@azure/identity 3.3.2-alpha.20231016.2 → 3.3.2

package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"usernamePasswordCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,iCAAiC,GAClC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAQrC;;;;;;;;;;OAUG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA2C;QAE3C,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  checkTenantId,\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { credentialLogger, formatSuccess } from \"../util/logging\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private clientId: string;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a username\n   * and password.\n   *\n   * @param tenantIdOrName - The Microsoft Entra tenant (directory) ID or name.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantIdOrName: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options?: UsernamePasswordCredentialOptions\n  ) {\n    checkTenantId(logger, tenantIdOrName);\n\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantIdOrName;\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n    this.clientId = clientId;\n    this.username = username;\n    this.password = password;\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    return tracingClient.withSpan(\n      \"UsernamePasswordCredential.getToken\",\n      options,\n      async (newOptions) => {\n        const tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds\n        );\n        newOptions.tenantId = tenantId;\n\n        const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n        const params = new URLSearchParams({\n          response_type: \"token\",\n          grant_type: \"password\",\n          client_id: this.clientId,\n          username: this.username,\n          password: this.password,\n          scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n        });\n        const webResource = createPipelineRequest({\n          url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n          method: \"POST\",\n          body: params.toString(),\n          headers: createHttpHeaders({\n            Accept: \"application/json\",\n            \"Content-Type\": \"application/x-www-form-urlencoded\",\n          }),\n          abortSignal: options && options.abortSignal,\n          tracingOptions: newOptions.tracingOptions,\n        });\n\n        const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n        logger.getToken.info(formatSuccess(scopes));\n        return (tokenResponse && tokenResponse.accessToken) || null;\n      }\n    );\n  }\n}\n"]}
+{"version":3,"file":"usernamePasswordCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAQrC;;;;;;;;;;OAUG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA2C;QAE3C,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  checkTenantId,\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { credentialLogger, formatSuccess } from \"../util/logging\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private clientId: string;\n  private username: string;\n  private password: string;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantIdOrName: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options?: UsernamePasswordCredentialOptions\n  ) {\n    checkTenantId(logger, tenantIdOrName);\n\n    this.identityClient = new IdentityClient(options);\n    this.tenantId = tenantIdOrName;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n    this.clientId = clientId;\n    this.username = username;\n    this.password = password;\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if\n   * successful.  If authentication cannot be performed at this time, this method may\n   * return null.  If an error occurs during authentication, an {@link AuthenticationError}\n   * containing failure details will be thrown.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options: GetTokenOptions = {}\n  ): Promise<AccessToken | null> {\n    return tracingClient.withSpan(\n      \"UsernamePasswordCredential.getToken\",\n      options,\n      async (newOptions) => {\n        const tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds\n        );\n        newOptions.tenantId = tenantId;\n\n        const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n        const params = new URLSearchParams({\n          response_type: \"token\",\n          grant_type: \"password\",\n          client_id: this.clientId,\n          username: this.username,\n          password: this.password,\n          scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n        });\n        const webResource = createPipelineRequest({\n          url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n          method: \"POST\",\n          body: params.toString(),\n          headers: createHttpHeaders({\n            Accept: \"application/json\",\n            \"Content-Type\": \"application/x-www-form-urlencoded\",\n          }),\n          abortSignal: options && options.abortSignal,\n          tracingOptions: newOptions.tracingOptions,\n        });\n\n        const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n        logger.getToken.info(formatSuccess(scopes));\n        return (tokenResponse && tokenResponse.accessToken) || null;\n      }\n    );\n  }\n}\n"]}

package/dist-esm/src/credentials/usernamePasswordCredential.js

@@ -1,13 +1,13 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import { processMultiTenantRequest, resolveAddionallyAllowedTenantIds, } from "../util/tenantIdUtils";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
 import { MsalUsernamePassword } from "../msal/nodeFlows/msalUsernamePassword";
 import { credentialLogger } from "../util/logging";
 import { ensureScopes } from "../util/scopeUtils";
 import { tracingClient } from "../util/tracing";
 const logger = credentialLogger("UsernamePasswordCredential");
 /**
- * Enables authentication to Microsoft Entra ID with a user's
+ * Enables authentication to Azure Active Directory with a user's
  * username and password. This credential requires a high degree of
  * trust so you should only use it when other, more secure credential
  * types can't be used.
@@ -15,10 +15,10 @@ const logger = credentialLogger("UsernamePasswordCredential");
 export class UsernamePasswordCredential {
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a username
+     * needed to authenticate against Azure Active Directory with a username
      * and password.
      *
-     * @param tenantId - The Microsoft Entra tenant (directory).
+     * @param tenantId - The Azure Active Directory tenant (directory).
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param username - The user account's e-mail address (user name).
      * @param password - The user account's account password
@@ -29,7 +29,7 @@ export class UsernamePasswordCredential {
             throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
         }
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger,
             clientId,
             tenantId,
@@ -37,7 +37,7 @@ export class UsernamePasswordCredential {
             password, tokenCredentialOptions: options || {} }));
     }
     /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,

package/dist-esm/src/credentials/usernamePasswordCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,iCAAiC,GAClC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAKrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,iMAAiM,CAClM,CAAC;SACH;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAoB,iCACnC,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { MsalUsernamePassword } from \"../msal/nodeFlows/msalUsernamePassword\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a username\n   * and password.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory).\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options: UsernamePasswordCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !username || !password) {\n      throw new Error(\n        \"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\"\n      );\n    }\n\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n\n    this.msalFlow = new MsalUsernamePassword({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      username,\n      password,\n      tokenCredentialOptions: options || {},\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalFlow.getToken(arrayScopes, newOptions);\n      }\n    );\n  }\n}\n"]}
+{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAE9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,OAAO,0BAA0B;IAKrC;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,iMAAiM,CAClM,CAAC;SACH;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAoB,iCACnC,OAAO,KACV,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { MsalUsernamePassword } from \"../msal/nodeFlows/msalUsernamePassword\";\nimport { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalFlow: MsalFlow;\n\n  /**\n   * Creates an instance of the UsernamePasswordCredential with the details\n   * needed to authenticate against Azure Active Directory with a username\n   * and password.\n   *\n   * @param tenantId - The Azure Active Directory tenant (directory).\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param username - The user account's e-mail address (user name).\n   * @param password - The user account's account password\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    username: string,\n    password: string,\n    options: UsernamePasswordCredentialOptions = {}\n  ) {\n    if (!tenantId || !clientId || !username || !password) {\n      throw new Error(\n        \"UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\"\n      );\n    }\n\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n\n    this.msalFlow = new MsalUsernamePassword({\n      ...options,\n      logger,\n      clientId,\n      tenantId,\n      username,\n      password,\n      tokenCredentialOptions: options || {},\n    });\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalFlow.getToken(arrayScopes, newOptions);\n      }\n    );\n  }\n}\n"]}

