@azure/identity 4.1.0-alpha.20240305.3 → 4.1.0-alpha.20240314.1

package/dist-esm/src/msal/nodeFlows/msalClient.js

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 import * as msal from "@azure/msal-node";
-import { generatePluginConfiguration } from "./msalPlugins";
+import { msalPlugins } from "./msalPlugins";
 import { credentialLogger, formatSuccess } from "../../util/logging";
-import { defaultLoggerCallback, ensureValidMsalToken, getAuthority, getKnownAuthorities, getMSALLogLevel, publicToMsal, } from "../utils";
+import { defaultLoggerCallback, ensureValidMsalToken, getAuthority, getKnownAuthorities, getMSALLogLevel, handleMsalError, publicToMsal, } from "../utils";
 import { AuthenticationRequiredError } from "../../errors";
 import { IdentityClient } from "../../client/identityClient";
 import { getLogLevel } from "@azure/logger";
@@ -59,19 +59,25 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
         cachedAccount: createMsalClientOptions.authenticationRecord
             ? publicToMsal(createMsalClientOptions.authenticationRecord)
             : null,
-        pluginConfiguration: generatePluginConfiguration(createMsalClientOptions),
+        pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),
     };
-    let confidentialApp = undefined;
-    async function getConfidentialApp(_options = {}) {
-        // abort requests
-        if (confidentialApp === undefined) {
-            // TODOs:
-            // CAE / non-CAE
-            confidentialApp = new msal.ConfidentialClientApplication(Object.assign(Object.assign({}, state.msalConfig), { broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin }, cache: { cachePlugin: await state.pluginConfiguration.cache.cachePlugin } }));
+    const confidentialApps = new Map();
+    async function getConfidentialApp(options = {}) {
+        const appKey = options.enableCae ? "CAE" : "default";
+        let confidentialClientApp = confidentialApps.get(appKey);
+        if (confidentialClientApp) {
+            return confidentialClientApp;
         }
-        return confidentialApp;
+        // Initialize a new app and cache it
+        const cachePlugin = options.enableCae
+            ? state.pluginConfiguration.cache.cachePluginCae
+            : state.pluginConfiguration.cache.cachePlugin;
+        state.msalConfig.auth.clientCapabilities = options.enableCae ? ["cp1"] : undefined;
+        confidentialClientApp = new msal.ConfidentialClientApplication(Object.assign(Object.assign({}, state.msalConfig), { broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin }, cache: { cachePlugin: await cachePlugin } }));
+        confidentialApps.set(appKey, confidentialClientApp);
+        return confidentialClientApp;
     }
-    async function getTokenSilent(app, scopes, options) {
+    async function getTokenSilent(app, scopes, options = {}) {
         if (state.cachedAccount === null) {
             const cache = app.getTokenCache();
             const accounts = await cache.getAllAccounts();
@@ -88,12 +94,17 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
             }
             state.cachedAccount = accounts[0];
         }
-        // TODO: broker
+        // Keep track and reuse the claims we received across challenges
+        if (options.claims) {
+            state.cachedClaims = options.claims;
+        }
+        // TODO: port over changes for broker
+        // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395
         msalLogger.getToken.info("Attempting to acquire token silently");
         return app.acquireTokenSilent({
             account: state.cachedAccount,
             scopes,
-            claims: options === null || options === void 0 ? void 0 : options.claims,
+            claims: state.cachedClaims,
         });
     }
     /**
@@ -126,7 +137,12 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         }
         // Silent authentication failed
         if (response === null) {
-            response = await onAuthenticationRequired();
+            try {
+                response = await onAuthenticationRequired();
+            }
+            catch (err) {
+                throw handleMsalError(scopes, err, options);
+            }
         }
         // At this point we should have a token, process it
         ensureValidMsalToken(scopes, response, options);

package/dist-esm/src/msal/nodeFlows/msalClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,2BAA2B,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AA2BlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAmBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,2BAA2B,CAAC,uBAAuB,CAAC;KAC1E,CAAC;IAEF,IAAI,eAAe,GAAmD,SAAS,CAAC;IAChF,KAAK,UAAU,kBAAkB,CAC/B,WAA4B,EAAE;QAE9B,iBAAiB;QAEjB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,SAAS;YACT,gBAAgB;YAChB,eAAe,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACnD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,EAAE,IACzE,CAAC;QACL,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,OAAyB;QAEzB,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,eAAe;QACf,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC;YAC5B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAC9C,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,CAAC,sBAAsB,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,GAAG,EAAE;YAC7D,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAE5E,2DAA2D;YAC3D,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;gBACrC,MAAM;gBACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;gBAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, generatePluginConfiguration } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Interface for the MSAL (Microsoft Authentication Library) client.\n * This client is used to interact with Microsoft's identity platform.