@azure/identity 3.2.0-alpha.20230405.1 → 3.2.0-alpha.20230413.2

package/dist-esm/src/credentials/defaultAzureCredential.js

@@ -41,6 +41,34 @@ export class DefaultManagedIdentityCredential extends ManagedIdentityCredential
         }
     }
 }
+/**
+ * A shim around WorkloadIdentityCredential that adapts it to accept
+ * `DefaultAzureCredentialOptions`.
+ *
+ * @internal
+ */
+export class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
+    // Constructor overload with just the other default options
+    // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
+    constructor(options) {
+        var _a, _b, _c;
+        const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
+        const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
+        const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
+        const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
+        if (workloadFile && workloadIdentityClientId) {
+            const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, federatedTokenFilePath: workloadFile });
+            super(workloadIdentityCredentialOptions);
+        }
+        else if (tenantId) {
+            const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
+            super(workloadIdentityClientTenantOptions);
+        }
+        else {
+            super(options);
+        }
+    }
+}
 export class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
     constructor(options) {
         super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.developerCredentialTimeOutInMs }, options));
@@ -58,7 +86,7 @@ export class DefaultAzurePowershellCredential extends AzurePowerShellCredential
 }
 export const defaultCredentials = [
     EnvironmentCredential,
-    WorkloadIdentityCredential,
+    DefaultWorkloadIdentityCredential,
     DefaultManagedIdentityCredential,
     DefaultAzureDeveloperCliCredential,
     DefaultAzureCliCredential,

package/dist-esm/src/credentials/defaultAzureCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EACL,yBAAyB,GAG1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAc1E;;;;;GAKG;AACH,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAK7E,2DAA2D;IAC3D,sIAAsI;IACtI,YAAY,OAAuC;;QACjD,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;QAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;QAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAClE,yFAAyF;QACzF,IAAI,iBAAiB,EAAE;YACrB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;YACF,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACzC;aAAM,IAAI,YAAY,IAAI,wBAAwB,EAAE;YACnD,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;YACF,KAAK,CAAC,wBAAwB,EAAE,iCAAiC,CAAC,CAAC;SACpE;aAAM,IAAI,uBAAuB,EAAE;YAClC,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;YACF,KAAK,CAAC,4BAA4B,CAAC,CAAC;SACrC;aAAM;YACL,KAAK,CAAC,OAAO,CAAC,CAAC;SAChB;IACH,CAAC;CACF;AAED,MAAM,OAAO,kCAAmC,SAAQ,2BAA2B;IACjF,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AACD,MAAM,OAAO,yBAA0B,SAAQ,kBAAkB;IAC/D,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAC7E,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAmC;IAChE,qBAAqB;IACrB,0BAA0B;IAC1B,gCAAgC;IAChC,kCAAkC;IAClC,yBAAyB;IACzB,gCAAgC;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAmEhE,YACE,OAGyC;QAEzC,KAAK,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions\";\nimport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential\";\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential\";\n\n/**\n * The type of a class that implements TokenCredential and accepts either\n * {@link DefaultAzureCredentialClientIdOptions} or\n * {@link DefaultAzureCredentialResourceIdOptions} or\n * {@link DefaultAzureCredentialOptions}.\n */\ninterface DefaultCredentialConstructor {\n  new (options?: DefaultAzureCredentialOptions): TokenCredential;\n  new (options?: DefaultAzureCredentialResourceIdOptions): TokenCredential;\n  new (options?: DefaultAzureCredentialClientIdOptions): TokenCredential;\n}\n\n/**\n * A shim around ManagedIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultManagedIdentityCredential extends ManagedIdentityCredential {\n  // Constructor overload with just client id options\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n  // Constructor overload with just resource id options\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n  // Constructor overload with just the other default options\n  // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const managedIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n      process.env.AZURE_CLIENT_ID;\n    const workloadIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n      managedIdentityClientId;\n    const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n      ?.managedIdentityResourceId;\n    const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n    const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n    // ManagedIdentityCredential throws if both the resourceId and the clientId are provided.\n    if (managedResourceId) {\n      const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n        ...options,\n        resourceId: managedResourceId,\n      };\n      super(managedIdentityResourceIdOptions);\n    } else if (workloadFile && workloadIdentityClientId) {\n      const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n        ...options,\n        tenantId: tenantId,\n      };\n      super(workloadIdentityClientId, workloadIdentityCredentialOptions);\n    } else if (managedIdentityClientId) {\n      const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n        ...options,\n        clientId: managedIdentityClientId,\n      };\n      super(managedIdentityClientOptions);\n    } else {\n      super(options);\n    }\n  }\n}\n\nexport class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\nexport class DefaultAzureCliCredential extends AzureCliCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\n\nexport class DefaultAzurePowershellCredential extends AzurePowerShellCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\n\nexport const defaultCredentials: DefaultCredentialConstructor[] = [\n  EnvironmentCredential,\n  WorkloadIdentityCredential,\n  DefaultManagedIdentityCredential,\n  DefaultAzureDeveloperCliCredential,\n  DefaultAzureCliCredential,\n  DefaultAzurePowershellCredential,\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   *  Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(\n    options?:\n      | DefaultAzureCredentialOptions\n      | DefaultAzureCredentialResourceIdOptions\n      | DefaultAzureCredentialClientIdOptions\n  ) {\n    super(...defaultCredentials.map((ctor) => new ctor(options)));\n  }\n}\n"]}