package/dist-esm/src/credentials/visualStudioCodeCredential.js

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import { credentialLogger, formatError, formatSuccess } from "../util/logging";
-import { processMultiTenantRequest, resolveAddionallyAllowedTenantIds, } from "../util/tenantIdUtils";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, } from "../util/tenantIdUtils";
 import { AzureAuthorityHosts } from "../constants";
 import { CredentialUnavailableError } from "../errors";
 import { IdentityClient } from "../client/identityClient";
@@ -103,7 +103,7 @@ export class VisualStudioCodeCredential {
         else {
             this.tenantId = CommonTenantId;
         }
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
         checkUnsupportedTenant(this.tenantId);
     }
     /**

package/dist-esm/src/credentials/visualStudioCodeCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,yBAAyB,EACzB,iCAAiC,GAClC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG1D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;KAC9D;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAM,EAAE;QACf,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QAED,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO;QACnB,kEAAkE;QAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,cAAc,EAAE;YAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;QAErB,IAAI,eAAe,KAAK,SAAS,EAAE;YACjC,MAAM,IAAI,0BAA0B,CAClC;gBACE,iEAAiE;gBACjE,uGAAuG;gBACvG,mFAAmF;gBACnF,mFAAmF;gBACnF,wFAAwF;aACzF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzE,4DAA4D;QAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;YAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;YAC7C,WAAW,IAAI,iBAAiB,CAAC;SAClC;QAED,+CAA+C;QAC/C,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,oBAAoB;QACpB,OAAO;QACP,cAAc;QACd,IAAI;QACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;QAE5C,yFAAyF;QACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAExF,IAAI,YAAY,EAAE;YAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;YAEF,IAAI,aAAa,EAAE;gBACjB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;aAClC;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport {\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n    findCredentials = finder;\n  },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n  adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n  // If the Tenant ID isn't supported, we throw.\n  const unsupportedTenantError = unsupportedTenantIds[tenantId];\n  if (unsupportedTenantError) {\n    throw new CredentialUnavailableError(unsupportedTenantError);\n  }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n  AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n  AzureChina: AzureAuthorityHosts.AzureChina,\n  AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n  AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n  const settingsPath = [\"User\", \"settings.json\"];\n  // Eventually we can add more folders for more versions of VSCode.\n  const vsCodeFolder = \"Code\";\n  const homedir = os.homedir();\n\n  function loadProperty(...pathSegments: string[]): string | undefined {\n    const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n    const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n    return settings[property];\n  }\n\n  try {\n    let appData: string;\n    switch (process.platform) {\n      case \"win32\":\n        appData = process.env.APPDATA!;\n        return appData ? loadProperty(appData) : undefined;\n      case \"darwin\":\n        return loadProperty(homedir, \"Library\", \"Application Support\");\n      case \"linux\":\n        return loadProperty(homedir, \".config\");\n      default:\n        return;\n    }\n  } catch (e: any) {\n    logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n    return;\n  }\n}\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n *\n * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't\n * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)\n * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider\n * authenticating with {@link AzureCliCredential}.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private cloudName: VSCodeCloudNames;\n\n  /**\n   * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: VisualStudioCodeCredentialOptions) {\n    // We want to make sure we use the one assigned by the user on the VSCode settings.\n    // Or just `AzureCloud` by default.\n    this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n    // Picking an authority host based on the cloud name.\n    const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n    this.identityClient = new IdentityClient({\n      authorityHost,\n      ...options,\n    });\n\n    if (options && options.tenantId) {\n      checkTenantId(logger, options.tenantId);\n      this.tenantId = options.tenantId;\n    } else {\n      this.tenantId = CommonTenantId;\n    }\n\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * Runs preparations for any further getToken request.\n   */\n  private async prepare(): Promise<void> {\n    // Attempts to load the tenant from the VSCode configuration file.\n    const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n    if (settingsTenant) {\n      this.tenantId = settingsTenant;\n    }\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n   */\n  private preparePromise: Promise<void> | undefined;\n\n  /**\n   * Runs preparations for any further getToken, but only once.\n   */\n  private prepareOnce(): Promise<void> | undefined {\n    if (!this.preparePromise) {\n      this.preparePromise = this.prepare();\n    }\n    return this.preparePromise;\n  }\n\n  /**\n   * Returns the token found by searching VSCode's authentication cache or\n   * returns null if no token could be found.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken> {\n    await this.prepareOnce();\n\n    const tenantId =\n      processMultiTenantRequest(\n        this.tenantId,\n        options,\n        this.additionallyAllowedTenantIds,\n        logger\n      ) || this.tenantId;\n\n    if (findCredentials === undefined) {\n      throw new CredentialUnavailableError(\n        [\n          \"No implementation of `VisualStudioCodeCredential` is available.\",\n          \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n          \"To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n        ].join(\" \")\n      );\n    }\n\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n    // Check to make sure the scope we get back is a valid scope\n    if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n      const error = new Error(\"Invalid scope was specified by the user or calling client\");\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // findCredentials returns an array similar to:\n    // [\n    //   {\n    //     account: \"\",\n    //     password: \"\",\n    //   },\n    //   /* ... */\n    // ]\n    const credentials = await findCredentials();\n\n    // If we can't find the credential based on the name, we'll pick the first one available.\n    const { password: refreshToken } =\n      credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n    if (refreshToken) {\n      const tokenResponse = await this.identityClient.refreshAccessToken(\n        tenantId,\n        AzureAccountClientId,\n        scopeString,\n        refreshToken,\n        undefined\n      );\n\n      if (tokenResponse) {\n        logger.getToken.info(formatSuccess(scopes));\n        return tokenResponse.accessToken;\n      } else {\n        const error = new CredentialUnavailableError(\n          \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n        );\n        logger.getToken.info(formatError(scopes, error));\n        throw error;\n      }\n    } else {\n      const error = new CredentialUnavailableError(\n        \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n      );\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n  }\n}\n"]}