\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  let confidentialApp: msal.ConfidentialClientApplication | undefined = undefined;\n  async function getConfidentialApp(\n    _options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    // abort requests\n\n    if (confidentialApp === undefined) {\n      // TODOs:\n      // CAE / non-CAE\n      confidentialApp = new msal.ConfidentialClientApplication({\n        ...state.msalConfig,\n        broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n        cache: { cachePlugin: await state.pluginConfiguration.cache.cachePlugin },\n      });\n    }\n\n    return confidentialApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options?: GetTokenOptions,\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // TODO: broker\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent({\n      account: state.cachedAccount,\n      scopes,\n      claims: options?.claims,\n    });\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      response = await onAuthenticationRequired();\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n    };\n  }\n\n  return {\n    async getTokenByClientSecret(scopes, clientSecret, options = {}) {\n      msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n      // TODO: understand and implement processMultiTenantRequest\n      state.msalConfig.auth.clientSecret = clientSecret;\n\n      const msalApp = await getConfidentialApp(options);\n\n      return withSilentAuthentication(msalApp, scopes, options, () =>\n        msalApp.acquireTokenByClientCredential({\n          scopes,\n          authority: state.msalConfig.auth.authority,\n          claims: options?.claims,\n        }),\n      );\n    },\n  };\n}\n"]}
+{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,WAAW,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AA2BlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAsBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,WAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;KACtF,CAAC;IAEF,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACzD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE,IACzC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,qCAAqC;QACrC,+JAA+J;QAC/J,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC;YAC5B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,CAAC,sBAAsB,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,GAAG,EAAE;YAC7D,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAE5E,2DAA2D;YAC3D,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;gBACrC,MAAM;gBACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;gBAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, msalPlugins } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Interface for the MSAL (Microsoft Authentication Library) client.\n * This client is used to interact with Microsoft's identity platform.\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    // TODO: port over changes for broker\n    // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent({\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    });\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n    };\n  }\n\n  return {\n    async getTokenByClientSecret(scopes, clientSecret, options = {}) {\n      msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n      // TODO: understand and implement processMultiTenantRequest\n      state.msalConfig.auth.clientSecret = clientSecret;\n\n      const msalApp = await getConfidentialApp(options);\n\n      return withSilentAuthentication(msalApp, scopes, options, () =>\n        msalApp.acquireTokenByClientCredential({\n          scopes,\n          authority: state.msalConfig.auth.authority,\n          claims: options?.claims,\n        }),\n      );\n    },\n  };\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAI7C,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAClG,OAAO,EAAoB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAErE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,UAAU,GACX,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAG3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AA+B5C;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAQ;IAkC5B,YAAY,OAAwB;;QAjC5B,QAAG,GAGP,EAAE,CAAC;QACC,WAAM,GAGV,EAAE,CAAC;QAQG,yBAAoB,GAAY,KAAK,CAAC;QAmB9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,OAAO,CAAC;QACpD,IAAI,CAAC,oBAAoB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,0BAA0B,CAAC;QAC/E,IAAI,CAAC,kBAAkB,GAAG,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB,CAAC;QAEpE,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE,CAAC;YACvF,MAAM,aAAa,mBACjB,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,oBAAoB,EAAE,IACzE,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,MAAM,UAAU,mBACd,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,gBAAgB,EAAE,IACrE,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,aAAa,CAAC,CAAC;YACnE,IAAI,CAAC,oBAAoB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,UAAU,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;YAC9D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;QACrC,CAAC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,MAAM,kBAAkB,GAAa,EAAE,CAAC;QAExC,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CACnC,QAAQ,EACR,SAAS,EACT,OAAO,CAAC,wBAAwB,CACjC;gBACD,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;oBACrD,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;oBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;iBACtE;aACF;SACF,CAAC;IACJ,CAAC;IAYS,MAAM,CACd,OAAgB,EAChB,SAAmB;QAEnB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAC/C,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,mBAAmB,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,MAAM,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,cAAc,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC,YAAa,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,MAAO,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,CAAC;YACzB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,GAAG,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACnC,OAAO;QACT,CAAC;QACD,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;YAClE,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,oBAAoB,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;gBACvB,kBAAkB,EAAE,gBAAiB,CAAC,MAAM;aAC7C,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACnE,CAAC;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzF,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAsD,EACtD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,SAAS,GAAG,KAAK;QACtC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1E,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;QACT,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,CAAC;gBACxC,aAAa,CAAC,oBAAoB,GAAG,EAAE,CAAC;YAC1C,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD;;;;;eAKG;YACH,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,aAAa,GAAG,cAAc,EAAE,CAAA,CAAC;YACvF,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,kBAAkB,CACxE,aAAa,CACd,CAAA,CAAC,mCAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,UAAU,EAAE,CAAC;QAC/D,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,CAAC;YACH,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;YACpC,CAAC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvC,OAAe,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;YAC9C,CAAC;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE,CAAC;gBAC5C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;SAC/C,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AppType, AuthenticationRecord, MsalResult } from \"../types\";\nimport { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DeveloperSignOnClientId } from \"../../constants\";\nimport { CredentialLogger, formatSuccess } from \"../../util/logging\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n  randomUUID,\n} from \"../utils\";\nimport { hasNativeBroker, nativeBrokerInfo, persistenceProvider } from \"./msalPlugins\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { BrokerOptions } from \"./brokerOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { getLogLevel } from \"@azure/logger\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n  brokerOptions?: BrokerOptions;\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, uses a non-regional authority endpoint.\n   */\n  regionalAuthority?: string;\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode implements MsalFlow {\n  private app: {\n    public?: msalNode.PublicClientApplication;\n    confidential?: msalNode.ConfidentialClientApplication;\n  } = {};\n  private caeApp: {\n    public?: msalNode.PublicClientApplication;\n    confidential?: msalNode.ConfidentialClientApplication;\n  } = {};\n  private account?: AuthenticationRecord;\n  protected msalConfig: msalNode.Configuration;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected identityClient?: IdentityClient;\n  protected requiresConfidential: boolean = false;\n  protected azureRegion?: string;\n  protected createCachePlugin: (() => Promise<msalNode.ICachePlugin>) | undefined;\n  protected createCachePluginCae: (() => Promise<msalNode.ICachePlugin>) | undefined;\n  protected createNativeBrokerPlugin: (() => Promise<msalNode.INativeBrokerPlugin>) | undefined;\n  protected enableMsaPassthrough?: boolean;\n  protected parentWindowHandle?: Uint8Array;\n  protected enableBroker?: boolean;\n  protected logger: CredentialLogger;\n\n  /**\n   * MSAL currently caches the tokens depending on the claims used to retrieve them.\n   * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n   * To ensure we always get the latest token, we have to keep track of the claims.\n   */\n  private cachedClaims: string | undefined;\n\n  protected getAssertion: (() => Promise<string>) | undefined;\n  constructor(options: MsalNodeOptions) {\n    this.logger = options.logger;\n    this.msalConfig = this.defaultNodeMsalConfig(options);\n    this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants,\n    );\n    this.clientId = this.msalConfig.auth.clientId;\n    if (options?.getAssertion) {\n      this.getAssertion = options.getAssertion;\n    }\n    this.enableBroker = options?.brokerOptions?.enabled;\n    this.enableMsaPassthrough = options?.brokerOptions?.legacyEnableMsaPassthrough;\n    this.parentWindowHandle = options.brokerOptions?.parentWindowHandle;\n\n    // If persistence has been configured\n    if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n      const nonCaeOptions = {\n        name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}`,\n        ...options.tokenCachePersistenceOptions,\n      };\n      const caeOptions = {\n        name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}`,\n        ...options.tokenCachePersistenceOptions,\n      };\n      this.createCachePlugin = () => persistenceProvider!(nonCaeOptions);\n      this.createCachePluginCae = () => persistenceProvider!(caeOptions);\n    } else if (options.tokenCachePersistenceOptions?.enabled) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    // If broker has not been configured\n    if (!hasNativeBroker() && this.enableBroker) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n\n    this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n    if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n      this.azureRegion = \"AUTO_DISCOVER\";\n    }\n  }\n\n  /**\n   * Generates a MSAL configuration that generally works for Node.js\n   */\n  protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n    const clientId = options.clientId || DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n    this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n    const authority = getAuthority(tenantId, this.authorityHost);\n\n    this.identityClient = new IdentityClient({\n      ...options.tokenCredentialOptions,\n      authorityHost: authority,\n      loggingOptions: options.loggingOptions,\n    });\n\n    const clientCapabilities: string[] = [];\n\n    return {\n      auth: {\n        clientId,\n        authority,\n        knownAuthorities: getKnownAuthorities(\n          tenantId,\n          authority,\n          options.disableInstanceDiscovery,\n        ),\n        clientCapabilities,\n      },\n      // Cache is defined in this.prepare();\n      system: {\n        networkClient: this.identityClient,\n        loggerOptions: {\n          loggerCallback: defaultLoggerCallback(options.logger),\n          logLevel: getMSALLogLevel(getLogLevel()),\n          piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n        },\n      },\n    };\n  }\n  protected getApp(\n    appType: \"publicFirst\" | \"confidentialFirst\",\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication;\n  protected getApp(appType: \"public\", enableCae?: boolean): msalNode.PublicClientApplication;\n\n  protected getApp(\n    appType: \"confidential\",\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication;\n\n  protected getApp(\n    appType: AppType,\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication {\n    const app = enableCae ? this.caeApp : this.app;\n    if (appType === \"publicFirst\") {\n      return (app.public || app.confidential)!;\n    } else if (appType === \"confidentialFirst\") {\n      return (app.confidential || app.public)!;\n    } else if (appType === \"confidential\") {\n      return app.confidential!;\n    } else {\n      return app.public!;\n    }\n  }\n\n  /**\n   * Prepares the MSAL applications.