@azure/identity 4.1.0-alpha.20240314.1 → 4.1.0-alpha.20240321.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +60 -18
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +2 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/brokerOptions.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +58 -17
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
- package/package.json +2 -2
- package/types/identity.d.ts +8 -4
|
@@ -24,7 +24,7 @@ export class InteractiveBrowserCredential {
|
|
|
24
24
|
* @param options - Options for configuring the client which makes the authentication requests.
|
|
25
25
|
*/
|
|
26
26
|
constructor(options) {
|
|
27
|
-
var _a, _b, _c;
|
|
27
|
+
var _a, _b, _c, _d;
|
|
28
28
|
const redirectUri = typeof options.redirectUri === "function"
|
|
29
29
|
? options.redirectUri()
|
|
30
30
|
: options.redirectUri || "http://localhost";
|
|
@@ -41,6 +41,7 @@ export class InteractiveBrowserCredential {
|
|
|
41
41
|
enabled: true,
|
|
42
42
|
parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,
|
|
43
43
|
legacyEnableMsaPassthrough: (_c = ibcNodeOptions.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough,
|
|
44
|
+
useDefaultBrokerAccount: (_d = ibcNodeOptions.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount,
|
|
44
45
|
} }));
|
|
45
46
|
}
|
|
46
47
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AASlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AASlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAMvC;;;;;;;;;;;OAWG;IACH,YACE,OAA+F;;QAE/F,MAAM,WAAW,GACf,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU;YACvC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE;YACvB,CAAC,CAAC,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;QAEhD,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,cAAc,GAAG,OAAkD,CAAC;QAC1E,IAAI,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,aAAa,0CAAE,OAAO,EAAE,CAAC;YAC3C,IAAI,CAAC,CAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,aAAa,0CAAE,kBAAkB,CAAA,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,iCAC9B,OAAO,KACV,sBAAsB,EAAE,OAAO,EAC/B,MAAM;oBACN,WAAW,EACX,2BAA2B,EAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,2BAA2B,EACxE,aAAa,EAAE;wBACb,OAAO,EAAE,IAAI;wBACb,kBAAkB,EAAE,cAAc,CAAC,aAAa,CAAC,kBAAkB;wBACnE,0BAA0B,EAAE,MAAA,cAAc,CAAC,aAAa,0CAAE,0BAA0B;wBACpF,uBAAuB,EAAE,MAAA,cAAc,CAAC,aAAa,0CAAE,uBAAuB;qBAC/E,IACD,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,iCAC9B,OAAO,KACV,sBAAsB,EAAE,OAAO,EAC/B,MAAM;gBACN,WAAW,EACX,2BAA2B,EAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,2BAA2B,IACxE,CAAC;QACL,CAAC;QACD,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,kCACpC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n InteractiveBrowserCredentialInBrowserOptions,\n InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils\";\n\nimport { AuthenticationRecord } from \"../msal/types\";\nimport { MsalFlow } from \"../msal/flows\";\nimport { MsalOpenBrowser } from \"../msal/nodeFlows/msalOpenBrowser\";\nimport { credentialLogger } from \"../util/logging\";\nimport { ensureScopes } from \"../util/scopeUtils\";\nimport { tracingClient } from \"../util/tracing\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private msalFlow: MsalFlow;\n private disableAutomaticAuthentication?: boolean;\n\n /**\n * Creates an instance of InteractiveBrowserCredential with the details needed.\n *\n * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n *\n * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).\n *\n * @param options - Options for configuring the client which makes the authentication requests.\n */\n constructor(\n options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions,\n ) {\n const redirectUri =\n typeof options.redirectUri === \"function\"\n ? options.redirectUri()\n : options.redirectUri || \"http://localhost\";\n\n this.tenantId = options?.tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n const ibcNodeOptions = options as InteractiveBrowserCredentialNodeOptions;\n if (ibcNodeOptions?.brokerOptions?.enabled) {\n if (!ibcNodeOptions?.brokerOptions?.parentWindowHandle) {\n throw new Error(\n \"In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter\",\n );\n } else {\n this.msalFlow = new MsalOpenBrowser({\n ...options,\n tokenCredentialOptions: options,\n