+{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG1D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC,CAAC,8CAA8C;AACnH,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,IAAI,eAAe,GAAuC,SAAS,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,yBAAyB,CAAC,MAA8B;QACtD,eAAe,GAAG,MAAM,CAAC;IAC3B,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;KAC9D;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAE,mBAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAE,mBAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAE,mBAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAE,mBAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC/C,kEAAkE;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAM,EAAE;QACf,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;;;;;;OASG;IACH,YAAY,OAA2C;QACrD,mFAAmF;QACnF,mCAAmC;QACnC,IAAI,CAAC,SAAS,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;QAE5F,qDAAqD;QACrD,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO;QACnB,kEAAkE;QAClE,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,cAAc,EAAE;YAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAOD;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;SACtC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;QAEzB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;QAErB,IAAI,eAAe,KAAK,SAAS,EAAE;YACjC,MAAM,IAAI,0BAA0B,CAClC;gBACE,iEAAiE;gBACjE,uGAAuG;gBACvG,mFAAmF;gBACnF,mFAAmF;gBACnF,wFAAwF;aACzF,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;SACH;QAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzE,4DAA4D;QAC5D,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;YAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;QAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;YAC7C,WAAW,IAAI,iBAAiB,CAAC;SAClC;QAED,+CAA+C;QAC/C,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,oBAAoB;QACpB,OAAO;QACP,cAAc;QACd,IAAI;QACJ,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;QAE5C,yFAAyF;QACzF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAC9B,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,mCAAI,WAAW,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAExF,IAAI,YAAY,EAAE;YAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;YAEF,IAAI,aAAa,EAAE;gBACjB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;aAClC;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,0NAA0N,CAC3N,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,8MAA8M,CAC/M,CAAC;YACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions\";\nimport { VSCodeCredentialFinder } from \"./visualStudioCodeCredentialPlugin\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\nlet findCredentials: VSCodeCredentialFinder | undefined = undefined;\n\nexport const vsCodeCredentialControl = {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void {\n    findCredentials = finder;\n  },\n};\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n  adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n  // If the Tenant ID isn't supported, we throw.\n  const unsupportedTenantError = unsupportedTenantIds[tenantId];\n  if (unsupportedTenantError) {\n    throw new CredentialUnavailableError(unsupportedTenantError);\n  }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" | \"AzureChina\" | \"AzureGermanCloud\" | \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n  AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n  AzureChina: AzureAuthorityHosts.AzureChina,\n  AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n  AzureUSGovernment: AzureAuthorityHosts.AzureGovernment,\n};\n\n/**\n * Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n */\nexport function getPropertyFromVSCode(property: string): string | undefined {\n  const settingsPath = [\"User\", \"settings.json\"];\n  // Eventually we can add more folders for more versions of VSCode.\n  const vsCodeFolder = \"Code\";\n  const homedir = os.homedir();\n\n  function loadProperty(...pathSegments: string[]): string | undefined {\n    const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n    const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n    return settings[property];\n  }\n\n  try {\n    let appData: string;\n    switch (process.platform) {\n      case \"win32\":\n        appData = process.env.APPDATA!;\n        return appData ? loadProperty(appData) : undefined;\n      case \"darwin\":\n        return loadProperty(homedir, \"Library\", \"Application Support\");\n      case \"linux\":\n        return loadProperty(homedir, \".config\");\n      default:\n        return;\n    }\n  } catch (e: any) {\n    logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n    return;\n  }\n}\n\n/**\n * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n *\n * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't\n * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)\n * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider\n * authenticating with {@link AzureCliCredential}.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n  private identityClient: IdentityClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private cloudName: VSCodeCloudNames;\n\n  /**\n   * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n   *\n   * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n   * `@azure/identity-vscode`. If this package is not installed and registered\n   * using the plugin API (`useIdentityPlugin`), then authentication using\n   * `VisualStudioCodeCredential` will not be available.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(options?: VisualStudioCodeCredentialOptions) {\n    // We want to make sure we use the one assigned by the user on the VSCode settings.\n    // Or just `AzureCloud` by default.\n    this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") || \"AzureCloud\") as VSCodeCloudNames;\n\n    // Picking an authority host based on the cloud name.\n    const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n    this.identityClient = new IdentityClient({\n      authorityHost,\n      ...options,\n    });\n\n    if (options && options.tenantId) {\n      checkTenantId(logger, options.tenantId);\n      this.tenantId = options.tenantId;\n    } else {\n      this.tenantId = CommonTenantId;\n    }\n\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants\n    );\n\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * Runs preparations for any further getToken request.\n   */\n  private async prepare(): Promise<void> {\n    // Attempts to load the tenant from the VSCode configuration file.\n    const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n    if (settingsTenant) {\n      this.tenantId = settingsTenant;\n    }\n    checkUnsupportedTenant(this.tenantId);\n  }\n\n  /**\n   * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n   */\n  private preparePromise: Promise<void> | undefined;\n\n  /**\n   * Runs preparations for any further getToken, but only once.\n   */\n  private prepareOnce(): Promise<void> | undefined {\n    if (!this.preparePromise) {\n      this.preparePromise = this.prepare();\n    }\n    return this.preparePromise;\n  }\n\n  /**\n   * Returns the token found by searching VSCode's authentication cache or\n   * returns null if no token could be found.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                `TokenCredential` implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken> {\n    await this.prepareOnce();\n\n    const tenantId =\n      processMultiTenantRequest(\n        this.tenantId,\n        options,\n        this.additionallyAllowedTenantIds,\n        logger\n      ) || this.tenantId;\n\n    if (findCredentials === undefined) {\n      throw new CredentialUnavailableError(\n        [\n          \"No implementation of `VisualStudioCodeCredential` is available.\",\n          \"You must install the identity-vscode plugin package (`npm install --save-dev @azure/identity-vscode`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(vsCodePlugin)` before creating a `VisualStudioCodeCredential`.\",\n          \"To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\",\n        ].join(\" \")\n      );\n    }\n\n    let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n    // Check to make sure the scope we get back is a valid scope\n    if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n      const error = new Error(\"Invalid scope was specified by the user or calling client\");\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n\n    if (scopeString.indexOf(\"offline_access\") < 0) {\n      scopeString += \" offline_access\";\n    }\n\n    // findCredentials returns an array similar to:\n    // [\n    //   {\n    //     account: \"\",\n    //     password: \"\",\n    //   },\n    //   /* ... */\n    // ]\n    const credentials = await findCredentials();\n\n    // If we can't find the credential based on the name, we'll pick the first one available.\n    const { password: refreshToken } =\n      credentials.find(({ account }) => account === this.cloudName) ?? credentials[0] ?? {};\n\n    if (refreshToken) {\n      const tokenResponse = await this.identityClient.refreshAccessToken(\n        tenantId,\n        AzureAccountClientId,\n        scopeString,\n        refreshToken,\n        undefined\n      );\n\n      if (tokenResponse) {\n        logger.getToken.info(formatSuccess(scopes));\n        return tokenResponse.accessToken;\n      } else {\n        const error = new CredentialUnavailableError(\n          \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n        );\n        logger.getToken.info(formatError(scopes, error));\n        throw error;\n      }\n    } else {\n      const error = new CredentialUnavailableError(\n        \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension? To troubleshoot, visit https://aka.ms/azsdk/js/identity/vscodecredential/troubleshoot.\"\n      );\n      logger.getToken.info(formatError(scopes, error));\n      throw error;\n    }\n  }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredential.browser.js