+{"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EACL,yBAAyB,GAG1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAe1E;;;;;GAKG;AACH,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAK7E,2DAA2D;IAC3D,sIAAsI;IACtI,YAAY,OAAuC;;QACjD,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;QAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;QAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAClE,yFAAyF;QACzF,IAAI,iBAAiB,EAAE;YACrB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;YACF,KAAK,CAAC,gCAAgC,CAAC,CAAC;SACzC;aAAM,IAAI,YAAY,IAAI,wBAAwB,EAAE;YACnD,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;YACF,KAAK,CAAC,wBAAwB,EAAE,iCAAiC,CAAC,CAAC;SACpE;aAAM,IAAI,uBAAuB,EAAE;YAClC,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;YACF,KAAK,CAAC,4BAA4B,CAAC,CAAC;SACrC;aAAM;YACL,KAAK,CAAC,OAAO,CAAC,CAAC;SAChB;IACH,CAAC;CACF;AACD;;;;;GAKG;AACH,MAAM,OAAO,iCAAkC,SAAQ,0BAA0B;IAG/E,2DAA2D;IAC3D,sIAAsI;IACtI,YAAY,OAAuC;;QACjD,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;QAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE;YAC5C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,sBAAsB,EAAE,YAAY,GACrC,CAAC;YACF,KAAK,CAAC,iCAAiC,CAAC,CAAC;SAC1C;aAAM,IAAI,QAAQ,EAAE;YACnB,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;YACF,KAAK,CAAC,mCAAmC,CAAC,CAAC;SAC5C;aAAM;YACL,KAAK,CAAC,OAA4C,CAAC,CAAC;SACrD;IACH,CAAC;CACF;AAED,MAAM,OAAO,kCAAmC,SAAQ,2BAA2B;IACjF,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AACD,MAAM,OAAO,yBAA0B,SAAQ,kBAAkB;IAC/D,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,gCAAiC,SAAQ,yBAAyB;IAC7E,YAAY,OAAuC;QACjD,KAAK,iBACH,kBAAkB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,IACxD,OAAO,EACV,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAmC;IAChE,qBAAqB;IACrB,iCAAiC;IACjC,gCAAgC;IAChC,kCAAkC;IAClC,yBAAyB;IACzB,gCAAgC;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAmEhE,YACE,OAGyC;QAEzC,KAAK,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions\";\nimport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential\";\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\n\n/**\n * The type of a class that implements TokenCredential and accepts either\n * {@link DefaultAzureCredentialClientIdOptions} or\n * {@link DefaultAzureCredentialResourceIdOptions} or\n * {@link DefaultAzureCredentialOptions}.\n */\ninterface DefaultCredentialConstructor {\n  new (options?: DefaultAzureCredentialOptions): TokenCredential;\n  new (options?: DefaultAzureCredentialResourceIdOptions): TokenCredential;\n  new (options?: DefaultAzureCredentialClientIdOptions): TokenCredential;\n}\n\n/**\n * A shim around ManagedIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultManagedIdentityCredential extends ManagedIdentityCredential {\n  // Constructor overload with just client id options\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n  // Constructor overload with just resource id options\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n  // Constructor overload with just the other default options\n  // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const managedIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n      process.env.AZURE_CLIENT_ID;\n    const workloadIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n      managedIdentityClientId;\n    const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n      ?.managedIdentityResourceId;\n    const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n    const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n    // ManagedIdentityCredential throws if both the resourceId and the clientId are provided.\n    if (managedResourceId) {\n      const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n        ...options,\n        resourceId: managedResourceId,\n      };\n      super(managedIdentityResourceIdOptions);\n    } else if (workloadFile && workloadIdentityClientId) {\n      const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n        ...options,\n        tenantId: tenantId,\n      };\n      super(workloadIdentityClientId, workloadIdentityCredentialOptions);\n    } else if (managedIdentityClientId) {\n      const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n        ...options,\n        clientId: managedIdentityClientId,\n      };\n      super(managedIdentityClientOptions);\n    } else {\n      super(options);\n    }\n  }\n}\n/**\n * A shim around WorkloadIdentityCredential that adapts it to accept\n * `DefaultAzureCredentialOptions`.\n *\n * @internal\n */\nexport class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {\n  // Constructor overload with just client id options\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n  // Constructor overload with just the other default options\n  // Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties\n  constructor(options?: DefaultAzureCredentialOptions) {\n    const managedIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n      process.env.AZURE_CLIENT_ID;\n    const workloadIdentityClientId =\n      (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n      managedIdentityClientId;\n    const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n    const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n    if (workloadFile && workloadIdentityClientId) {\n      const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n        ...options,\n        tenantId,\n        clientId: workloadIdentityClientId,\n        federatedTokenFilePath: workloadFile,\n      };\n      super(workloadIdentityCredentialOptions);\n    } else if (tenantId) {\n      const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n        ...options,\n        tenantId,\n      };\n      super(workloadIdentityClientTenantOptions);\n    } else {\n      super(options as WorkloadIdentityCredentialOptions);\n    }\n  }\n}\n\nexport class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\nexport class DefaultAzureCliCredential extends AzureCliCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\n\nexport class DefaultAzurePowershellCredential extends AzurePowerShellCredential {\n  constructor(options?: DefaultAzureCredentialOptions) {\n    super({\n      processTimeoutInMs: options?.developerCredentialTimeOutInMs,\n      ...options,\n    });\n  }\n}\n\nexport const defaultCredentials: DefaultCredentialConstructor[] = [\n  EnvironmentCredential,\n  DefaultWorkloadIdentityCredential,\n  DefaultManagedIdentityCredential,\n  DefaultAzureDeveloperCliCredential,\n  DefaultAzureCliCredential,\n  DefaultAzurePowershellCredential,\n];\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   *  Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}\n   *\n   * This credential provides a default {@link ChainedTokenCredential} configuration that should\n   * work for most applications that use the Azure SDK.\n   *\n   * The following credential types will be tried, in order:\n   *\n   * - {@link EnvironmentCredential}\n   * - {@link WorkloadIdentityCredential}\n   * - {@link ManagedIdentityCredential}\n   * - {@link AzureDeveloperCliCredential}\n   * - {@link AzureCliCredential}\n   * - {@link AzurePowerShellCredential}\n   *\n   * Consult the documentation of these credential types for more information\n   * on how they attempt authentication.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(\n    options?:\n      | DefaultAzureCredentialOptions\n      | DefaultAzureCredentialResourceIdOptions\n      | DefaultAzureCredentialClientIdOptions\n  ) {\n    super(...defaultCredentials.map((ctor) => new ctor(options)));\n  }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredential.js

