@azure/identity 4.1.1-alpha.20240419.1 → 4.1.1-alpha.20240422.3

package/dist-esm/src/index.js

@@ -29,4 +29,5 @@ export { AzureAuthorityHosts } from "./constants";
 export function getDefaultAzureCredential() {
     return new DefaultAzureCredential();
 }
+export { getBearerTokenProvider } from "./tokenProvider";
 //# sourceMappingURL=index.js.map

package/dist-esm/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAe9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAG1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAO1E,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAOpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n  AuthenticationError,\n  ErrorResponse,\n  AggregateAuthenticationError,\n  AuthenticationErrorName,\n  AggregateAuthenticationErrorName,\n  CredentialUnavailableError,\n  CredentialUnavailableErrorName,\n  AuthenticationRequiredError,\n  AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { BrokerAuthOptions } from \"./credentials/brokerAuthOptions\";\nexport {\n  BrokerOptions,\n  BrokerEnabledOptions,\n  BrokerDisabledOptions,\n} from \"./msal/nodeFlows/brokerOptions\";\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n  ClientCertificateCredential,\n  ClientCertificateCredentialPEMConfiguration,\n  ClientCertificatePEMCertificatePath,\n  ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential\";\nexport { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n  InteractiveBrowserCredentialNodeOptions,\n  InteractiveBrowserCredentialInBrowserOptions,\n  BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n  DeviceCodePromptCallback,\n  DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\n\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n  OnBehalfOfCredentialOptions,\n  OnBehalfOfCredentialSecretOptions,\n  OnBehalfOfCredentialCertificateOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions\";\nexport { BrowserCustomizationOptions } from \"./credentials/browserCustomizationOptions\";\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,oBAAoB,CAAC;AAKnC,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAe9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAE9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAO9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EACL,2BAA2B,GAI5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAM1F,OAAO,EACL,yBAAyB,GAG1B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAO1E,OAAO,EAAE,2BAA2B,EAAE,MAAM,2CAA2C,CAAC;AAExF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAOpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAEtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;AAED,OAAO,EAAE,sBAAsB,EAAiC,MAAM,iBAAiB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport * from \"./plugins/consumer\";\n\nexport { IdentityPlugin } from \"./plugins/provider\";\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport {\n  AuthenticationError,\n  ErrorResponse,\n  AggregateAuthenticationError,\n  AuthenticationErrorName,\n  AggregateAuthenticationErrorName,\n  CredentialUnavailableError,\n  CredentialUnavailableErrorName,\n  AuthenticationRequiredError,\n  AuthenticationRequiredErrorOptions,\n} from \"./errors\";\n\nexport { AuthenticationRecord } from \"./msal/types\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils\";\nexport { TokenCredentialOptions } from \"./tokenCredentialOptions\";\nexport { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions\";\nexport { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport { BrokerAuthOptions } from \"./credentials/brokerAuthOptions\";\nexport {\n  BrokerOptions,\n  BrokerEnabledOptions,\n  BrokerDisabledOptions,\n} from \"./msal/nodeFlows/brokerOptions\";\nexport { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\nexport {\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./credentials/defaultAzureCredentialOptions\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions\";\n\nexport {\n  ClientCertificateCredential,\n  ClientCertificateCredentialPEMConfiguration,\n  ClientCertificatePEMCertificatePath,\n  ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential\";\nexport { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions\";\nexport { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\nexport { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential\";\nexport { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n  InteractiveBrowserCredentialNodeOptions,\n  InteractiveBrowserCredentialInBrowserOptions,\n  BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport {\n  ManagedIdentityCredential,\n  ManagedIdentityCredentialClientIdOptions,\n  ManagedIdentityCredentialResourceIdOptions,\n} from \"./credentials/managedIdentityCredential\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential\";\nexport {\n  DeviceCodePromptCallback,\n  DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions\";\nexport { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions\";\n\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential\";\nexport { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions\";\nexport {\n  OnBehalfOfCredentialOptions,\n  OnBehalfOfCredentialSecretOptions,\n  OnBehalfOfCredentialCertificateOptions,\n} from \"./credentials/onBehalfOfCredentialOptions\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential\";\nexport { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential\";\nexport { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions\";\nexport { BrowserCustomizationOptions } from \"./credentials/browserCustomizationOptions\";\nexport { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n  return new DefaultAzureCredential();\n}\n\nexport { getBearerTokenProvider, GetBearerTokenProviderOptions } from \"./tokenProvider\";\n"]}

