@azure/identity 4.0.1-alpha.20240112.2 → 4.0.1-alpha.20240118.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +195 -336
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +16 -23
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/credentials/authorizationCodeCredential.js +4 -14
- package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +9 -8
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +10 -9
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +5 -5
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientAssertionCredential.js +2 -9
- package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientCertificateCredential.js +8 -15
- package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.browser.js +2 -2
- package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.js +3 -7
- package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +17 -46
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +5 -13
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/environmentCredential.js +3 -2
- package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +6 -15
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +13 -26
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +5 -12
- package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +1 -6
- package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +6 -8
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +12 -18
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +1 -7
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +1 -5
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.js +3 -7
- package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist-esm/src/credentials/visualStudioCodeCredential.js +4 -6
- package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js +35 -22
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +6 -7
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +4 -4
- package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js +5 -5
- package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +31 -40
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +9 -7
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js +4 -4
- package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
- package/dist-esm/src/msal/utils.browser.js +2 -6
- package/dist-esm/src/msal/utils.browser.js.map +1 -1
- package/dist-esm/src/msal/utils.js +2 -6
- package/dist-esm/src/msal/utils.js.map +1 -1
- package/dist-esm/src/util/logging.js +2 -6
- package/dist-esm/src/util/logging.js.map +1 -1
- package/dist-esm/src/util/processMultiTenantRequest.browser.js +2 -1
- package/dist-esm/src/util/processMultiTenantRequest.browser.js.map +1 -1
- package/dist-esm/src/util/processMultiTenantRequest.js +3 -2
- package/dist-esm/src/util/processMultiTenantRequest.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -190,7 +190,7 @@ function formatSuccess(scope) {
|
|
|
190
190
|
*/
|
|
191
191
|
function formatError(scope, error) {
|
|
192
192
|
let message = "ERROR.";
|
|
193
|
-
if (scope
|
|
193
|
+
if (scope === null || scope === void 0 ? void 0 : scope.length) {
|
|
194
194
|
message += ` Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
|
|
195
195
|
}
|
|
196
196
|
return `${message} Error message: ${typeof error === "string" ? error : error.message}.`;
|
|
@@ -234,11 +234,7 @@ function credentialLoggerInstance(title, parent, log = logger$n) {
|
|
|
234
234
|
*/
|
|
235
235
|
function credentialLogger(title, log = logger$n) {
|
|
236
236
|
const credLogger = credentialLoggerInstance(title, undefined, log);
|
|
237
|
-
return {
|
|
238
|
-
...credLogger,
|
|
239
|
-
parent: log,
|
|
240
|
-
getToken: credentialLoggerInstance("=> getToken()", credLogger, log),
|
|
241
|
-
};
|
|
237
|
+
return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
|
|
242
238
|
}
|
|
243
239
|
|
|
244
240
|
// Copyright (c) Microsoft Corporation.
|
|
@@ -429,7 +425,7 @@ class MsalBaseUtilities {
|
|
|
429
425
|
* If the token received is invalid, an error will be thrown depending on what's missing.
|
|
430
426
|
*/
|
|
431
427
|
handleResult(scopes, clientId, result, getTokenOptions) {
|
|
432
|
-
if (result
|
|
428
|
+
if (result === null || result === void 0 ? void 0 : result.account) {
|
|
433
429
|
this.account = msalToPublic(clientId, result.account);
|
|
434
430
|
}
|
|
435
431
|
ensureValidMsalToken(scopes, this.logger, result, getTokenOptions);
|
|
@@ -478,11 +474,7 @@ class MsalBaseUtilities {
|
|
|
478
474
|
// transformations.ts
|
|
479
475
|
function publicToMsal(account) {
|
|
480
476
|
const [environment] = account.authority.match(/([a-z]*\.[a-z]*\.[a-z]*)/) || [""];
|
|
481
|
-
return {
|
|
482
|
-
...account,
|
|
483
|
-
localAccountId: account.homeAccountId,
|
|
484
|
-
environment,
|
|
485
|
-
};
|
|
477
|
+
return Object.assign(Object.assign({}, account), { localAccountId: account.homeAccountId, environment });
|
|
486
478
|
}
|
|
487
479
|
function msalToPublic(clientId, account) {
|
|
488
480
|
const record = {
|
|
@@ -551,6 +543,7 @@ function createConfigurationErrorMessage(tenantId) {
|
|
|
551
543
|
* @internal
|
|
552
544
|
*/
|
|
553
545
|
function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger) {
|
|
546
|
+
var _a;
|
|
554
547
|
let resolvedTenantId;
|
|
555
548
|
if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
|
|
556
549
|
resolvedTenantId = tenantId;
|
|
@@ -559,14 +552,14 @@ function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowe
|
|
|
559
552
|
resolvedTenantId = tenantId;
|
|
560
553
|
}
|
|
561
554
|
else {
|
|
562
|
-
resolvedTenantId = getTokenOptions
|
|
555
|
+
resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
|
|
563
556
|
}
|
|
564
557
|
if (tenantId &&
|
|
565
558
|
resolvedTenantId !== tenantId &&
|
|
566
559
|
!additionallyAllowedTenantIds.includes("*") &&
|
|
567
560
|
!additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
|
|
568
561
|
const message = createConfigurationErrorMessage(tenantId);
|
|
569
|
-
logger
|
|
562
|
+
logger === null || logger === void 0 ? void 0 : logger.info(message);
|
|
570
563
|
throw new CredentialUnavailableError(message);
|
|
571
564
|
}
|
|
572
565
|
return resolvedTenantId;
|
|
@@ -704,13 +697,13 @@ const noCorrelationId = "noCorrelationId";
|
|
|
704
697
|
*/
|
|
705
698
|
function getIdentityClientAuthorityHost(options) {
|
|
706
699
|
// The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
|
|
707
|
-
let authorityHost = options
|
|
700
|
+
let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
|
|
708
701
|
// The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
|
|
709
702
|
if (coreUtil.isNode) {
|
|
710
|
-
authorityHost = authorityHost
|
|
703
|
+
authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
|
|
711
704
|
}
|
|
712
705
|
// If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
|
|
713
|
-
return authorityHost
|
|
706
|
+
return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
|
|
714
707
|
}
|
|
715
708
|
/**
|
|
716
709
|
* The network module used by the Identity credentials.
|
|
@@ -721,30 +714,25 @@ function getIdentityClientAuthorityHost(options) {
|
|
|
721
714
|
*/
|
|
722
715
|
class IdentityClient extends coreClient.ServiceClient {
|
|
723
716
|
constructor(options) {
|
|
717
|
+
var _a, _b;
|
|
724
718
|
const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
|
|
725
|
-
const userAgentPrefix = options
|
|
719
|
+
const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
|
|
726
720
|
? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
|
|
727
721
|
: `${packageDetails}`;
|
|
728
722
|
const baseUri = getIdentityClientAuthorityHost(options);
|
|
729
723
|
if (!baseUri.startsWith("https:")) {
|
|
730
724
|
throw new Error("The authorityHost address must use the 'https' protocol.");
|
|
731
725
|
}
|
|
732
|
-
super({
|
|
733
|
-
requestContentType: "application/json; charset=utf-8",
|
|
734
|
-
retryOptions: {
|
|
726
|
+
super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
|
|
735
727
|
maxRetries: 3,
|
|
736
|
-
},
|
|
737
|
-
...options,
|
|
738
|
-
userAgentOptions: {
|
|
728
|
+
} }, options), { userAgentOptions: {
|
|
739
729
|
userAgentPrefix,
|
|
740
|
-
},
|
|
741
|
-
baseUri,
|
|
742
|
-
});
|
|
730
|
+
}, baseUri }));
|
|
743
731
|
this.authorityHost = baseUri;
|
|
744
732
|
this.abortControllers = new Map();
|
|
745
|
-
this.allowLoggingAccountIdentifiers = options
|
|
733
|
+
this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
|
|
746
734
|
// used for WorkloadIdentity
|
|
747
|
-
this.tokenCredentialOptions = {
|
|
735
|
+
this.tokenCredentialOptions = Object.assign({}, options);
|
|
748
736
|
}
|
|
749
737
|
async sendTokenRequest(request) {
|
|
750
738
|
logger$n.info(`IdentityClient: sending token request to [${request.url}]`);
|
|
@@ -852,10 +840,8 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
852
840
|
this.abortControllers.set(key, undefined);
|
|
853
841
|
}
|
|
854
842
|
getCorrelationId(options) {
|
|
855
|
-
|
|
856
|
-
|
|
857
|
-
.map((part) => part.split("="))
|
|
858
|
-
.find(([key]) => key === "client-request-id");
|
|
843
|
+
var _a;
|
|
844
|
+
const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
|
|
859
845
|
return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
|
|
860
846
|
}
|
|
861
847
|
// The MSAL network module methods follow
|
|
@@ -863,8 +849,8 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
863
849
|
const request = coreRestPipeline.createPipelineRequest({
|
|
864
850
|
url,
|
|
865
851
|
method: "GET",
|
|
866
|
-
body: options
|
|
867
|
-
headers: coreRestPipeline.createHttpHeaders(options
|
|
852
|
+
body: options === null || options === void 0 ? void 0 : options.body,
|
|
853
|
+
headers: coreRestPipeline.createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
|
|
868
854
|
abortSignal: this.generateAbortSignal(noCorrelationId),
|
|
869
855
|
});
|
|
870
856
|
const response = await this.sendRequest(request);
|
|
@@ -879,8 +865,8 @@ class IdentityClient extends coreClient.ServiceClient {
|
|
|
879
865
|
const request = coreRestPipeline.createPipelineRequest({
|
|
880
866
|
url,
|
|
881
867
|
method: "POST",
|
|
882
|
-
body: options
|
|
883
|
-
headers: coreRestPipeline.createHttpHeaders(options
|
|
868
|
+
body: options === null || options === void 0 ? void 0 : options.body,
|
|
869
|
+
headers: coreRestPipeline.createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
|
|
884
870
|
// MSAL doesn't send the correlation ID on the get requests.