@@ -26,37 +26,28 @@ const logger = credentialLogger(credentialName);
  */
 export class WorkloadIdentityCredential {
     /**
-     * @internal
-     * @hidden
+     * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
+     *
+     * @param options - The identity client options to use for authentication.
      */
     constructor(options) {
         this.azureFederatedTokenFileContent = undefined;
         this.cacheDate = undefined;
+        // Logging environment variables for error details
+        const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
+        logger.info(`Found the following environment variables: ${assignedEnv}`);
         const workloadIdentityCredentialOptions = options;
-        if ((workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.clientId) &&
-            (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.tenantId) &&
-            (workloadIdentityCredentialOptions === null || workloadIdentityCredentialOptions === void 0 ? void 0 : workloadIdentityCredentialOptions.federatedTokenFilePath)) {
-            const tenantId = workloadIdentityCredentialOptions.tenantId;
-            if (tenantId) {
-                checkTenantId(logger, tenantId);
-            }
-            this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;
-            logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
-            this.client = new ClientAssertionCredential(tenantId, workloadIdentityCredentialOptions.clientId, this.readFileContents.bind(this), options);
+        const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
+        const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
+        this.federatedTokenFilePath =
+            workloadIdentityCredentialOptions.federatedTokenFilePath ||
+                process.env.AZURE_FEDERATED_TOKEN_FILE;
+        if (tenantId) {
+            checkTenantId(logger, tenantId);
         }
-        else {
-            // Keep track of any missing environment variables for error details
-            const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
-            logger.info(`Found the following environment variables: ${assigned}`);
-            const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;
-            this.federatedTokenFilePath = federatedTokenFilePath;
-            if (tenantId) {
-                checkTenantId(logger, tenantId);
-            }
-            if (tenantId && clientId && federatedTokenFilePath) {
-                logger.info(`Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`);
-                this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
-            }
+        if (clientId && tenantId && this.federatedTokenFilePath) {
+            logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
+            this.client = new ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
         }
     }
     /**

package/dist-esm/src/credentials/workloadIdentityCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAKxE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAqBrC;;;OAGG;IACH,YACE,OAAqF;QAxB/E,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAyBhD,MAAM,iCAAiC,GAAG,OAA4C,CAAC;QAEvF,IACE,CAAA,iCAAiC,aAAjC,iCAAiC,uBAAjC,iCAAiC,CAAE,QAAQ;aAC3C,iCAAiC,aAAjC,iCAAiC,uBAAjC,iCAAiC,CAAE,QAAQ,CAAA;aAC3C,iCAAiC,aAAjC,iCAAiC,uBAAjC,iCAAiC,CAAE,sBAAsB,CAAA,EACzD;YACA,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,CAAC;YAC5D,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YACD,IAAI,CAAC,sBAAsB,GAAG,iCAAiC,CAAC,sBAAsB,CAAC;YACvF,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;YACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,iCAAiC,CAAC,QAAQ,EAC1C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;SACH;aAAM;YACL,oEAAoE;YACpE,MAAM,QAAQ,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;YAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;YAElE,IAAI,CAAC,sBAAsB,GAAG,sBAAsB,CAAC;YACrD,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,sBAAsB,EAAE;gBAClD,MAAM,CAAC,IAAI,CACT,0FAA0F,QAAQ,eAAe,QAAQ,yCAAyC,CACnK,CAAC;gBACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAmD,CACpD,CAAC;aACH;SACF;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;mCAIT,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;SACpD;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;aACH;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport {\n  WorkloadIdentityCredentialOptions,\n  WorkloadIdentityDefaultCredentialOptions,\n} from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory Workload Identity</a>\n * for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options: WorkloadIdentityCredentialOptions);\n\n  /**\n   * @internal\n   * @hidden\n   * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options?: WorkloadIdentityDefaultCredentialOptions);\n  /**\n   * @internal\n   * @hidden\n   */\n  constructor(\n    options: WorkloadIdentityDefaultCredentialOptions | WorkloadIdentityCredentialOptions\n  ) {\n    const workloadIdentityCredentialOptions = options as WorkloadIdentityCredentialOptions;\n\n    if (\n      workloadIdentityCredentialOptions?.clientId &&\n      workloadIdentityCredentialOptions?.tenantId &&\n      workloadIdentityCredentialOptions?.federatedTokenFilePath\n    ) {\n      const tenantId = workloadIdentityCredentialOptions.tenantId;\n      if (tenantId) {\n        checkTenantId(logger, tenantId);\n      }\n      this.federatedTokenFilePath = workloadIdentityCredentialOptions.federatedTokenFilePath;\n      logger.info(\n        `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`\n      );\n      this.client = new ClientAssertionCredential(\n        tenantId,\n        workloadIdentityCredentialOptions.clientId,\n        this.readFileContents.bind(this),\n        options\n      );\n    } else {\n      // Keep track of any missing environment variables for error details\n      const assigned = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n      logger.info(`Found the following environment variables: ${assigned}`);\n\n      const tenantId = process.env.AZURE_TENANT_ID,\n        clientId = process.env.AZURE_CLIENT_ID,\n        federatedTokenFilePath = process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n      this.federatedTokenFilePath = federatedTokenFilePath;\n      if (tenantId) {\n        checkTenantId(logger, tenantId);\n      }\n\n      if (tenantId && clientId && federatedTokenFilePath) {\n        logger.info(\n          `Invoking ClientAssertionCredential with the following environment variables tenant ID: ${tenantId}, clientId: ${clientId} and federatedTokenFilePath: [REDACTED]`\n        );\n        this.client = new ClientAssertionCredential(\n          tenantId,\n          clientId,\n          this.readFileContents.bind(this),\n          options as WorkloadIdentityDefaultCredentialOptions\n        );\n      }\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\"`;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}