@@ -4,8 +4,8 @@ import { credentialLogger, formatError } from "../util/logging";
 const BrowserNotSupportedError = new Error("WorkloadIdentityCredential is not supported in the browser.");
 const logger = credentialLogger("WorkloadIdentityCredential");
 /**
- * WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Kubernetes.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra Workload ID</a>
+ * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory Workload Identity</a>
  * for more information.
  */
 export class WorkloadIdentityCredential {

package/dist-esm/src/credentials/workloadIdentityCredential.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,6DAA6D,CAC9D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IACrC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED;;OAEG;IACI,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"WorkloadIdentityCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"WorkloadIdentityCredential\");\n\n/**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra Workload ID</a>\n * for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  /**\n   * Only available in Node.js\n   */\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  /**\n   * Only available in Node.js\n   */\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}
+{"version":3,"file":"workloadIdentityCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,6DAA6D,CAC9D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IACrC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED;;OAEG;IACI,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n  \"WorkloadIdentityCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"WorkloadIdentityCredential\");\n\n/**\n * WorkloadIdentityCredential supports Azure workload identity authentication on Kubernetes.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory Workload Identity</a>\n * for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  /**\n   * Only available in Node.js\n   */\n  constructor() {\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  /**\n   * Only available in Node.js\n   */\n  public getToken(): Promise<AccessToken | null> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredential.js

@@ -28,14 +28,14 @@ const logger = credentialLogger(credentialName);
  * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
  * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
  * need to worry about storing and securing sensitive credentials themselves.
- * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
+ * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
  * a token using the SACs available in the Azure Kubernetes environment.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
- * Workload ID</a> for more information.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
+ * Workload Identity</a> for more information.
  */
 export class WorkloadIdentityCredential {
     /**
-     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
+     * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
      *
      * @param options - The identity client options to use for authentication.
      */
@@ -59,7 +59,7 @@ export class WorkloadIdentityCredential {
         }
     }
     /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.

package/dist-esm/src/credentials/workloadIdentityCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,IAAI,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,sBAAsB,EAAE;YACvD,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;YACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;mKAIuH,CAAC;YAC9J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;SACpD;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;aACH;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options?: WorkloadIdentityCredentialOptions) {\n    // Logging environment variables for error details\n    const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n    const workloadIdentityCredentialOptions = options ?? {};\n    const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n    const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n    this.federatedTokenFilePath =\n      workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n    if (clientId && tenantId && this.federatedTokenFilePath) {\n      logger.info(\n        `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`\n      );\n      this.client = new ClientAssertionCredential(\n        tenantId,\n        clientId,\n        this.readFileContents.bind(this),\n        options\n      );\n    }\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot  `;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}
+{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,IAAI,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,sBAAsB,EAAE;YACvD,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;YACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;SACH;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;mKAIuH,CAAC;YAC9J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;SACpD;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE;YAChF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;SACjD;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE;gBACV,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;aACH;iBAAM;gBACL,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7B;SACF;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential\";\nimport { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions\";\nimport { readFile } from \"fs/promises\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, processEnvVars } from \"../util/logging\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Azure Active Directory\n * Workload Identity</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options?: WorkloadIdentityCredentialOptions) {\n    // Logging environment variables for error details\n    const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n    const workloadIdentityCredentialOptions = options ?? {};\n    const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n    const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n    this.federatedTokenFilePath =\n      workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n    if (clientId && tenantId && this.federatedTokenFilePath) {\n      logger.info(\n        `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`\n      );\n      this.client = new ClientAssertionCredential(\n        tenantId,\n        clientId,\n        this.readFileContents.bind(this),\n        options\n      );\n    }\n  }\n\n  /**\n   * Authenticates with Azure Active Directory and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions\n  ): Promise<AccessToken | null> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot  `;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}

