npm - @azure/identity - Versions diffs - 4.0.0 → 4.0.1-alpha.20240110.1 - Mend

@azure/identity 4.0.0 → 4.0.1-alpha.20240110.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (67) hide show

package/dist-esm/src/client/identityClient.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAGL,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,OAAO,EAEL,wBAAwB,GACzB,MAAM,gDAAgD,CAAC;AAExD,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAO/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,EACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd,IACE,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,0CAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,qBAAQ,OAAO,CAAE,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;YAC/E,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;gBAC5B,OAAO,IAAI,CAAC;aACb;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;iBACzD;gBACD,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;SACd;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,OAAO,IAAI,CAAC;SACb;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;YAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;SACrD;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAQ,EAAE;gBACjB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;oBACA,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;iBACX;aACF;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE;gBACnB,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;aAC5B;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;YAChE,OAAO;SACR;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI;YACF,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE;gBAChB,uEAAuE;gBACvE,OAAO;aACR;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;SACH;QAAC,OAAO,CAAM,EAAE;YACf,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;SACH;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport {\n PipelineRequest,\n PipelineResponse,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants\";\nimport { tracingClient } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport {\n TokenResponseParsedBody,\n parseExpirationTimestamp,\n} from \"../credentials/managedIdentityCredential/utils\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/*\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\n/\n @internal\n /\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/\n The network module used by the Identity credentials.\n \n It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n \n /\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map<string, AbortController[] \| undefined>;\n // used for WorkloadIdentity\n private tokenCredentialOptions: TokenCredentialOptions;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n // used for WorkloadIdentity\n this.tokenCredentialOptions = { ...options };\n }\n\n async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n if (response.bodyAsText && (response.status === 200 \|\| response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n },\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n options: GetTokenOptions = {}\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n throw err;\n }\n }\n }\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) \|\| [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort(...params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId \|\| noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) \|\| []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) \|\| []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] \|\| noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /*\n \n * @internal\n /\n getTokenCredentialOptions(): TokenCredentialOptions {\n return this.tokenCredentialOptions;\n }\n /\n If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n \n The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n */\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers \|\| !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody \|\| JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\")\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn \|\| unavailableUpn\n }. Object ID (user): ${oid}`\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message\n );\n }\n }\n}\n"]}
1	+ {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAGL,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,eAAe,EAAmB,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,OAAO,EAEL,wBAAwB,GACzB,MAAM,gDAAgD,CAAC;AAExD,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAO/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,EACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd,IACE,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,0CAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,qBAAQ,OAAO,CAAE,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;YAC/E,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;gBAC5B,OAAO,IAAI,CAAC;aACb;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;iBACzD;gBACD,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;SACd;aAAM;YACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,OAAO,IAAI,CAAC;SACb;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE;YAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;SACrD;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAQ,EAAE;gBACjB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;oBACA,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;iBACX;aACF;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE;gBACnB,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;aAC5B;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;YACvB,OAAO;SACR;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,UAAU,CAAC,KAAK,EAAE,CAAC;SACpB;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;YAChE,OAAO;SACR;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI;YACF,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE;gBAChB,uEAAuE;gBACvE,OAAO;aACR;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;SACH;QAAC,OAAO,CAAM,EAAE;YACf,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;SACH;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport {\n PipelineRequest,\n PipelineResponse,\n createHttpHeaders,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\nimport { AbortController, AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants\";\nimport { tracingClient } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\nimport {\n TokenResponseParsedBody,\n parseExpirationTimestamp,\n} from \"../credentials/managedIdentityCredential/utils\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/*\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\n/\n @internal\n /\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/\n The network module used by the Identity credentials.\n \n It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n \n /\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map<string, AbortController[] \| undefined>;\n // used for WorkloadIdentity\n private tokenCredentialOptions: TokenCredentialOptions;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n // used for WorkloadIdentity\n this.tokenCredentialOptions = { ...options };\n }\n\n async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n if (response.bodyAsText && (response.status === 200 \|\| response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n },\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n options: GetTokenOptions = {},\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n );\n throw err;\n }\n }\n },\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) \|\| [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort(...params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId \|\| noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) \|\| []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) \|\| []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] \|\| noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /*\n \n * @internal\n /\n getTokenCredentialOptions(): TokenCredentialOptions {\n return this.tokenCredentialOptions;\n }\n /\n If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n \n The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n */\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers \|\| !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody \|\| JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn \|\| unavailableUpn\n }. Object ID (user): ${oid}`,\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message,\n );\n }\n }\n}\n"]}