|
|
885
871
|
abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),
|
|
886
872
|
});
|
|
@@ -1094,34 +1080,29 @@ const msalNodeFlowNativeBrokerControl = {
|
|
|
1094
1080
|
*/
|
|
1095
1081
|
class MsalNode extends MsalBaseUtilities {
|
|
1096
1082
|
constructor(options) {
|
|
1083
|
+
var _a, _b, _c, _d, _e, _f, _g;
|
|
1097
1084
|
super(options);
|
|
1098
1085
|
this.app = {};
|
|
1099
1086
|
this.caeApp = {};
|
|
1100
1087
|
this.requiresConfidential = false;
|
|
1101
1088
|
this.msalConfig = this.defaultNodeMsalConfig(options);
|
|
1102
1089
|
this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
1103
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
1090
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
|
|
1104
1091
|
this.clientId = this.msalConfig.auth.clientId;
|
|
1105
|
-
if (options
|
|
1092
|
+
if (options === null || options === void 0 ? void 0 : options.getAssertion) {
|
|
1106
1093
|
this.getAssertion = options.getAssertion;
|
|
1107
1094
|
}
|
|
1108
|
-
this.enableBroker = options
|
|
1109
|
-
this.enableMsaPassthrough = options
|
|
1110
|
-
this.parentWindowHandle = options.brokerOptions
|
|
1095
|
+
this.enableBroker = (_b = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _b === void 0 ? void 0 : _b.enabled;
|
|
1096
|
+
this.enableMsaPassthrough = (_c = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough;
|
|
1097
|
+
this.parentWindowHandle = (_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.parentWindowHandle;
|
|
1111
1098
|
// If persistence has been configured
|
|
1112
|
-
if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions
|
|
1113
|
-
const nonCaeOptions = {
|
|
1114
|
-
|
|
1115
|
-
...options.tokenCachePersistenceOptions,
|
|
1116
|
-
};
|
|
1117
|
-
const caeOptions = {
|
|
1118
|
-
name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}`,
|
|
1119
|
-
...options.tokenCachePersistenceOptions,
|
|
1120
|
-
};
|
|
1099
|
+
if (persistenceProvider !== undefined && ((_e = options.tokenCachePersistenceOptions) === null || _e === void 0 ? void 0 : _e.enabled)) {
|
|
1100
|
+
const nonCaeOptions = Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
|
|
1101
|
+
const caeOptions = Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
|
|
1121
1102
|
this.createCachePlugin = () => persistenceProvider(nonCaeOptions);
|
|
1122
1103
|
this.createCachePluginCae = () => persistenceProvider(caeOptions);
|
|
1123
1104
|
}
|
|
1124
|
-
else if (options.tokenCachePersistenceOptions
|
|
1105
|
+
else if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
|
|
1125
1106
|
throw new Error([
|
|
1126
1107
|
"Persistent token caching was requested, but no persistence provider was configured.",
|
|
1127
1108
|
"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
|
|
@@ -1138,7 +1119,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1138
1119
|
"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.",
|
|
1139
1120
|
].join(" "));
|
|
1140
1121
|
}
|
|
1141
|
-
this.azureRegion = options.regionalAuthority
|
|
1122
|
+
this.azureRegion = (_g = options.regionalAuthority) !== null && _g !== void 0 ? _g : process.env.AZURE_REGIONAL_AUTHORITY_NAME;
|
|
1142
1123
|
if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {
|
|
1143
1124
|
this.azureRegion = "AUTO_DISCOVER";
|
|
1144
1125
|
}
|
|
@@ -1147,15 +1128,12 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1147
1128
|
* Generates a MSAL configuration that generally works for Node.js
|
|
1148
1129
|
*/
|
|
1149
1130
|
defaultNodeMsalConfig(options) {
|
|
1131
|
+
var _a;
|
|
1150
1132
|
const clientId = options.clientId || DeveloperSignOnClientId;
|
|
1151
1133
|
const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
1152
1134
|
this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;
|
|
1153
1135
|
const authority = getAuthority(tenantId, this.authorityHost);
|
|
1154
|
-
this.identityClient = new IdentityClient({
|
|
1155
|
-
...options.tokenCredentialOptions,
|
|
1156
|
-
authorityHost: authority,
|
|
1157
|
-
loggingOptions: options.loggingOptions,
|
|
1158
|
-
});
|
|
1136
|
+
this.identityClient = new IdentityClient(Object.assign(Object.assign({}, options.tokenCredentialOptions), { authorityHost: authority, loggingOptions: options.loggingOptions }));
|
|
1159
1137
|
const clientCapabilities = [];
|
|
1160
1138
|
return {
|
|
1161
1139
|
auth: {
|
|
@@ -1170,7 +1148,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1170
1148
|
loggerOptions: {
|
|
1171
1149
|
loggerCallback: defaultLoggerCallback(options.logger),
|
|
1172
1150
|
logLevel: getMSALLogLevel(logger$o.getLogLevel()),
|
|
1173
|
-
piiLoggingEnabled: options.loggingOptions
|
|
1151
|
+
piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
|
|
1174
1152
|
},
|
|
1175
1153
|
},
|
|
1176
1154
|
};
|
|
@@ -1194,21 +1172,21 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1194
1172
|
* Prepares the MSAL applications.
|
|
1195
1173
|
*/
|
|
1196
1174
|
async init(options) {
|
|
1197
|
-
if (options
|
|
1175
|
+
if (options === null || options === void 0 ? void 0 : options.abortSignal) {
|
|
1198
1176
|
options.abortSignal.addEventListener("abort", () => {
|
|
1199
1177
|
// This will abort any pending request in the IdentityClient,
|
|
1200
1178
|
// based on the received or generated correlationId
|
|
1201
1179
|
this.identityClient.abortRequests(options.correlationId);
|
|
1202
1180
|
});
|
|
1203
1181
|
}
|
|
1204
|
-
const app = options
|
|
1205
|
-
if (options
|
|
1182
|
+
const app = (options === null || options === void 0 ? void 0 : options.enableCae) ? this.caeApp : this.app;
|
|
1183
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
1206
1184
|
this.msalConfig.auth.clientCapabilities = ["cp1"];
|
|
1207
1185
|
}
|
|
1208
1186
|
if (app.public || app.confidential) {
|
|
1209
1187
|
return;
|
|
1210
1188
|
}
|
|
1211
|
-
if (options
|
|
1189
|
+
if ((options === null || options === void 0 ? void 0 : options.enableCae) && this.createCachePluginCae !== undefined) {
|
|
1212
1190
|
this.msalConfig.cache = {
|
|
1213
1191
|
cachePlugin: await this.createCachePluginCae(),
|
|
1214
1192
|
};
|
|
@@ -1227,7 +1205,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1227
1205
|
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
1228
1206
|
}
|
|
1229
1207
|
}
|
|
1230
|
-
if (options
|
|
1208
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
1231
1209
|
this.caeApp.public = new msalCommon__namespace.PublicClientApplication(this.msalConfig);
|
|
1232
1210
|
}
|
|
1233
1211
|
else {
|
|
@@ -1240,7 +1218,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1240
1218
|
if (this.msalConfig.auth.clientSecret ||
|
|
1241
1219
|
this.msalConfig.auth.clientAssertion ||
|
|
1242
1220
|
this.msalConfig.auth.clientCertificate) {
|
|
1243
|
-
if (options
|
|
1221
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
1244
1222
|
this.caeApp.confidential = new msalCommon__namespace.ConfidentialClientApplication(this.msalConfig);
|
|
1245
1223
|
}
|
|
1246
1224
|
else {
|
|
@@ -1265,7 +1243,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1265
1243
|
.catch(reject);
|
|
1266
1244
|
if (abortSignal) {
|
|
1267
1245
|
abortSignal.addEventListener("abort", () => {
|
|
1268
|
-
onCancel
|
|
1246
|
+
onCancel === null || onCancel === void 0 ? void 0 : onCancel();
|
|
1269
1247
|
});
|
|
1270
1248
|
}
|
|
1271
1249
|
});
|
|
@@ -1278,7 +1256,7 @@ class MsalNode extends MsalBaseUtilities {
|
|
|
1278
1256
|
return this.account;
|
|
1279
1257
|
}
|
|
1280
1258
|
const cache = this.getApp("confidentialFirst", enableCae).getTokenCache();
|
|
1281
|
-
const accountsByTenant = await cache
|
|
1259
|
+
const accountsByTenant = await (cache === null || cache === void 0 ? void 0 : cache.getAllAccounts());
|
|
1282
1260
|
if (!accountsByTenant) {
|
|
1283
1261
|
return;
|
|
1284
1262
|
}
|
|
@@ -1300,7 +1278,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1300
1278
|
* Attempts to retrieve a token from cache.