+{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA0C;QAT9C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAA4C,CAAC;QACvF,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,sBAAsB;gBACxD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QACzC,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,IAAI,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,sBAAsB,EAAE;YACvD,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;YACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;mCAIT,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;SACpD;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;aACH;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory Workload Identity</a>\n * for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options: WorkloadIdentityCredentialOptions) {\n    // Logging environment variables for error details\n    const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n    const workloadIdentityCredentialOptions = options as WorkloadIdentityCredentialOptions;\n    const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n    const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n    this.federatedTokenFilePath =\n      workloadIdentityCredentialOptions.federatedTokenFilePath ||\n      process.env.AZURE_FEDERATED_TOKEN_FILE;\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n    if (clientId && tenantId && this.federatedTokenFilePath) {\n      logger.info(\n        `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`\n      );\n      this.client = new ClientAssertionCredential(\n        tenantId,\n        clientId,\n        this.readFileContents.bind(this),\n        options\n      );\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\"`;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n  extends WorkloadIdentityDefaultCredentialOptions {\n  /**\n   * ID of the application's Azure Active Directory tenant. Also called its directory ID.\n   */\n  tenantId: string;\n  /**\n   * The client ID of an Azure AD app registration.\n   */\n  clientId: string;\n  /**\n   * The path to a file containing a Kubernetes service account token that authenticates the identity.\n   */\n  federatedTokenFilePath: string;\n}\n\n/**\n * Internal Options for the {@link WorkloadIdentityCredential}, not meant to be used directly.\n */\nexport interface WorkloadIdentityDefaultCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    AuthorityValidationOptions {}\n"]}
+{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    AuthorityValidationOptions {\n  /**\n   * ID of the application's Azure Active Directory tenant. Also called its directory ID.\n   */\n  tenantId?: string;\n  /**\n   * The client ID of an Azure AD app registration.\n   */\n  clientId?: string;\n  /**\n   * The path to a file containing a Kubernetes service account token that authenticates the identity.\n   */\n  federatedTokenFilePath?: string;\n}\n"]}

package/dist-esm/src/index.js

@@ -11,6 +11,7 @@ export { EnvironmentCredential } from "./credentials/environmentCredential";
 export { ClientCertificateCredential, } from "./credentials/clientCertificateCredential";
 export { ClientAssertionCredential } from "./credentials/clientAssertionCredential";
 export { AzureCliCredential } from "./credentials/azureCliCredential";
+export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential";
 export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential";
 export { ManagedIdentityCredential, } from "./credentials/managedIdentityCredential";
 export { DeviceCodeCredential } from "./credentials/deviceCodeCredential";

package/dist-esm/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAS9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAG1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAO1E,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAOpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAStF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n  AuthenticationError,\n  ErrorResponse,\n  AggregateAuthenticationError,\n  AuthenticationErrorName,\n  AggregateAuthenticationErrorName,\n  CredentialUnavailableError,\n  CredentialUnavailableErrorName,\n  AuthenticationRequiredError,\n  AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n  ClientCertificateCredential,\n  ClientCertificateCredentialPEMConfiguration,\n  ClientCertificatePEMCertificatePath,\n  ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n  InteractiveBrowserCredentialNodeOptions,\n  InteractiveBrowserCredentialInBrowserOptions,\n  BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n  DeviceCodePromptCallback,\n  DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\n\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n  OnBehalfOfCredentialOptions,\n  OnBehalfOfCredentialSecretOptions,\n  OnBehalfOfCredentialCertificateOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport {\n  WorkloadIdentityCredentialOptions,\n  WorkloadIdentityDefaultCredentialOptions,\n} from \"./credentials/workloadIdentityCredentialOptions\";\n\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAS9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAG1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAO1E,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAOpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n  AuthenticationError,\n  ErrorResponse,\n  AggregateAuthenticationError,\n  AuthenticationErrorName,\n  AggregateAuthenticationErrorName,\n  CredentialUnavailableError,\n  CredentialUnavailableErrorName,\n  AuthenticationRequiredError,\n  AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n  ClientCertificateCredential,\n  ClientCertificateCredentialPEMConfiguration,\n  ClientCertificatePEMCertificatePath,\n  ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential\";\nexport { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n  InteractiveBrowserCredentialNodeOptions,\n  InteractiveBrowserCredentialInBrowserOptions,\n  BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n  DeviceCodePromptCallback,\n  DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\n\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n  OnBehalfOfCredentialOptions,\n  OnBehalfOfCredentialSecretOptions,\n  OnBehalfOfCredentialCertificateOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions\";\n\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js

@@ -173,7 +173,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
      * Attempts to retrieve a token from cache.