package/dist-esm/src/constants.js CHANGED Viewed

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.0.0`;
+export const SDK_VERSION = `4.0.1`;
 /**
  * The default client ID for authentication
  * @internal

package/dist-esm/src/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC;AACvC,MAAM,CAAC,MAAM,oBAAoB,GAAG,QAAQ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/*\n Current version of the `@azure/identity` package.\n /\nexport const SDK_VERSION = `4.0.0`;\n\n/\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/\n The default authority host.\n /\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/\n Allow acquiring tokens for any tenant for multi-tentant auth.\n /\nexport const ALL_TENANTS: string[] = [\"\"];\n\nexport const CACHE_CAE_SUFFIX = \".cae\";\nexport const CACHE_NON_CAE_SUFFIX = \".nocae\";\n"]}
1	+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAiBX;AAjBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;OAEG;IACH,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EAjBW,mBAAmB,KAAnB,mBAAmB,QAiB9B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC;AACvC,MAAM,CAAC,MAAM,oBAAoB,GAAG,QAAQ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/*\n Current version of the `@azure/identity` package.\n /\nexport const SDK_VERSION = `4.0.1`;\n\n/\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/\n The default authority host.\n /\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/\n Allow acquiring tokens for any tenant for multi-tentant auth.\n /\nexport const ALL_TENANTS: string[] = [\"\"];\n\nexport const CACHE_CAE_SUFFIX = \".cae\";\nexport const CACHE_NON_CAE_SUFFIX = \".nocae\";\n"]}

package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAGhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kIAAkI,CACnI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAmBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\"\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n /*\n Only available in Node.js\n */\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions\n );\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"authorizationCodeCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAGhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kIAAkI,CACnI,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IAmBtC;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions\";\n\nconst BrowserNotSupportedError = new Error(\n \"AuthorizationCodeCredential is not supported in the browser. InteractiveBrowserCredential is more appropriate for this use case.\",\n);\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\nexport class AuthorizationCodeCredential implements TokenCredential {\n /*\n Only available in Node.js\n */\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/authorizationCodeCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAkEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,YAAY,GAAuB,+BAA+B,CAAC;QAEvE,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;SAC/C;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,YAAY,GAAG,SAAS,CAAC;YACzB,OAAO,GAAG,oBAA0D,CAAC;SACtE;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,YAAY;YACZ,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,EACrC,MAAM,EACN,WAAW,EAAE,IAAI,CAAC,WAAW,EAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,IACzC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions\";\nimport { MsalAuthorizationCode } from \"../msal/nodeFlows/msalAuthorizationCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n \n https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions\n );\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| AuthorizationCodeCredentialOptions \| undefined,\n options?: AuthorizationCodeCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n let clientSecret: string \| undefined = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n\n this.msalFlow = new MsalAuthorizationCode({\n ...options,\n clientSecret,\n clientId,\n tenantId,\n tokenCredentialOptions: options \|\| {},\n logger,\n redirectUri: this.redirectUri,\n authorizationCode: this.authorizationCode,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n }\n );\n }\n}\n"]}
1	+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAkEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,YAAY,GAAuB,+BAA+B,CAAC;QAEvE,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;SAC/C;aAAM;YACL,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,YAAY,GAAG,SAAS,CAAC;YACzB,OAAO,GAAG,oBAA0D,CAAC;SACtE;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,YAAY;YACZ,QAAQ;YACR,QAAQ,EACR,sBAAsB,EAAE,OAAO,IAAI,EAAE,EACrC,MAAM,EACN,WAAW,EAAE,IAAI,CAAC,WAAW,EAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,IACzC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions\";\nimport { MsalAuthorizationCode } from \"../msal/nodeFlows/msalAuthorizationCode\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { checkTenantId } from \"../util/tenantIdUtils\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n \n https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| AuthorizationCodeCredentialOptions \| undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n let clientSecret: string \| undefined = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalFlow = new MsalAuthorizationCode({\n ...options,\n clientSecret,\n clientId,\n tenantId,\n tokenCredentialOptions: options \|\| {},\n logger,\n redirectUri: this.redirectUri,\n authorizationCode: this.authorizationCode,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n}\n"]}