|
|
1301
1279
|
*/
|
|
1302
1280
|
async getTokenSilent(scopes, options) {
|
|
1303
|
-
|
|
1281
|
+
var _a, _b, _c;
|
|
1282
|
+
await this.getActiveAccount(options === null || options === void 0 ? void 0 : options.enableCae);
|
|
1304
1283
|
if (!this.account) {
|
|
1305
1284
|
throw new AuthenticationRequiredError({
|
|
1306
1285
|
scopes,
|
|
@@ -1311,10 +1290,10 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1311
1290
|
const silentRequest = {
|
|
1312
1291
|
// To be able to re-use the account, the Token Cache must also have been provided.
|
|
1313
1292
|
account: publicToMsal(this.account),
|
|
1314
|
-
correlationId: options
|
|
1293
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
1315
1294
|
scopes,
|
|
1316
|
-
authority: options
|
|
1317
|
-
claims: options
|
|
1295
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
1296
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
1318
1297
|
};
|
|
1319
1298
|
if (hasNativeBroker() && this.enableBroker) {
|
|
1320
1299
|
if (!silentRequest.tokenQueryParameters) {
|
|
@@ -1336,10 +1315,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1336
1315
|
* `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
|
|
1337
1316
|
* This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.
|
|
1338
1317
|
*/
|
|
1339
|
-
await this.getApp("publicFirst", options
|
|
1340
|
-
|
|
1341
|
-
.getAllAccounts();
|
|
1342
|
-
const response = (await this.getApp("confidential", options?.enableCae)?.acquireTokenSilent(silentRequest)) ?? (await this.getApp("public", options?.enableCae).acquireTokenSilent(silentRequest));
|
|
1318
|
+
await ((_a = this.getApp("publicFirst", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
|
|
1319
|
+
const response = (_c = (await ((_b = this.getApp("confidential", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenSilent(silentRequest));
|
|
1343
1320
|
return this.handleResult(scopes, this.clientId, response || undefined);
|
|
1344
1321
|
}
|
|
1345
1322
|
catch (err) {
|
|
@@ -1354,7 +1331,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1354
1331
|
const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||
|
|
1355
1332
|
this.tenantId;
|
|
1356
1333
|
options.authority = getAuthority(tenantId, this.authorityHost);
|
|
1357
|
-
options.correlationId = options
|
|
1334
|
+
options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
|
|
1358
1335
|
await this.init(options);
|
|
1359
1336
|
try {
|
|
1360
1337
|
// MSAL now caches tokens based on their claims,
|
|
@@ -1374,7 +1351,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
1374
1351
|
if (err.name !== "AuthenticationRequiredError") {
|
|
1375
1352
|
throw err;
|
|
1376
1353
|
}
|
|
1377
|
-
if (options
|
|
1354
|
+
if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
|
|
1378
1355
|
throw new AuthenticationRequiredError({
|
|
1379
1356
|
scopes,
|
|
1380
1357
|
getTokenOptions: options,
|
|
@@ -1475,10 +1452,7 @@ class VisualStudioCodeCredential {
|
|
|
1475
1452
|
this.cloudName = (getPropertyFromVSCode("azure.cloud") || "AzureCloud");
|
|
1476
1453
|
// Picking an authority host based on the cloud name.
|
|
1477
1454
|
const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];
|
|
1478
|
-
this.identityClient = new IdentityClient({
|
|
1479
|
-
authorityHost,
|
|
1480
|
-
...options,
|
|
1481
|
-
});
|
|
1455
|
+
this.identityClient = new IdentityClient(Object.assign({ authorityHost }, options));
|
|
1482
1456
|
if (options && options.tenantId) {
|
|
1483
1457
|
checkTenantId(logger$m, options.tenantId);
|
|
1484
1458
|
this.tenantId = options.tenantId;
|
|
@@ -1486,7 +1460,7 @@ class VisualStudioCodeCredential {
|
|
|
1486
1460
|
else {
|
|
1487
1461
|
this.tenantId = CommonTenantId;
|
|
1488
1462
|
}
|
|
1489
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
1463
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
1490
1464
|
checkUnsupportedTenant(this.tenantId);
|
|
1491
1465
|
}
|
|
1492
1466
|
/**
|
|
@@ -1518,6 +1492,7 @@ class VisualStudioCodeCredential {
|
|
|
1518
1492
|
* `TokenCredential` implementation might make.
|
|
1519
1493
|
*/
|
|
1520
1494
|
async getToken(scopes, options) {
|
|
1495
|
+
var _a, _b;
|
|
1521
1496
|
await this.prepareOnce();
|
|
1522
1497
|
const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds, logger$m) || this.tenantId;
|
|
1523
1498
|
if (findCredentials === undefined) {
|
|
@@ -1549,7 +1524,7 @@ class VisualStudioCodeCredential {
|
|
|
1549
1524
|
// ]
|
|
1550
1525
|
const credentials = await findCredentials();
|
|
1551
1526
|
// If we can't find the credential based on the name, we'll pick the first one available.
|
|
1552
|
-
const { password: refreshToken } = credentials.find(({ account }) => account === this.cloudName)
|
|
1527
|
+
const { password: refreshToken } = (_b = (_a = credentials.find(({ account }) => account === this.cloudName)) !== null && _a !== void 0 ? _a : credentials[0]) !== null && _b !== void 0 ? _b : {};
|
|
1553
1528
|
if (refreshToken) {
|
|
1554
1529
|
const tokenResponse = await this.identityClient.refreshAccessToken(tenantId, AzureAccountClientId, scopeString, refreshToken, undefined);
|
|
1555
1530
|
if (tokenResponse) {
|
|
@@ -1673,12 +1648,9 @@ const appServiceMsi2017 = {
|
|
|
1673
1648
|
logger$l.warning(`${msiName$6}: managed Identity by resource Id is not supported. Argument resourceId might be ignored by the service.`);
|
|
1674
1649
|
}
|
|
1675
1650
|
logger$l.info(`${msiName$6}: Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`);
|
|
1676
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
1677
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
1678
|
-
...prepareRequestOptions$5(scopes, clientId),
|
|
1651
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$5(scopes, clientId)), {
|
|
1679
1652
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
1680
|
-
allowInsecureConnection: true
|
|
1681
|
-
});
|
|
1653
|
+
allowInsecureConnection: true }));
|
|
1682
1654
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
1683
1655
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
1684
1656
|
},
|
|
@@ -1748,12 +1720,9 @@ const cloudShellMsi = {
|
|
|
1748
1720
|
logger$k.warning(`${msiName$5}: user defined managed Identity by resource Id not supported. The argument resourceId might be ignored by the service.`);
|
|
1749
1721
|
}
|
|
1750
1722
|
logger$k.info(`${msiName$5}: Using the endpoint coming form the environment variable MSI_ENDPOINT = ${process.env.MSI_ENDPOINT}.`);
|
|
1751
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
1752
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
1753
|
-
...prepareRequestOptions$4(scopes, clientId, resourceId),
|
|
1723
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$4(scopes, clientId, resourceId)), {
|
|
1754
1724
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
1755
|
-
allowInsecureConnection: true
|
|
1756
|
-
});
|
|
1725
|
+
allowInsecureConnection: true }));
|
|
1757
1726
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
1758
1727
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
1759
1728
|
},
|
|
@@ -1767,6 +1736,7 @@ const logger$j = credentialLogger(msiName$4);
|
|
|
1767
1736
|
* Generates the options used on the request for an access token.
|
|
1768
1737
|
*/
|
|
1769
1738
|
function prepareRequestOptions$3(scopes, clientId, resourceId, options) {
|
|
1739
|
+
var _a;
|
|
1770
1740
|
const resource = mapScopesToResource(scopes);
|
|
1771
1741
|
if (!resource) {
|
|
1772
1742
|
throw new Error(`${msiName$4}: Multiple scopes are not supported.`);
|
|
@@ -1789,7 +1759,7 @@ function prepareRequestOptions$3(scopes, clientId, resourceId, options) {
|
|
|
1789
1759
|
const params = new URLSearchParams(queryParameters);
|
|
1790
1760
|
query = `?${params.toString()}`;
|
|
1791
1761
|
}
|
|
1792
|
-
const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST
|
|
1762
|
+
const url = new URL(imdsEndpointPath, (_a = process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) !== null && _a !== void 0 ? _a : imdsHost);
|
|
1793
1763
|
const rawHeaders = {
|
|
1794
1764
|
Accept: "application/json",
|
|
1795
1765
|
Metadata: "true",
|
|
@@ -1834,6 +1804,7 @@ const imdsMsi = {
|
|
|
1834
1804
|
skipQuery: true,
|
|
1835
1805
|
});
|
|
1836
1806
|
return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions, async (options) => {
|
|
1807
|
+
var _a, _b;
|
|
1837
1808
|
requestOptions.tracingOptions = options.tracingOptions;
|
|
1838
1809
|
// Create a request with a timeout since we expect that
|
|
1839
1810
|
// not having a "Metadata" header should cause an error to be
|
|
@@ -1841,7 +1812,7 @@ const imdsMsi = {
|
|
|
1841
1812
|
const request = coreRestPipeline.createPipelineRequest(requestOptions);
|
|
1842
1813
|
// Default to 1000 if the default of 0 is used.
