@azure/identity 4.1.0-alpha.20240227.3 → 4.1.0-alpha.20240301.2

package/dist-esm/src/msal/nodeFlows/msalClient.js

@@ -129,7 +129,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
             response = await onAuthenticationRequired();
         }
         // At this point we should have a token, process it
-        ensureValidMsalToken(scopes, response !== null && response !== void 0 ? response : undefined, options);
+        ensureValidMsalToken(scopes, response, options);
         state.cachedAccount = (_a = response === null || response === void 0 ? void 0 : response.account) !== null && _a !== void 0 ? _a : null;
         msalLogger.getToken.info(formatSuccess(scopes));
         return {

package/dist-esm/src/msal/nodeFlows/msalClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,2BAA2B,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AA2BlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAmBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,2BAA2B,CAAC,uBAAuB,CAAC;KAC1E,CAAC;IAEF,IAAI,eAAe,GAAmD,SAAS,CAAC;IAChF,KAAK,UAAU,kBAAkB,CAC/B,WAA4B,EAAE;QAE9B,iBAAiB;QAEjB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,SAAS;YACT,gBAAgB;YAChB,eAAe,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACnD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,EAAE,IACzE,CAAC;QACL,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,OAAyB;QAEzB,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,eAAe;QACf,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC;YAC5B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAC9C,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7D,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAS,CAAC,WAAW;YAC5B,kBAAkB,EAAE,QAAS,CAAC,SAAU,CAAC,OAAO,EAAE;SACnD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,CAAC,sBAAsB,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,GAAG,EAAE;YAC7D,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAE5E,2DAA2D;YAC3D,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;gBACrC,MAAM;gBACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;gBAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, generatePluginConfiguration } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Interface for the MSAL (Microsoft Authentication Library) client.\n * This client is used to interact with Microsoft's identity platform.\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  let confidentialApp: msal.ConfidentialClientApplication | undefined = undefined;\n  async function getConfidentialApp(\n    _options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    // abort requests\n\n    if (confidentialApp === undefined) {\n      // TODOs:\n      // CAE / non-CAE\n      confidentialApp = new msal.ConfidentialClientApplication({\n        ...state.msalConfig,\n        broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n        cache: { cachePlugin: await state.pluginConfiguration.cache.cachePlugin },\n      });\n    }\n\n    return confidentialApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options?: GetTokenOptions,\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // TODO: broker\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent({\n      account: state.cachedAccount,\n      scopes,\n      claims: options?.claims,\n    });\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      response = await onAuthenticationRequired();\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response ?? undefined, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response!.accessToken,\n      expiresOnTimestamp: response!.expiresOn!.getTime(),\n    };\n  }\n\n  return {\n    async getTokenByClientSecret(scopes, clientSecret, options = {}) {\n      msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n      // TODO: understand and implement processMultiTenantRequest\n      state.msalConfig.auth.clientSecret = clientSecret;\n\n      const msalApp = await getConfidentialApp(options);\n\n      return withSilentAuthentication(msalApp, scopes, options, () =>\n        msalApp.acquireTokenByClientCredential({\n          scopes,\n          authority: state.msalConfig.auth.authority,\n          claims: options?.claims,\n        }),\n      );\n    },\n  };\n}\n"]}
+{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,2BAA2B,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AA2BlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAmBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,2BAA2B,CAAC,uBAAuB,CAAC;KAC1E,CAAC;IAEF,IAAI,eAAe,GAAmD,SAAS,CAAC;IAChF,KAAK,UAAU,kBAAkB,CAC/B,WAA4B,EAAE;QAE9B,iBAAiB;QAEjB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,SAAS;YACT,gBAAgB;YAChB,eAAe,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACnD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,EAAE,IACzE,CAAC;QACL,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,OAAyB;QAEzB,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,eAAe;QACf,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC;YAC5B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAC9C,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,CAAC,sBAAsB,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,GAAG,EAAE;YAC7D,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAE5E,2DAA2D;YAC3D,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;gBACrC,MAAM;gBACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;gBAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, generatePluginConfiguration } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Interface for the MSAL (Microsoft Authentication Library) client.\n * This client is used to interact with Microsoft's identity platform.