package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureApplicationCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAGlE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kGAAkG,CACnG,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,OAAO,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;OASG;IACH,YAAY,uBAAgD;QAC1D,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nconst BrowserNotSupportedError = new Error(\n \"ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.\"\n);\nconst logger = credentialLogger(\"ApplicationCredential\");\n\n/*\n Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n \n Only available in Node.js\n /\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /\n Creates an instance of the AzureApplicationCredential class.\n \n The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n \n Only available in Node.js\n \n @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(_tokenCredentialOptions?: TokenCredentialOptions) {\n super();\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"azureApplicationCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAGlE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kGAAkG,CACnG,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,OAAO,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;OASG;IACH,YAAY,uBAAgD;QAC1D,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { TokenCredentialOptions } from \"../tokenCredentialOptions\";\n\nconst BrowserNotSupportedError = new Error(\n \"ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.\",\n);\nconst logger = credentialLogger(\"ApplicationCredential\");\n\n/*\n Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n \n Only available in Node.js\n /\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /\n Creates an instance of the AzureApplicationCredential class.\n \n The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n \n Only available in Node.js\n \n @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(_tokenCredentialOptions?: TokenCredentialOptions) {\n super();\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/azureCliCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;gBAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;aACrF;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;SAC/B;aAAM;YACL,OAAO,MAAM,CAAC;SACf;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE;YACZ,aAAa,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;SACxC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI;gBACF,aAAa,CAAC,QAAQ,CACpB,IAAI,EACJ;oBACE,SAAS;oBACT,kBAAkB;oBAClB,UAAU;oBACV,MAAM;oBACN,YAAY;oBACZ,QAAQ;oBACR,GAAG,aAAa;iBACjB,EACD,EAAE,GAAG,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EACzE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrD,CAAC,CACF,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IAK7B;;;;;;;OAOG;IACH,YAAY,OAAmC;QAC7C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI;gBACF,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,sBAAsB,CAC7D,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpE,MAAM,YAAY,GAAG,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,KAAI,CAAC,aAAa,CAAC;gBAC7E,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,MAAI,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,wBAAwB,CAAC,CAAA,CAAC;gBAE5F,IAAI,iBAAiB,EAAE;oBACrB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,kLAAkL,CACnL,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBACD,IAAI,YAAY,EAAE;oBAChB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,2FAA2F,CAC5F,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBACD,IAAI;oBACF,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;oBAChC,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,MAAM,WAAW,GAAG;wBAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;wBAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBAC3D,CAAC;oBACF,OAAO,WAAW,CAAC;iBACpB;gBAAC,OAAO,CAAM,EAAE;oBACf,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;qBAClD;oBACD,MAAM,CAAC,CAAC;iBACT;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils\";\nimport { AzureCliCredentialOptions } from \"./azureCliCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\n/*\n Mockable reference to the CLI credential cliCredentialFunctions\n * @internal\n /\nexport const cliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n * @internal\n /\n async getAzureCliAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"az\",\n [\n \"account\",\n \"get-access-token\",\n \"--output\",\n \"json\",\n \"--resource\",\n resource,\n ...tenantSection,\n ],\n { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/\n This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n /\nexport class AzureCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds\n );\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n const resource = getScopeResource(scope);\n const obj = await cliCredentialInternals.getAzureCliAccessToken(\n resource,\n tenantId,\n this.timeout\n );\n const specificScope = obj.stderr?.match(\"(.)az login --scope(.)\");\n const isLoginError = obj.stderr?.match(\"(.)az login(.)\") && !specificScope;\n const isNotInstallError =\n obj.stderr?.match(\"az:(.)not found\") \|\| obj.stderr?.startsWith(\"'az' is not recognized\");\n\n if (isNotInstallError) {\n const error = new CredentialUnavailableError(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isLoginError) {\n const error = new CredentialUnavailableError(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n try {\n const responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime(),\n };\n return returnValue;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| \"Unknown error while trying to retrieve the access token\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azureCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;gBAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;aACrF;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;SAC/B;aAAM;YACL,OAAO,MAAM,CAAC;SACf;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE;YACZ,aAAa,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;SACxC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI;gBACF,aAAa,CAAC,QAAQ,CACpB,IAAI,EACJ;oBACE,SAAS;oBACT,kBAAkB;oBAClB,UAAU;oBACV,MAAM;oBACN,YAAY;oBACZ,QAAQ;oBACR,GAAG,aAAa;iBACjB,EACD,EAAE,GAAG,EAAE,sBAAsB,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EACzE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrD,CAAC,CACF,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IAK7B;;;;;;;OAOG;IACH,YAAY,OAAmC;QAC7C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QAEF,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI;gBACF,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,sBAAsB,CAC7D,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBACpE,MAAM,YAAY,GAAG,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,KAAI,CAAC,aAAa,CAAC;gBAC7E,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,kBAAkB,CAAC,MAAI,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,wBAAwB,CAAC,CAAA,CAAC;gBAE5F,IAAI,iBAAiB,EAAE;oBACrB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,kLAAkL,CACnL,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBACD,IAAI,YAAY,EAAE;oBAChB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,2FAA2F,CAC5F,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBACD,IAAI;oBACF,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;oBAChC,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,MAAM,WAAW,GAAG;wBAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;wBAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBAC3D,CAAC;oBACF,OAAO,WAAW,CAAC;iBACpB;gBAAC,OAAO,CAAM,EAAE;oBACf,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;qBAClD;oBACD,MAAM,CAAC,CAAC;iBACT;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils\";\nimport { AzureCliCredentialOptions } from \"./azureCliCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\n/*\n Mockable reference to the CLI credential cliCredentialFunctions\n * @internal\n /\nexport const cliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n * @internal\n /\n async getAzureCliAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"az\",\n [\n \"account\",\n \"get-access-token\",\n \"--output\",\n \"json\",\n \"--resource\",\n resource,\n ...tenantSection,\n ],\n { cwd: cliCredentialInternals.getSafeWorkingDir(), shell: true, timeout },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/\n This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n /\nexport class AzureCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n const resource = getScopeResource(scope);\n const obj = await cliCredentialInternals.getAzureCliAccessToken(\n resource,\n tenantId,\n this.timeout,\n );\n const specificScope = obj.stderr?.match(\"(.)az login --scope(.)