\n   */\n  async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n    if (options?.abortSignal) {\n      options.abortSignal.addEventListener(\"abort\", () => {\n        // This will abort any pending request in the IdentityClient,\n        // based on the received or generated correlationId\n        this.identityClient!.abortRequests(options.correlationId);\n      });\n    }\n\n    const app = options?.enableCae ? this.caeApp : this.app;\n    if (options?.enableCae) {\n      this.msalConfig.auth.clientCapabilities = [\"cp1\"];\n    }\n    if (app.public || app.confidential) {\n      return;\n    }\n    if (options?.enableCae && this.createCachePluginCae !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePluginCae(),\n      };\n    }\n    if (this.createCachePlugin !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePlugin(),\n      };\n    }\n\n    if (hasNativeBroker() && this.enableBroker) {\n      this.msalConfig.broker = {\n        nativeBrokerPlugin: nativeBrokerInfo!.broker,\n      };\n      if (!this.parentWindowHandle) {\n        // error should have been thrown from within the constructor of InteractiveBrowserCredential\n        this.logger.warning(\n          \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n        );\n      }\n    }\n\n    if (options?.enableCae) {\n      this.caeApp.public = new msalNode.PublicClientApplication(this.msalConfig);\n    } else {\n      this.app.public = new msalNode.PublicClientApplication(this.msalConfig);\n    }\n\n    if (this.getAssertion) {\n      this.msalConfig.auth.clientAssertion = await this.getAssertion();\n    }\n    // The confidential client requires either a secret, assertion or certificate.\n    if (\n      this.msalConfig.auth.clientSecret ||\n      this.msalConfig.auth.clientAssertion ||\n      this.msalConfig.auth.clientCertificate\n    ) {\n      if (options?.enableCae) {\n        this.caeApp.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n      } else {\n        this.app.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n      }\n    } else {\n      if (this.requiresConfidential) {\n        throw new Error(\n          \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\",\n        );\n      }\n    }\n  }\n\n  /**\n   * Allows the cancellation of a MSAL request.\n   */\n  protected withCancellation(\n    promise: Promise<msalNode.AuthenticationResult | null>,\n    abortSignal?: AbortSignalLike,\n    onCancel?: () => void,\n  ): Promise<msalNode.AuthenticationResult | null> {\n    return new Promise((resolve, reject) => {\n      promise\n        .then((msalToken) => {\n          return resolve(msalToken!);\n        })\n        .catch(reject);\n      if (abortSignal) {\n        abortSignal.addEventListener(\"abort\", () => {\n          onCancel?.();\n        });\n      }\n    });\n  }\n\n  /**\n   * Returns the existing account, attempts to load the account from MSAL.\n   */\n  async getActiveAccount(enableCae = false): Promise<AuthenticationRecord | undefined> {\n    if (this.account) {\n      return this.account;\n    }\n    const cache = this.getApp(\"confidentialFirst\", enableCae).getTokenCache();\n    const accountsByTenant = await cache?.getAllAccounts();\n\n    if (!accountsByTenant) {\n      return;\n    }\n\n    if (accountsByTenant.length === 1) {\n      this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n    } else {\n      this.logger\n        .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n      return;\n    }\n\n    return this.account;\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    await this.getActiveAccount(options?.enableCae);\n    if (!this.account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const silentRequest: msalNode.SilentFlowRequest = {\n      // To be able to re-use the account, the Token Cache must also have been provided.\n      account: publicToMsal(this.account),\n      correlationId: options?.correlationId,\n      scopes,\n      authority: options?.authority,\n      claims: options?.claims,\n    };\n\n    if (hasNativeBroker() && this.enableBroker) {\n      if (!silentRequest.tokenQueryParameters) {\n        silentRequest.tokenQueryParameters = {};\n      }\n      if (!this.parentWindowHandle) {\n        // error should have been thrown from within the constructor of InteractiveBrowserCredential\n        this.logger.warning(\n          \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n        );\n      }\n      if (this.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      /**\n       * The following code to retrieve all accounts is done as a workaround in an attempt to force the\n       * refresh of the token cache with the token and the account passed in through the\n       * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651\n       * This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.\n       */\n      await this.getApp(\"publicFirst\", options?.enableCae)?.getTokenCache().getAllAccounts();\n      const response =\n        (await this.getApp(\"confidential\", options?.enableCae)?.acquireTokenSilent(\n          silentRequest,\n        )) ?? (await this.getApp(\"public\", options?.enableCae).acquireTokenSilent(silentRequest));\n      return this.handleResult(scopes, response || undefined);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n  /**\n   * Wrapper around each MSAL flow get token operation: doGetToken.\n   * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    options.authority = getAuthority(tenantId, this.authorityHost);\n\n    options.correlationId = options?.correlationId || randomUUID();\n    await this.init(options);\n\n    try {\n      // MSAL now caches tokens based on their claims,\n      // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n      // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n      const optionsClaims = (options as any).claims;\n      if (optionsClaims) {\n        this.cachedClaims = optionsClaims;\n      }\n      if (this.cachedClaims && !optionsClaims) {\n        (options as any).claims = this.cachedClaims;\n      }\n      // We don't return the promise since we want to catch errors right here.\n      return await this.getTokenSilent(scopes, options);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n      return this.doGetToken(scopes, options);\n    }\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  protected handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      this.account = msalToPublic(this.clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    this.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n    };\n  }\n}\n"]}
