@azure/identity 3.3.1-alpha.20231009.1 → 3.3.1-alpha.20231012.3

package/dist/index.js

@@ -1,11 +1,9 @@
 'use strict';
 
-var msalNode = require('@azure/msal-node');
+var msalCommon = require('@azure/msal-node');
 var logger$o = require('@azure/logger');
-var msalCommon = require('@azure/msal-common');
 var abortController = require('@azure/abort-controller');
 var coreUtil = require('@azure/core-util');
-var uuid = require('uuid');
 var coreClient = require('@azure/core-client');
 var coreRestPipeline = require('@azure/core-rest-pipeline');
 var coreTracing = require('@azure/core-tracing');
@@ -17,9 +15,7 @@ var https = require('https');
 var child_process = require('child_process');
 var crypto = require('crypto');
 var util = require('util');
-var http = require('http');
 var open = require('open');
-var stoppable = require('stoppable');
 
 function _interopNamespaceDefault(e) {
     var n = Object.create(null);
@@ -38,7 +34,6 @@ function _interopNamespaceDefault(e) {
     return Object.freeze(n);
 }
 
-var msalNode__namespace = /*#__PURE__*/_interopNamespaceDefault(msalNode);
 var msalCommon__namespace = /*#__PURE__*/_interopNamespaceDefault(msalCommon);
 var child_process__namespace = /*#__PURE__*/_interopNamespaceDefault(child_process);
 