\");\n const isLoginError = obj.stderr?.match(\"(.)az login(.)\") && !specificScope;\n const isNotInstallError =\n obj.stderr?.match(\"az:(.)not found\") \|\| obj.stderr?.startsWith(\"'az' is not recognized\");\n\n if (isNotInstallError) {\n const error = new CredentialUnavailableError(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isLoginError) {\n const error = new CredentialUnavailableError(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n try {\n const responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime(),\n };\n return returnValue;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| \"Unknown error while trying to retrieve the access token\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist-esm/src/credentials/azureDeveloperCliCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureDeveloperCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzureDeveloperCliCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n This credential will use the currently logged-in user login information\n * via the Azure Developer CLI ('azd') commandline tool.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"azureDeveloperCliCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzureDeveloperCliCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n This credential will use the currently logged-in user login information\n * via the Azure Developer CLI ('azd') commandline tool.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AAErE;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;gBAC3B,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;aACH;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;SAC/B;aAAM;YACL,OAAO,MAAM,CAAC;SACf;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE;YACZ,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;SAC3C;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI;gBACF,aAAa,CAAC,QAAQ,CACpB,KAAK,EACL;oBACE,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;iBACjB,EACD;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAKtC;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YAC9B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;SACtB;aAAM;YACL,SAAS,GAAG,MAAM,CAAC;SACpB;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI;gBACF,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,kBAAkB,GACtB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,yCAAyC,CAAC;qBAC5D,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,8CAA8C,CAAC,CAAA,CAAC;gBACpE,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,mBAAmB,CAAC;qBACtC,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,yBAAyB,CAAC,CAAA,CAAC;gBAEpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE;oBAC5E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,wKAAwK,CACzK,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,kBAAkB,EAAE;oBACtB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,+NAA+N,CAChO,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI;oBACF,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBACvD,CAAC;iBACH;gBAAC,OAAO,CAAM,EAAE;oBACf,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;qBAClD;oBACD,MAAM,CAAC,CAAC;iBACT;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { tracingClient } from \"../util/tracing\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils\";\n\n/*\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\n \"Azure Developer CLI credential expects a 'SystemRoot' environment variable\"\n );\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"azd\",\n [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n []\n ),\n ...tenantSection,\n ],\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n }\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/azure/active-directory/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout\n );\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n };\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| \"Unknown error while trying to retrieve the access token\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE/E,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AAErE;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;gBAC3B,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;aACH;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;SAC/B;aAAM;YACL,OAAO,MAAM,CAAC;SACf;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE;YACZ,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;SAC3C;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI;gBACF,aAAa,CAAC,QAAQ,CACpB,KAAK,EACL;oBACE,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;iBACjB,EACD;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,CAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAKtC;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE;YACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YAC9B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;SACtB;aAAM;YACL,SAAS,GAAG,MAAM,CAAC;SACpB;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI;gBACF,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,kBAAkB,GACtB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,yCAAyC,CAAC;qBAC5D,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,8CAA8C,CAAC,CAAA,CAAC;gBACpE,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,mBAAmB,CAAC;qBACtC,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,yBAAyB,CAAC,CAAA,CAAC;gBAEpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE;oBAC5E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,wKAAwK,CACzK,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,kBAAkB,EAAE;oBACtB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,+NAA+N,CAChO,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI;oBACF,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;qBACvD,CAAC;iBACH;gBAAC,OAAO,CAAM,EAAE;oBACf,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;qBAClD;oBACD,MAAM,CAAC,CAAC;iBACT;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { tracingClient } from \"../util/tracing\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils\";\n\n/*\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\n \"Azure Developer CLI credential expects a 'SystemRoot' environment variable\",\n );\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"azd\",\n [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ],\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/azure/active-directory/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n );\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n };\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| \"Unknown error while trying to retrieve the access token\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePowerShellCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzurePowerShellCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\n/*\n This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"azurePowerShellCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"AzurePowerShellCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\n/*\n This credential will use the currently-logged-in user's login information via the Azure Power Shell command line tool.