+{"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAI7C,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAClG,OAAO,EAAoB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAErE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,UAAU,GACX,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAG3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AA+B5C;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAQ;IAkC5B,YAAY,OAAwB;;QAjC5B,QAAG,GAGP,EAAE,CAAC;QACC,WAAM,GAGV,EAAE,CAAC;QAQG,yBAAoB,GAAY,KAAK,CAAC;QAmB9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,OAAO,CAAC;QACpD,IAAI,CAAC,oBAAoB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,0BAA0B,CAAC;QAC/E,IAAI,CAAC,kBAAkB,GAAG,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB,CAAC;QAEpE,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE,CAAC;YACvF,MAAM,aAAa,mBACjB,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,oBAAoB,EAAE,IACzE,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,MAAM,UAAU,mBACd,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,gBAAgB,EAAE,IACrE,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,aAAa,CAAC,CAAC;YACnE,IAAI,CAAC,oBAAoB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,UAAU,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,MAAA,OAAO,CAAC,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAC1F,IAAI,IAAI,CAAC,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;YAC9D,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC;QACrC,CAAC;IACH,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,MAAM,kBAAkB,GAAa,EAAE,CAAC;QAExC,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CACnC,QAAQ,EACR,SAAS,EACT,OAAO,CAAC,wBAAwB,CACjC;gBACD,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;oBACrD,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;oBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;iBACtE;aACF;SACF,CAAC;IACJ,CAAC;IAYS,MAAM,CACd,OAAgB,EAChB,SAAmB;QAEnB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAC/C,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,mBAAmB,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,MAAM,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,cAAc,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC,YAAa,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,MAAO,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,CAAC;YACzB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,GAAG,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACnC,OAAO;QACT,CAAC;QACD,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;YAClE,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,oBAAoB,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;gBACvB,kBAAkB,EAAE,gBAAiB,CAAC,MAAM;aAC7C,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACnE,CAAC;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzF,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAsD,EACtD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,SAAS,GAAG,KAAK;QACtC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1E,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;QACT,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,CAAC;gBACxC,aAAa,CAAC,oBAAoB,GAAG,EAAE,CAAC;YAC1C,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD;;;;;eAKG;YACH,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,aAAa,GAAG,cAAc,EAAE,CAAA,CAAC;YACvF,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,kBAAkB,CACxE,aAAa,CACd,CAAA,CAAC,mCAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,UAAU,EAAE,CAAC;QAC/D,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,CAAC;YACH,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;YACpC,CAAC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;YACrC,CAAC;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE,CAAC;gBAC5C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;SAC/C,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AppType, AuthenticationRecord, MsalResult } from \"../types\";\nimport { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DeveloperSignOnClientId } from \"../../constants\";\nimport { CredentialLogger, formatSuccess } from \"../../util/logging\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n  randomUUID,\n} from \"../utils\";\nimport { hasNativeBroker, nativeBrokerInfo, persistenceProvider } from \"./msalPlugins\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils\";\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { BrokerOptions } from \"./brokerOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { RegionalAuthority } from \"../../regionalAuthority\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { getLogLevel } from \"@azure/logger\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n  brokerOptions?: BrokerOptions;\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n  /**\n   * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n   * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n   * If the property is not specified, uses a non-regional authority endpoint.