@azure/identity 3.3.2-alpha.20231013.2 → 3.3.2-alpha.20231017.9

package/README.md

@@ -1,6 +1,6 @@
 # Azure Identity client library for JavaScript
 
-The Azure Identity library provides [Azure Active Directory (Azure AD)](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) token authentication through a set of convenient [TokenCredential](https://learn.microsoft.com/javascript/api/@azure/core-auth/tokencredential) implementations.
+The Azure Identity library provides [Microsoft Entra ID](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) ([formerly Azure Active Directory](https://learn.microsoft.com/azure/active-directory/fundamentals/new-name)) token authentication through a set of convenient [TokenCredential](https://learn.microsoft.com/javascript/api/@azure/core-auth/tokencredential) implementations.
 
 For examples of various credentials, see the [Azure Identity examples page](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md).
 
@@ -9,7 +9,7 @@ Key links:
 - [Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity)
 - [Package (npm)](https://www.npmjs.com/package/@azure/identity)
 - [API Reference Documentation](https://learn.microsoft.com/javascript/api/@azure/identity)
-- [Azure AD documentation](https://azure.microsoft.com/services/active-directory/)
+- [Microsoft Entra ID documentation](https://azure.microsoft.com/services/active-directory/)
 - [Samples](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2)
 
 ## Getting started
@@ -110,13 +110,13 @@ To authenticate Azure SDK clients within web browsers, we offer the `Interactive
 
 ## Key concepts
 
-If this is your first time using `@azure/identity` or the Microsoft Identity platform (Azure AD), read [Using `@azure/identity` with Microsoft Identity Platform](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document provides a deeper understanding of the platform and how to configure your Azure account correctly.
+If this is your first time using `@azure/identity` or Microsoft Entra ID, read [Using `@azure/identity` with Microsoft Entra ID](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/using-azure-identity.md) first. This document provides a deeper understanding of the platform and how to configure your Azure account correctly.
 
 ### Credentials
 
 A credential is a class which contains or can obtain the data needed for a service client to authenticate requests. Service clients across the Azure SDK accept credentials when they're constructed. Service clients use those credentials to authenticate requests to the service.
 
-The Azure Identity library focuses on OAuth authentication with Azure AD, and it offers a variety of credential classes capable of acquiring an Azure AD token to authenticate service requests. All of the credential classes in this library are implementations of the [TokenCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-auth/src/tokenCredential.ts) abstract class, and any of them can be used by to construct service clients capable of authenticating with a TokenCredential.
+The Azure Identity library focuses on OAuth authentication with Microsoft Entra ID, and it offers a variety of credential classes capable of acquiring a Microsoft Entra token to authenticate service requests. All of the credential classes in this library are implementations of the [TokenCredential](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-auth/src/tokenCredential.ts) abstract class, and any of them can be used by to construct service clients capable of authenticating with a TokenCredential.
 
 See [Credential Classes](#credential-classes).
 
@@ -217,7 +217,7 @@ For examples of how to use managed identity for authentication, see [the example
 