\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/azurePowerShellCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE;QACb,OAAO,GAAG,WAAW,MAAM,CAAC;KAC7B;SAAM;QACL,OAAO,WAAW,CAAC;KACpB;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB,EAAE,OAAgB;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5D,QAAQ,EAAE,MAAM;YAChB,OAAO;SACR,CAAC,CAAW,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;KACtB;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAA4C,CAAC,GAAU,EAAE,EAAE,CAC3E,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAEzD,qDAAqD;AACrD,MAAM,mBAAmB,GAA4C,CAAC,GAAU,EAAE,EAAE,CAClF,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAKpC;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;YACjD,IAAI;gBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;aACzD;YAAC,OAAO,CAAM,EAAE;gBACf,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;aACV;YAED,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,EAAE;gBACZ,aAAa,GAAG,cAAc,QAAQ,GAAG,CAAC;aAC3C;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV,2DAA2D;iBAC5D;gBACD;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV,qBAAqB,aAAa,kBAAkB,QAAQ,oBAAoB;iBACjF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;aAC3B;YAAC,OAAO,CAAM,EAAE;gBACf,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;aACzF;SACF;QAED,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YACD,IAAI;gBACF,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5F,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;iBAC3D,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils\";\nimport { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { processUtils } from \"../util/processUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][], timeout?: number): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, {\n encoding: \"utf8\",\n timeout,\n })) as string;\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzurePowerShellCredential}.\n \n To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzurePowerShellCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]], timeout);\n } catch (e: any) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n let tenantSection = \"\";\n if (tenantId) {\n tenantSection = `-TenantId \"${tenantId}\"`;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\",\n ],\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n `Get-AzAccessToken ${tenantSection} -ResourceUrl \"${resource}\" \| ConvertTo-Json`,\n ],\n ]);\n\n const result = results[1];\n try {\n return JSON.parse(result);\n } catch (e: any) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<AccessToken> {\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds\n );\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n };\n } catch (err: any) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azurePowerShellCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePowerShellCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,+BAA+B,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,SAAS,EAAE;QACb,OAAO,GAAG,WAAW,MAAM,CAAC;KAC7B;SAAM;QACL,OAAO,WAAW,CAAC;KACpB;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,WAAW,CAAC,QAAoB,EAAE,OAAgB;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5D,QAAQ,EAAE,MAAM;YAChB,OAAO;SACR,CAAC,CAAW,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;KACtB;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,KAAK,EAAE,gCAAgC;IACvC,SAAS,EACP,uIAAuI;CAC1I,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,KAAK,EACH,8FAA8F;IAChG,SAAS,EAAE,4KAA4K;IACvL,YAAY,EAAE,4FAA4F;CAC3G,CAAC;AAEF,mDAAmD;AACnD,MAAM,YAAY,GAA4C,CAAC,GAAU,EAAE,EAAE,CAC3E,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,KAAK,MAAM,CAAC,CAAC;AAEzD,qDAAqD;AACrD,MAAM,mBAAmB,GAA4C,CAAC,GAAU,EAAE,EAAE,CAClF,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAEpD,IAAI,SAAS,EAAE;IACb,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAKpC;;;;;;;;;;OAUG;IACH,YAAY,OAA0C;QACpD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE;YACrB,aAAa,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;SACnC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,6BAA6B,CACzC,QAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,uDAAuD;QACvD,KAAK,MAAM,iBAAiB,IAAI,CAAC,GAAG,YAAY,CAAC,EAAE;YACjD,IAAI;gBACF,MAAM,WAAW,CAAC,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;aACzD;YAAC,OAAO,CAAM,EAAE;gBACf,gFAAgF;gBAChF,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,SAAS;aACV;YAED,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,EAAE;gBACZ,aAAa,GAAG,cAAc,QAAQ,GAAG,CAAC;aAC3C;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;gBAChC;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV,2DAA2D;iBAC5D;gBACD;oBACE,iBAAiB;oBACjB,YAAY;oBACZ,iBAAiB;oBACjB,UAAU;oBACV,qBAAqB,aAAa,kBAAkB,QAAQ,oBAAoB;iBACjF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;aAC3B;YAAC,OAAO,CAAM,EAAE;gBACf,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;aACzF;SACF;QAED,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,EAAE;gBACZ,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACjC;YACD,IAAI;gBACF,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5F,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;iBAC3D,CAAC;aACH;YAAC,OAAO,GAAQ,EAAE;gBACjB,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,SAAS,CAAC,CAAC;oBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;oBAC5B,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;oBAClF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBAChD,MAAM,KAAK,CAAC;iBACb;gBACD,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,GAAG,KAAK,6BAA6B,CAAC,YAAY,EAAE,CACxD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { ensureValidScopeForDevTimeCreds, getScopeResource } from \"../util/scopeUtils\";\nimport { AzurePowerShellCredentialOptions } from \"./azurePowerShellCredentialOptions\";\nimport { CredentialUnavailableError } from \"../errors\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { processUtils } from \"../util/processUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"AzurePowerShellCredential\");\n\nconst isWindows = process.platform === \"win32\";\n\n/*\n Returns a platform-appropriate command name by appending \".exe\" on Windows.\n \n @internal\n /\nexport function formatCommand(commandName: string): string {\n if (isWindows) {\n return `${commandName}.exe`;\n } else {\n return commandName;\n }\n}\n\n/\n Receives a list of commands to run, executes them, then returns the outputs.\n * If anything fails, an error is thrown.\n * @internal\n /\nasync function runCommands(commands: string[][], timeout?: number): Promise<string[]> {\n const results: string[] = [];\n\n for (const command of commands) {\n const [file, ...parameters] = command;\n const result = (await processUtils.execFile(file, parameters, {\n encoding: \"utf8\",\n timeout,\n })) as string;\n results.push(result);\n }\n\n return results;\n}\n\n/\n Known PowerShell errors\n * @internal\n /\nexport const powerShellErrors = {\n login: \"Run Connect-AzAccount to login\",\n installed:\n \"The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory\",\n};\n\n/\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const powerShellPublicErrorMessages = {\n login:\n \"Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.\",\n installed: `The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: \"Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force\".