|
|
1843
1814
|
// Negative values can still be used to disable the timeout.
|
|
1844
|
-
request.timeout = options.requestOptions
|
|
1815
|
+
request.timeout = ((_a = options.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 1000;
|
|
1845
1816
|
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
1846
1817
|
request.allowInsecureConnection = true;
|
|
1847
1818
|
let response;
|
|
@@ -1861,7 +1832,7 @@ const imdsMsi = {
|
|
|
1861
1832
|
return false;
|
|
1862
1833
|
}
|
|
1863
1834
|
if (response.status === 403) {
|
|
1864
|
-
if (response.bodyAsText
|
|
1835
|
+
if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("A socket operation was attempted to an unreachable network")) {
|
|
1865
1836
|
logger$j.info(`${msiName$4}: The Azure IMDS endpoint is unavailable`);
|
|
1866
1837
|
logger$j.info(`${msiName$4}: ${response.bodyAsText}`);
|
|
1867
1838
|
return false;
|
|
@@ -1883,11 +1854,7 @@ const imdsMsi = {
|
|
|
1883
1854
|
let nextDelayInMs = imdsMsiRetryConfig.startDelayInMs;
|
|
1884
1855
|
for (let retries = 0; retries < imdsMsiRetryConfig.maxRetries; retries++) {
|
|
1885
1856
|
try {
|
|
1886
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
1887
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
1888
|
-
...prepareRequestOptions$3(scopes, clientId, resourceId),
|
|
1889
|
-
allowInsecureConnection: true,
|
|
1890
|
-
});
|
|
1857
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$3(scopes, clientId, resourceId)), { allowInsecureConnection: true }));
|
|
1891
1858
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
1892
1859
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
1893
1860
|
}
|
|
@@ -1991,6 +1958,7 @@ const arcMsi = {
|
|
|
1991
1958
|
return result;
|
|
1992
1959
|
},
|
|
1993
1960
|
async getToken(configuration, getTokenOptions = {}) {
|
|
1961
|
+
var _a;
|
|
1994
1962
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
1995
1963
|
if (clientId) {
|
|
1996
1964
|
logger$i.warning(`${msiName$3}: user-assigned identities not supported. The argument clientId might be ignored by the service.`);
|
|
@@ -1999,24 +1967,16 @@ const arcMsi = {
|
|
|
1999
1967
|
logger$i.warning(`${msiName$3}: user defined managed Identity by resource Id is not supported. Argument resourceId will be ignored.`);
|
|
2000
1968
|
}
|
|
2001
1969
|
logger$i.info(`${msiName$3}: Authenticating.`);
|
|
2002
|
-
const requestOptions = {
|
|
2003
|
-
disableJsonStringifyOnBody: true,
|
|
2004
|
-
deserializationMapper: undefined,
|
|
2005
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
2006
|
-
...prepareRequestOptions$2(scopes, clientId, resourceId),
|
|
2007
|
-
allowInsecureConnection: true,
|
|
2008
|
-
};
|
|
1970
|
+
const requestOptions = Object.assign(Object.assign({ disableJsonStringifyOnBody: true, deserializationMapper: undefined, abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$2(scopes, clientId, resourceId)), { allowInsecureConnection: true });
|
|
2009
1971
|
const filePath = await filePathRequest(identityClient, requestOptions);
|
|
2010
1972
|
if (!filePath) {
|
|
2011
1973
|
throw new Error(`${msiName$3}: Failed to find the token file.`);
|
|
2012
1974
|
}
|
|
2013
1975
|
const key = await readFileAsync$1(filePath, { encoding: "utf-8" });
|
|
2014
|
-
requestOptions.headers
|
|
2015
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
2016
|
-
...requestOptions,
|
|
1976
|
+
(_a = requestOptions.headers) === null || _a === void 0 ? void 0 : _a.set("Authorization", `Basic ${key}`);
|
|
1977
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({}, requestOptions), {
|
|
2017
1978
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2018
|
-
allowInsecureConnection: true
|
|
2019
|
-
});
|
|
1979
|
+
allowInsecureConnection: true }));
|
|
2020
1980
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
2021
1981
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2022
1982
|
},
|
|
@@ -2084,17 +2044,10 @@ class ClientAssertionCredential {
|
|
|
2084
2044
|
throw new Error("ClientAssertionCredential: tenantId, clientId, and clientAssertion are required parameters.");
|
|
2085
2045
|
}
|
|
2086
2046
|
this.tenantId = tenantId;
|
|
2087
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
2047
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2088
2048
|
this.clientId = clientId;
|
|
2089
2049
|
this.options = options;
|
|
2090
|
-
this.msalFlow = new MsalClientAssertion({
|
|
2091
|
-
...options,
|
|
2092
|
-
logger: logger$h,
|
|
2093
|
-
clientId: this.clientId,
|
|
2094
|
-
tenantId: this.tenantId,
|
|
2095
|
-
tokenCredentialOptions: this.options,
|
|
2096
|
-
getAssertion,
|
|
2097
|
-
});
|
|
2050
|
+
this.msalFlow = new MsalClientAssertion(Object.assign(Object.assign({}, options), { logger: logger$h, clientId: this.clientId, tenantId: this.tenantId, tokenCredentialOptions: this.options, getAssertion }));
|
|
2098
2051
|
}
|
|
2099
2052
|
/**
|
|
2100
2053
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -2155,7 +2108,7 @@ class WorkloadIdentityCredential {
|
|
|
2155
2108
|
// Logging environment variables for error details
|
|
2156
2109
|
const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
|
|
2157
2110
|
logger$g.info(`Found the following environment variables: ${assignedEnv}`);
|
|
2158
|
-
const workloadIdentityCredentialOptions = options
|
|
2111
|
+
const workloadIdentityCredentialOptions = options !== null && options !== void 0 ? options : {};
|
|
2159
2112
|
const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
|
|
2160
2113
|
const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
|
|
2161
2114
|
this.federatedTokenFilePath =
|
|
@@ -2235,13 +2188,7 @@ function tokenExchangeMsi() {
|
|
|
2235
2188
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2236
2189
|
const { scopes, clientId } = configuration;
|
|
2237
2190
|
const identityClientTokenCredentialOptions = {};
|
|
2238
|
-
const workloadIdentityCredential = new WorkloadIdentityCredential({
|
|
2239
|
-
clientId,
|
|
2240
|
-
tenantId: process.env.AZURE_TENANT_ID,
|
|
2241
|
-
tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,
|
|
2242
|
-
...identityClientTokenCredentialOptions,
|
|
2243
|
-
disableInstanceDiscovery: true,
|
|
2244
|
-
});
|
|
2191
|
+
const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true }));
|
|
2245
2192
|
const token = await workloadIdentityCredential.getToken(scopes, getTokenOptions);
|
|
2246
2193
|
return token;
|
|
2247
2194
|
},
|
|
@@ -2327,12 +2274,7 @@ const fabricMsi = {
|
|
|
2327
2274
|
"IDENTITY_HEADER=[REDACTED] and",
|
|
2328
2275
|
"IDENTITY_SERVER_THUMBPRINT=[REDACTED].",
|
|
2329
2276
|
].join(" "));
|
|
2330
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
2331
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
2332
|
-
...prepareRequestOptions$1(scopes, clientId, resourceId),
|
|
2333
|
-
// The service fabric MSI endpoint will be HTTPS (however, the certificate will be self-signed).
|
|
2334
|
-
// allowInsecureConnection: true
|
|
2335
|
-
});
|
|
2277
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions$1(scopes, clientId, resourceId)));
|
|
2336
2278
|
request.agent = new https.Agent({
|
|
2337
2279
|
// This is necessary because Service Fabric provides a self-signed certificate.
|
|
2338
2280
|
// The alternative path is to verify the certificate using the IDENTITY_SERVER_THUMBPRINT env variable.
|
|
@@ -2403,12 +2345,9 @@ const appServiceMsi2019 = {
|
|
|
2403
2345
|
async getToken(configuration, getTokenOptions = {}) {
|
|
2404
2346
|
const { identityClient, scopes, clientId, resourceId } = configuration;
|
|
2405
2347
|
logger$d.info(`${msiName}: Using the endpoint and the secret coming form the environment variables: IDENTITY_ENDPOINT=${process.env.IDENTITY_ENDPOINT} and IDENTITY_HEADER=[REDACTED].`);
|
|
2406
|
-
const request = coreRestPipeline.createPipelineRequest({
|
|
2407
|
-
abortSignal: getTokenOptions.abortSignal,
|
|
2408
|
-
...prepareRequestOptions(scopes, clientId, resourceId),
|
|
2348
|
+
const request = coreRestPipeline.createPipelineRequest(Object.assign(Object.assign({ abortSignal: getTokenOptions.abortSignal }, prepareRequestOptions(scopes, clientId, resourceId)), {
|
|
2409
2349
|
// Generally, MSI endpoints use the HTTP protocol, without transport layer security (TLS).