\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  let confidentialApp: msal.ConfidentialClientApplication | undefined = undefined;\n  async function getConfidentialApp(\n    _options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    // abort requests\n\n    if (confidentialApp === undefined) {\n      // TODOs:\n      // CAE / non-CAE\n      confidentialApp = new msal.ConfidentialClientApplication({\n        ...state.msalConfig,\n        broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n        cache: { cachePlugin: await state.pluginConfiguration.cache.cachePlugin },\n      });\n    }\n\n    return confidentialApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options?: GetTokenOptions,\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // TODO: broker\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent({\n      account: state.cachedAccount,\n      scopes,\n      claims: options?.claims,\n    });\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      response = await onAuthenticationRequired();\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n    };\n  }\n\n  return {\n    async getTokenByClientSecret(scopes, clientSecret, options = {}) {\n      msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n      // TODO: understand and implement processMultiTenantRequest\n      state.msalConfig.auth.clientSecret = clientSecret;\n\n      const msalApp = await getConfidentialApp(options);\n\n      return withSilentAuthentication(msalApp, scopes, options, () =>\n        msalApp.acquireTokenByClientCredential({\n          scopes,\n          authority: state.msalConfig.auth.authority,\n          claims: options?.claims,\n        }),\n      );\n    },\n  };\n}\n"]}

package/dist-esm/src/msal/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAExE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAAqB,EACrB,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n  (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n  scopes: string | string[],\n  msalToken?: MsalToken,\n  getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n  const error = (message: string): Error => {\n    logger.getToken.info(message);\n    return new AuthenticationRequiredError({\n      scopes: Array.isArray(scopes) ? scopes : [scopes],\n      getTokenOptions,\n      message,\n    });\n  };\n  if (!msalToken) {\n    throw error(\"No response\");\n  }\n  if (!msalToken.expiresOn) {\n    throw error(`Response had no \"expiresOn\" property.`);\n  }\n  if (!msalToken.accessToken) {\n    throw error(`Response had no \"accessToken\" property.`);\n  }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n  if (!host) {\n    host = DefaultAuthorityHost;\n  }\n  if (new RegExp(`${tenantId}/?$`).test(host)) {\n    return host;\n  }\n  if (host.endsWith(\"/\")) {\n    return host + tenantId;\n  } else {\n    return `${host}/${tenantId}`;\n  }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n  tenantId: string,\n  authorityHost: string,\n  disableInstanceDiscovery?: boolean,\n): string[] {\n  if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n    return [authorityHost];\n  }\n  return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n  logger: CredentialLogger,\n  platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n  (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n  (level, message, containsPii): void => {\n    if (containsPii) {\n      return;\n    }\n    switch (level) {\n      case msalCommon.LogLevel.Error:\n        credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n        return;\n      case msalCommon.LogLevel.Info:\n        credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Verbose:\n        credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Warning:\n        credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n        return;\n    }\n  };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n  switch (logLevel) {\n    case \"error\":\n      return msalCommon.LogLevel.Error;\n    case \"info\":\n      return msalCommon.LogLevel.Info;\n    case \"verbose\":\n      return msalCommon.LogLevel.Verbose;\n    case \"warning\":\n      return msalCommon.LogLevel.Warning;\n    default:\n      // default msal logging level should be Info\n      return msalCommon.LogLevel.Info;\n  }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n  return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n  scopes: string[],\n  error: Error,\n  getTokenOptions?: GetTokenOptions,\n): Error {\n  if (\n    error.name === \"AuthError\" ||\n    error.name === \"ClientAuthError\" ||\n    error.name === \"BrowserAuthError\"\n  ) {\n    const msalError = error as msalCommon.AuthError;\n    switch (msalError.errorCode) {\n      case \"endpoints_resolution_error\":\n        logger.info(formatError(scopes, error.message));\n        return new CredentialUnavailableError(error.message);\n      case \"device_code_polling_cancelled\":\n        return new AbortError(\"The authentication has been aborted by the caller.\");\n      case \"consent_required\":\n      case \"interaction_required\":\n      case \"login_required\":\n        logger.info(\n          formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n        );\n        break;\n      default:\n        logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n        break;\n    }\n  }\n  if (\n    error.name === \"ClientConfigurationError\" ||\n    error.name === \"BrowserConfigurationAuthError\" ||\n    error.name === \"AbortError\"\n  ) {\n    return error;\n  }\n  if (error.name === \"NativeAuthError\") {\n    logger.info(\n      formatError(\n        scopes,\n        `Error from the native broker: ${error.message} with status code: ${\n          (error as any).statusCode\n        }`,\n      ),\n    );\n    return error;\n  }\n  return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n  const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n  return {\n    ...account,\n    localAccountId: account.homeAccountId,\n    environment,\n  };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n  const record = {\n    authority: getAuthority(account.tenantId, account.environment),\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId || DefaultTenantId,\n    username: account.username,\n    clientId,\n    