@azure/identity 4.1.1-alpha.20240418.1 → 4.1.1-alpha.20240422.3

package/dist/index.js

@@ -150,15 +150,16 @@ const msalNodeFlowNativeBrokerControl = {
  * @returns plugin configuration
  */
 function generatePluginConfiguration(options) {
-    var _a, _b, _c, _d, _e;
+    var _a, _b, _c, _d, _e, _f, _g;
     const config = {
         cache: {},
         broker: {
-            enableMsaPassthrough: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.legacyEnableMsaPassthrough) !== null && _b !== void 0 ? _b : false,
-            parentWindowHandle: (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.parentWindowHandle,
+            isEnabled: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : false,
+            enableMsaPassthrough: (_d = (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough) !== null && _d !== void 0 ? _d : false,
+            parentWindowHandle: (_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.parentWindowHandle,
         },
     };
-    if ((_d = options.tokenCachePersistenceOptions) === null || _d === void 0 ? void 0 : _d.enabled) {
+    if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
         if (persistenceProvider === undefined) {
             throw new Error([
                 "Persistent token caching was requested, but no persistence provider was configured.",
@@ -171,7 +172,7 @@ function generatePluginConfiguration(options) {
         config.cache.cachePlugin = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
         config.cache.cachePluginCae = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
     }
-    if ((_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.enabled) {
+    if ((_g = options.brokerOptions) === null || _g === void 0 ? void 0 : _g.enabled) {
         if (nativeBrokerInfo === undefined) {
             throw new Error([
                 "Broker for WAM was requested to be enabled, but no native broker was configured.",
@@ -1819,9 +1820,11 @@ function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
         const appKey = options.enableCae ? "CAE" : "default";
         let confidentialClientApp = confidentialApps.get(appKey);
         if (confidentialClientApp) {
+            msalLogger.getToken.info("Existing ConfidentialClientApplication found in cache, returning it.");
             return confidentialClientApp;
         }
         // Initialize a new app and cache it
+        msalLogger.getToken.info(`Creating new ConfidentialClientApplication with CAE ${options.enableCae ? "enabled" : "disabled"}.`);
         const cachePlugin = options.enableCae
             ? state.pluginConfiguration.cache.cachePluginCae
             : state.pluginConfiguration.cache.cachePlugin;
@@ -1832,6 +1835,7 @@ function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
     }
     async function getTokenSilent(app, scopes, options = {}) {
         if (state.cachedAccount === null) {
+            msalLogger.getToken.info("No cached account found in local state, attempting to load it from MSAL cache.");
             const cache = app.getTokenCache();
             const accounts = await cache.getAllAccounts();
             if (accounts === undefined || accounts.length === 0) {
@@ -1851,14 +1855,19 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         if (options.claims) {
             state.cachedClaims = options.claims;
         }
-        // TODO: port over changes for broker
-        // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395
-        msalLogger.getToken.info("Attempting to acquire token silently");
-        return app.acquireTokenSilent({
+        const silentRequest = {
             account: state.cachedAccount,
             scopes,
             claims: state.cachedClaims,
-        });
+        };
+        if (state.pluginConfiguration.broker.isEnabled) {
+            silentRequest.tokenQueryParameters || (silentRequest.tokenQueryParameters = {});
+            if (state.pluginConfiguration.broker.enableMsaPassthrough) {
+                silentRequest.tokenQueryParameters["msal_request_type"] = "consumer_passthrough";
+            }
+        }
+        msalLogger.getToken.info("Attempting to acquire token silently");
+        return app.acquireTokenSilent(silentRequest);
     }
     /**
      * Performs silent authentication using MSAL to acquire an access token.
@@ -4546,6 +4555,57 @@ class OnBehalfOfCredential {
     }
 }
 
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```js
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+function getBearerTokenProvider(credential, scopes, options) {
+    const { abortSignal, tracingOptions } = options || {};
+    const pipeline = coreRestPipeline.createEmptyPipeline();
+    pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({ credential, scopes }));
+    async function getRefreshedToken() {
+        var _a;
+        // Create a pipeline with just the bearer token policy
+        // and run a dummy request through it to get the token
+        const res = await pipeline.sendRequest({
+            sendRequest: (request) => Promise.resolve({
+                request,
+                status: 200,
+                headers: request.headers,
+            }),
+        }, coreRestPipeline.createPipelineRequest({
+            url: "https://example.com",
+            abortSignal,
+            tracingOptions,
+        }));
+        const accessToken = (_a = res.headers.get("authorization")) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+        if (!accessToken) {
+            throw new Error("Failed to get access token");
+        }
+        return accessToken;
+    }
+    return getRefreshedToken;
+}
+
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -4580,6 +4640,7 @@ exports.UsernamePasswordCredential = UsernamePasswordCredential;
 exports.VisualStudioCodeCredential = VisualStudioCodeCredential;
 exports.WorkloadIdentityCredential = WorkloadIdentityCredential;
 exports.deserializeAuthenticationRecord = deserializeAuthenticationRecord;
+exports.getBearerTokenProvider = getBearerTokenProvider;
 exports.getDefaultAzureCredential = getDefaultAzureCredential;
 exports.logger = logger$p;
 exports.serializeAuthenticationRecord = serializeAuthenticationRecord;