package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    AuthorityValidationOptions {\n  /**\n   * ID of the application's Microsoft Entra tenant. Also called its directory ID.\n   */\n  tenantId?: string;\n  /**\n   * The client ID of a Microsoft Entra app registration.\n   */\n  clientId?: string;\n  /**\n   * The path to a file containing a Kubernetes service account token that authenticates the identity.\n   */\n  tokenFilePath?: string;\n}\n"]}
+{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthorityValidationOptions } from \"./authorityValidationOptions\";\nimport { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    AuthorityValidationOptions {\n  /**\n   * ID of the application's Azure Active Directory tenant. Also called its directory ID.\n   */\n  tenantId?: string;\n  /**\n   * The client ID of an Azure AD app registration.\n   */\n  clientId?: string;\n  /**\n   * The path to a file containing a Kubernetes service account token that authenticates the identity.\n   */\n  tokenFilePath?: string;\n}\n"]}

package/dist-esm/src/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,wDAAwD;IACxD,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAM,EAAE;gBACf,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,EAAE,CACtG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAoBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string) {\n    super(message);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  // eslint-disable-next-line @typescript-eslint/ban-types\n  constructor(statusCode: number, errorBody: object | string | undefined | null) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\",\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e: any) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            errorDescription: \"The specified authority URL was not found.\",\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\",\n      };\n    }\n\n    super(\n      `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id,\n  };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  getTokenOptions?: GetTokenOptions;\n  /**\n   * The message of the error.\n   */\n  message?: string;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  public scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  public getTokenOptions?: GetTokenOptions;\n\n  constructor(\n    /**\n     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n     */\n    options: AuthenticationRequiredErrorOptions\n  ) {\n    super(options.message);\n    this.scopes = options.scopes;\n    this.getTokenOptions = options.getTokenOptions;\n    this.name = \"AuthenticationRequiredError\";\n  }\n}\n"]}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,wDAAwD;IACxD,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAM,EAAE;gBACf,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,EAAE,CACtG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAoBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string) {\n    super(message);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  // eslint-disable-next-line @typescript-eslint/ban-types\n  constructor(statusCode: number, errorBody: object | string | undefined | null) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\",\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e: any) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            errorDescription: \"The specified authority URL was not found.\",\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\",\n      };\n    }\n\n    super(\n      `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id,\n  };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  getTokenOptions?: GetTokenOptions;\n  /**\n   * The message of the error.\n   */\n  message?: string;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  public scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  public getTokenOptions?: GetTokenOptions;\n\n  constructor(\n    /**\n     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n     */\n    options: AuthenticationRequiredErrorOptions\n  ) {\n    super(options.message);\n    this.scopes = options.scopes;\n    this.getTokenOptions = options.getTokenOptions;\n    this.name = \"AuthenticationRequiredError\";\n  }\n}\n"]}

package/dist-esm/src/msal/browserFlows/msalAuthCode.js

@@ -9,7 +9,7 @@ import { getLogLevel } from "@azure/logger";
 const redirectHash = self.location.hash;
 /**
  * Uses MSAL Browser 2.X for browser authentication,
- * which uses the [Auth Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
+ * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
  * @internal
  */
 export class MSALAuthCode extends MsalBrowser {