      */
     async getTokenSilent(scopes, options) {
-        var _a, _b;
+        var _a, _b, _c;
         await this.getActiveAccount();
         if (!this.account) {
             throw new AuthenticationRequiredError({
@@ -192,7 +192,14 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         };
         try {
             this.logger.info("Attempting to acquire token silently");
-            const response = (_b = (await ((_a = this.confidentialApp) === null || _a === void 0 ? void 0 : _a.acquireTokenSilent(silentRequest)))) !== null && _b !== void 0 ? _b : (await this.publicApp.acquireTokenSilent(silentRequest));
+            /**
+             * The following code to retrieve all accounts is done as a workaround in an attempt to force the
+             * refresh of the token cache with the token and the account passed in through the
+             * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
+             * This workaround serves as a workoaround for silent authentication not happening when authenticationRecord is passed.
+             */
+            await ((_a = (this.publicApp || this.confidentialApp)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
+            const response = (_c = (await ((_b = this.confidentialApp) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.publicApp.acquireTokenSilent(silentRequest));
             return this.handleResult(scopes, this.clientId, response || undefined);
         }
         catch (err) {

package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,eAAe,GAChB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,yBAAyB,EACzB,iCAAiC,EACjC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAwB5D;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAqBtD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAbP,yBAAoB,GAAY,KAAK,CAAC;QAc9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;YACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1C;QAED,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CACnC,QAAQ,EACR,SAAS,EACT,OAAO,CAAC,wBAAwB,CACjC;gBACD,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;oBACrD,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;iBACzC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;SACJ;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;SACR;QAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;SACH;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,YAAY,EAAE;YACrB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAClE;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;YACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACpF;aAAM;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;gBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;aACH;SACF;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;QACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;SACR;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;SACjE;aAAM;YACL,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;SACR;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;SACxE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;YACF,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE;gBACjB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;aACnC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;gBACtC,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;aAC7C;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAAC,OAAO,GAAQ,EAAE;YACjB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACzC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { getLogLevel } from \"@azure/logger\";\nimport {\n  MsalBaseUtilities,\n  defaultLoggerCallback,\n  getAuthority,\n  getKnownAuthorities,\n  msalToPublic,\n  publicToMsal,\n  getMSALLogLevel,\n} from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, uses a non-regional authority endpoint.\n   */\n  regionalAuthority?: string;\n  /**\n   * Allows logging account information once the authentication flow succeeds.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    allowLoggingAccountIdentifiers?: boolean;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n  protected publicApp: msalNode.PublicClientApplication | undefined;\n  protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n  protected msalConfig: msalNode.Configuration;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected identityClient?: IdentityClient;\n  protected requiresConfidential: boolean = false;\n  protected azureRegion?: string;\n  protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n  /**\n   * MSAL currently caches the tokens depending on the claims used to retrieve them.\n   * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n   * To ensure we always get the latest token, we have to keep track of the claims.\n   */\n  private cachedClaims: string | undefined;\n\n  protected getAssertion: (() => Promise<string>) | undefined;\n  constructor(options: MsalNodeOptions) {\n    super(options);\n    this.msalConfig = this.defaultNodeMsalConfig(options);\n    this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants\n    );\n    this.clientId = this.msalConfig.auth.clientId;\n    if (options?.getAssertion) {\n      this.getAssertion = options.getAssertion;\n    }\n\n    // If persistence has been configured\n    if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n      this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n    } else if (options.tokenCachePersistenceOptions?.enabled) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \")\n      );\n    }\n\n    this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n    if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n      this.azureRegion = \"AUTO_DISCOVER\";\n    }\n  }\n\n  /**\n   * Generates a MSAL configuration that generally works for Node.js\n   */\n  protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n    const clientId = options.clientId || DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n    this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n    const authority = getAuthority(tenantId, this.authorityHost);\n\n    this.identityClient = new IdentityClient({\n      ...options.tokenCredentialOptions,\n      authorityHost: authority,\n      loggingOptions: options.loggingOptions,\n    });\n\n    let clientCapabilities: string[] = [\"cp1\"];\n    if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n      clientCapabilities = [];\n    }\n\n    return {\n      auth: {\n        clientId,\n        authority,\n        knownAuthorities: getKnownAuthorities(\n          tenantId,\n          authority,\n          options.disableInstanceDiscovery\n        ),\n        clientCapabilities,\n      },\n      // Cache is defined in this.prepare();\n      system: {\n        networkClient: this.identityClient,\n        loggerOptions: {\n          loggerCallback: defaultLoggerCallback(options.logger),\n          logLevel: getMSALLogLevel(getLogLevel()),\n        },\n      },\n    };\n  }\n\n  /**\n   * Prepares the MSAL applications.