 ## Cloud configuration
 
-Credentials default to authenticating to the Azure AD endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The `AzureAuthorityHosts` interface defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
+Credentials default to authenticating to the Microsoft Entra endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The `AzureAuthorityHosts` interface defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
 
 ```typescript
 import { AzureAuthorityHosts, ClientSecretCredential } from "@azure/identity";
@@ -243,7 +243,7 @@ Not all credentials require this configuration. Credentials that authenticate th
 | [`ChainedTokenCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/chainedtokencredential?view=azure-node-latest)       | Allows users to define custom authentication flows composing multiple credentials.                               | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#chaining-credentials)                                            |
 | [`EnvironmentCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest)         | Authenticates a service principal or user via credential information specified in environment variables.         | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-environment-credentials) |
 | [`ManagedIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest) | Authenticates the managed identity of an Azure resource.                                                         | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-managed-identity)                   |
-| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest)| Supports [Azure AD workload identity](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | |
+| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest)| Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | |
 
 ### Authenticate service principals
 
@@ -280,16 +280,16 @@ Not all credentials require this configuration. Credentials that authenticate th
 
 | Variable name         | Value                                   |
 | --------------------- | --------------------------------------- |
-| `AZURE_CLIENT_ID`     | ID of an Azure AD application           |
-| `AZURE_TENANT_ID`     | ID of the application's Azure AD tenant |
+| `AZURE_CLIENT_ID`     | ID of a Microsoft Entra application           |
+| `AZURE_TENANT_ID`     | ID of the application's Microsoft Entra tenant |
 | `AZURE_CLIENT_SECRET` | one of the application's client secrets |
 
 #### Service principal with certificate
 
 | Variable name                       | Value                                                        |
 | ----------------------------------- | ------------------------------------------------------------ |
-| `AZURE_CLIENT_ID`                   | ID of an Azure AD application                                |
-| `AZURE_TENANT_ID`                   | ID of the application's Azure AD tenant                      |
+| `AZURE_CLIENT_ID`                   | ID of a Microsoft Entra application                                |
+| `AZURE_TENANT_ID`                   | ID of the application's Microsoft Entra tenant                      |
 | `AZURE_CLIENT_CERTIFICATE_PATH`     | path to a PEM-encoded certificate file including private key |
 | `AZURE_CLIENT_CERTIFICATE_PASSWORD` | password of the certificate file, if any                     |
 
@@ -297,8 +297,8 @@ Not all credentials require this configuration. Credentials that authenticate th
 
 | Variable name     | Value                                   |
 | ----------------- | --------------------------------------- |
-| `AZURE_CLIENT_ID` | ID of an Azure AD application           |
-| `AZURE_TENANT_ID` | ID of the application's Azure AD tenant |
+| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application           |
+| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
 | `AZURE_USERNAME`  | a username (usually an email address)   |
 | `AZURE_PASSWORD`  | that user's password                    |
 
@@ -314,7 +314,7 @@ Token caching is a feature provided by the Azure Identity library that allows ap
 
 - Cache tokens in memory (default) and on disk (opt-in).
 - Improve resilience and performance.
-- Reduce the number of requests made to Azure AD to obtain access tokens.
+- Reduce the number of requests made to Microsoft Entra ID to obtain access tokens.
 
 The Azure Identity library offers both in-memory and persistent disk caching. For more details, see the [token caching documentation](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/TOKEN_CACHING.md).
 
@@ -330,7 +330,7 @@ API documentation for this library can be found on our [documentation site](http
 
 ### Client library support
 
-Client and management libraries listed on the [Azure SDK releases page](https://azure.github.io/azure-sdk/releases/latest/js.html) that support Azure AD authentication accept credentials from this library. Learn more about using these libraries in their documentation, which is linked from the releases page.
+Client and management libraries listed on the [Azure SDK releases page](https://azure.github.io/azure-sdk/releases/latest/js.html) that support Microsoft Entra authentication accept credentials from this library. Learn more about using these libraries in their documentation, which is linked from the releases page.
 
 ### Known issues
 

package/dist/index.js

@@ -557,8 +557,8 @@ function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowe
  * @internal
  */
 function checkTenantId(logger, tenantId) {
-    if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {
-        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.");
+    if (!tenantId.match(/^[0-9a-zA-Z-.]+$/)) {
+        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.");
         logger.info(formatError("", error));
         throw error;
     }
@@ -582,7 +582,7 @@ function resolveTenantId(logger, tenantId, clientId) {
 /**
  * @internal
  */
-function resolveAddionallyAllowedTenantIds(additionallyAllowedTenants) {
+function resolveAdditionallyAllowedTenantIds(additionallyAllowedTenants) {
     if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {
         return [];
     }
@@ -1058,7 +1058,7 @@ class MsalNode extends MsalBaseUtilities {