package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalAuthCode.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalAuthCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG9F,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,uCAAuC;AACvC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;AAExC;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAI3C;;;;;OAKG;IACH,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;YACtB,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;YACvB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;gBAC7D,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF,CAAC;QAEF,kCAAkC;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAChD,IAAI,CAAC,UAAuC,CAC7C,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;SACvD;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,mBAAmB,CAC/B,MAAyC;QAEzC,IAAI;YACF,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC/D,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;aACpD;YAED,6FAA6F;YAC7F,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,gBAAgB,EAAE,CAAC;YACzD,IAAI,aAAa,EAAE;gBACjB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;aACnD;YAED,kGAAkG;YAClG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,uFAAuF;gBACvF,kFAAkF;gBAClF,uEAAuE;gBACvE,uCAAuC;gBACvC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd;;;;gKAIsJ,CACvJ,CAAC;gBACF,yGAAyG;gBACzG,4FAA4F;gBAC5F,8FAA8F;gBAC9F,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;oBACpB,kBAAkB,EAAE,GAAG,EAAE,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,OAAO;aACR;YAED,+EAA+E;YAC/E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;gBACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACnC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;aAC7C;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;SAC1D;QAAC,OAAO,CAAM,EAAE;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SACxE;QACD,OAAO;IACT,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,OAAO,IAAI,CAAC,mBAAmB,CAC7B,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAClE,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CAAC,SAA4B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;QACF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBAC3C,OAAO;aACR;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO;SACR;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CACzB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC3D;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM;SACP,CAAC;QAEF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAClD,MAAM,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAChD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;YAC9C,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,YAAY,CACtB,MAAM,EACN,IAAI,CAAC,QAAQ,EACb,MAAM,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAC7C,CAAC;SACL;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { MsalBrowser, MsalBrowserFlowOptions } from \"./msalBrowserCommon\";\nimport { defaultLoggerCallback, msalToPublic, publicToMsal, getMSALLogLevel } from \"../utils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { getLogLevel } from \"@azure/logger\";\n\n// We keep a copy of the redirect hash.\nconst redirectHash = self.location.hash;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport class MSALAuthCode extends MsalBrowser {\n  protected app: msalBrowser.PublicClientApplication;\n  private loginHint?: string;\n\n  /**\n   * Sets up an MSAL object based on the given parameters.\n   * MSAL with Auth Code allows sending a previously obtained `authenticationRecord` through the optional parameters,\n   * which is set to be the active account.\n   * @param options - Parameters necessary and otherwise used to create the MSAL object.\n   */\n  constructor(options: MsalBrowserFlowOptions) {\n    super(options);\n    this.loginHint = options.loginHint;\n\n    this.msalConfig.cache = {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    };\n    this.msalConfig.system = {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(this.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    };\n\n    // Preparing the MSAL application.\n    this.app = new msalBrowser.PublicClientApplication(\n      this.msalConfig as msalBrowser.Configuration\n    );\n    if (this.account) {\n      this.app.setActiveAccount(publicToMsal(this.account));\n    }\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  private async handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      if (result && result.account) {\n        this.logger.info(`MSAL Browser V2 authentication successful.`);\n        this.app.setActiveAccount(result.account);\n        return msalToPublic(this.clientId, result.account);\n      }\n\n      // If by this point we happen to have an active account, we should stop trying to parse this.\n      const activeAccount = await this.app!.getActiveAccount();\n      if (activeAccount) {\n        return msalToPublic(this.clientId, activeAccount);\n      }\n\n      // If we don't have an active account, we try to activate it from all the already loaded accounts.\n      const accounts = this.app.getAllAccounts();\n      if (accounts.length > 1) {\n        // If there's more than one account in memory, we force the user to authenticate again.\n        // At this point we can't identify which account should this credential work with,\n        // since at this point the user won't have provided enough information.\n        // We log a message in case that helps.\n        this.logger.info(\n          `More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing \"InteractiveBrowserCredential\".`\n        );\n        // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.\n        // However, we want to avoid kicking the user out of their authentication on the Azure side.\n        // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.\n        await this.app.logout({\n          onRedirectNavigate: () => false,\n        });\n        return;\n      }\n\n      // If there's only one account for this MSAL object, we can safely activate it.\n      if (accounts.length === 1) {\n        const account = accounts[0];\n        this.app.setActiveAccount(account);\n        return msalToPublic(this.clientId, account);\n      }\n\n      this.logger.info(`No accounts were found through MSAL.`);\n    } catch (e: any) {\n      this.logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  public async handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    return this.handleBrowserResult(\n      (await this.app.handleRedirectPromise(redirectHash)) || undefined\n    );\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  public async login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: this.loginHint,\n    };\n    switch (this.loginStyle) {\n      case \"redirect\": {\n        await this.app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return this.handleBrowserResult(await this.app.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  public async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const account = this.app.getActiveAccount();\n    if (!account) {\n      return;\n    }\n    return msalToPublic(this.clientId, account);\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  public async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    const account = await this.getActiveAccount();\n    if (!account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: options?.authority || this.msalConfig.auth.authority!,\n      correlationId: options?.correlationId,\n      claims: options?.claims,\n      account: publicToMsal(account),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      const response = await this.app.acquireTokenSilent(parameters);\n      return this.handleResult(scopes, this.clientId, response);\n    } catch (err: any) {\n      throw this.handleError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser.\n   */\n  protected async doGetToken(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    const account = await this.getActiveAccount();\n    if (!account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: options?.authority || this.msalConfig.auth.authority!,\n      correlationId: options?.correlationId,\n      claims: options?.claims,\n      account: publicToMsal(account),\n      loginHint: this.loginHint,\n      scopes,\n    };\n\n    switch (this.loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n        await this.app.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0 };\n      case \"popup\":\n        return this.handleResult(\n          scopes,\n          this.clientId,\n          await this.app.acquireTokenPopup(parameters)\n        );\n    }\n  }\n}\n"]}