|
|
2410
|
-
allowInsecureConnection: true
|
|
2411
|
-
});
|
|
2350
|
+
allowInsecureConnection: true }));
|
|
2412
2351
|
const tokenResponse = await identityClient.sendTokenRequest(request);
|
|
2413
2352
|
return (tokenResponse && tokenResponse.accessToken) || null;
|
|
2414
2353
|
},
|
|
@@ -2431,6 +2370,7 @@ class ManagedIdentityCredential {
|
|
|
2431
2370
|
* @hidden
|
|
2432
2371
|
*/
|
|
2433
2372
|
constructor(clientIdOrOptions, options) {
|
|
2373
|
+
var _a;
|
|
2434
2374
|
this.isEndpointUnavailable = null;
|
|
2435
2375
|
this.isAppTokenProviderInitialized = false;
|
|
2436
2376
|
let _options;
|
|
@@ -2439,28 +2379,25 @@ class ManagedIdentityCredential {
|
|
|
2439
2379
|
_options = options;
|
|
2440
2380
|
}
|
|
2441
2381
|
else {
|
|
2442
|
-
this.clientId = clientIdOrOptions
|
|
2382
|
+
this.clientId = clientIdOrOptions === null || clientIdOrOptions === void 0 ? void 0 : clientIdOrOptions.clientId;
|
|
2443
2383
|
_options = clientIdOrOptions;
|
|
2444
2384
|
}
|
|
2445
|
-
this.resourceId = _options
|
|
2385
|
+
this.resourceId = _options === null || _options === void 0 ? void 0 : _options.resourceId;
|
|
2446
2386
|
// For JavaScript users.
|
|
2447
2387
|
if (this.clientId && this.resourceId) {
|
|
2448
2388
|
throw new Error(`${ManagedIdentityCredential.name} - Client Id and Resource Id can't be provided at the same time.`);
|
|
2449
2389
|
}
|
|
2450
2390
|
this.identityClient = new IdentityClient(_options);
|
|
2451
|
-
this.isAvailableIdentityClient = new IdentityClient({
|
|
2452
|
-
..._options,
|
|
2453
|
-
retryOptions: {
|
|
2391
|
+
this.isAvailableIdentityClient = new IdentityClient(Object.assign(Object.assign({}, _options), { retryOptions: {
|
|
2454
2392
|
maxRetries: 0,
|
|
2455
|
-
}
|
|
2456
|
-
});
|
|
2393
|
+
} }));
|
|
2457
2394
|
/** authority host validation and metadata discovery to be skipped in managed identity
|
|
2458
2395
|
* since this wasn't done previously before adding token cache support
|
|
2459
2396
|
*/
|
|
2460
2397
|
this.confidentialApp = new msalCommon.ConfidentialClientApplication({
|
|
2461
2398
|
auth: {
|
|
2462
2399
|
authority: "https://login.microsoftonline.com/managed_identity",
|
|
2463
|
-
clientId: this.clientId
|
|
2400
|
+
clientId: (_a = this.clientId) !== null && _a !== void 0 ? _a : DeveloperSignOnClientId,
|
|
2464
2401
|
clientSecret: "dummy-secret",
|
|
2465
2402
|
cloudDiscoveryMetadata: '{"tenant_discovery_endpoint":"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}',
|
|
2466
2403
|
authorityMetadata: '{"token_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/common/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/{tenantid}/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/common/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/common/kerberos","tenant_region_scope":null,"cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}',
|
|
@@ -2547,15 +2484,13 @@ class ManagedIdentityCredential {
|
|
|
2547
2484
|
else {
|
|
2548
2485
|
const appTokenParameters = {
|
|
2549
2486
|
correlationId: this.identityClient.getCorrelationId(),
|
|
2550
|
-
tenantId: options
|
|
2487
|
+
tenantId: (options === null || options === void 0 ? void 0 : options.tenantId) || "managed_identity",
|
|
2551
2488
|
scopes: Array.isArray(scopes) ? scopes : [scopes],
|
|
2552
|
-
claims: options
|
|
2489
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
2553
2490
|
};
|
|
2554
2491
|
// Added a check to see if SetAppTokenProvider was already defined.
|
|
2555
2492
|
this.initializeSetAppTokenProvider();
|
|
2556
|
-
const authenticationResult = await this.confidentialApp.acquireTokenByClientCredential({
|
|
2557
|
-
...appTokenParameters,
|
|
2558
|
-
});
|
|
2493
|
+
const authenticationResult = await this.confidentialApp.acquireTokenByClientCredential(Object.assign({}, appTokenParameters));
|
|
2559
2494
|
result = this.handleResult(scopes, authenticationResult || undefined);
|
|
2560
2495
|
}
|
|
2561
2496
|
if (result === null) {
|
|
@@ -2683,18 +2618,16 @@ class ManagedIdentityCredential {
|
|
|
2683
2618
|
if (!this.isAppTokenProviderInitialized) {
|
|
2684
2619
|
this.confidentialApp.SetAppTokenProvider(async (appTokenProviderParameters) => {
|
|
2685
2620
|
logger$c.info(`SetAppTokenProvider invoked with parameters- ${JSON.stringify(appTokenProviderParameters)}`);
|
|
2686
|
-
const getTokenOptions = {
|
|
2687
|
-
...appTokenProviderParameters,
|
|
2688
|
-
};
|
|
2621
|
+
const getTokenOptions = Object.assign({}, appTokenProviderParameters);
|
|
2689
2622
|
logger$c.info(`authenticateManagedIdentity invoked with scopes- ${JSON.stringify(appTokenProviderParameters.scopes)} and getTokenOptions - ${JSON.stringify(getTokenOptions)}`);
|
|
2690
2623
|
const resultToken = await this.authenticateManagedIdentity(appTokenProviderParameters.scopes, getTokenOptions);
|
|
2691
2624
|
if (resultToken) {
|
|
2692
2625
|
logger$c.info(`SetAppTokenProvider will save the token in cache`);
|
|
2693
|
-
const expiresInSeconds = resultToken
|
|
2626
|
+
const expiresInSeconds = (resultToken === null || resultToken === void 0 ? void 0 : resultToken.expiresOnTimestamp)
|
|
2694
2627
|
? Math.floor((resultToken.expiresOnTimestamp - Date.now()) / 1000)
|
|
2695
2628
|
: 0;
|
|
2696
2629
|
return {
|
|
2697
|
-
accessToken: resultToken
|
|
2630
|
+
accessToken: resultToken === null || resultToken === void 0 ? void 0 : resultToken.token,
|
|
2698
2631
|
expiresInSeconds,
|
|
2699
2632
|
};
|
|
2700
2633
|
}
|
|
@@ -2807,12 +2740,12 @@ class AzureCliCredential {
|
|
|
2807
2740
|
* @param options - Options, to optionally allow multi-tenant requests.
|
|
2808
2741
|
*/
|
|
2809
2742
|
constructor(options) {
|
|
2810
|
-
if (options
|
|
2811
|
-
checkTenantId(logger$b, options
|
|
2812
|
-
this.tenantId = options
|
|
2743
|
+
if (options === null || options === void 0 ? void 0 : options.tenantId) {
|
|
2744
|
+
checkTenantId(logger$b, options === null || options === void 0 ? void 0 : options.tenantId);
|
|
2745
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
2813
2746
|
}
|
|
2814
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
2815
|
-
this.timeout = options
|
|
2747
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2748
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
2816
2749
|
}
|
|
2817
2750
|
/**
|
|
2818
2751
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -2830,13 +2763,14 @@ class AzureCliCredential {
|
|
|
2830
2763
|
const scope = typeof scopes === "string" ? scopes : scopes[0];
|
|
2831
2764
|
logger$b.getToken.info(`Using the scope ${scope}`);
|
|
2832
2765
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
2766
|
+
var _a, _b, _c, _d;
|
|
2833
2767
|
try {
|
|
2834
2768
|
ensureValidScopeForDevTimeCreds(scope, logger$b);
|
|
2835
2769
|
const resource = getScopeResource(scope);
|
|
2836
2770
|
const obj = await cliCredentialInternals.getAzureCliAccessToken(resource, tenantId, this.timeout);
|
|
2837
|
-
const specificScope = obj.stderr
|
|
2838
|
-
const isLoginError = obj.stderr
|
|
2839
|
-
const isNotInstallError = obj.stderr
|
|
2771
|
+
const specificScope = (_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("(.*)az login --scope(.*)");
|
|
2772
|
+
const isLoginError = ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("(.*)az login(.*)")) && !specificScope;
|
|
2773
|
+
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("az:(.*)not found")) || ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'az' is not recognized"));
|
|
2840
2774
|
if (isNotInstallError) {
|
|
2841
2775
|
const error = new CredentialUnavailableError("Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.");
|
|
2842
2776
|
logger$b.getToken.info(formatError(scopes, error));
|
|
@@ -2988,12 +2922,12 @@ class AzurePowerShellCredential {
|
|
|
2988
2922
|
* @param options - Options, to optionally allow multi-tenant requests.