`,\n troubleshoot: `To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`,\n};\n\n// PowerShell Azure User not logged in error check.\nconst isLoginError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(`(.)${powerShellErrors.login}(.)`);\n\n// Az Module not Installed in Azure PowerShell check.\nconst isNotInstalledError: (err: Error) => RegExpMatchArray \| null = (err: Error) =>\n err.message.match(powerShellErrors.installed);\n\n/\n The PowerShell commands to be tried, in order.\n \n @internal\n /\nexport const commandStack = [formatCommand(\"pwsh\")];\n\nif (isWindows) {\n commandStack.push(formatCommand(\"powershell\"));\n}\n\n/\n This credential will use the currently logged-in user information from the\n * Azure PowerShell module. To do so, it will read the user access token and\n * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`\n /\nexport class AzurePowerShellCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzurePowerShellCredential}.\n \n To use this credential:\n * - Install the Azure Az PowerShell module with:\n * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.\n * - You have already logged in to Azure PowerShell using the command\n * `Connect-AzAccount` from the command line.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzurePowerShellCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Gets the access token from Azure PowerShell\n * @param resource - The resource to use when getting the token\n /\n private async getAzurePowerShellAccessToken(\n resource: string,\n tenantId?: string,\n timeout?: number,\n ): Promise<{ Token: string; ExpiresOn: string }> {\n // Clone the stack to avoid mutating it while iterating\n for (const powerShellCommand of [...commandStack]) {\n try {\n await runCommands([[powerShellCommand, \"/?\"]], timeout);\n } catch (e: any) {\n // Remove this credential from the original stack so that we don't try it again.\n commandStack.shift();\n continue;\n }\n\n let tenantSection = \"\";\n if (tenantId) {\n tenantSection = `-TenantId \"${tenantId}\"`;\n }\n\n const results = await runCommands([\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n \"Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru\",\n ],\n [\n powerShellCommand,\n \"-NoProfile\",\n \"-NonInteractive\",\n \"-Command\",\n `Get-AzAccessToken ${tenantSection} -ResourceUrl \"${resource}\" \| ConvertTo-Json`,\n ],\n ]);\n\n const result = results[1];\n try {\n return JSON.parse(result);\n } catch (e: any) {\n throw new Error(`Unable to parse the output of PowerShell. Received output: ${result}`);\n }\n }\n\n throw new Error(`Unable to execute PowerShell. Ensure that it is installed in your system`);\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n try {\n ensureValidScopeForDevTimeCreds(scope, logger);\n logger.getToken.info(`Using the scope ${scope}`);\n const resource = getScopeResource(scope);\n const response = await this.getAzurePowerShellAccessToken(resource, tenantId, this.timeout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: response.Token,\n expiresOnTimestamp: new Date(response.ExpiresOn).getTime(),\n };\n } catch (err: any) {\n if (isNotInstalledError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.installed);\n logger.getToken.info(formatError(scope, error));\n throw error;\n } else if (isLoginError(err)) {\n const error = new CredentialUnavailableError(powerShellPublicErrorMessages.login);\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n const error = new CredentialUnavailableError(\n `${err}. ${powerShellPublicErrorMessages.troubleshoot}`,\n );\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist-esm/src/credentials/chainedTokenCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QAdjC,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,MAAyB,EACzB,UAA2B,EAAE;QAE7B,IAAI,KAAK,GAAuB,IAAI,CAAC;QACrC,IAAI,oBAAqC,CAAC;QAC1C,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAChE,oBAAoB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;iBACzC;gBAAC,OAAO,GAAQ,EAAE;oBACjB,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;wBACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;wBACA,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,cAAc,oBAAoB,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAChF,CAAC;YAEF,IAAI,KAAK,KAAK,IAAI,EAAE;gBAClB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;aAC1E;YACD,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\n/*\n @internal\n /\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n const { token } = await this.getTokenInternal(scopes, options);\n return token;\n }\n\n private async getTokenInternal(\n scopes: string \| string[],\n options: GetTokenOptions = {}\n ): Promise<{ token: AccessToken; successfulCredential: TokenCredential }> {\n let token: AccessToken \| null = null;\n let successfulCredential: TokenCredential;\n const errors: Error[] = [];\n\n return tracingClient.withSpan(\n \"ChainedTokenCredential.getToken\",\n options,\n async (updatedOptions) => {\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredential = this._sources[i];\n } catch (err: any) {\n if (\n err.name === \"CredentialUnavailableError\" \|\|\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(\n errors,\n \"ChainedTokenCredential authentication failed.\"\n );\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n logger.getToken.info(\n `Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`\n );\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return { token, successfulCredential };\n }\n );\n }\n}\n"]}
1	+ {"version":3,"file":"chainedTokenCredential.js","sourceRoot":"","sources":["../../../src/credentials/chainedTokenCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAEjE;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;;;;;;;;;OAWG;IACH,YAAY,GAAG,OAA0B;QAdjC,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,MAAyB,EACzB,UAA2B,EAAE;QAE7B,IAAI,KAAK,GAAuB,IAAI,CAAC;QACrC,IAAI,oBAAqC,CAAC;QAC1C,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAChE,oBAAoB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;iBACzC;gBAAC,OAAO,GAAQ,EAAE;oBACjB,IACE,GAAG,CAAC,IAAI,KAAK,4BAA4B;wBACzC,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAC1C;wBACA,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACL,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,MAAM,EACN,+CAA+C,CAChD,CAAC;gBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,cAAc,oBAAoB,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,CAAC,MAAM,CAAC,EAAE,CAChF,CAAC;YAEF,IAAI,KAAK,KAAK,IAAI,EAAE;gBAClB,MAAM,IAAI,0BAA0B,CAAC,kCAAkC,CAAC,CAAC;aAC1E;YACD,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailableError } from \"../errors\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\n/*\n @internal\n /\nexport const logger = credentialLogger(\"ChainedTokenCredential\");\n\n/\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n const { token } = await this.getTokenInternal(scopes, options);\n return token;\n }\n\n private async getTokenInternal(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<{ token: AccessToken; successfulCredential: TokenCredential }> {\n let token: AccessToken \| null = null;\n let successfulCredential: TokenCredential;\n const errors: Error[] = [];\n\n return tracingClient.withSpan(\n \"ChainedTokenCredential.getToken\",\n options,\n async (updatedOptions) => {\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, updatedOptions);\n successfulCredential = this._sources[i];\n } catch (err: any) {\n if (\n err.name === \"CredentialUnavailableError\" \|\|\n err.name === \"AuthenticationRequiredError\"\n ) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(\n errors,\n \"ChainedTokenCredential authentication failed.\",\n );\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n logger.getToken.info(\n `Result for ${successfulCredential.constructor.name}: ${formatSuccess(scopes)}`,\n );\n\n if (token === null) {\n throw new CredentialUnavailableError(\"Failed to retrieve a valid token\");\n }\n return { token, successfulCredential };\n },\n );\n }\n}\n"]}