+{"version":3,"file":"msalAuthCode.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalAuthCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG9F,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,uCAAuC;AACvC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;AAExC;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAI3C;;;;;OAKG;IACH,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;YACtB,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;YACvB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;gBAC7D,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF,CAAC;QAEF,kCAAkC;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAChD,IAAI,CAAC,UAAuC,CAC7C,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;SACvD;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,mBAAmB,CAC/B,MAAyC;QAEzC,IAAI;YACF,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC/D,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;aACpD;YAED,6FAA6F;YAC7F,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,gBAAgB,EAAE,CAAC;YACzD,IAAI,aAAa,EAAE;gBACjB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;aACnD;YAED,kGAAkG;YAClG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,uFAAuF;gBACvF,kFAAkF;gBAClF,uEAAuE;gBACvE,uCAAuC;gBACvC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd;;;;gKAIsJ,CACvJ,CAAC;gBACF,yGAAyG;gBACzG,4FAA4F;gBAC5F,8FAA8F;gBAC9F,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;oBACpB,kBAAkB,EAAE,GAAG,EAAE,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,OAAO;aACR;YAED,+EAA+E;YAC/E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;gBACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACnC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;aAC7C;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;SAC1D;QAAC,OAAO,CAAM,EAAE;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SACxE;QACD,OAAO;IACT,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,OAAO,IAAI,CAAC,mBAAmB,CAC7B,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAClE,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CAAC,SAA4B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;QACF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBAC3C,OAAO;aACR;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO;SACR;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CACzB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC3D;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM;SACP,CAAC;QAEF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAClD,MAAM,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAChD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;YAC9C,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,YAAY,CACtB,MAAM,EACN,IAAI,CAAC,QAAQ,EACb,MAAM,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAC7C,CAAC;SACL;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { MsalBrowser, MsalBrowserFlowOptions } from \"./msalBrowserCommon\";\nimport { defaultLoggerCallback, msalToPublic, publicToMsal, getMSALLogLevel } from \"../utils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { getLogLevel } from \"@azure/logger\";\n\n// We keep a copy of the redirect hash.\nconst redirectHash = self.location.hash;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport class MSALAuthCode extends MsalBrowser {\n  protected app: msalBrowser.PublicClientApplication;\n  private loginHint?: string;\n\n  /**\n   * Sets up an MSAL object based on the given parameters.\n   * MSAL with Auth Code allows sending a previously obtained `authenticationRecord` through the optional parameters,\n   * which is set to be the active account.\n   * @param options - Parameters necessary and otherwise used to create the MSAL object.\n   */\n  constructor(options: MsalBrowserFlowOptions) {\n    super(options);\n    this.loginHint = options.loginHint;\n\n    this.msalConfig.cache = {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    };\n    this.msalConfig.system = {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(this.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    };\n\n    // Preparing the MSAL application.\n    this.app = new msalBrowser.PublicClientApplication(\n      this.msalConfig as msalBrowser.Configuration\n    );\n    if (this.account) {\n      this.app.setActiveAccount(publicToMsal(this.account));\n    }\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  private async handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      if (result && result.account) {\n        this.logger.info(`MSAL Browser V2 authentication successful.`);\n        this.app.setActiveAccount(result.account);\n        return msalToPublic(this.clientId, result.account);\n      }\n\n      // If by this point we happen to have an active account, we should stop trying to parse this.\n      const activeAccount = await this.app!.getActiveAccount();\n      if (activeAccount) {\n        return msalToPublic(this.clientId, activeAccount);\n      }\n\n      // If we don't have an active account, we try to activate it from all the already loaded accounts.\n      const accounts = this.app.getAllAccounts();\n      if (accounts.length > 1) {\n        // If there's more than one account in memory, we force the user to authenticate again.\n        // At this point we can't identify which account should this credential work with,\n        // since at this point the user won't have provided enough information.\n        // We log a message in case that helps.\n        this.logger.info(\n          `More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing \"InteractiveBrowserCredential\".`\n        );\n        // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.\n        // However, we want to avoid kicking the user out of their authentication on the Azure side.\n        // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.\n        await this.app.logout({\n          onRedirectNavigate: () => false,\n        });\n        return;\n      }\n\n      // If there's only one account for this MSAL object, we can safely activate it.\n      if (accounts.length === 1) {\n        const account = accounts[0];\n        this.app.setActiveAccount(account);\n        return msalToPublic(this.clientId, account);\n      }\n\n      this.logger.info(`No accounts were found through MSAL.`);\n    } catch (e: any) {\n      this.logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  public async handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    return this.handleBrowserResult(\n      (await this.app.handleRedirectPromise(redirectHash)) || undefined\n    );\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  public async login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: this.loginHint,\n    };\n    switch (this.loginStyle) {\n      case \"redirect\": {\n        await this.app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return this.handleBrowserResult(await this.app.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  public async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const account = this.app.getActiveAccount();\n    if (!account) {\n      return;\n    }\n    return msalToPublic(this.clientId, account);\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  public async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    const account = await this.getActiveAccount();\n    if (!account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: options?.authority || this.msalConfig.auth.authority!,\n      correlationId: options?.correlationId,\n      claims: options?.claims,\n      account: publicToMsal(account),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      const response = await this.app.acquireTokenSilent(parameters);\n      return this.handleResult(scopes, this.clientId, response);\n    } catch (err: any) {\n      throw this.handleError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser.\n   */\n  protected async doGetToken(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions\n  ): Promise<AccessToken> {\n    const account = await this.getActiveAccount();\n    if (!account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: options?.authority || this.msalConfig.auth.authority!,\n      correlationId: options?.correlationId,\n      claims: options?.claims,\n      account: publicToMsal(account),\n      loginHint: this.loginHint,\n      scopes,\n    };\n\n    switch (this.loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n        await this.app.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0 };\n      case \"popup\":\n        return this.handleResult(\n          scopes,\n          this.clientId,\n          await this.app.acquireTokenPopup(parameters)\n        );\n    }\n  }\n}\n"]}