\n   */\n  async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n    if (options?.abortSignal) {\n      options.abortSignal.addEventListener(\"abort\", () => {\n        // This will abort any pending request in the IdentityClient,\n        // based on the received or generated correlationId\n        this.identityClient!.abortRequests(options.correlationId);\n      });\n    }\n\n    if (this.publicApp || this.confidentialApp) {\n      return;\n    }\n\n    if (this.createCachePlugin !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePlugin(),\n      };\n    }\n\n    this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n    if (this.getAssertion) {\n      this.msalConfig.auth.clientAssertion = await this.getAssertion();\n    }\n    // The confidential client requires either a secret, assertion or certificate.\n    if (\n      this.msalConfig.auth.clientSecret ||\n      this.msalConfig.auth.clientAssertion ||\n      this.msalConfig.auth.clientCertificate\n    ) {\n      this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n    } else {\n      if (this.requiresConfidential) {\n        throw new Error(\n          \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n        );\n      }\n    }\n  }\n\n  /**\n   * Allows the cancellation of a MSAL request.\n   */\n  protected withCancellation(\n    promise: Promise<msalCommon.AuthenticationResult | null>,\n    abortSignal?: AbortSignalLike,\n    onCancel?: () => void\n  ): Promise<msalCommon.AuthenticationResult | null> {\n    return new Promise((resolve, reject) => {\n      promise\n        .then((msalToken) => {\n          return resolve(msalToken!);\n        })\n        .catch(reject);\n      if (abortSignal) {\n        abortSignal.addEventListener(\"abort\", () => {\n          onCancel?.();\n        });\n      }\n    });\n  }\n\n  /**\n   * Returns the existing account, attempts to load the account from MSAL.\n   */\n  async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    if (this.account) {\n      return this.account;\n    }\n    const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n    const accountsByTenant = await cache?.getAllAccounts();\n\n    if (!accountsByTenant) {\n      return;\n    }\n\n    if (accountsByTenant.length === 1) {\n      this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n    } else {\n      this.logger\n        .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n      return;\n    }\n\n    return this.account;\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    await this.getActiveAccount();\n    if (!this.account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const silentRequest: msalNode.SilentFlowRequest = {\n      // To be able to re-use the account, the Token Cache must also have been provided.\n      account: publicToMsal(this.account),\n      correlationId: options?.correlationId,\n      scopes,\n      authority: options?.authority,\n      claims: options?.claims,\n    };\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      const response =\n        (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n        (await this.publicApp!.acquireTokenSilent(silentRequest));\n      return this.handleResult(scopes, this.clientId, response || undefined);\n    } catch (err: any) {\n      throw this.handleError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n  /**\n   * Wrapper around each MSAL flow get token operation: doGetToken.\n   * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {}\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    options.authority = getAuthority(tenantId, this.authorityHost);\n\n    options.correlationId = options?.correlationId || this.generateUuid();\n    await this.init(options);\n\n    try {\n      // MSAL now caches tokens based on their claims,\n      // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n      // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n      const optionsClaims = (options as any).claims;\n      if (optionsClaims) {\n        this.cachedClaims = optionsClaims;\n      }\n      if (this.cachedClaims && !optionsClaims) {\n        (options as any).claims = this.cachedClaims;\n      }\n      // We don't return the promise since we want to catch errors right here.\n      return await this.getTokenSilent(scopes, options);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n      return this.doGetToken(scopes, options);\n    }\n  }\n}\n"]}
+{"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,eAAe,GAChB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,yBAAyB,EACzB,iCAAiC,EACjC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAwB5D;;;GAGG;AACH,IAAI,mBAAmB,GAEP,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAS,SAAQ,iBAAiB;IAqBtD,YAAY,OAAwB;;QAClC,KAAK,CAAC,OAAO,CAAC,CAAC;QAbP,yBAAoB,GAAY,KAAK,CAAC;QAc9C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;YACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1C;QAED,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE;YACtF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;SAC3F;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE;YACxD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE;YAC7D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;SACpC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,IAAI,kBAAkB,GAAa,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;YAC1C,kBAAkB,GAAG,EAAE,CAAC;SACzB;QAED,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CACnC,QAAQ,EACR,SAAS,EACT,OAAO,CAAC,wBAAwB,CACjC;gBACD,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;oBACrD,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;iBACzC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE;YACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;SACJ;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE;YAC1C,OAAO;SACR;QAED,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;SACH;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,YAAY,EAAE;YACrB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAClE;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC;YACA,IAAI,CAAC,eAAe,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACpF;aAAM;YACL,IAAI,IAAI,CAAC,oBAAoB,EAAE;gBAC7B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;aACH;SACF;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAwD,EACxD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE;gBACf,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,OAAO,IAAI,CAAC,OAAO,CAAC;SACrB;QACD,MAAM,KAAK,GAAG,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,aAAa,EAAE,mCAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,aAAa,EAAE,CAAC;QACvF,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE;YACrB,OAAO;SACR;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;SACjE;aAAM;YACL,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;SACR;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD;;;;;eAKG;YACH,MAAM,CAAA,MAAA,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,0CAAE,aAAa,GAAG,cAAc,EAAE,CAAA,CAAC;YAEjF,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,CAAC,aAAa,CAAC,CAAA,CAAC,mCAC/D,CAAC,MAAM,IAAI,CAAC,SAAU,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;SACxE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI;YACF,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE;gBACjB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;aACnC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;gBACtC,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;aAC7C;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnD;QAAC,OAAO,GAAQ,EAAE;YACjB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACzC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalCommon from \"@azure/msal-common\";\nimport * as msalNode from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { getLogLevel } from \"@azure/logger\";\nimport {\n  MsalBaseUtilities,\n  defaultLoggerCallback,\n  getAuthority,\n  getKnownAuthorities,\n  msalToPublic,\n  publicToMsal,\n  getMSALLogLevel,\n} from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeveloperSignOnClientId } from \"../../constants\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, uses a non-regional authority endpoint.\n   */\n  regionalAuthority?: string;\n  /**\n   * Allows logging account information once the authentication flow succeeds.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    allowLoggingAccountIdentifiers?: boolean;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nlet persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalCommon.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {\n  protected publicApp: msalNode.PublicClientApplication | undefined;\n  protected confidentialApp: msalNode.ConfidentialClientApplication | undefined;\n  protected msalConfig: msalNode.Configuration;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected identityClient?: IdentityClient;\n  protected requiresConfidential: boolean = false;\n  protected azureRegion?: string;\n  protected createCachePlugin: (() => Promise<msalCommon.ICachePlugin>) | undefined;\n\n  /**\n   * MSAL currently caches the tokens depending on the claims used to retrieve them.\n   * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n   * To ensure we always get the latest token, we have to keep track of the claims.\n   */\n  private cachedClaims: string | undefined;\n\n  protected getAssertion: (() => Promise<string>) | undefined;\n  constructor(options: MsalNodeOptions) {\n    super(options);\n    this.msalConfig = this.defaultNodeMsalConfig(options);\n    this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants\n    );\n    this.clientId = this.msalConfig.auth.clientId;\n    if (options?.getAssertion) {\n      this.getAssertion = options.getAssertion;\n    }\n\n    // If persistence has been configured\n    if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n      this.createCachePlugin = () => persistenceProvider!(options.tokenCachePersistenceOptions);\n    } else if (options.tokenCachePersistenceOptions?.enabled) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \")\n      );\n    }\n\n    this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n    if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n      this.azureRegion = \"AUTO_DISCOVER\";\n    }\n  }\n\n  /**\n   * Generates a MSAL configuration that generally works for Node.js\n   */\n  protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n    const clientId = options.clientId || DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n    this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n    const authority = getAuthority(tenantId, this.authorityHost);\n\n    this.identityClient = new IdentityClient({\n      ...options.tokenCredentialOptions,\n      authorityHost: authority,\n      loggingOptions: options.loggingOptions,\n    });\n\n    let clientCapabilities: string[] = [\"cp1\"];\n    if (process.env.AZURE_IDENTITY_DISABLE_CP1) {\n      clientCapabilities = [];\n    }\n\n    return {\n      auth: {\n        clientId,\n        authority,\n        knownAuthorities: getKnownAuthorities(\n          tenantId,\n          authority,\n          options.disableInstanceDiscovery\n        ),\n        clientCapabilities,\n      },\n      // Cache is defined in this.prepare();\n      system: {\n        networkClient: this.identityClient,\n        loggerOptions: {\n          loggerCallback: defaultLoggerCallback(options.logger),\n          logLevel: getMSALLogLevel(getLogLevel()),\n        },\n      },\n    };\n  }\n\n  /**\n   * Prepares the MSAL applications.\n   */\n  async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n    if (options?.abortSignal) {\n      options.abortSignal.addEventListener(\"abort\", () => {\n        // This will abort any pending request in the IdentityClient,\n        // based on the received or generated correlationId\n        this.identityClient!.abortRequests(options.correlationId);\n      });\n    }\n\n    if (this.publicApp || this.confidentialApp) {\n      return;\n    }\n\n    if (this.createCachePlugin !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePlugin(),\n      };\n    }\n\n    this.publicApp = new msalNode.PublicClientApplication(this.msalConfig);\n    if (this.getAssertion) {\n      this.msalConfig.auth.clientAssertion = await this.getAssertion();\n    }\n    // The confidential client requires either a secret, assertion or certificate.\n    if (\n      this.msalConfig.auth.clientSecret ||\n      this.msalConfig.auth.clientAssertion ||\n      this.msalConfig.auth.clientCertificate\n    ) {\n      this.confidentialApp = new msalNode.ConfidentialClientApplication(this.msalConfig);\n    } else {\n      if (this.requiresConfidential) {\n        throw new Error(\n          \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\"\n        );\n      }\n    }\n  }\n\n  /**\n   * Allows the cancellation of a MSAL request.