logger,\n redirectUri,\n browserCustomizationOptions: ibcNodeOptions?.browserCustomizationOptions,\n brokerOptions: {\n enabled: true,\n parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,\n legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions?.legacyEnableMsaPassthrough,\n useDefaultBrokerAccount: ibcNodeOptions.brokerOptions?.useDefaultBrokerAccount,\n },\n });\n }\n } else {\n this.msalFlow = new MsalOpenBrowser({\n ...options,\n tokenCredentialOptions: options,\n logger,\n redirectUri,\n browserCustomizationOptions: ibcNodeOptions?.browserCustomizationOptions,\n });\n }\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalFlow.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n *\n * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n * PKCE is a security feature that mitigates authentication code interception attacks.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AuthenticationRecord | undefined> {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = ensureScopes(scopes);\n await this.msalFlow.getToken(arrayScopes, newOptions);\n return this.msalFlow.getActiveAccount();\n },\n );\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"brokerOptions.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/brokerOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n/**\n * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n */\nexport type BrokerOptions = BrokerEnabledOptions | BrokerDisabledOptions;\n\n/**\n * Parameters when WAM broker authentication is disabled.\n */\nexport interface BrokerDisabledOptions {\n /**\n * If set to true, broker will be enabled for WAM support on Windows
|
|
1
|
+
{"version":3,"file":"brokerOptions.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/brokerOptions.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n/**\n * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n */\nexport type BrokerOptions = BrokerEnabledOptions | BrokerDisabledOptions;\n\n/**\n * Parameters when WAM broker authentication is disabled.\n */\nexport interface BrokerDisabledOptions {\n /**\n * If set to true, broker will be enabled for WAM support on Windows.\n */\n enabled: false;\n\n /**\n * If set to true, MSA account will be passed through, required for WAM authentication.\n */\n legacyEnableMsaPassthrough?: undefined;\n /**\n * Window handle for parent window, required for WAM authentication.\n */\n parentWindowHandle: undefined;\n}\n\n/**\n * Parameters when WAM broker authentication is enabled.\n */\nexport interface BrokerEnabledOptions {\n /**\n * If set to true, broker will be enabled for WAM support on Windows.\n */\n enabled: true;\n /**\n * If set to true, MSA account will be passed through, required for WAM authentication.\n */\n legacyEnableMsaPassthrough?: boolean;\n /**\n * Window handle for parent window, required for WAM authentication.\n */\n parentWindowHandle: Uint8Array;\n\n /**\n * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication.\n */\n useDefaultBrokerAccount?: boolean;\n}\n"]}
|
|
@@ -19,15 +19,16 @@ export const interactiveBrowserMockable = {
|
|
|
19
19
|
*/
|
|
20
20
|
export class MsalOpenBrowser extends MsalNode {
|
|
21
21
|
constructor(options) {
|
|
22
|
-
var _a, _b;
|
|
22
|
+
var _a, _b, _c, _d;
|
|
23
23
|
super(options);
|
|
24
24
|
this.loginHint = options.loginHint;
|
|
25
25
|
this.errorTemplate = (_a = options.browserCustomizationOptions) === null || _a === void 0 ? void 0 : _a.errorMessage;
|
|
26
26
|
this.successTemplate = (_b = options.browserCustomizationOptions) === null || _b === void 0 ? void 0 : _b.successMessage;
|
|
27
27
|
this.logger = credentialLogger("Node.js MSAL Open Browser");
|
|
28
|
+
this.useDefaultBrokerAccount =
|
|
29
|
+
((_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.enabled) && ((_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount);
|
|
28
30
|
}
|
|
29
|
-
async doGetToken(scopes, options) {
|
|
30
|
-
var _a;
|
|
31
|
+
async doGetToken(scopes, options = {}) {
|
|
31
32
|
try {
|
|
32
33
|
const interactiveRequest = {
|
|
33
34
|
openBrowser: async (url) => {
|
|
@@ -42,30 +43,70 @@ export class MsalOpenBrowser extends MsalNode {
|
|
|
42
43
|
successTemplate: this.successTemplate,
|
|
43
44
|
};
|
|
44
45
|
if (hasNativeBroker() && this.enableBroker) {
|
|
45
|
-
this.