@@ -412,7 +407,7 @@ class MsalBaseUtilities {
      * Generates a UUID
      */
     generateUuid() {
-        return uuid.v4();
+        return coreUtil.randomUUID();
     }
     /**
      * Handles the MSAL authentication result.
@@ -1161,10 +1156,10 @@ class MsalNode extends MsalBaseUtilities {
             };
         }
         if (options === null || options === void 0 ? void 0 : options.enableCae) {
-            this.caeApp.public = new msalNode__namespace.PublicClientApplication(this.msalConfig);
+            this.caeApp.public = new msalCommon__namespace.PublicClientApplication(this.msalConfig);
         }
         else {
-            this.app.public = new msalNode__namespace.PublicClientApplication(this.msalConfig);
+            this.app.public = new msalCommon__namespace.PublicClientApplication(this.msalConfig);
         }
         if (this.getAssertion) {
             this.msalConfig.auth.clientAssertion = await this.getAssertion();
@@ -1174,10 +1169,10 @@ class MsalNode extends MsalBaseUtilities {
             this.msalConfig.auth.clientAssertion ||
             this.msalConfig.auth.clientCertificate) {
             if (options === null || options === void 0 ? void 0 : options.enableCae) {
-                this.caeApp.confidential = new msalNode__namespace.ConfidentialClientApplication(this.msalConfig);
+                this.caeApp.confidential = new msalCommon__namespace.ConfidentialClientApplication(this.msalConfig);
             }
             else {
-                this.app.confidential = new msalNode__namespace.ConfidentialClientApplication(this.msalConfig);
+                this.app.confidential = new msalCommon__namespace.ConfidentialClientApplication(this.msalConfig);
             }
         }
         else {
@@ -2326,8 +2321,9 @@ class ManagedIdentityCredential {
         /**  authority host validation and metadata discovery to be skipped in managed identity
          * since this wasn't done previously before adding token cache support
          */
-        this.confidentialApp = new msalNode.ConfidentialClientApplication({
+        this.confidentialApp = new msalCommon.ConfidentialClientApplication({
             auth: {
+                authority: "https://login.microsoftonline.com/managed_identity",
                 clientId: (_a = this.clientId) !== null && _a !== void 0 ? _a : DeveloperSignOnClientId,
                 clientSecret: "dummy-secret",
                 cloudDiscoveryMetadata: '{"tenant_discovery_endpoint":"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}',
@@ -2415,7 +2411,7 @@ class ManagedIdentityCredential {
                 else {
                     const appTokenParameters = {
                         correlationId: this.identityClient.getCorrelationId(),
-                        tenantId: (options === null || options === void 0 ? void 0 : options.tenantId) || "organizations",
+                        tenantId: (options === null || options === void 0 ? void 0 : options.tenantId) || "managed_identity",
                         scopes: Array.isArray(scopes) ? scopes : [scopes],
                         claims: options === null || options === void 0 ? void 0 : options.claims,
                     };
@@ -3717,146 +3713,25 @@ const interactiveBrowserMockable = {
 class MsalOpenBrowser extends MsalNode {
     constructor(options) {
         super(options);
-        this.logger = credentialLogger("Node.js MSAL Open Browser");
-        this.redirectUri = options.redirectUri;
         this.loginHint = options.loginHint;
-        const url = new URL(this.redirectUri);
-        this.port = parseInt(url.port);
-        if (isNaN(this.port)) {
-            this.port = 80;
-        }
-        this.hostname = url.hostname;
-    }
-    async acquireTokenByCode(request, enableCae) {
-        return this.getApp("public", enableCae).acquireTokenByCode(request);
-    }
-    doGetToken(scopes, options) {
-        return new Promise((resolve, reject) => {
-            const socketToDestroy = [];
-            const requestListener = (req, res) => {
-                var _a;
-                if (!req.url) {
-                    reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
-                    return;
-                }
-                let url;
-                try {
-                    url = new URL(req.url, this.redirectUri);
-                }
-                catch (e) {
-                    reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
-                    return;
-                }
-                const tokenRequest = {
-                    code: url.searchParams.get("code"),
-                    redirectUri: this.redirectUri,
-                    scopes: scopes,
-                    authority: options === null || options === void 0 ? void 0 : options.authority,
-                    codeVerifier: (_a = this.pkceCodes) === null || _a === void 0 ? void 0 : _a.verifier,
-                };
-                this.acquireTokenByCode(tokenRequest, options === null || options === void 0 ? void 0 : options.enableCae)
-                    .then((authResponse) => {
-                    if (authResponse === null || authResponse === void 0 ? void 0 : authResponse.account) {
-                        this.account = msalToPublic(this.clientId, authResponse.account);
-                    }
-                    const successMessage = `Authentication Complete. You can close the browser and return to the application.`;
-                    if (authResponse && authResponse.expiresOn) {
-                        const expiresOnTimestamp = authResponse === null || authResponse === void 0 ? void 0 : authResponse.expiresOn.valueOf();
-                        res.writeHead(200);
-                        res.end(successMessage);
-                        this.logger.getToken.info(formatSuccess(scopes));
-                        resolve({
-                            expiresOnTimestamp,
-                            token: authResponse.accessToken,
-                        });
-                    }
-                    else {
-                        const errorMessage = formatError(scopes, `${url.searchParams.get("error")}. ${url.searchParams.get("error_description")}`);
-                        res.writeHead(500);
-                        res.end(errorMessage);
-                        this.logger.getToken.info(errorMessage);
-                        reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
-                    }
-                    cleanup();
-                    return;
-                })
-                    .catch(() => {
-                    const errorMessage = formatError(scopes, `${url.searchParams.get("error")}. ${url.searchParams.get("error_description")}`);
-                    res.writeHead(500);
-                    res.end(errorMessage);
-                    this.logger.getToken.info(errorMessage);
-                    reject(new Error(`Interactive Browser Authentication Error "Did not receive token with a valid expiration"`));
-                    cleanup();
-                });
-            };
-            const app = http.createServer(requestListener);
-            const server = stoppable(app);
-            const listen = app.listen(this.port, this.hostname, () => this.logger.info(`InteractiveBrowserCredential listening on port ${this.port}!`));
-            function cleanup() {
-                if (listen) {
-                    listen.close();
-                }
-                for (const socket of socketToDestroy) {
-                    socket.destroy();
-                }
-                if (server) {
-                    server.close();
-                    server.stop();
-                }
-            }
-            app.on("connection", (socket) => socketToDestroy.push(socket));
-            app.on("error", (err) => {
-                cleanup();
-                const code = err.code;
-                if (code === "EACCES" || code === "EADDRINUSE") {
-                    reject(new CredentialUnavailableError([
-                        `InteractiveBrowserCredential: Access denied to port ${this.port}.`,
-                        `Try sending a redirect URI with a different port, as follows:`,
-                        '`new InteractiveBrowserCredential({ redirectUri: "http://localhost:1337" })`',
-                    ].join(" ")));
-                }
-                else {
-                    reject(new CredentialUnavailableError(`InteractiveBrowserCredential: Failed to start the necessary web server. Error: ${err.message}`));
-                }
-            });
-            app.on("listening", () => {
-                const openPromise = this.openAuthCodeUrl(scopes, options);
-                const abortSignal = options === null || options === void 0 ? void 0 : options.abortSignal;
-                if (abortSignal) {
-                    abortSignal.addEventListener("abort", () => {
-                        cleanup();
-                        reject(new Error("Aborted"));
-                    });
-                }
-                openPromise.catch((e) => {
-                    cleanup();
-                    reject(e);
-                });
-            });
-        });
+        this.logger = credentialLogger("Node.js MSAL Open Browser");
     }
-    async openAuthCodeUrl(scopeArray, options) {
-        // Initialize CryptoProvider instance
-        const cryptoProvider = new msalNode__namespace.CryptoProvider();
-        // Generate PKCE Codes before starting the authorization flow
-        this.pkceCodes = await cryptoProvider.generatePkceCodes();
-        const authCodeUrlParameters = {
-            scopes: scopeArray,
-            correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
-            redirectUri: this.redirectUri,
-            authority: options === null || options === void 0 ? void 0 : options.authority,
-            claims: options === null || options === void 0 ? void 0 : options.claims,
-            loginHint: this.loginHint,
-            codeChallenge: this.pkceCodes.challenge,
-            codeChallengeMethod: "S256", // Use SHA256 Algorithm
-        };
-        const response = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).getAuthCodeUrl(authCodeUrlParameters);
+    async doGetToken(scopes, options) {
         try {
-            // A new instance on macOS only which allows it to not hang, does not fix the issue on linux
-            await interactiveBrowserMockable.open(response, { wait: true, newInstance: true });
+            const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive({
+                openBrowser: async (url) => {
+                    await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });
+                },
+                scopes,
+                authority: options === null || options === void 0 ? void 0 : options.authority,
+                claims: options === null || options === void 0 ? void 0 : options.claims,
+                correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
+                loginHint: this.loginHint,
+            });
+            return this.handleResult(scopes, this.clientId, result || undefined);
         }
-        catch (e) {
-            throw new CredentialUnavailableError(`InteractiveBrowserCredential: Could not open a browser window. Error: ${e.message}`);
+        catch (err) {
+            throw this.handleError(scopes, err, options);
         }
     }
 }