|
|
2989
2923
|
*/
|
|
2990
2924
|
constructor(options) {
|
|
2991
|
-
if (options
|
|
2992
|
-
checkTenantId(logger$a, options
|
|
2993
|
-
this.tenantId = options
|
|
2925
|
+
if (options === null || options === void 0 ? void 0 : options.tenantId) {
|
|
2926
|
+
checkTenantId(logger$a, options === null || options === void 0 ? void 0 : options.tenantId);
|
|
2927
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
2994
2928
|
}
|
|
2995
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
2996
|
-
this.timeout = options
|
|
2929
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
2930
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
2997
2931
|
}
|
|
2998
2932
|
/**
|
|
2999
2933
|
* Gets the access token from Azure PowerShell
|
|
@@ -3287,14 +3221,12 @@ class ClientCertificateCredential {
|
|
|
3287
3221
|
throw new Error(`${credentialName$2}: tenantId and clientId are required parameters.`);
|
|
3288
3222
|
}
|
|
3289
3223
|
this.tenantId = tenantId;
|
|
3290
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
3291
|
-
const configuration = {
|
|
3292
|
-
|
|
3293
|
-
|
|
3294
|
-
|
|
3295
|
-
|
|
3296
|
-
: certificatePathOrConfiguration),
|
|
3297
|
-
};
|
|
3224
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
3225
|
+
const configuration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
|
|
3226
|
+
? {
|
|
3227
|
+
certificatePath: certificatePathOrConfiguration,
|
|
3228
|
+
}
|
|
3229
|
+
: certificatePathOrConfiguration));
|
|
3298
3230
|
const certificate = configuration
|
|
3299
3231
|
.certificate;
|
|
3300
3232
|
const certificatePath = configuration.certificatePath;
|
|
@@ -3304,15 +3236,10 @@ class ClientCertificateCredential {
|
|
|
3304
3236
|
if (certificate && certificatePath) {
|
|
3305
3237
|
throw new Error(`${credentialName$2}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
3306
3238
|
}
|
|
3307
|
-
this.msalFlow = new MsalClientCertificate({
|
|
3308
|
-
...options,
|
|
3309
|
-
configuration,
|
|
3239
|
+
this.msalFlow = new MsalClientCertificate(Object.assign(Object.assign({}, options), { configuration,
|
|
3310
3240
|
logger: logger$8,
|
|
3311
3241
|
clientId,
|
|
3312
|
-
tenantId,
|
|
3313
|
-
sendCertificateChain: options.sendCertificateChain,
|
|
3314
|
-
tokenCredentialOptions: options,
|
|
3315
|
-
});
|
|
3242
|
+
tenantId, sendCertificateChain: options.sendCertificateChain, tokenCredentialOptions: options }));
|
|
3316
3243
|
}
|
|
3317
3244
|
/**
|
|
3318
3245
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -3389,15 +3316,11 @@ class ClientSecretCredential {
|
|
|
3389
3316
|
throw new Error("ClientSecretCredential: tenantId, clientId, and clientSecret are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
|
|
3390
3317
|
}
|
|
3391
3318
|
this.tenantId = tenantId;
|
|
3392
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
3393
|
-
this.msalFlow = new MsalClientSecret({
|
|
3394
|
-
...options,
|
|
3395
|
-
logger: logger$7,
|
|
3319
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
3320
|
+
this.msalFlow = new MsalClientSecret(Object.assign(Object.assign({}, options), { logger: logger$7,
|
|
3396
3321
|
clientId,
|
|
3397
3322
|
tenantId,
|
|
3398
|
-
clientSecret,
|
|
3399
|
-
tokenCredentialOptions: options,
|
|
3400
|
-
});
|
|
3323
|
+
clientSecret, tokenCredentialOptions: options }));
|
|
3401
3324
|
}
|
|
3402
3325
|
/**
|
|
3403
3326
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -3434,11 +3357,11 @@ class MsalUsernamePassword extends MsalNode {
|
|
|
3434
3357
|
scopes,
|
|
3435
3358
|
username: this.username,
|
|
3436
3359
|
password: this.password,
|
|
3437
|
-
correlationId: options
|
|
3438
|
-
authority: options
|
|
3439
|
-
claims: options
|
|
3360
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
3361
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
3362
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
3440
3363
|
};
|
|
3441
|
-
const result = await this.getApp("public", options
|
|
3364
|
+
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByUsernamePassword(requestOptions);
|
|
3442
3365
|
return this.handleResult(scopes, this.clientId, result || undefined);
|
|
3443
3366
|
}
|
|
3444
3367
|
catch (error) {
|
|
@@ -3473,16 +3396,12 @@ class UsernamePasswordCredential {
|
|
|
3473
3396
|
throw new Error("UsernamePasswordCredential: tenantId, clientId, username and password are required parameters. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
3474
3397
|
}
|
|
3475
3398
|
this.tenantId = tenantId;
|
|
3476
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
3477
|
-
this.msalFlow = new MsalUsernamePassword({
|
|
3478
|
-
...options,
|
|
3479
|
-
logger: logger$6,
|
|
3399
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
3400
|
+
this.msalFlow = new MsalUsernamePassword(Object.assign(Object.assign({}, options), { logger: logger$6,
|
|
3480
3401
|
clientId,
|
|
3481
3402
|
tenantId,
|
|
3482
3403
|
username,
|
|
3483
|
-
password,
|
|
3484
|
-
tokenCredentialOptions: options || {},
|
|
3485
|
-
});
|
|
3404
|
+
password, tokenCredentialOptions: options || {} }));
|
|
3486
3405
|
}
|
|
3487
3406
|
/**
|
|
3488
3407
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -3525,7 +3444,8 @@ const AllSupportedEnvironmentVariables = [
|
|
|
3525
3444
|
"AZURE_ADDITIONALLY_ALLOWED_TENANTS",
|
|
3526
3445
|
];
|
|
3527
3446
|
function getAdditionallyAllowedTenants() {
|
|
3528
|
-
|
|
3447
|
+
var _a;
|
|
3448
|
+
const additionallyAllowedValues = (_a = process.env.AZURE_ADDITIONALLY_ALLOWED_TENANTS) !== null && _a !== void 0 ? _a : "";
|
|
3529
3449
|
return additionallyAllowedValues.split(";");
|
|
3530
3450
|
}
|
|
3531
3451
|
const credentialName$1 = "EnvironmentCredential";
|
|
@@ -3566,7 +3486,7 @@ class EnvironmentCredential {
|
|
|
3566
3486
|
logger$5.info(`Found the following environment variables: ${assigned}`);
|
|
3567
3487
|
const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
|
|
3568
3488
|
const additionallyAllowedTenantIds = getAdditionallyAllowedTenants();
|
|
3569
|
-
const newOptions = {
|
|
3489
|
+
const newOptions = Object.assign(Object.assign({}, options), { additionallyAllowedTenantIds });
|
|
3570
3490
|
if (tenantId) {
|
|
3571
3491
|
checkTenantId(logger$5, tenantId);
|
|
3572
3492
|
}
|
|
@@ -3706,12 +3626,12 @@ class AzureDeveloperCliCredential {
|
|
|
3706
3626
|
* @param options - Options, to optionally allow multi-tenant requests.
|
|
3707
3627
|
*/
|
|
3708
3628
|
constructor(options) {
|
|
3709
|
-
if (options
|
|
3710
|
-
checkTenantId(logger$4, options
|
|
3711
|
-
this.tenantId = options
|
|
3629
|
+
if (options === null || options === void 0 ? void 0 : options.tenantId) {
|
|
3630
|
+
checkTenantId(logger$4, options === null || options === void 0 ? void 0 : options.tenantId);
|
|
3631
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
3712
3632
|
}
|
|
3713
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
3714
|
-
this.timeout = options
|
|
3633
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
3634
|
+
this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
|
|
3715
3635
|
}
|
|
3716
3636
|
/**
|
|
3717
3637
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -3735,15 +3655,16 @@ class AzureDeveloperCliCredential {
|
|
|
3735
3655
|
}
|
|
3736
3656
|
logger$4.getToken.info(`Using the scopes ${scopes}`);
|
|
3737
3657
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
|
|
3658
|
+
var _a, _b, _c, _d;
|
|
3738
3659
|
try {
|
|
3739
3660
|
scopeList.forEach((scope) => {
|
|
3740
3661
|
ensureValidScopeForDevTimeCreds(scope, logger$4);
|
|
3741
3662
|
});
|
|
3742
3663
|
const obj = await developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
|
|
3743
|
-
const isNotLoggedInError = obj.stderr
|
|
3744
|
-
obj.stderr
|
|
3745
|
-
const isNotInstallError = obj.stderr
|
|
3746
|
-
obj.stderr
|
|
3664
|
+
const isNotLoggedInError = ((_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login")) ||
|
|
3665
|
+
((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("not logged in, run `azd auth login` to login"));
|
|
3666
|
+
const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("azd:(.*)not found")) ||
|
|
3667
|
+
((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'azd' is not recognized"));
|
|
3747
3668
|
if (isNotInstallError || (obj.error && obj.error.code === "ENOENT")) {
|
|
3748
3669
|
const error = new CredentialUnavailableError("Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
|
|
3749
3670
|
logger$4.getToken.info(formatError(scopes, error));
|
|
@@ -3792,34 +3713,23 @@ class DefaultManagedIdentityCredential extends ManagedIdentityCredential {
|
|
|
3792
3713
|
// Constructor overload with just the other default options
|
|
3793
3714
|
// Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
|
|
3794
3715
|
constructor(options) {
|
|
3795
|
-
|
|
3796
|
-
|
|
3797
|
-
const workloadIdentityClientId = options
|
|
3798
|
-
|
|
3799
|
-
const managedResourceId = options
|
|
3800
|
-
?.managedIdentityResourceId;
|
|
3716
|
+
var _a, _b, _c;
|
|
3717
|
+
const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
|
|
3718
|
+
const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
|
|
3719
|
+
const managedResourceId = options === null || options === void 0 ? void 0 : options.managedIdentityResourceId;
|
|
3801
3720
|
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
3802
|
-
const tenantId = options
|
|
3721
|
+
const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
|
|
3803
3722
|
// ManagedIdentityCredential throws if both the resourceId and the clientId are provided.