\n   */\n  regionalAuthority?: string;\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode implements MsalFlow {\n  private app: {\n    public?: msalNode.PublicClientApplication;\n    confidential?: msalNode.ConfidentialClientApplication;\n  } = {};\n  private caeApp: {\n    public?: msalNode.PublicClientApplication;\n    confidential?: msalNode.ConfidentialClientApplication;\n  } = {};\n  private account?: AuthenticationRecord;\n  protected msalConfig: msalNode.Configuration;\n  protected clientId: string;\n  protected tenantId: string;\n  protected additionallyAllowedTenantIds: string[];\n  protected authorityHost?: string;\n  protected identityClient?: IdentityClient;\n  protected requiresConfidential: boolean = false;\n  protected azureRegion?: string;\n  protected createCachePlugin: (() => Promise<msalNode.ICachePlugin>) | undefined;\n  protected createCachePluginCae: (() => Promise<msalNode.ICachePlugin>) | undefined;\n  protected createNativeBrokerPlugin: (() => Promise<msalNode.INativeBrokerPlugin>) | undefined;\n  protected enableMsaPassthrough?: boolean;\n  protected parentWindowHandle?: Uint8Array;\n  protected enableBroker?: boolean;\n  protected logger: CredentialLogger;\n\n  /**\n   * MSAL currently caches the tokens depending on the claims used to retrieve them.\n   * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n   * To ensure we always get the latest token, we have to keep track of the claims.\n   */\n  private cachedClaims: string | undefined;\n\n  protected getAssertion: (() => Promise<string>) | undefined;\n  constructor(options: MsalNodeOptions) {\n    this.logger = options.logger;\n    this.msalConfig = this.defaultNodeMsalConfig(options);\n    this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.tokenCredentialOptions?.additionallyAllowedTenants,\n    );\n    this.clientId = this.msalConfig.auth.clientId;\n    if (options?.getAssertion) {\n      this.getAssertion = options.getAssertion;\n    }\n    this.enableBroker = options?.brokerOptions?.enabled;\n    this.enableMsaPassthrough = options?.brokerOptions?.legacyEnableMsaPassthrough;\n    this.parentWindowHandle = options.brokerOptions?.parentWindowHandle;\n\n    // If persistence has been configured\n    if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n      const nonCaeOptions = {\n        name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}`,\n        ...options.tokenCachePersistenceOptions,\n      };\n      const caeOptions = {\n        name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}`,\n        ...options.tokenCachePersistenceOptions,\n      };\n      this.createCachePlugin = () => persistenceProvider!(nonCaeOptions);\n      this.createCachePluginCae = () => persistenceProvider!(caeOptions);\n    } else if (options.tokenCachePersistenceOptions?.enabled) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    // If broker has not been configured\n    if (!hasNativeBroker() && this.enableBroker) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n\n    this.azureRegion = options.regionalAuthority ?? process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n    if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n      this.azureRegion = \"AUTO_DISCOVER\";\n    }\n  }\n\n  /**\n   * Generates a MSAL configuration that generally works for Node.js\n   */\n  protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n    const clientId = options.clientId || DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n    this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n    const authority = getAuthority(tenantId, this.authorityHost);\n\n    this.identityClient = new IdentityClient({\n      ...options.tokenCredentialOptions,\n      authorityHost: authority,\n      loggingOptions: options.loggingOptions,\n    });\n\n    const clientCapabilities: string[] = [];\n\n    return {\n      auth: {\n        clientId,\n        authority,\n        knownAuthorities: getKnownAuthorities(\n          tenantId,\n          authority,\n          options.disableInstanceDiscovery,\n        ),\n        clientCapabilities,\n      },\n      // Cache is defined in this.prepare();\n      system: {\n        networkClient: this.identityClient,\n        loggerOptions: {\n          loggerCallback: defaultLoggerCallback(options.logger),\n          logLevel: getMSALLogLevel(getLogLevel()),\n          piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n        },\n      },\n    };\n  }\n  protected getApp(\n    appType: \"publicFirst\" | \"confidentialFirst\",\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication;\n  protected getApp(appType: \"public\", enableCae?: boolean): msalNode.PublicClientApplication;\n\n  protected getApp(\n    appType: \"confidential\",\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication;\n\n  protected getApp(\n    appType: AppType,\n    enableCae?: boolean,\n  ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication {\n    const app = enableCae ? this.caeApp : this.app;\n    if (appType === \"publicFirst\") {\n      return (app.public || app.confidential)!;\n    } else if (appType === \"confidentialFirst\") {\n      return (app.confidential || app.public)!;\n    } else if (appType === \"confidential\") {\n      return app.confidential!;\n    } else {\n      return app.public!;\n    }\n  }\n\n  /**\n   * Prepares the MSAL applications.\n   */\n  async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n    if (options?.abortSignal) {\n      options.abortSignal.addEventListener(\"abort\", () => {\n        // This will abort any pending request in the IdentityClient,\n        // based on the received or generated correlationId\n        this.identityClient!.abortRequests(options.correlationId);\n      });\n    }\n\n    const app = options?.enableCae ? this.caeApp : this.app;\n    if (options?.enableCae) {\n      this.msalConfig.auth.clientCapabilities = [\"cp1\"];\n    }\n    if (app.public || app.confidential) {\n      return;\n    }\n    if (options?.enableCae && this.createCachePluginCae !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePluginCae(),\n      };\n    }\n    if (this.createCachePlugin !== undefined) {\n      this.msalConfig.cache = {\n        cachePlugin: await this.createCachePlugin(),\n      };\n    }\n\n    if (hasNativeBroker() && this.enableBroker) {\n      this.msalConfig.broker = {\n        nativeBrokerPlugin: nativeBrokerInfo!.broker,\n      };\n      if (!this.parentWindowHandle) {\n        // error should have been thrown from within the constructor of InteractiveBrowserCredential\n        this.logger.warning(\n          \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n        );\n      }\n    }\n\n    if (options?.enableCae) {\n      this.caeApp.public = new msalNode.PublicClientApplication(this.msalConfig);\n    } else {\n      this.app.public = new msalNode.PublicClientApplication(this.msalConfig);\n    }\n\n    if (this.getAssertion) {\n      this.msalConfig.auth.clientAssertion = await this.getAssertion();\n    }\n    // The confidential client requires either a secret, assertion or certificate.