version: LatestAuthenticationRecordVersion,\n  };\n  return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n  return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n  const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n  if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n    throw Error(\"Unsupported AuthenticationRecord version\");\n  }\n\n  return parsed;\n}\n"]}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAExE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n  (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n  scopes: string | string[],\n  msalToken?: MsalToken | null,\n  getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n  const error = (message: string): Error => {\n    logger.getToken.info(message);\n    return new AuthenticationRequiredError({\n      scopes: Array.isArray(scopes) ? scopes : [scopes],\n      getTokenOptions,\n      message,\n    });\n  };\n  if (!msalToken) {\n    throw error(\"No response\");\n  }\n  if (!msalToken.expiresOn) {\n    throw error(`Response had no \"expiresOn\" property.`);\n  }\n  if (!msalToken.accessToken) {\n    throw error(`Response had no \"accessToken\" property.`);\n  }\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n  if (!host) {\n    host = DefaultAuthorityHost;\n  }\n  if (new RegExp(`${tenantId}/?$`).test(host)) {\n    return host;\n  }\n  if (host.endsWith(\"/\")) {\n    return host + tenantId;\n  } else {\n    return `${host}/${tenantId}`;\n  }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n  tenantId: string,\n  authorityHost: string,\n  disableInstanceDiscovery?: boolean,\n): string[] {\n  if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n    return [authorityHost];\n  }\n  return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n  logger: CredentialLogger,\n  platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n  (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n  (level, message, containsPii): void => {\n    if (containsPii) {\n      return;\n    }\n    switch (level) {\n      case msalCommon.LogLevel.Error:\n        credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n        return;\n      case msalCommon.LogLevel.Info:\n        credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Verbose:\n        credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Warning:\n        credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n        return;\n    }\n  };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n  switch (logLevel) {\n    case \"error\":\n      return msalCommon.LogLevel.Error;\n    case \"info\":\n      return msalCommon.LogLevel.Info;\n    case \"verbose\":\n      return msalCommon.LogLevel.Verbose;\n    case \"warning\":\n      return msalCommon.LogLevel.Warning;\n    default:\n      // default msal logging level should be Info\n      return msalCommon.LogLevel.Info;\n  }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n  return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n  scopes: string[],\n  error: Error,\n  getTokenOptions?: GetTokenOptions,\n): Error {\n  if (\n    error.name === \"AuthError\" ||\n    error.name === \"ClientAuthError\" ||\n    error.name === \"BrowserAuthError\"\n  ) {\n    const msalError = error as msalCommon.AuthError;\n    switch (msalError.errorCode) {\n      case \"endpoints_resolution_error\":\n        logger.info(formatError(scopes, error.message));\n        return new CredentialUnavailableError(error.message);\n      case \"device_code_polling_cancelled\":\n        return new AbortError(\"The authentication has been aborted by the caller.\");\n      case \"consent_required\":\n      case \"interaction_required\":\n      case \"login_required\":\n        logger.info(\n          formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n        );\n        break;\n      default:\n        logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n        break;\n    }\n  }\n  if (\n    error.name === \"ClientConfigurationError\" ||\n    error.name === \"BrowserConfigurationAuthError\" ||\n    error.name === \"AbortError\"\n  ) {\n    return error;\n  }\n  if (error.name === \"NativeAuthError\") {\n    logger.info(\n      formatError(\n        scopes,\n        `Error from the native broker: ${error.message} with status code: ${\n          (error as any).statusCode\n        }`,\n      ),\n    );\n    return error;\n  }\n  return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n  const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n  return {\n    ...account,\n    localAccountId: account.homeAccountId,\n    environment,\n  };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n  const record = {\n    authority: getAuthority(account.tenantId, account.environment),\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId || DefaultTenantId,\n    username: account.username,\n    clientId,\n    version: LatestAuthenticationRecordVersion,\n  };\n  return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n  return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n  const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n  if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n    throw Error(\"Unsupported AuthenticationRecord version\");\n  }\n\n  return parsed;\n}\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.1.0-alpha.20240227.3",
+  "version": "4.1.0-alpha.20240301.2",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -55,7 +55,7 @@
     "format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "integration-test:browser": "echo skipped",
-    "integration-test:node": "dev-tool run test:node-js-input -- --timeout 180000 'dist-esm/test/public/node/*.spec.js' 'dist-esm/test/internal/node/*.spec.js'",
+    "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
     "lint:fix": "eslint package.json api-extractor.json src test --ext .ts --fix --fix-type [problem,suggestion]",
     "lint": "eslint package.json api-extractor.json src test --ext .ts",