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
}
|
|
49
|
-
else {
|
|
50
|
-
// error should have been thrown from within the constructor of InteractiveBrowserCredential
|
|
51
|
-
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
52
|
-
}
|
|
53
|
-
if (this.enableMsaPassthrough) {
|
|
54
|
-
((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
|
|
55
|
-
"consumer_passthrough";
|
|
56
|
-
}
|
|
46
|
+
return this.doGetBrokeredToken(scopes, interactiveRequest, {
|
|
47
|
+
enableCae: options.enableCae,
|
|
48
|
+
useDefaultBrokerAccount: this.useDefaultBrokerAccount,
|
|
49
|
+
});
|
|
57
50
|
}
|
|
51
|
+
// If the broker is not enabled, we will fall back to interactive authentication
|
|
58
52
|
if (hasNativeBroker() && !this.enableBroker) {
|
|
59
53
|
this.logger.verbose("Authentication will resume normally without the broker, since it's not enabled");
|
|
60
54
|
}
|
|
55
|
+
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
|
|
56
|
+
return this.handleResult(scopes, result || undefined);
|
|
57
|
+
}
|
|
58
|
+
catch (err) {
|
|
59
|
+
throw handleMsalError(scopes, err, options);
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* A helper function that supports brokered authentication through the MSAL's public application.
|
|
64
|
+
*
|
|
65
|
+
* When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.
|
|
66
|
+
* If the default broker account is not available, the method will fall back to interactive authentication.
|
|
67
|
+
*/
|
|
68
|
+
async doGetBrokeredToken(scopes, interactiveRequest, options) {
|
|
69
|
+
var _a;
|
|
70
|
+
this.logger.verbose("Authentication will resume through the broker");
|
|
71
|
+
if (this.parentWindowHandle) {
|
|
72
|
+
interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
// error should have been thrown from within the constructor of InteractiveBrowserCredential
|
|
76
|
+
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
77
|
+
}
|
|
78
|
+
if (this.enableMsaPassthrough) {
|
|
79
|
+
((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
|
|
80
|
+
"consumer_passthrough";
|
|
81
|
+
}
|
|
82
|
+
if (options.useDefaultBrokerAccount) {
|
|
83
|
+
interactiveRequest.prompt = "none";
|
|
84
|
+
this.logger.verbose("Attempting broker authentication using the default broker account");
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
interactiveRequest.prompt = undefined;
|
|
88
|
+
this.logger.verbose("Attempting broker authentication without the default broker account");
|
|
89
|
+
}
|
|
90
|
+
try {
|
|
61
91
|
const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
|
|
62
92
|
if (result.fromNativeBroker) {
|
|
63
93
|
this.logger.verbose(`This result is returned from native broker`);
|
|
64
94
|
}
|
|
65
95
|
return this.handleResult(scopes, result || undefined);
|
|
66
96
|
}
|
|
67
|
-
catch (
|
|
68
|
-
|
|
97
|
+
catch (e) {
|
|
98
|
+
this.logger.verbose(`Failed to authenticate through the broker: ${e.message}`);
|
|
99
|
+
// If we tried to use the default broker account and failed, fall back to interactive authentication
|
|
100
|
+
if (options.useDefaultBrokerAccount) {
|
|
101
|
+
return this.doGetBrokeredToken(scopes, interactiveRequest, {
|
|
102
|
+
enableCae: options.enableCae,
|
|
103
|
+
useDefaultBrokerAccount: false,
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
else {
|
|
107
|
+
// If we're not using the default broker account, throw the error
|
|
108
|
+
throw handleMsalError(scopes, e);
|
|
109
|
+
}
|
|
69
110
|
}
|
|
70
111
|
}
|
|
71
112
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,IAAI,MAAM,MAAM,CAAC;AAexB;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;
|
|
1
|
+
{"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,IAAI,MAAM,MAAM,CAAC;AAexB;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,aAAa,GAAG,MAAA,OAAO,CAAC,2BAA2B,0CAAE,YAAY,CAAC;QACvE,IAAI,CAAC,eAAe,GAAG,MAAA,OAAO,CAAC,2BAA2B,0CAAE,cAAc,CAAC;QAC3E,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,uBAAuB;YAC1B,CAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,MAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,uBAAuB,CAAA,CAAC;IACrF,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAgC;gBACtD,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;oBACzB,MAAM,0BAA0B,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM;gBACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC;YAEF,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,EAAE;oBACzD,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;iBACtD,CAAC,CAAC;YACL,CAAC;YAED,gFAAgF;YAEhF,IAAI,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gFAAgF,CACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,uBAAuB,CACpF,kBAAkB,CACnB,CAAC;YACF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAC9B,MAAgB,EAChB,kBAA+C,EAC/C,OAGC;;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,4FAA4F;YAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,OAAC,kBAAkB,CAAC,oBAAoB,oCAAvC,kBAAkB,CAAC,oBAAoB,GAAK,EAAE,EAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QAED,IAAI,OAAO,CAAC,uBAAuB,EAAE,CAAC;YACpC,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,MAAM,GAAG,SAAS,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC7F,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,uBAAuB,CACpF,kBAAkB,CACnB,CAAC;YACF,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC5B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/E,oGAAoG;YACpG,IAAI,OAAO,CAAC,uBAAuB,EAAE,CAAC;gBACpC,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,EAAE;oBACzD,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,uBAAuB,EAAE,KAAK;iBAC/B,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,MAAM,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { handleMsalError } from \"../utils\";\nimport { hasNativeBroker } from \"./msalPlugins\";\nimport open from \"open\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalOpenBrowserOptions extends MsalNodeOptions {\n redirectUri?: string;\n loginHint?: string;\n browserCustomizationOptions?: {\n errorMessage?: string;\n successMessage?: string;\n };\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open,\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private loginHint?: string;\n private errorTemplate?: string;\n private successTemplate?: string;\n private useDefaultBrokerAccount?: boolean;\n\n constructor(options: MsalOpenBrowserOptions) {\n super(options);\n this.loginHint = options.loginHint;\n this.errorTemplate = options.browserCustomizationOptions?.errorMessage;\n this.successTemplate = options.browserCustomizationOptions?.successMessage;\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.useDefaultBrokerAccount =\n options.brokerOptions?.enabled && options.brokerOptions?.useDefaultBrokerAccount;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const interactiveRequest: msalNode.InteractiveRequest = {\n openBrowser: async (url) => {\n await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });\n },\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n correlationId: options?.correlationId,\n loginHint: this.loginHint,\n errorTemplate: this.errorTemplate,\n successTemplate: this.successTemplate,\n };\n\n if (hasNativeBroker() && this.enableBroker) {\n return this.doGetBrokeredToken(scopes, interactiveRequest, {\n enableCae: options.enableCae,\n useDefaultBrokerAccount: this.useDefaultBrokerAccount,\n });\n }\n\n // If the broker is not enabled, we will fall back to interactive authentication\n\n if (hasNativeBroker() && !this.enableBroker) {\n this.logger.verbose(\n \"Authentication will resume normally without the broker, since it's not enabled\",\n );\n }\n\n const result = await this.getApp(\"public\", options?.enableCae).acquireTokenInteractive(\n interactiveRequest,\n );\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * A helper function that supports brokered authentication through the MSAL's public application.\n *\n * When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n * If the default broker account is not available, the method will fall back to interactive authentication.\n */\n private async doGetBrokeredToken(\n scopes: string[],\n interactiveRequest: msalNode.InteractiveRequest,\n options: {\n enableCae?: boolean;\n useDefaultBrokerAccount?: boolean;\n },\n ): Promise<AccessToken> {\n this.logger.verbose(\"Authentication will resume through the broker\");\n if (this.parentWindowHandle) {\n interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);\n } else {\n // error should have been thrown from within the constructor of InteractiveBrowserCredential\n this.logger.warning(\n \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n );\n }\n\n if (this.enableMsaPassthrough) {\n (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n \"consumer_passthrough\";\n }\n\n if (options.useDefaultBrokerAccount) {\n interactiveRequest.prompt = \"none\";\n this.logger.verbose(\"Attempting broker authentication using the default broker account\");\n } else {\n interactiveRequest.prompt = undefined;\n this.logger.verbose(\"Attempting broker authentication without the default broker account\");\n }\n\n try {\n const result = await this.getApp(\"public\", options?.enableCae).acquireTokenInteractive(\n interactiveRequest,\n );\n if (result.fromNativeBroker) {\n this.logger.verbose(`This result is returned from native broker`);\n }\n return this.handleResult(scopes, result || undefined);\n } catch (e: any) {\n this.logger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n // If we tried to use the default broker account and failed, fall back to interactive authentication\n if (options.useDefaultBrokerAccount) {\n return this.doGetBrokeredToken(scopes, interactiveRequest, {\n enableCae: options.enableCae,\n useDefaultBrokerAccount: false,\n });\n } else {\n // If we're not using the default broker account, throw the error\n throw handleMsalError(scopes, e);\n }\n }\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@azure/identity",
|
|
3
3
|
"sdk-type": "client",
|
|
4
|
-
"version": "4.1.0-alpha.
