@azure/identity 4.1.0-alpha.20240308.3 → 4.1.0-alpha.20240320.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +60 -18
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +2 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/brokerOptions.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +58 -17
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
- package/package.json +2 -2
- package/types/identity.d.ts +8 -4
package/dist/index.js
CHANGED
|
@@ -3882,15 +3882,16 @@ const interactiveBrowserMockable = {
|
|
|
3882
3882
|
*/
|
|
3883
3883
|
class MsalOpenBrowser extends MsalNode {
|
|
3884
3884
|
constructor(options) {
|
|
3885
|
-
var _a, _b;
|
|
3885
|
+
var _a, _b, _c, _d;
|
|
3886
3886
|
super(options);
|
|
3887
3887
|
this.loginHint = options.loginHint;
|
|
3888
3888
|
this.errorTemplate = (_a = options.browserCustomizationOptions) === null || _a === void 0 ? void 0 : _a.errorMessage;
|
|
3889
3889
|
this.successTemplate = (_b = options.browserCustomizationOptions) === null || _b === void 0 ? void 0 : _b.successMessage;
|
|
3890
3890
|
this.logger = credentialLogger("Node.js MSAL Open Browser");
|
|
3891
|
+
this.useDefaultBrokerAccount =
|
|
3892
|
+
((_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.enabled) && ((_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount);
|
|
3891
3893
|
}
|
|
3892
|
-
async doGetToken(scopes, options) {
|
|
3893
|
-
var _a;
|
|
3894
|
+
async doGetToken(scopes, options = {}) {
|
|
3894
3895
|
try {
|
|
3895
3896
|
const interactiveRequest = {
|
|
3896
3897
|
openBrowser: async (url) => {
|
|
@@ -3905,30 +3906,70 @@ class MsalOpenBrowser extends MsalNode {
|
|
|
3905
3906
|
successTemplate: this.successTemplate,
|
|
3906
3907
|
};
|
|
3907
3908
|
if (hasNativeBroker() && this.enableBroker) {
|
|
3908
|
-
this.
|
|
3909
|
-
|
|
3910
|
-
|
|
3911
|
-
}
|
|
3912
|
-
else {
|
|
3913
|
-
// error should have been thrown from within the constructor of InteractiveBrowserCredential
|
|
3914
|
-
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
3915
|
-
}
|
|
3916
|
-
if (this.enableMsaPassthrough) {
|
|
3917
|
-
((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
|
|
3918
|
-
"consumer_passthrough";
|
|
3919
|
-
}
|
|
3909
|
+
return this.doGetBrokeredToken(scopes, interactiveRequest, {
|
|
3910
|
+
enableCae: options.enableCae,
|
|
3911
|
+
useDefaultBrokerAccount: this.useDefaultBrokerAccount,
|
|
3912
|
+
});
|
|
3920
3913
|
}
|
|
3914
|
+
// If the broker is not enabled, we will fall back to interactive authentication
|
|
3921
3915
|
if (hasNativeBroker() && !this.enableBroker) {
|
|
3922
3916
|
this.logger.verbose("Authentication will resume normally without the broker, since it's not enabled");
|
|
3923
3917
|
}
|
|
3918
|
+
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
|
|
3919
|
+
return this.handleResult(scopes, result || undefined);
|
|
3920
|
+
}
|
|
3921
|
+
catch (err) {
|
|
3922
|
+
throw handleMsalError(scopes, err, options);
|
|
3923
|
+
}
|
|
3924
|
+
}
|
|
3925
|
+
/**
|
|
3926
|
+
* A helper function that supports brokered authentication through the MSAL's public application.
|
|
3927
|
+
*
|
|
3928
|
+
* When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.
|
|
3929
|
+
* If the default broker account is not available, the method will fall back to interactive authentication.
|
|
3930
|
+
*/
|
|
3931
|
+
async doGetBrokeredToken(scopes, interactiveRequest, options) {
|
|
3932
|
+
var _a;
|
|
3933
|
+
this.logger.verbose("Authentication will resume through the broker");
|
|
3934
|
+
if (this.parentWindowHandle) {
|
|
3935
|
+
interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);
|
|
3936
|
+
}
|
|
3937
|
+
else {
|
|
3938
|
+
// error should have been thrown from within the constructor of InteractiveBrowserCredential
|
|
3939
|
+
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
3940
|
+
}
|
|
3941
|
+
if (this.enableMsaPassthrough) {
|
|
3942
|
+
((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
|
|
3943
|
+
"consumer_passthrough";
|
|
3944
|
+
}
|
|
3945
|
+
if (options.useDefaultBrokerAccount) {
|
|
3946
|
+
interactiveRequest.prompt = "none";
|
|
3947
|
+
this.logger.verbose("Attempting broker authentication using the default broker account");
|
|
3948
|
+
}
|
|
3949
|
+
else {
|
|
3950
|
+
interactiveRequest.prompt = undefined;
|
|
3951
|
+
this.logger.verbose("Attempting broker authentication without the default broker account");
|
|
3952
|
+
}
|
|
3953
|
+
try {
|
|
3924
3954
|
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
|
|
3925
3955
|
if (result.fromNativeBroker) {
|
|
3926
3956
|
this.logger.verbose(`This result is returned from native broker`);
|
|
3927
3957
|
}
|
|
3928
3958
|
return this.handleResult(scopes, result || undefined);
|
|
3929
3959
|
}
|
|
3930
|
-
catch (
|
|
3931
|
-
|
|
3960
|
+
catch (e) {
|
|
3961
|
+
this.logger.verbose(`Failed to authenticate through the broker: ${e.message}`);
|
|
3962
|
+
// If we tried to use the default broker account and failed, fall back to interactive authentication
|
|
3963
|
+
if (options.useDefaultBrokerAccount) {
|
|
3964
|
+
return this.doGetBrokeredToken(scopes, interactiveRequest, {
|
|
3965
|
+
enableCae: options.enableCae,
|
|
3966
|
+
useDefaultBrokerAccount: false,
|
|
3967
|
+
});
|
|
3968
|
+
}
|
|
3969
|
+
else {
|
|
3970
|
+
// If we're not using the default broker account, throw the error
|
|
3971
|
+
throw handleMsalError(scopes, e);
|
|
3972
|
+
}
|
|
3932
3973
|
}
|
|
3933
3974
|
}
|
|
3934
3975
|
}
|
|
@@ -3954,7 +3995,7 @@ class InteractiveBrowserCredential {
|
|
|
3954
3995
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
3955
3996
|
*/
|
|
3956
3997
|
constructor(options) {
|
|
3957
|
-
var _a, _b, _c;
|
|
3998
|
+
var _a, _b, _c, _d;
|
|
3958
3999
|
const redirectUri = typeof options.redirectUri === "function"
|
|
3959
4000
|
? options.redirectUri()
|
|
3960
4001
|
: options.redirectUri || "http://localhost";
|
|
@@ -3971,6 +4012,7 @@ class InteractiveBrowserCredential {
|
|
|
3971
4012
|
enabled: true,
|
|
3972
4013
|
parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,
|
|
3973
4014
|
legacyEnableMsaPassthrough: (_c = ibcNodeOptions.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough,
|
|
4015
|
+
useDefaultBrokerAccount: (_d = ibcNodeOptions.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount,
|
|
3974
4016
|
} }));
|
|
3975
4017
|
}
|
|
3976
4018
|
}
|