@azure/identity 3.2.0-alpha.20230420.2 → 3.2.0-alpha.20230425.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +50 -22
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/authorityValidationOptions.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +31 -11
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +4 -4
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js +14 -6
- package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/package.json +1 -1
- package/types/identity.d.ts +50 -18
package/types/identity.d.ts
CHANGED
|
@@ -117,9 +117,13 @@ export declare interface AuthenticationRequiredErrorOptions {
|
|
|
117
117
|
*/
|
|
118
118
|
export declare interface AuthorityValidationOptions {
|
|
119
119
|
/**
|
|
120
|
-
*
|
|
120
|
+
* The field determines whether instance discovery is performed when attempting to authenticate.
|
|
121
|
+
* Setting this to `true` will completely disable both instance discovery and authority validation.
|
|
122
|
+
* As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
|
|
123
|
+
* This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
|
|
124
|
+
* The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
|
|
121
125
|
*/
|
|
122
|
-
|
|
126
|
+
disableAuthorityValidationAndInstanceDiscovery?: boolean;
|
|
123
127
|
}
|
|
124
128
|
|
|
125
129
|
/**
|
|
@@ -259,16 +263,35 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
|
|
|
259
263
|
*/
|
|
260
264
|
tenantId?: string;
|
|
261
265
|
/**
|
|
262
|
-
*
|
|
266
|
+
* Process timeout configurable for making token requests, provided in milliseconds
|
|
263
267
|
*/
|
|
264
268
|
processTimeoutInMs?: number;
|
|
265
269
|
}
|
|
266
270
|
|
|
267
271
|
/**
|
|
268
|
-
*
|
|
269
|
-
*
|
|
270
|
-
*
|
|
271
|
-
*
|
|
272
|
+
* Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
|
|
273
|
+
* resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
|
|
274
|
+
* to Azure developers. It allows users to authenticate as a user and/or a service principal against
|
|
275
|
+
* <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
|
|
276
|
+
* </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
|
|
277
|
+
* the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
|
|
278
|
+
* service principal and executes an Azure CLI command underneath to authenticate the application against
|
|
279
|
+
* Azure Active Directory.
|
|
280
|
+
*
|
|
281
|
+
* <h2> Configure AzureDeveloperCliCredential </h2>
|
|
282
|
+
*
|
|
283
|
+
* To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
|
|
284
|
+
* commands below:
|
|
285
|
+
*
|
|
286
|
+
* <ol>
|
|
287
|
+
* <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
|
|
288
|
+
* <li>Run "azd auth login --client-id clientID --client-secret clientSecret
|
|
289
|
+
* --tenant-id tenantID" to authenticate as a service principal.</li>
|
|
290
|
+
* </ol>
|
|
291
|
+
*
|
|
292
|
+
* You may need to repeat this process after a certain time period, depending on the refresh token validity in your
|
|
293
|
+
* organization. Generally, the refresh token validity period is a few weeks to a few months.
|
|
294
|
+
* AzureDeveloperCliCredential will prompt you to sign in again.
|
|
272
295
|
*/
|
|
273
296
|
export declare class AzureDeveloperCliCredential implements TokenCredential {
|
|
274
297
|
private tenantId?;
|
|
@@ -278,7 +301,7 @@ export declare class AzureDeveloperCliCredential implements TokenCredential {
|
|
|
278
301
|
* Creates an instance of the {@link AzureDeveloperCliCredential}.
|
|
279
302
|
*
|
|
280
303
|
* To use this credential, ensure that you have already logged
|
|
281
|
-
* in via the 'azd' tool using the command "azd login" from the commandline.
|
|
304
|
+
* in via the 'azd' tool using the command "azd auth login" from the commandline.
|
|
282
305
|
*
|
|
283
306
|
* @param options - Options, to optionally allow multi-tenant requests.
|
|
284
307
|
*/
|
|
@@ -303,7 +326,7 @@ export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantT
|
|
|
303
326
|
*/
|
|
304
327
|
tenantId?: string;
|
|
305
328
|
/**
|
|
306
|
-
*
|
|
329
|
+
* Process timeout configurable for making token requests, provided in milliseconds
|
|
307
330
|
*/
|
|
308
331
|
processTimeoutInMs?: number;
|
|
309
332
|
}
|
|
@@ -353,7 +376,7 @@ export declare interface AzurePowerShellCredentialOptions extends MultiTenantTok
|
|
|
353
376
|
*/
|
|
354
377
|
tenantId?: string;
|
|
355
378
|
/**
|
|
356
|
-
*
|
|
379
|
+
* Process timeout configurable for making token requests, provided in milliseconds
|
|
357
380
|
*/
|
|
358
381
|
processTimeoutInMs?: number;
|
|
359
382
|
}
|
|
@@ -731,9 +754,9 @@ export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenC
|
|
|
731
754
|
/**
|
|
732
755
|
* Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},
|
|
733
756
|
* {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.
|
|
734
|
-
*
|
|
757
|
+
* Process timeout for credentials should be provided in milliseconds.
|
|
735
758
|
*/
|
|
736
|
-
|
|
759
|
+
credentialProcessTimeoutInMs?: number;
|
|
737
760
|
}
|
|
738
761
|
|
|
739
762
|
/**
|
|
@@ -1058,7 +1081,7 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
|
|
|
1058
1081
|
/**
|
|
1059
1082
|
* Defines the common options for the InteractiveBrowserCredential class.
|
|
1060
1083
|
*/
|
|
1061
|
-
export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions
|
|
1084
|
+
export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
|
|
1062
1085
|
/**
|
|
1063
1086
|
* Gets the redirect URI of the application. This should be same as the value
|
|
1064
1087
|
* in the application registration portal. Defaults to `window.location.href`.
|
|
@@ -1447,7 +1470,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
|
|
|
1447
1470
|
/**
|
|
1448
1471
|
* Defines options for the {@link UsernamePasswordCredential} class.
|
|
1449
1472
|
*/
|
|
1450
|
-
export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
|
|
1473
|
+
export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
|
|
1451
1474
|
}
|
|
1452
1475
|
|
|
1453
1476
|
/**
|
|
@@ -1510,9 +1533,18 @@ export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTo
|
|
|
1510
1533
|
}
|
|
1511
1534
|
|
|
1512
1535
|
/**
|
|
1513
|
-
*
|
|
1514
|
-
*
|
|
1515
|
-
*
|
|
1536
|
+
* Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
|
|
1537
|
+
* to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
|
|
1538
|
+
* authentication, applications authenticate themselves using their own identity, rather than using a shared service
|
|
1539
|
+
* principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
|
|
1540
|
+
* Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
|
|
1541
|
+
* Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
|
|
1542
|
+
* each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
|
|
1543
|
+
* need to worry about storing and securing sensitive credentials themselves.
|
|
1544
|
+
* The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
|
|
1545
|
+
* a token using the SACs available in the Azure Kubernetes environment.
|
|
1546
|
+
* Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
|
|
1547
|
+
* Workload Identity</a> for more information.
|
|
1516
1548
|
*/
|
|
1517
1549
|
export declare class WorkloadIdentityCredential implements TokenCredential {
|
|
1518
1550
|
private client;
|
|
@@ -1552,7 +1584,7 @@ export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTo
|
|
|
1552
1584
|
/**
|
|
1553
1585
|
* The path to a file containing a Kubernetes service account token that authenticates the identity.
|
|
1554
1586
|
*/
|
|
1555
|
-
|
|
1587
|
+
tokenFilePath?: string;
|
|
1556
1588
|
}
|
|
1557
1589
|
|
|
1558
1590
|
export { }
|