|
|
4
|
+
"version": "4.1.0-alpha.20240321.3",
|
|
5
5
|
"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"module": "dist-esm/src/index.js",
|
|
@@ -55,7 +55,7 @@
|
|
|
55
55
|
"format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
|
|
56
56
|
"check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
|
|
57
57
|
"integration-test:browser": "echo skipped",
|
|
58
|
-
"integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts' 'test/integration
|
|
58
|
+
"integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts' 'test/integration/**/*.spec.ts'",
|
|
59
59
|
"integration-test": "npm run integration-test:node && npm run integration-test:browser",
|
|
60
60
|
"lint:fix": "eslint package.json api-extractor.json src test --ext .ts --fix --fix-type [problem,suggestion]",
|
|
61
61
|
"lint": "eslint package.json api-extractor.json src test --ext .ts",
|
package/types/identity.d.ts
CHANGED
|
@@ -409,7 +409,7 @@ export declare interface BrokerAuthOptions {
|
|
|
409
409
|
*/
|
|
410
410
|
export declare interface BrokerDisabledOptions {
|
|
411
411
|
/**
|
|
412
|
-
* If set to true, broker will be enabled for WAM support on Windows
|
|
412
|
+
* If set to true, broker will be enabled for WAM support on Windows.
|
|
413
413
|
*/
|
|
414
414
|
enabled: false;
|
|
415
415
|
/**
|
|
@@ -417,7 +417,7 @@ export declare interface BrokerDisabledOptions {
|
|
|
417
417
|
*/
|
|
418
418
|
legacyEnableMsaPassthrough?: undefined;
|
|
419
419
|
/**
|
|
420
|
-
* Window handle for parent window, required for WAM authentication
|
|
420
|
+
* Window handle for parent window, required for WAM authentication.
|
|
421
421
|
*/
|
|
422
422
|
parentWindowHandle: undefined;
|
|
423
423
|
}
|
|
@@ -427,7 +427,7 @@ export declare interface BrokerDisabledOptions {
|
|
|
427
427
|
*/
|
|
428
428
|
export declare interface BrokerEnabledOptions {
|
|
429
429
|
/**
|
|
430
|
-
* If set to true, broker will be enabled for WAM support on Windows
|
|
430
|
+
* If set to true, broker will be enabled for WAM support on Windows.
|
|
431
431
|
*/
|
|
432
432
|
enabled: true;
|
|
433
433
|
/**
|
|
@@ -435,9 +435,13 @@ export declare interface BrokerEnabledOptions {
|
|
|
435
435
|
*/
|
|
436
436
|
legacyEnableMsaPassthrough?: boolean;
|
|
437
437
|
/**
|
|
438
|
-
* Window handle for parent window, required for WAM authentication
|
|
438
|
+
* Window handle for parent window, required for WAM authentication.
|
|
439
439
|
*/
|
|
440
440
|
parentWindowHandle: Uint8Array;
|
|
441
|
+
/**
|
|
442
|
+
* If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication.
|
|
443
|
+
*/
|
|
444
|
+
useDefaultBrokerAccount?: boolean;
|
|
441
445
|
}
|
|
442
446
|
|
|
443
447
|
/**
|