|
|
3804
3723
|
if (managedResourceId) {
|
|
3805
|
-
const managedIdentityResourceIdOptions = {
|
|
3806
|
-
...options,
|
|
3807
|
-
resourceId: managedResourceId,
|
|
3808
|
-
};
|
|
3724
|
+
const managedIdentityResourceIdOptions = Object.assign(Object.assign({}, options), { resourceId: managedResourceId });
|
|
3809
3725
|
super(managedIdentityResourceIdOptions);
|
|
3810
3726
|
}
|
|
3811
3727
|
else if (workloadFile && workloadIdentityClientId) {
|
|
3812
|
-
const workloadIdentityCredentialOptions = {
|
|
3813
|
-
...options,
|
|
3814
|
-
tenantId: tenantId,
|
|
3815
|
-
};
|
|
3728
|
+
const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId: tenantId });
|
|
3816
3729
|
super(workloadIdentityClientId, workloadIdentityCredentialOptions);
|
|
3817
3730
|
}
|
|
3818
3731
|
else if (managedIdentityClientId) {
|
|
3819
|
-
const managedIdentityClientOptions = {
|
|
3820
|
-
...options,
|
|
3821
|
-
clientId: managedIdentityClientId,
|
|
3822
|
-
};
|
|
3732
|
+
const managedIdentityClientOptions = Object.assign(Object.assign({}, options), { clientId: managedIdentityClientId });
|
|
3823
3733
|
super(managedIdentityClientOptions);
|
|
3824
3734
|
}
|
|
3825
3735
|
else {
|
|
@@ -3837,26 +3747,17 @@ class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
|
|
|
3837
3747
|
// Constructor overload with just the other default options
|
|
3838
3748
|
// Last constructor overload with Union of all options not required since the above two constructor overloads have optional properties
|
|
3839
3749
|
constructor(options) {
|
|
3840
|
-
|
|
3841
|
-
|
|
3842
|
-
const workloadIdentityClientId = options
|
|
3843
|
-
managedIdentityClientId;
|
|
3750
|
+
var _a, _b, _c;
|
|
3751
|
+
const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
|
|
3752
|
+
const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
|
|
3844
3753
|
const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
|
|
3845
|
-
const tenantId = options
|
|
3754
|
+
const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
|
|
3846
3755
|
if (workloadFile && workloadIdentityClientId) {
|
|
3847
|
-
const workloadIdentityCredentialOptions = {
|
|
3848
|
-
...options,
|
|
3849
|
-
tenantId,
|
|
3850
|
-
clientId: workloadIdentityClientId,
|
|
3851
|
-
tokenFilePath: workloadFile,
|
|
3852
|
-
};
|
|
3756
|
+
const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, tokenFilePath: workloadFile });
|
|
3853
3757
|
super(workloadIdentityCredentialOptions);
|
|
3854
3758
|
}
|
|
3855
3759
|
else if (tenantId) {
|
|
3856
|
-
const workloadIdentityClientTenantOptions = {
|
|
3857
|
-
...options,
|
|
3858
|
-
tenantId,
|
|
3859
|
-
};
|
|
3760
|
+
const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
|
|
3860
3761
|
super(workloadIdentityClientTenantOptions);
|
|
3861
3762
|
}
|
|
3862
3763
|
else {
|
|
@@ -3866,26 +3767,17 @@ class DefaultWorkloadIdentityCredential extends WorkloadIdentityCredential {
|
|
|
3866
3767
|
}
|
|
3867
3768
|
class DefaultAzureDeveloperCliCredential extends AzureDeveloperCliCredential {
|
|
3868
3769
|
constructor(options) {
|
|
3869
|
-
super({
|
|
3870
|
-
processTimeoutInMs: options?.processTimeoutInMs,
|
|
3871
|
-
...options,
|
|
3872
|
-
});
|
|
3770
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.processTimeoutInMs }, options));
|
|
3873
3771
|
}
|
|
3874
3772
|
}
|
|
3875
3773
|
class DefaultAzureCliCredential extends AzureCliCredential {
|
|
3876
3774
|
constructor(options) {
|
|
3877
|
-
super({
|
|
3878
|
-
processTimeoutInMs: options?.processTimeoutInMs,
|
|
3879
|
-
...options,
|
|
3880
|
-
});
|
|
3775
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.processTimeoutInMs }, options));
|
|
3881
3776
|
}
|
|
3882
3777
|
}
|
|
3883
3778
|
class DefaultAzurePowershellCredential extends AzurePowerShellCredential {
|
|
3884
3779
|
constructor(options) {
|
|
3885
|
-
super({
|
|
3886
|
-
processTimeoutInMs: options?.processTimeoutInMs,
|
|
3887
|
-
...options,
|
|
3888
|
-
});
|
|
3780
|
+
super(Object.assign({ processTimeoutInMs: options === null || options === void 0 ? void 0 : options.processTimeoutInMs }, options));
|
|
3889
3781
|
}
|
|
3890
3782
|
}
|
|
3891
3783
|
const defaultCredentials = [
|
|
@@ -3922,22 +3814,24 @@ const interactiveBrowserMockable = {
|
|
|
3922
3814
|
*/
|
|
3923
3815
|
class MsalOpenBrowser extends MsalNode {
|
|
3924
3816
|
constructor(options) {
|
|
3817
|
+
var _a, _b;
|
|
3925
3818
|
super(options);
|
|
3926
3819
|
this.loginHint = options.loginHint;
|
|
3927
|
-
this.errorTemplate = options.browserCustomizationOptions
|
|
3928
|
-
this.successTemplate = options.browserCustomizationOptions
|
|
3820
|
+
this.errorTemplate = (_a = options.browserCustomizationOptions) === null || _a === void 0 ? void 0 : _a.errorMessage;
|
|
3821
|
+
this.successTemplate = (_b = options.browserCustomizationOptions) === null || _b === void 0 ? void 0 : _b.successMessage;
|
|
3929
3822
|
this.logger = credentialLogger("Node.js MSAL Open Browser");
|
|
3930
3823
|
}
|
|
3931
3824
|
async doGetToken(scopes, options) {
|
|
3825
|
+
var _a;
|
|
3932
3826
|
try {
|
|
3933
3827
|
const interactiveRequest = {
|
|
3934
3828
|
openBrowser: async (url) => {
|
|
3935
3829
|
await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });
|
|
3936
3830
|
},
|
|
3937
3831
|
scopes,
|
|
3938
|
-
authority: options
|
|
3939
|
-
claims: options
|
|
3940
|
-
correlationId: options
|
|
3832
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
3833
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
3834
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
3941
3835
|
loginHint: this.loginHint,
|
|
3942
3836
|
errorTemplate: this.errorTemplate,
|
|
3943
3837
|
successTemplate: this.successTemplate,
|
|
@@ -3952,14 +3846,14 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3952
3846
|
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
3953
3847
|
}
|
|
3954
3848
|
if (this.enableMsaPassthrough) {
|
|
3955
|
-
(interactiveRequest.tokenQueryParameters
|
|
3849
|
+
((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
|
|
3956
3850
|
"consumer_passthrough";
|
|
3957
3851
|
}
|
|
3958
3852
|
}
|
|
3959
3853
|
if (hasNativeBroker() && !this.enableBroker) {
|
|
3960
3854
|
this.logger.verbose("Authentication will resume normally without the broker, since it's not enabled");
|
|
3961
3855
|
}
|
|
3962
|
-
const result = await this.getApp("public", options
|
|
3856
|
+
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
|
|
3963
3857
|
if (result.fromNativeBroker) {
|
|
3964
3858
|
this.logger.verbose(`This result is returned from native broker`);
|
|
3965
3859
|
}
|
|
@@ -3992,41 +3886,31 @@ class InteractiveBrowserCredential {
|
|
|
3992
3886
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
3993
3887
|
*/
|
|
3994
3888
|
constructor(options) {
|
|
3889
|
+
var _a, _b, _c;
|
|
3995
3890
|
const redirectUri = typeof options.redirectUri === "function"
|
|
3996
3891
|
? options.redirectUri()
|
|
3997
3892
|
: options.redirectUri || "http://localhost";
|
|
3998
|
-
this.tenantId = options
|
|
3999
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
3893
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
3894
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
4000
3895
|
const ibcNodeOptions = options;
|
|
4001
|
-
if (ibcNodeOptions
|
|
4002
|
-
if (!ibcNodeOptions
|
|
3896
|
+
if ((_a = ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.brokerOptions) === null || _a === void 0 ? void 0 : _a.enabled) {
|
|
3897
|
+
if (!((_b = ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.brokerOptions) === null || _b === void 0 ? void 0 : _b.parentWindowHandle)) {
|
|
4003
3898
|
throw new Error("In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter");
|
|
4004
3899
|
}
|
|
4005
3900
|
else {
|
|
4006
|
-
this.msalFlow = new MsalOpenBrowser({
|
|
4007
|
-
|
|
4008
|
-
tokenCredentialOptions: options,
|
|
4009
|
-
logger: logger$3,
|
|
4010
|
-
redirectUri,
|
|
4011
|
-
browserCustomizationOptions: ibcNodeOptions?.browserCustomizationOptions,