package/dist-esm/src/credentials/clientAssertionCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientAssertionCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientAssertionCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/*\n Authenticates a service principal with a JWT assertion.\n /\nexport class ClientAssertionCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"clientAssertionCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,4DAA4D,CAC7D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientAssertionCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/*\n Authenticates a service principal with a JWT assertion.\n /\nexport class ClientAssertionCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/clientAssertionCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientAssertionCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,uCAAuC,CAAC;AAE5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAOpC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAA4C,EAAE;QAE9C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;YAC3C,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,IAAI,mBAAmB,iCAClC,OAAO,KACV,MAAM,EACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,sBAAsB,EAAE,IAAI,CAAC,OAAO,EACpC,YAAY,IACZ,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { ClientAssertionCredentialOptions } from \"./clientAssertionCredentialOptions\";\nimport { MsalClientAssertion } from \"../msal/nodeFlows/msalClientAssertion\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/*\n Authenticates a service principal with a JWT assertion.\n /\nexport class ClientAssertionCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private clientId: string;\n private options: ClientAssertionCredentialOptions;\n\n /\n Creates an instance of the ClientAssertionCredential with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * assertion provided by the developer through the `getAssertion` function parameter.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param getAssertion - A function that retrieves the assertion for the credential to use.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n getAssertion: () => Promise<string>,\n options: ClientAssertionCredentialOptions = {}\n ) {\n if (!tenantId \|\| !clientId \|\| !getAssertion) {\n throw new Error(\n \"ClientAssertionCredential: tenantId, clientId, and clientAssertion are required parameters.\"\n );\n }\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n this.clientId = clientId;\n this.options = options;\n this.msalFlow = new MsalClientAssertion({\n ...options,\n logger,\n clientId: this.clientId,\n tenantId: this.tenantId,\n tokenCredentialOptions: this.options,\n getAssertion,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger\n );\n\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n }\n );\n }\n}\n"]}
1	+ {"version":3,"file":"clientAssertionCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,uCAAuC,CAAC;AAE5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAOpC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAA4C,EAAE;QAE9C,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;YAC3C,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,IAAI,mBAAmB,iCAClC,OAAO,KACV,MAAM,EACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,EACvB,sBAAsB,EAAE,IAAI,CAAC,OAAO,EACpC,YAAY,IACZ,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { ClientAssertionCredentialOptions } from \"./clientAssertionCredentialOptions\";\nimport { MsalClientAssertion } from \"../msal/nodeFlows/msalClientAssertion\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/*\n Authenticates a service principal with a JWT assertion.\n /\nexport class ClientAssertionCredential implements TokenCredential {\n private msalFlow: MsalFlow;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private clientId: string;\n private options: ClientAssertionCredentialOptions;\n\n /\n Creates an instance of the ClientAssertionCredential with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * assertion provided by the developer through the `getAssertion` function parameter.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param getAssertion - A function that retrieves the assertion for the credential to use.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n getAssertion: () => Promise<string>,\n options: ClientAssertionCredentialOptions = {},\n ) {\n if (!tenantId \|\| !clientId \|\| !getAssertion) {\n throw new Error(\n \"ClientAssertionCredential: tenantId, clientId, and clientAssertion are required parameters.\",\n );\n }\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.clientId = clientId;\n this.options = options;\n this.msalFlow = new MsalClientAssertion({\n ...options,\n logger,\n clientId: this.clientId,\n tenantId: this.tenantId,\n tokenCredentialOptions: this.options,\n getAssertion,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n },\n );\n }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\"\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration.\n /\nexport class ClientCertificateCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEhE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,8DAA8D,CAC/D,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,2BAA2B;IACtC;;OAEG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging\";\n\nconst BrowserNotSupportedError = new Error(\n \"ClientCertificateCredential is not supported in the browser.\",\n);\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration.\n /\nexport class ClientCertificateCredential implements TokenCredential {\n /\n Only available in Node.js\n */\n constructor() {\n logger.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n\n public getToken(): Promise<AccessToken \| null> {\n logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n throw BrowserNotSupportedError;\n }\n}\n"]}