\n    if (\n      this.msalConfig.auth.clientSecret ||\n      this.msalConfig.auth.clientAssertion ||\n      this.msalConfig.auth.clientCertificate\n    ) {\n      if (options?.enableCae) {\n        this.caeApp.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n      } else {\n        this.app.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n      }\n    } else {\n      if (this.requiresConfidential) {\n        throw new Error(\n          \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\",\n        );\n      }\n    }\n  }\n\n  /**\n   * Allows the cancellation of a MSAL request.\n   */\n  protected withCancellation(\n    promise: Promise<msalNode.AuthenticationResult | null>,\n    abortSignal?: AbortSignalLike,\n    onCancel?: () => void,\n  ): Promise<msalNode.AuthenticationResult | null> {\n    return new Promise((resolve, reject) => {\n      promise\n        .then((msalToken) => {\n          return resolve(msalToken!);\n        })\n        .catch(reject);\n      if (abortSignal) {\n        abortSignal.addEventListener(\"abort\", () => {\n          onCancel?.();\n        });\n      }\n    });\n  }\n\n  /**\n   * Returns the existing account, attempts to load the account from MSAL.\n   */\n  async getActiveAccount(enableCae = false): Promise<AuthenticationRecord | undefined> {\n    if (this.account) {\n      return this.account;\n    }\n    const cache = this.getApp(\"confidentialFirst\", enableCae).getTokenCache();\n    const accountsByTenant = await cache?.getAllAccounts();\n\n    if (!accountsByTenant) {\n      return;\n    }\n\n    if (accountsByTenant.length === 1) {\n      this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n    } else {\n      this.logger\n        .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n      return;\n    }\n\n    return this.account;\n  }\n\n  /**\n   * Attempts to retrieve a token from cache.\n   */\n  async getTokenSilent(\n    scopes: string[],\n    options?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    await this.getActiveAccount(options?.enableCae);\n    if (!this.account) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions: options,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const silentRequest: msalNode.SilentFlowRequest = {\n      // To be able to re-use the account, the Token Cache must also have been provided.\n      account: publicToMsal(this.account),\n      correlationId: options?.correlationId,\n      scopes,\n      authority: options?.authority,\n      claims: options?.claims,\n    };\n\n    if (hasNativeBroker() && this.enableBroker) {\n      if (!silentRequest.tokenQueryParameters) {\n        silentRequest.tokenQueryParameters = {};\n      }\n      if (!this.parentWindowHandle) {\n        // error should have been thrown from within the constructor of InteractiveBrowserCredential\n        this.logger.warning(\n          \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n        );\n      }\n      if (this.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    try {\n      this.logger.info(\"Attempting to acquire token silently\");\n      /**\n       * The following code to retrieve all accounts is done as a workaround in an attempt to force the\n       * refresh of the token cache with the token and the account passed in through the\n       * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651\n       * This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.\n       */\n      await this.getApp(\"publicFirst\", options?.enableCae)?.getTokenCache().getAllAccounts();\n      const response =\n        (await this.getApp(\"confidential\", options?.enableCae)?.acquireTokenSilent(\n          silentRequest,\n        )) ?? (await this.getApp(\"public\", options?.enableCae).acquireTokenSilent(silentRequest));\n      return this.handleResult(scopes, response || undefined);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve an authenticated token from MSAL.\n   */\n  protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n  /**\n   * Wrapper around each MSAL flow get token operation: doGetToken.\n   * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n   */\n  public async getToken(\n    scopes: string[],\n    options: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const tenantId =\n      processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n      this.tenantId;\n\n    options.authority = getAuthority(tenantId, this.authorityHost);\n\n    options.correlationId = options?.correlationId || randomUUID();\n    await this.init(options);\n\n    try {\n      // MSAL now caches tokens based on their claims,\n      // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n      // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n      const optionsClaims = (options as any).claims;\n      if (optionsClaims) {\n        this.cachedClaims = optionsClaims;\n      }\n      if (this.cachedClaims && !optionsClaims) {\n        options.claims = this.cachedClaims;\n      }\n      // We don't return the promise since we want to catch errors right here.\n      return await this.getTokenSilent(scopes, options);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (options?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n      this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n      return this.doGetToken(scopes, options);\n    }\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  protected handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      this.account = msalToPublic(this.clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    this.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n    };\n  }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalPlugins.js

@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
+import { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX } from "../../constants";
 /**
  * The current persistence provider, undefined by default.