\n   */\n  protected withCancellation(\n    promise: Promise<msalCommon.AuthenticationResult | null>,\n    abortSignal?: AbortSignalLike,\n    onCancel?: () => void\n  ): Promise<msalCommon.AuthenticationResult | null> {\n    return new Promise((resolve, reject) => {\n      promise\n        .then((msalToken) => {\n          return resolve(msalToken!);\n        })\n        .catch(reject);\n      if (abortSignal) {\n        abortSignal.addEventListener(\"abort\", () => {\n          onCancel?.();\n        });\n      }\n    });\n  }\n\n  /**\n   * Returns the existing account, attempts to load the account from MSAL.\n   */\n  async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    if (this.account) {\n      return this.account;\n    }\n    const cache = this.confidentialApp?.getTokenCache() ?? this.publicApp?.getTokenCache();\n    const accountsByTenant = await cache?.getAllAccounts();\n\n    if (!accountsByTenant) {\n      return;\n    }\n\n    if (accountsByTenant.length === 1) {\n      this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n    } else {\n      this.logger\n        .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n      return;\n    }\n\n    return this.account;\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    await this.getActiveAccount();\n    if (!this.account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const silentRequest: msalNode.SilentFlowRequest = {\n      // To be able to re-use the account, the Token Cache must also have been provided.\n      account: publicToMsal(this.account),\n      correlationId: options?.correlationId,\n      scopes,\n      authority: options?.authority,\n      claims: options?.claims,\n    };\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      /**\n       * The following code to retrieve all accounts is done as a workaround in an attempt to force the\n       * refresh of the token cache with the token and the account passed in through the\n       * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651\n       * This workaround serves as a workoaround for silent authentication not happening when authenticationRecord is passed.\n       */\n      await (this.publicApp || this.confidentialApp)?.getTokenCache().getAllAccounts();\n\n      const response =\n        (await this.confidentialApp?.acquireTokenSilent(silentRequest)) ??\n        (await this.publicApp!.acquireTokenSilent(silentRequest));\n      return this.handleResult(scopes, this.clientId, response || undefined);\n    } catch (err: any) {\n      throw this.handleError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n  /**\n   * Wrapper around each MSAL flow get token operation: doGetToken.\n   * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {}\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    options.authority = getAuthority(tenantId, this.authorityHost);\n\n    options.correlationId = options?.correlationId || this.generateUuid();\n    await this.init(options);\n\n    try {\n      // MSAL now caches tokens based on their claims,\n      // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n      // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n      const optionsClaims = (options as any).claims;\n      if (optionsClaims) {\n        this.cachedClaims = optionsClaims;\n      }\n      if (this.cachedClaims && !optionsClaims) {\n        (options as any).claims = this.cachedClaims;\n      }\n      // We don't return the promise since we want to catch errors right here.\n      return await this.getTokenSilent(scopes, options);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n      return this.doGetToken(scopes, options);\n    }\n  }\n}\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "3.2.0-alpha.20230405.1",
+  "version": "3.2.0-alpha.20230413.2",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",

package/types/identity.d.ts

@@ -264,6 +264,50 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
     processTimeoutInMs?: number;
 }
 
+/**
+ * This credential will use the currently logged-in user login information
+ * via the Azure Developer CLI ('az') commandline tool.
+ * To do so, it will read the user access token and expire time
+ * with Azure Developer CLI command "azd auth token".
+ */
+export declare class AzureDeveloperCliCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private timeout?;
+    /**
+     * Creates an instance of the {@link AzureDeveloperCliCredential}.
+     *
+     * To use this credential, ensure that you have already logged
+     * in via the 'azd' tool using the command "azd login" from the commandline.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options?: AzureDeveloperCliCredentialOptions);
+    /**
+     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+
+/**
+ * Options for the {@link AzureDeveloperCliCredential}
+ */
+export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
+    /**
+     * Allows specifying a tenant ID
+     */
+    tenantId?: string;
+    /**
+     * Timeout configurable for making token requests, provided in milliseconds
+     */
+    processTimeoutInMs?: number;
+}
+
 /**
  * This credential will use the currently logged-in user information from the
  * Azure PowerShell module. To do so, it will read the user access token and
@@ -1480,7 +1524,6 @@ export declare class WorkloadIdentityCredential implements TokenCredential {
      * @param options - The identity client options to use for authentication.
      */
     constructor(options: WorkloadIdentityCredentialOptions);
-    /* Excluded from this release type: __constructor */
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1496,25 +1539,19 @@ export declare class WorkloadIdentityCredential implements TokenCredential {
 /**
  * Options for the {@link WorkloadIdentityCredential}
  */
-export declare interface WorkloadIdentityCredentialOptions extends WorkloadIdentityDefaultCredentialOptions {
+export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
     /**
      * ID of the application's Azure Active Directory tenant. Also called its directory ID.
      */
-    tenantId: string;
+    tenantId?: string;
     /**
      * The client ID of an Azure AD app registration.
      */
-    clientId: string;
+    clientId?: string;
     /**
      * The path to a file containing a Kubernetes service account token that authenticates the identity.
      */
-    federatedTokenFilePath: string;
-}
-
-/**
- * Internal Options for the {@link WorkloadIdentityCredential}, not meant to be used directly.
- */
-export declare interface WorkloadIdentityDefaultCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+    federatedTokenFilePath?: string;
 }
 
 export { }