId) {
2008
- checkTenantId(logger$g, tenantId);
2009
- }
2010
- this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;
2011
- logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
2012
- this.client = new ClientAssertionCredential(tenantId, workloadIdentityCredentialOptions.clientId, this.readFileContents.bind(this), options);
2014
+ const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
2015
+ const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
2016
+ this.federatedTokenFilePath =
2017
+ workloadIdentityCredentialOptions.federatedTokenFilePath ||
2018
+ process.env.AZURE_FEDERATED_TOKEN_FILE;
2019
+ if (tenantId) {
2020
+ checkTenantId(logger$g, tenantId);
2013
2021
  }
2014
- else {
2015
- // Keep track of any missing environment variables for error details
2016
- const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
2017
- logger$g.info(`Found the following environment variables: ${assigned}`);
2018
- const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;
2019
- this.federatedTokenFilePath = federatedTokenFilePath;
2020
- if (tenantId) {
2021
- checkTenantId(logger$g, tenantId);
2022
- }
2023
- if (tenantId && clientId && federatedTokenFilePath) {
2024
- logger$g.info(`Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`);
2025
- this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
2026
- }
2022
+ if (clientId && tenantId && this.federatedTokenFilePath) {
2023
+ logger$g.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
2024
+ this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
2027
2025
  }
2028
2026
  }
2029
2027
  /**
@@ -3563,6 +3561,34 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
3563
3561
  }
3564
3562
  }
3565
3563
  }
3564
+ /**
3565
+ * A shim around WorkloadIdentityCredential that adapts it to accept
3566
+ * `DefaultAzureCredentialOptions`.
3567
+ *
3568
+ * @internal
3569
+ */
3570
+ class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
3571
+ // Constructor overload with just the other default options
3572
+ // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
3573
+ constructor(options) {
3574
+ var _a, _b, _c;
3575
+ const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
3576
+ const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
3577
+ const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
3578
+ const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
3579
+ if (workloadFile && workloadIdentityClientId) {
3580
+ const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, federatedTokenFilePath: workloadFile });
3581
+ super(workloadIdentityCredentialOptions);
3582
+ }
3583
+ else if (tenantId) {
3584
+ const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
3585
+ super(workloadIdentityClientTenantOptions);
3586
+ }
3587
+ else {
3588
+ super(options);
3589
+ }
3590
+ }
3591
+ }
3566
3592
  class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
3567
3593
  constructor(options) {
3568
3594
  super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
@@ -3580,7 +3606,7 @@ class DefaultAzurePowershellCredential extends AzurePowerShellCredential {
3580
3606
  }
3581
3607
  const defaultCredentials = [
3582
3608
  EnvironmentCredential,
3583
- WorkloadIdentityCredential,
3609
+ DefaultWorkloadIdentityCredential,
3584
3610
  DefaultManagedIdentityCredential,
3585
3611
  DefaultAzureDeveloperCliCredential,
3586
3612
  DefaultAzureCliCredential,
@@ -4135,6 +4161,7 @@ exports.AuthenticationErrorName = AuthenticationErrorName;
4135
4161
  exports.AuthenticationRequiredError = AuthenticationRequiredError;
4136
4162
  exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
4137
4163
  exports.AzureCliCredential = AzureCliCredential;
4164
+ exports.AzureDeveloperCliCredential = AzureDeveloperCliCredential;
4138
4165
  exports.AzurePowerShellCredential = AzurePowerShellCredential;
4139
4166
  exports.ChainedTokenCredential = ChainedTokenCredential;
4140
4167
  exports.ClientAssertionCredential = ClientAssertionCredential;