package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js

@@ -2,7 +2,7 @@
 // Licensed under the MIT license.
 import { AuthenticationRequiredError, CredentialUnavailableError } from "../../errors";
 import { MsalBaseUtilities, getAuthority, getKnownAuthorities } from "../utils";
-import { processMultiTenantRequest, resolveAddionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils";
 import { DefaultTenantId } from "../../constants";
 /**
  * Generates a MSAL configuration that generally works for browsers
@@ -42,7 +42,7 @@ export class MsalBrowser extends MsalBaseUtilities {
             throw new CredentialUnavailableError("A client ID is required in browsers");
         }
         this.clientId = options.clientId;
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
         this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);
         this.authorityHost = options.authorityHost;
         this.msalConfig = defaultBrowserMsalConfig(options);

package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEhF,OAAO,EACL,yBAAyB,EACzB,iCAAiC,EACjC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAKlC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAqClD;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAgB,WAAY,SAAQ,iBAAiB;IAWzD,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;SAC7E;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,4BAA4B,GAAG,iCAAiC,CACnE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;QAE7E,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAChC,IAAI,CAAC,OAAO,mCACP,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,GACxB,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,sBAAsB;IACxB,CAAC;IAOD;;OAEG;IACH,KAAK,CAAC,MAAM;;QACV,MAAA,IAAI,CAAC,GAAG,0CAAE,MAAM,EAAE,CAAC;IACrB,CAAC;IAsBD;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACtB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;SAChE;QAED,uDAAuD;QACvD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC5E,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;YACF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors\";\nimport { MsalBaseUtilities, getAuthority, getKnownAuthorities } from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  processMultiTenantRequest,\n  resolveAddionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DefaultTenantId } from \"../../constants\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * Some properties might not be used by some flow types.\n */\nexport interface MsalBrowserFlowOptions extends MsalFlowOptions {\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  redirectUri?: string;\n  loginStyle: BrowserLoginStyle;\n  loginHint?: string;\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n\n/**\n * The common methods we use to work with the MSAL browser flows.\n * @internal\n */\nexport interface MsalBrowserFlow extends MsalFlow {\n  login(scopes?: string[]): Promise<AuthenticationRecord | undefined>;\n  handleRedirect(): Promise<AuthenticationRecord | undefined>;\n}\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nexport function defaultBrowserMsalConfig(\n  options: MsalBrowserFlowOptions\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || self.location.origin,\n    },\n  };\n}\n\n/**\n * MSAL partial base client for the browsers.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalBrowser extends MsalBaseUtilities implements MsalBrowserFlow {\n  protected loginStyle: BrowserLoginStyle;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected account: AuthenticationRecord | undefined;\n  protected msalConfig: msalBrowser.Configuration;\n  protected disableAutomaticAuthentication?: boolean;\n  protected app?: msalBrowser.PublicClientApplication;\n\n  constructor(options: MsalBrowserFlowOptions) {\n    super(options);\n    this.logger = options.logger;\n    this.loginStyle = options.loginStyle;\n    if (!options.clientId) {\n      throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n    }\n    this.clientId = options.clientId;\n    this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants\n    );\n    this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);\n    this.authorityHost = options.authorityHost;\n    this.msalConfig = defaultBrowserMsalConfig(options);\n    this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n\n    if (options.authenticationRecord) {\n      this.account = {\n        ...options.authenticationRecord,\n        tenantId: this.tenantId,\n      };\n    }\n  }\n\n  /**\n   * In the browsers we don't need to init()\n   */\n  async init(): Promise<void> {\n    // Nothing to do here.\n  }\n\n  /**\n   * Attempts to handle a redirection request the least amount of times possible.\n   */\n  public abstract handleRedirect(): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Clears MSAL's cache.\n   */\n  async logout(): Promise<void> {\n    this.app?.logout();\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  public abstract getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  public abstract login(scopes?: string | string[]): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  public abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;\n\n  /**\n   * Attempts to retrieve the token in the browser.\n   */\n  protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {}\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    if (!options.authority) {\n      options.authority = getAuthority(tenantId, this.authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await this.handleRedirect();\n\n    if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {\n      await this.login(scopes);\n    }\n    return this.getTokenSilent(scopes).catch((err) => {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(\n        `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n      );\n      return this.doGetToken(scopes);\n    });\n  }\n}\n"]}
+{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEhF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAKlC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAqClD;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAgB,WAAY,SAAQ,iBAAiB;IAWzD,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;SAC7E;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;QAE7E,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAChC,IAAI,CAAC,OAAO,mCACP,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,GACxB,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,sBAAsB;IACxB,CAAC;IAOD;;OAEG;IACH,KAAK,CAAC,MAAM;;QACV,MAAA,IAAI,CAAC,GAAG,0CAAE,MAAM,EAAE,CAAC;IACrB,CAAC;IAsBD;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACtB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;SAChE;QAED,uDAAuD;QACvD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC5E,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;YACF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors\";\nimport { MsalBaseUtilities, getAuthority, getKnownAuthorities } from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DefaultTenantId } from \"../../constants\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * Some properties might not be used by some flow types.\n */\nexport interface MsalBrowserFlowOptions extends MsalFlowOptions {\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  redirectUri?: string;\n  loginStyle: BrowserLoginStyle;\n  loginHint?: string;\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n\n/**\n * The common methods we use to work with the MSAL browser flows.\n * @internal\n */\nexport interface MsalBrowserFlow extends MsalFlow {\n  login(scopes?: string[]): Promise<AuthenticationRecord | undefined>;\n  handleRedirect(): Promise<AuthenticationRecord | undefined>;\n}\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nexport function defaultBrowserMsalConfig(\n  options: MsalBrowserFlowOptions\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || self.location.origin,\n    },\n  };\n}\n\n/**\n * MSAL partial base client for the browsers.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalBrowser extends MsalBaseUtilities implements MsalBrowserFlow {\n  protected loginStyle: BrowserLoginStyle;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected account: AuthenticationRecord | undefined;\n  protected msalConfig: msalBrowser.Configuration;\n  protected disableAutomaticAuthentication?: boolean;\n  protected app?: msalBrowser.PublicClientApplication;\n\n  constructor(options: MsalBrowserFlowOptions) {\n    super(options);\n    this.logger = options.logger;\n    this.loginStyle = options.loginStyle;\n    if (!options.clientId) {\n      throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n    }\n    this.clientId = options.clientId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants\n    );\n    this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);\n    this.authorityHost = options.authorityHost;\n    this.msalConfig = defaultBrowserMsalConfig(options);\n    this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n\n    if (options.authenticationRecord) {\n      this.account = {\n        ...options.authenticationRecord,\n        tenantId: this.tenantId,\n      };\n    }\n  }\n\n  /**\n   * In the browsers we don't need to init()\n   */\n  async init(): Promise<void> {\n    // Nothing to do here.\n  }\n\n  /**\n   * Attempts to handle a redirection request the least amount of times possible.\n   */\n  public abstract handleRedirect(): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Clears MSAL's cache.\n   */\n  async logout(): Promise<void> {\n    this.app?.logout();\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  public abstract getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  public abstract login(scopes?: string | string[]): Promise<AuthenticationRecord | undefined>;\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  public abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;\n\n  /**\n   * Attempts to retrieve the token in the browser.\n   */\n  protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {}\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    if (!options.authority) {\n      options.authority = getAuthority(tenantId, this.authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await this.handleRedirect();\n\n    if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {\n      await this.login(scopes);\n    }\n    return this.getTokenSilent(scopes).catch((err) => {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(\n        `Silent authentication failed, falling back to interactive method ${this.loginStyle}`\n      );\n      return this.doGetToken(scopes);\n    });\n  }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js

@@ -3,7 +3,7 @@
 import * as msalNode from "@azure/msal-node";
 import { getLogLevel } from "@azure/logger";
 import { MsalBaseUtilities, defaultLoggerCallback, getAuthority, getKnownAuthorities, msalToPublic, publicToMsal, getMSALLogLevel, } from "../utils";
-import { processMultiTenantRequest, resolveAddionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils";
+import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils";
 import { AuthenticationRequiredError } from "../../errors";
 import { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DeveloperSignOnClientId } from "../../constants";
 import { IdentityClient } from "../../client/identityClient";
@@ -44,7 +44,7 @@ export class MsalNode extends MsalBaseUtilities {
         this.requiresConfidential = false;
         this.msalConfig = this.defaultNodeMsalConfig(options);
         this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
-        this.additionallyAllowedTenantIds = resolveAddionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
         this.clientId = this.msalConfig.auth.clientId;
         if (options === null || options === void 0 ? void 0 : options.getAssertion) {
             this.getAssertion = options.getAssertion;