         this.requiresConfidential = false;
         this.msalConfig = this.defaultNodeMsalConfig(options);
         this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
         this.clientId = this.msalConfig.auth.clientId;
         if (options === null || options === void 0 ? void 0 : options.getAssertion) {
             this.getAssertion = options.getAssertion;
@@ -1398,7 +1398,7 @@ class VisualStudioCodeCredential {
         else {
             this.tenantId = CommonTenantId;
         }
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         checkUnsupportedTenant(this.tenantId);
     }
     /**
@@ -1741,20 +1741,21 @@ const imdsMsi = {
             skipQuery: true,
         });
         return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions, async (options) => {
-            var _a;
+            var _a, _b;
             requestOptions.tracingOptions = options.tracingOptions;
             // Create a request with a timeout since we expect that
             // not having a "Metadata" header should cause an error to be
             // returned quickly from the endpoint, proving its availability.
             const request = coreRestPipeline.createPipelineRequest(requestOptions);
-            // Default to 300 if the default of 0 is used.
+            // Default to 1000 if the default of 0 is used.
             // Negative values can still be used to disable the timeout.
-            request.timeout = ((_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 300;
+            request.timeout = ((_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 1000;
             // This MSI uses the imdsEndpoint to get the token, which only uses http://
             request.allowInsecureConnection = true;
+            let response;
             try {
                 logger$j.info(`${msiName$4}: Pinging the Azure IMDS endpoint`);
-                await identityClient.sendRequest(request);
+                response = await identityClient.sendRequest(request);
             }
             catch (err) {
                 // If the request failed, or Node.js was unable to establish a connection,
@@ -1762,9 +1763,18 @@ const imdsMsi = {
                 if (coreUtil.isError(err)) {
                     logger$j.verbose(`${msiName$4}: Caught error ${err.name}: ${err.message}`);
                 }
+                // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network"
+                // rather than just timing out, as expected.
                 logger$j.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
                 return false;
             }
+            if (response.status === 403) {
+                if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("A socket operation was attempted to an unreachable network")) {
+                    logger$j.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
+                    logger$j.info(`${msiName$4}: ${response.bodyAsText}`);
+                    return false;
+                }
+            }
             // If we received any response, the endpoint is available
             logger$j.info(`${msiName$4}: The Azure IMDS endpoint is available`);
             return true;
@@ -1958,10 +1968,10 @@ const logger$h = credentialLogger("ClientAssertionCredential");
 class ClientAssertionCredential {
     /**
      * Creates an instance of the ClientAssertionCredential with the details
-     * needed to authenticate against Azure Active Directory with a client
+     * needed to authenticate against Microsoft Entra ID with a client
      * assertion provided by the developer through the `getAssertion` function parameter.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param getAssertion - A function that retrieves the assertion for the credential to use.
      * @param options - Options for configuring the client which makes the authentication request.
@@ -1971,13 +1981,13 @@ class ClientAssertionCredential {
             throw new Error("ClientAssertionCredential: tenantId, clientId, and clientAssertion are required parameters.");
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.clientId = clientId;
         this.options = options;
         this.msalFlow = new MsalClientAssertion(Object.assign(Object.assign({}, options), { logger: logger$h, clientId: this.clientId, tenantId: this.tenantId, tokenCredentialOptions: this.options, getAssertion }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -2018,14 +2028,14 @@ const logger$g = credentialLogger(credentialName$3);
  * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
  * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
  * need to worry about storing and securing sensitive credentials themselves.
- * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
+ * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
  * a token using the SACs available in the Azure Kubernetes environment.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
- * Workload Identity</a> for more information.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
+ * Workload ID</a> for more information.
  */
 class WorkloadIdentityCredential {
     /**
-     * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
+     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
      *
      * @param options - The identity client options to use for authentication.
      */
@@ -2049,7 +2059,7 @@ class WorkloadIdentityCredential {
         }
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -2289,7 +2299,7 @@ const logger$c = credentialLogger("ManagedIdentityCredential");
  * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
  *
  * More information about configuring managed identities can be found here:
- * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
+ * https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
  */
 class ManagedIdentityCredential {
     /**
@@ -2388,7 +2398,7 @@ class ManagedIdentityCredential {
         }
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
      *
@@ -2480,6 +2490,15 @@ class ManagedIdentityCredential {
             if (err.statusCode === 400) {
                 throw new CredentialUnavailableError(`${ManagedIdentityCredential.name}: The managed identity endpoint is indicating there's no available identity. Message: ${err.message}`);
