npm - @azure/identity - Versions diffs - 3.2.0-beta.2 → 3.2.1 - Mend

@azure/identity 3.2.0-beta.2 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (26) hide show

package/types/identity.d.ts CHANGED Viewed

@@ -117,7 +117,11 @@ export declare interface AuthenticationRequiredErrorOptions {
  */
 export declare interface AuthorityValidationOptions {
     /**
-     * Setting this flag to `true` disables both authority validation and instance discovery.
+     * The field determines whether instance discovery is performed when attempting to authenticate.
+     * Setting this to `true` will completely disable both instance discovery and authority validation.
+     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
+     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
+     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
      */
     disableInstanceDiscovery?: boolean;
 }
@@ -259,16 +263,35 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
      */
     tenantId?: string;
     /**
-     * Timeout configurable for making token requests, provided in milliseconds
+     * Process timeout configurable for making token requests, provided in milliseconds
      */
     processTimeoutInMs?: number;
 }
 /**
- * This credential will use the currently logged-in user login information
- * via the Azure Developer CLI ('az') commandline tool.
- * To do so, it will read the user access token and expire time
- * with Azure Developer CLI command "azd auth token".
+ * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
+ * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
+ * to Azure developers. It allows users to authenticate as a user and/or a service principal against
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
+ * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
+ * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
+ * service principal and executes an Azure CLI command underneath to authenticate the application against
+ * Azure Active Directory.
+ *
+ * <h2> Configure AzureDeveloperCliCredential </h2>
+ *
+ * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
+ * commands below:
+ *
+ * <ol>
+ *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
+ *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
+ *     --tenant-id tenantID" to authenticate as a service principal.</li>
+ * </ol>
+ *
+ * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
+ * organization. Generally, the refresh token validity period is a few weeks to a few months.
+ * AzureDeveloperCliCredential will prompt you to sign in again.
  */
 export declare class AzureDeveloperCliCredential implements TokenCredential {
     private tenantId?;
@@ -278,7 +301,7 @@ export declare class AzureDeveloperCliCredential implements TokenCredential {
      * Creates an instance of the {@link AzureDeveloperCliCredential}.
      *
      * To use this credential, ensure that you have already logged
-     * in via the 'azd' tool using the command "azd login" from the commandline.
+     * in via the 'azd' tool using the command "azd auth login" from the commandline.
      *
      * @param options - Options, to optionally allow multi-tenant requests.
      */
@@ -303,7 +326,7 @@ export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantT
      */
     tenantId?: string;
     /**
-     * Timeout configurable for making token requests, provided in milliseconds
+     * Process timeout configurable for making token requests, provided in milliseconds
      */
     processTimeoutInMs?: number;
 }
@@ -353,7 +376,7 @@ export declare interface AzurePowerShellCredentialOptions extends MultiTenantTok
      */
     tenantId?: string;
     /**
-     * Timeout configurable for making token requests, provided in milliseconds
+     * Process timeout configurable for making token requests, provided in milliseconds
      */
     processTimeoutInMs?: number;
 }
@@ -402,6 +425,7 @@ export declare class ChainedTokenCredential implements TokenCredential {
      *                `TokenCredential` implementation might make.
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    private getTokenInternal;
 }
 /**
@@ -730,9 +754,9 @@ export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenC
     /**
      * Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},
      * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.
-     * This should be provided in milliseconds.
+     * Process timeout for credentials should be provided in milliseconds.
      */
-    developerCredentialTimeOutInMs?: number;
+    processTimeoutInMs?: number;
 }
 /**
@@ -1057,7 +1081,7 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
 /**
  * Defines the common options for the InteractiveBrowserCredential class.
  */
-export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
+export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
     /**
      * Gets the redirect URI of the application. This should be same as the value
      * in the application registration portal.  Defaults to `window.location.href`.
@@ -1446,7 +1470,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.
  */
-export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
 }
 /**
@@ -1509,9 +1533,18 @@ export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTo
 }
 /**
- * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory Workload Identity</a>
- * for more information.
+ * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
+ * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
+ * authentication, applications authenticate themselves using their own identity, rather than using a shared service
+ * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
+ * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
+ * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
+ * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
+ * need to worry about storing and securing sensitive credentials themselves.
+ * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
+ * a token using the SACs available in the Azure Kubernetes environment.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
+ * Workload Identity</a> for more information.
  */
 export declare class WorkloadIdentityCredential implements TokenCredential {
     private client;
@@ -1523,7 +1556,7 @@ export declare class WorkloadIdentityCredential implements TokenCredential {
      *
      * @param options - The identity client options to use for authentication.
      */
-    constructor(options: WorkloadIdentityCredentialOptions);
+    constructor(options?: WorkloadIdentityCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -1551,7 +1584,7 @@ export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTo
     /**
      * The path to a file containing a Kubernetes service account token that authenticates the identity.
      */
-    federatedTokenFilePath?: string;
+    tokenFilePath?: string;
 }
 export { }