  * @internal
@@ -41,7 +42,7 @@ export const msalNodeFlowNativeBrokerControl = {
  * @param options - options for creating the MSAL client
  * @returns plugin configuration
  */
-export function generatePluginConfiguration(options) {
+function generatePluginConfiguration(options) {
     var _a, _b, _c, _d, _e;
     const config = {
         cache: {},
@@ -59,7 +60,8 @@ export function generatePluginConfiguration(options) {
                 "`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.",
             ].join(" "));
         }
-        config.cache.cachePlugin = persistenceProvider(options.tokenCachePersistenceOptions);
+        config.cache.cachePlugin = persistenceProvider(Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
+        config.cache.cachePluginCae = persistenceProvider(Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
     }
     if ((_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.enabled) {
         if (nativeBrokerInfo === undefined) {
@@ -74,4 +76,10 @@ export function generatePluginConfiguration(options) {
     }
     return config;
 }
+/**
+ * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.
+ */
+export const msalPlugins = {
+    generatePluginConfiguration,
+};
 //# sourceMappingURL=msalPlugins.js.map

package/dist-esm/src/msal/nodeFlows/msalPlugins.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AA4BlC;;;GAGG;AACH,MAAM,CAAC,IAAI,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,IAAI,gBAAgB,GAIX,SAAS,CAAC;AAE1B,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,gBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAA0B;;IACpE,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,oBAAoB,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,0BAA0B,mCAAI,KAAK;YAChF,kBAAkB,EAAE,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB;SAC9D;KACF,CAAC;IAEF,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;QAClD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACvF,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,EAAE,CAAC;QACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,gBAAiB,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { MsalClientOptions } from \"./msalClient\";\nimport { NativeBrokerPluginControl } from \"../../plugins/provider\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    enableMsaPassthrough: boolean;\n    parentWindowHandle?: Uint8Array;\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nexport function generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n      parentWindowHandle: options.brokerOptions?.parentWindowHandle,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    config.cache.cachePlugin = persistenceProvider(options.tokenCachePersistenceOptions);\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (nativeBrokerInfo === undefined) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n\n    config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n  }\n\n  return config;\n}\n"]}
+{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AA2BzE;;;GAGG;AACH,MAAM,CAAC,IAAI,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,IAAI,gBAAgB,GAIX,SAAS,CAAC;AAE1B,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,gBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,oBAAoB,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,0BAA0B,mCAAI,KAAK;YAChF,kBAAkB,EAAE,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB;SAC9D;KACF,CAAC;IAEF,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;QAClD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,mBAAmB,iBAC5C,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,oBAAoB,EAAE,IACzE,OAAO,CAAC,4BAA4B,EACvC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,mBAAmB,iBAC/C,IAAI,EAAE,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,gBAAgB,EAAE,IACrE,OAAO,CAAC,4BAA4B,EACvC,CAAC;IACL,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,EAAE,CAAC;QACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,gBAAiB,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX } from \"../../constants\";\n\nimport { MsalClientOptions } from \"./msalClient\";\nimport { NativeBrokerPluginControl } from \"../../plugins/provider\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    enableMsaPassthrough: boolean;\n    parentWindowHandle?: Uint8Array;\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n      parentWindowHandle: options.brokerOptions?.parentWindowHandle,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (nativeBrokerInfo === undefined) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n\n    config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n  }\n\n  return config;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.1.0-alpha.20240305.3",
+  "version": "4.1.0-alpha.20240314.1",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -49,13 +49,13 @@
     "build:samples": "echo Obsolete.",
     "build:test": "tsc -p . && dev-tool run bundle",
     "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
-    "clean": "rimraf dist dist-* types *.tgz *.log",
+    "clean": "rimraf --glob dist dist-* types *.tgz *.log",
     "execute:samples": "dev-tool samples run samples-dev",
     "extract-api": "tsc -p . && api-extractor run --local",
     "format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
     "integration-test:browser": "echo skipped",
-    "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
+    "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts' 'test/integration/*.spec.ts'",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
     "lint:fix": "eslint package.json api-extractor.json src test --ext .ts --fix --fix-type [problem,suggestion]",
     "lint": "eslint package.json api-extractor.json src test --ext .ts",
@@ -155,7 +155,7 @@
     "ms": "^2.1.3",
     "c8": "^8.0.0",
     "puppeteer": "^22.2.0",
-    "rimraf": "^3.0.0",
+    "rimraf": "^5.0.5",
     "sinon": "^17.0.0",
     "ts-node": "^10.0.0",
     "typescript": "~5.3.3",