             }
+            // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network"
+            // rather than just timing out, as expected.
+            if (err.statusCode === 403 || err.code === 403) {
+                if (err.message.includes("A socket operation was attempted to an unreachable network")) {
+                    const error = new CredentialUnavailableError(`${ManagedIdentityCredential.name}: Unavailable. Network unreachable. Message: ${err.message}`);
+                    logger$c.getToken.info(formatError(scopes, error));
+                    throw error;
+                }
+            }
             // If the error has no status code, we can assume there was no available identity.
             // This will throw silently during any ChainedTokenCredential.
             if (err.statusCode === undefined) {
@@ -2576,7 +2595,7 @@ function ensureScopes(scopes) {
  * @internal
  */
 function ensureValidScopeForDevTimeCreds(scope, logger) {
-    if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {
+    if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {
         const error = new Error("Invalid scope was specified by the user or calling client");
         logger.getToken.info(formatError(scope, error));
         throw error;
@@ -2662,11 +2681,11 @@ class AzureCliCredential {
             checkTenantId(logger$b, options === null || options === void 0 ? void 0 : options.tenantId);
             this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
         }
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -2844,7 +2863,7 @@ class AzurePowerShellCredential {
             checkTenantId(logger$a, options === null || options === void 0 ? void 0 : options.tenantId);
             this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
         }
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
     }
     /**
@@ -2893,7 +2912,7 @@ class AzurePowerShellCredential {
         throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -3126,11 +3145,11 @@ class MsalClientCertificate extends MsalNode {
 const credentialName$2 = "ClientCertificateCredential";
 const logger$8 = credentialLogger(credentialName$2);
 /**
- * Enables authentication to Azure Active Directory using a PEM-encoded
+ * Enables authentication to Microsoft Entra ID using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
  * on how to configure certificate authentication can be found here:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
+ * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
  *
  */
 class ClientCertificateCredential {
@@ -3139,7 +3158,7 @@ class ClientCertificateCredential {
             throw new Error(`${credentialName$2}: tenantId and clientId are required parameters.`);
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         const configuration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
             ? {
                 certificatePath: certificatePathOrConfiguration,
@@ -3160,7 +3179,7 @@ class ClientCertificateCredential {
             tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -3211,20 +3230,20 @@ class MsalClientSecret extends MsalNode {
 // Licensed under the MIT license.
 const logger$7 = credentialLogger("ClientSecretCredential");
 /**
- * Enables authentication to Azure Active Directory using a client secret
+ * Enables authentication to Microsoft Entra ID using a client secret
  * that was generated for an App Registration. More information on how
  * to configure a client secret can be found here:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+ * https://learn.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
  *
  */
 class ClientSecretCredential {
     /**
      * Creates an instance of the ClientSecretCredential with the details
-     * needed to authenticate against Azure Active Directory with a client
+     * needed to authenticate against Microsoft Entra ID with a client
      * secret.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param clientSecret - A client secret that was generated for the App Registration.
      * @param options - Options for configuring the client which makes the authentication request.
@@ -3234,14 +3253,14 @@ class ClientSecretCredential {
             throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$7,
             clientId,
             tenantId,
             clientSecret, tokenCredentialOptions: options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -3292,7 +3311,7 @@ class MsalUsernamePassword extends MsalNode {
 // Licensed under the MIT license.
 const logger$6 = credentialLogger("UsernamePasswordCredential");
 /**
- * Enables authentication to Azure Active Directory with a user's
+ * Enables authentication to Microsoft Entra ID with a user's
  * username and password. This credential requires a high degree of
  * trust so you should only use it when other, more secure credential
  * types can't be used.
@@ -3300,10 +3319,10 @@ const logger$6 = credentialLogger("UsernamePasswordCredential");
 class UsernamePasswordCredential {
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
-     * needed to authenticate against Azure Active Directory with a username
+     * needed to authenticate against Microsoft Entra ID with a username
      * and password.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory).
+     * @param tenantId - The Microsoft Entra tenant (directory).
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param username - The user account's e-mail address (user name).
      * @param password - The user account's account password
@@ -3314,7 +3333,7 @@ class UsernamePasswordCredential {
             throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$6,
             clientId,
             tenantId,
@@ -3322,7 +3341,7 @@ class UsernamePasswordCredential {
             password, tokenCredentialOptions: options || {} }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -3369,7 +3388,7 @@ function getAdditionallyAllowedTenants() {
 const credentialName$1 = "EnvironmentCredential";
 const logger$5 = credentialLogger(credentialName$1);
 /**
- * Enables authentication to Azure Active Directory using a client secret or certificate, or as a user
+ * Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user
  * with a username and password.
  */
 class EnvironmentCredential {
@@ -3377,7 +3396,7 @@ class EnvironmentCredential {
      * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
      *
      * Required environment variables:
-     * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
+     * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
      * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
      *
      * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
@@ -3428,7 +3447,7 @@ class EnvironmentCredential {
         }
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - Optional parameters. See {@link GetTokenOptions}.
@@ -3513,11 +3532,11 @@ const logger$4 = credentialLogger("AzureDeveloperCliCredential");
  * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
  * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
  * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
- * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Microsoft Entra ID</a>. The
+ * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
  * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
  * service principal and executes an Azure CLI command underneath to authenticate the application against
- * Azure Active Directory.
+ * Microsoft Entra ID.
  *
  * <h2> Configure AzureDeveloperCliCredential </h2>
  *
@@ -3548,11 +3567,11 @@ class AzureDeveloperCliCredential {
             checkTenantId(logger$4, options === null || options === void 0 ? void 0 : options.tenantId);
             this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
         }
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -3760,19 +3779,19 @@ class MsalOpenBrowser extends MsalNode {
 // Licensed under the MIT license.
 const logger$3 = credentialLogger("InteractiveBrowserCredential");
 /**
- * Enables authentication to Azure Active Directory inside of the web browser
+ * Enables authentication to Microsoft Entra ID inside of the web browser
  * using the interactive login flow.
  */
 class InteractiveBrowserCredential {
     /**
      * Creates an instance of InteractiveBrowserCredential with the details needed.
      *
-     * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
+     * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
      * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
      * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
      *
-     * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
-     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+     * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
+     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
      *
      * @param options - Options for configuring the client which makes the authentication requests.
      */
@@ -3781,13 +3800,13 @@ class InteractiveBrowserCredential {
             ? options.redirectUri()
             : options.redirectUri || "http://localhost";
         this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$3,
             redirectUri }));
         this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -3806,7 +3825,7 @@ class InteractiveBrowserCredential {
         });
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
@@ -3871,13 +3890,13 @@ function defaultDeviceCodePromptCallback(deviceCodeInfo) {
     console.log(deviceCodeInfo.message);
 }
 /**
- * Enables authentication to Azure Active Directory using a device code
+ * Enables authentication to Microsoft Entra ID using a device code
  * that the user can enter into https://microsoft.com/devicelogin.
  */
 class DeviceCodeCredential {
     /**
      * Creates an instance of DeviceCodeCredential with the details needed
-     * to initiate the device code authorization flow with Azure Active Directory.
+     * to initiate the device code authorization flow with Microsoft Entra ID.
      *
      * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
      *
@@ -3897,12 +3916,12 @@ class DeviceCodeCredential {
      */
     constructor(options) {
         this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$2, userPromptCallback: (options === null || options === void 0 ? void 0 : options.userPromptCallback) || defaultDeviceCodePromptCallback, tokenCredentialOptions: options || {} }));
         this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -3921,7 +3940,7 @@ class DeviceCodeCredential {
         });
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
@@ -3987,11 +4006,11 @@ class MsalAuthorizationCode extends MsalNode {
 // Licensed under the MIT license.
 const logger$1 = credentialLogger("AuthorizationCodeCredential");
 /**
- * Enables authentication to Azure Active Directory using an authorization code
+ * Enables authentication to Microsoft Entra ID using an authorization code
  * that was obtained through the authorization code flow, described in more detail
- * in the Azure Active Directory documentation:
+ * in the Microsoft Entra ID documentation:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+ * https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow
  */
 class AuthorizationCodeCredential {
     /**
@@ -4016,13 +4035,13 @@ class AuthorizationCodeCredential {
         }
         // TODO: Validate tenant if provided
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
             clientId,
             tenantId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -4098,7 +4117,7 @@ class MsalOnBehalfOf extends MsalNode {
 const credentialName = "OnBehalfOfCredential";
 const logger = credentialLogger(credentialName);
 /**
- * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
  */
 class OnBehalfOfCredential {
     constructor(options) {
@@ -4110,11 +4129,11 @@ class OnBehalfOfCredential {
             throw new Error(`${credentialName}: tenantId, clientId, clientSecret (or certificatePath) and userAssertionToken are required parameters.`);
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(additionallyAllowedTenantIds);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(additionallyAllowedTenantIds);
         this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger, tokenCredentialOptions: this.options }));
     }
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.