package/dist-esm/src/credentials/clientCertificateCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,cAAc,GAAG,6BAA6B,CAAC;AACrD,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAqChD;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAoDtC,YACE,QAAgB,EAChB,QAAgB,EAChB,8BAAoF,EACpF,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,cAAc,kDAAkD,CAAC,CAAC;SACtF;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,aAAa,qBACd,CAAC,OAAO,8BAA8B,KAAK,QAAQ;YACpD,CAAC,CAAC;gBACE,eAAe,EAAE,8BAA8B;aAChD;YACH,CAAC,CAAC,8BAA8B,CAAC,CACpC,CAAC;QACF,MAAM,WAAW,GAAwB,aAAiD;aACvF,WAAW,CAAC;QACf,MAAM,eAAe,GACnB,aACD,CAAC,eAAe,CAAC;QAClB,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC,WAAW,IAAI,eAAe,CAAC,EAAE;YACvD,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,4MAA4M,CAC9N,CAAC;SACH;QACD,IAAI,WAAW,IAAI,eAAe,EAAE;YAClC,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,wOAAwO,CAC1P,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,aAAa;YACb,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACxF,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst credentialName = \"ClientCertificateCredential\";\nconst logger = credentialLogger(credentialName);\n\n/*\n Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n /\nexport interface ClientCertificatePEMCertificate {\n /\n The PEM-encoded public/private key certificate on the filesystem.\n /\n certificate: string;\n\n /\n The password for the certificate file.\n /\n certificatePassword?: string;\n}\n/\n Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n /\nexport interface ClientCertificatePEMCertificatePath {\n /\n The path to the PEM-encoded public/private key certificate on the filesystem.\n /\n certificatePath: string;\n\n /\n The password for the certificate file.\n /\n certificatePassword?: string;\n}\n/\n Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n /\nexport type ClientCertificateCredentialPEMConfiguration =\n \| ClientCertificatePEMCertificate\n \| ClientCertificatePEMCertificatePath;\n\n/\n Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalFlow: MsalFlow;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n );\n /\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the path of the certificate on the filesystem.\n * If the type is ignored, we will throw the value of the path to a PEM certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificatePath,\n options?: ClientCertificateCredentialOptions\n );\n /\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.\n * If the type is ignored, we will throw the value of the PEM-encoded certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificate,\n options?: ClientCertificateCredentialOptions\n );\n constructor(\n tenantId: string,\n clientId: string,\n certificatePathOrConfiguration: string \| ClientCertificateCredentialPEMConfiguration,\n options: ClientCertificateCredentialOptions = {}\n ) {\n if (!tenantId \|\| !clientId) {\n throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants\n );\n\n const configuration: ClientCertificateCredentialPEMConfiguration = {\n ...(typeof certificatePathOrConfiguration === \"string\"\n ? {\n certificatePath: certificatePathOrConfiguration,\n }\n : certificatePathOrConfiguration),\n };\n const certificate: string \| undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string \| undefined = (\n configuration as ClientCertificatePEMCertificatePath\n ).certificatePath;\n if (!configuration \|\| !(certificate \|\| certificatePath)) {\n throw new Error(\n `${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot~~.`\~~n );\n }\n if (certificate && certificatePath) {\n throw new Error(\n `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot~~.`\~~n );\n }\n this.msalFlow = new MsalClientCertificate({\n ...options,\n configuration,\n logger,\n clientId,\n tenantId,\n sendCertificateChain: options.sendCertificateChain,\n tokenCredentialOptions: options,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger\n );\n\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n });\n }\n}\n"]}
1	+ {"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,cAAc,GAAG,6BAA6B,CAAC;AACrD,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAqChD;;;;;;;GAOG;AACH,MAAM,OAAO,2BAA2B;IAoDtC,YACE,QAAgB,EAChB,QAAgB,EAChB,8BAAoF,EACpF,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,cAAc,kDAAkD,CAAC,CAAC;SACtF;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,aAAa,qBACd,CAAC,OAAO,8BAA8B,KAAK,QAAQ;YACpD,CAAC,CAAC;gBACE,eAAe,EAAE,8BAA8B;aAChD;YACH,CAAC,CAAC,8BAA8B,CAAC,CACpC,CAAC;QACF,MAAM,WAAW,GAAwB,aAAiD;aACvF,WAAW,CAAC;QACf,MAAM,eAAe,GACnB,aACD,CAAC,eAAe,CAAC;QAClB,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC,WAAW,IAAI,eAAe,CAAC,EAAE;YACvD,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,4MAA4M,CAC9N,CAAC;SACH;QACD,IAAI,WAAW,IAAI,eAAe,EAAE;YAClC,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,wOAAwO,CAC1P,CAAC;SACH;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,qBAAqB,iCACpC,OAAO,KACV,aAAa;YACb,MAAM;YACN,QAAQ;YACR,QAAQ,EACR,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAClD,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACxF,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { MsalClientCertificate } from \"../msal/nodeFlows/msalClientCertificate\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { credentialLogger } from \"../util/logging\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst credentialName = \"ClientCertificateCredential\";\nconst logger = credentialLogger(credentialName);\n\n/*\n Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n /\nexport interface ClientCertificatePEMCertificate {\n /\n The PEM-encoded public/private key certificate on the filesystem.\n /\n certificate: string;\n\n /\n The password for the certificate file.\n /\n certificatePassword?: string;\n}\n/\n Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n /\nexport interface ClientCertificatePEMCertificatePath {\n /\n The path to the PEM-encoded public/private key certificate on the filesystem.\n /\n certificatePath: string;\n\n /\n The password for the certificate file.\n /\n certificatePassword?: string;\n}\n/\n Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n /\nexport type ClientCertificateCredentialPEMConfiguration =\n \| ClientCertificatePEMCertificate\n \| ClientCertificatePEMCertificatePath;\n\n/\n Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalFlow: MsalFlow;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions,\n );\n /\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the path of the certificate on the filesystem.\n * If the type is ignored, we will throw the value of the path to a PEM certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificatePath,\n options?: ClientCertificateCredentialOptions,\n );\n /\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Microsoft Entra ID with a certificate.\n \n @param tenantId - The Microsoft Entra tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.\n * If the type is ignored, we will throw the value of the PEM-encoded certificate.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n configuration: ClientCertificatePEMCertificate,\n options?: ClientCertificateCredentialOptions,\n );\n constructor(\n tenantId: string,\n clientId: string,\n certificatePathOrConfiguration: string \| ClientCertificateCredentialPEMConfiguration,\n options: ClientCertificateCredentialOptions = {},\n ) {\n if (!tenantId \|\| !clientId) {\n throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n const configuration: ClientCertificateCredentialPEMConfiguration = {\n ...(typeof certificatePathOrConfiguration === \"string\"\n ? {\n certificatePath: certificatePathOrConfiguration,\n }\n : certificatePathOrConfiguration),\n };\n const certificate: string \| undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string \| undefined = (\n configuration as ClientCertificatePEMCertificatePath\n ).certificatePath;\n if (!configuration \|\| !(certificate \|\| certificatePath)) {\n throw new Error(\n `${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n if (certificate && certificatePath) {\n throw new Error(\n `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n this.msalFlow = new MsalClientCertificate({\n ...options,\n configuration,\n logger,\n clientId,\n tenantId,\n sendCertificateChain: options.sendCertificateChain,\n tokenCredentialOptions: options,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n return this.msalFlow.getToken(arrayScopes, newOptions);\n });\n }\n}\n"]}