|
|
4012
|
-
brokerOptions: {
|
|
3901
|
+
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$3,
|
|
3902
|
+
redirectUri, browserCustomizationOptions: ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.browserCustomizationOptions, brokerOptions: {
|
|
4013
3903
|
enabled: true,
|
|
4014
3904
|
parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,
|
|
4015
|
-
legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions
|
|
4016
|
-
}
|
|
4017
|
-
});
|
|
3905
|
+
legacyEnableMsaPassthrough: (_c = ibcNodeOptions.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough,
|
|
3906
|
+
} }));
|
|
4018
3907
|
}
|
|
4019
3908
|
}
|
|
4020
3909
|
else {
|
|
4021
|
-
this.msalFlow = new MsalOpenBrowser({
|
|
4022
|
-
|
|
4023
|
-
tokenCredentialOptions: options,
|
|
4024
|
-
logger: logger$3,
|
|
4025
|
-
redirectUri,
|
|
4026
|
-
browserCustomizationOptions: ibcNodeOptions?.browserCustomizationOptions,
|
|
4027
|
-
});
|
|
3910
|
+
this.msalFlow = new MsalOpenBrowser(Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger: logger$3,
|
|
3911
|
+
redirectUri, browserCustomizationOptions: ibcNodeOptions === null || ibcNodeOptions === void 0 ? void 0 : ibcNodeOptions.browserCustomizationOptions }));
|
|
4028
3912
|
}
|
|
4029
|
-
this.disableAutomaticAuthentication = options
|
|
3913
|
+
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
4030
3914
|
}
|
|
4031
3915
|
/**
|
|
4032
3916
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -4044,10 +3928,7 @@ class InteractiveBrowserCredential {
|
|
|
4044
3928
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
4045
3929
|
newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger$3);
|
|
4046
3930
|
const arrayScopes = ensureScopes(scopes);
|
|
4047
|
-
return this.msalFlow.getToken(arrayScopes, {
|
|
4048
|
-
...newOptions,
|
|
4049
|
-
disableAutomaticAuthentication: this.disableAutomaticAuthentication,
|
|
4050
|
-
});
|
|
3931
|
+
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
4051
3932
|
});
|
|
4052
3933
|
}
|
|
4053
3934
|
/**
|
|
@@ -4089,12 +3970,12 @@ class MsalDeviceCode extends MsalNode {
|
|
|
4089
3970
|
deviceCodeCallback: this.userPromptCallback,
|
|
4090
3971
|
scopes,
|
|
4091
3972
|
cancel: false,
|
|
4092
|
-
correlationId: options
|
|
4093
|
-
authority: options
|
|
4094
|
-
claims: options
|
|
3973
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
3974
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
3975
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
4095
3976
|
};
|
|
4096
|
-
const promise = this.getApp("public", options
|
|
4097
|
-
const deviceResponse = await this.withCancellation(promise, options
|
|
3977
|
+
const promise = this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByDeviceCode(requestOptions);
|
|
3978
|
+
const deviceResponse = await this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
|
|
4098
3979
|
requestOptions.cancel = true;
|
|
4099
3980
|
});
|
|
4100
3981
|
return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
|
|
@@ -4141,15 +4022,10 @@ class DeviceCodeCredential {
|
|
|
4141
4022
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
4142
4023
|
*/
|
|
4143
4024
|
constructor(options) {
|
|
4144
|
-
this.tenantId = options
|
|
4145
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
4146
|
-
this.msalFlow = new MsalDeviceCode({
|
|
4147
|
-
|
|
4148
|
-
logger: logger$2,
|
|
4149
|
-
userPromptCallback: options?.userPromptCallback || defaultDeviceCodePromptCallback,
|
|
4150
|
-
tokenCredentialOptions: options || {},
|
|
4151
|
-
});
|
|
4152
|
-
this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
|
|
4025
|
+
this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
|
|
4026
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
4027
|
+
this.msalFlow = new MsalDeviceCode(Object.assign(Object.assign({}, options), { logger: logger$2, userPromptCallback: (options === null || options === void 0 ? void 0 : options.userPromptCallback) || defaultDeviceCodePromptCallback, tokenCredentialOptions: options || {} }));
|
|
4028
|
+
this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
|
|
4153
4029
|
}
|
|
4154
4030
|
/**
|
|
4155
4031
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -4167,10 +4043,7 @@ class DeviceCodeCredential {
|
|
|
4167
4043
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
4168
4044
|
newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger$2);
|
|
4169
4045
|
const arrayScopes = ensureScopes(scopes);
|
|
4170
|
-
return this.msalFlow.getToken(arrayScopes, {
|
|
4171
|
-
...newOptions,
|
|
4172
|
-
disableAutomaticAuthentication: this.disableAutomaticAuthentication,
|
|
4173
|
-
});
|
|
4046
|
+
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
4174
4047
|
});
|
|
4175
4048
|
}
|
|
4176
4049
|
/**
|
|
@@ -4218,13 +4091,13 @@ class MsalAuthorizationCode extends MsalNode {
|
|
|
4218
4091
|
}
|
|
4219
4092
|
async doGetToken(scopes, options) {
|
|
4220
4093
|
try {
|
|
4221
|
-
const result = await this.getApp("confidentialFirst", options
|
|
4094
|
+
const result = await this.getApp("confidentialFirst", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByCode({
|
|
4222
4095
|
scopes,
|
|
4223
4096
|
redirectUri: this.redirectUri,
|
|
4224
4097
|
code: this.authorizationCode,
|
|
4225
|
-
correlationId: options
|
|
4226
|
-
authority: options
|
|
4227
|
-
claims: options
|
|
4098
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
4099
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
4100
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
4228
4101
|
});
|
|
4229
4102
|
// The Client Credential flow does not return an account,
|
|
4230
4103
|
// so each time getToken gets called, we will have to acquire a new token through the service.
|
|
@@ -4269,17 +4142,10 @@ class AuthorizationCodeCredential {
|
|
|
4269
4142
|
}
|
|
4270
4143
|
// TODO: Validate tenant if provided
|
|
4271
4144
|
this.tenantId = tenantId;
|
|
4272
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
4273
|
-
this.msalFlow = new MsalAuthorizationCode({
|
|
4274
|
-
...options,
|
|
4275
|
-
clientSecret,
|
|
4145
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
|
|
4146
|
+
this.msalFlow = new MsalAuthorizationCode(Object.assign(Object.assign({}, options), { clientSecret,
|
|
4276
4147
|
clientId,
|
|
4277
|
-
tenantId,
|
|
4278
|
-
tokenCredentialOptions: options || {},
|
|
4279
|
-
logger: logger$1,
|
|
4280
|
-
redirectUri: this.redirectUri,
|
|
4281
|
-
authorizationCode: this.authorizationCode,
|
|
4282
|
-
});
|
|
4148
|
+
tenantId, tokenCredentialOptions: options || {}, logger: logger$1, redirectUri: this.redirectUri, authorizationCode: this.authorizationCode }));
|
|
4283
4149
|
}
|
|
4284
4150
|
/**
|
|
4285
4151
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -4294,10 +4160,7 @@ class AuthorizationCodeCredential {
|
|
|
4294
4160
|
const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
|
|
4295
4161
|
newOptions.tenantId = tenantId;
|
|
4296
4162
|
const arrayScopes = ensureScopes(scopes);
|
|
4297
|
-
return this.msalFlow.getToken(arrayScopes, {
|
|
4298
|
-
...newOptions,
|
|
4299
|
-
disableAutomaticAuthentication: this.disableAutomaticAuthentication,
|
|
4300
|
-
});
|
|
4163
|
+
return this.msalFlow.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
|
|
4301
4164
|
});
|
|
4302
4165
|
}
|
|
4303
4166
|
}
|
|
@@ -4374,11 +4237,7 @@ class OnBehalfOfCredential {
|
|
|
4374
4237
|
}
|
|
4375
4238
|
this.tenantId = tenantId;
|
|
4376
4239
|
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(additionallyAllowedTenantIds);
|
|
4377
|
-
this.msalFlow = new MsalOnBehalfOf({
|
|
4378
|
-
...this.options,
|
|
4379
|
-
logger,
|
|
4380
|
-
tokenCredentialOptions: this.options,
|
|
4381
|
-
});
|
|
4240
|
+
this.msalFlow = new MsalOnBehalfOf(Object.assign(Object.assign({}, this.options), { logger, tokenCredentialOptions: this.options }));
|
|
4382
4241
|
}
|
|
4383
4242
|
/**
|
|
4384
4243
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|