package/dist-esm/src/msal/nodeFlows/msalClient.js

@@ -66,9 +66,11 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
         const appKey = options.enableCae ? "CAE" : "default";
         let confidentialClientApp = confidentialApps.get(appKey);
         if (confidentialClientApp) {
+            msalLogger.getToken.info("Existing ConfidentialClientApplication found in cache, returning it.");
             return confidentialClientApp;
         }
         // Initialize a new app and cache it
+        msalLogger.getToken.info(`Creating new ConfidentialClientApplication with CAE ${options.enableCae ? "enabled" : "disabled"}.`);
         const cachePlugin = options.enableCae
             ? state.pluginConfiguration.cache.cachePluginCae
             : state.pluginConfiguration.cache.cachePlugin;
@@ -79,6 +81,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
     }
     async function getTokenSilent(app, scopes, options = {}) {
         if (state.cachedAccount === null) {
+            msalLogger.getToken.info("No cached account found in local state, attempting to load it from MSAL cache.");
             const cache = app.getTokenCache();
             const accounts = await cache.getAllAccounts();
             if (accounts === undefined || accounts.length === 0) {
@@ -98,14 +101,19 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         if (options.claims) {
             state.cachedClaims = options.claims;
         }
-        // TODO: port over changes for broker
-        // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395
-        msalLogger.getToken.info("Attempting to acquire token silently");
-        return app.acquireTokenSilent({
+        const silentRequest = {
             account: state.cachedAccount,
             scopes,
             claims: state.cachedClaims,
-        });
+        };
+        if (state.pluginConfiguration.broker.isEnabled) {
+            silentRequest.tokenQueryParameters || (silentRequest.tokenQueryParameters = {});
+            if (state.pluginConfiguration.broker.enableMsaPassthrough) {
+                silentRequest.tokenQueryParameters["msal_request_type"] = "consumer_passthrough";
+            }
+        }
+        msalLogger.getToken.info("Attempting to acquire token silently");
+        return app.acquireTokenSilent(silentRequest);
     }
     /**
      * Performs silent authentication using MSAL to acquire an access token.

package/dist-esm/src/msal/nodeFlows/msalClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,WAAW,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAsDlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAsBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,WAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;KACtF,CAAC;IAEF,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACzD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE,IACzC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,qCAAqC;QACrC,+JAA+J;QAC/J,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC;YAC5B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE5E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAuB,EACvB,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAE/E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,eAAe;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, msalPlugins } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CertificateParts } from \"../types\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param arrayScopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    arrayScopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param arrayScopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client assertion used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    arrayScopes: string[],\n    clientAssertion: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    // TODO: port over changes for broker\n    // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent({\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    });\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n    };\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n      }),\n    );\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n        clientAssertion,\n      }),\n    );\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n      }),\n    );\n  }\n\n  return {\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n  };\n}\n"]}
+{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAGzC,OAAO,EAAuB,WAAW,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAsDlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;;IAEzC,MAAM,cAAc,GAAG,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvE,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAC5B,cAAc,EACd,MAAA,iBAAiB,CAAC,aAAa,mCAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACpE,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,cAAc,iCAChC,iBAAiB,CAAC,sBAAsB,KAC3C,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc,IAChD,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,MAAA,iBAAiB,CAAC,MAAM,mCAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,iBAAiB,CAAC,cAAc,0CAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAsBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,WAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;KACtF,CAAC;IAEF,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,sEAAsE,CACvE,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,uDAAuD,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CACrG,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,iCACzD,KAAK,CAAC,UAAU,KACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,EACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE,IACzC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,gFAAgF,CACjF,CAAC;YACF,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE,CAAC;YAE9C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC;;;;6KAIqJ,CAAC,CAAC;gBACvK,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,KAAK,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAA2B;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC;QAEF,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,aAAa,CAAC,oBAAoB,KAAlC,aAAa,CAAC,oBAAoB,GAAK,EAAE,EAAC;YAC1C,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1D,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAwB,EACxB,wBAAyE;;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,8BAA8B,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,mCAAI,IAAI,CAAC;QAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE5E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAuB,EACvB,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAE/E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,eAAe;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,OAAO,CAAC,8BAA8B,CAAC;YACrC,MAAM;YACN,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC1C,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PluginConfiguration, msalPlugins } from \"./msalPlugins\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  publicToMsal,\n} from \"../utils\";\n\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CertificateParts } from \"../types\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { MsalNodeOptions } from \"./msalNodeCommon\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils\";\n\n/**\n * The logger for all MsalClient instances.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param arrayScopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    arrayScopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param arrayScopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client assertion used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    arrayScopes: string[],\n    clientAssertion: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Options for creating an instance of the MsalClient.\n */\nexport type MsalClientOptions = Partial<Omit<MsalNodeOptions, \"clientId\" | \"tenantId\">>;\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(msalLogger, tenantId, clientId);\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(\n    resolvedTenant,\n    msalClientOptions.authorityHost ?? process.env.AZURE_AUTHORITY_HOST,\n  );\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n  };\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      msalLogger.getToken.info(\n        \"Existing ConfidentialClientApplication found in cache, returning it.\",\n      );\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    msalLogger.getToken.info(\n      `Creating new ConfidentialClientApplication with CAE ${options.enableCae ? \"enabled\" : \"disabled\"}.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      msalLogger.getToken.info(\n        \"No cached account found in local state, attempting to load it from MSAL cache.\",\n      );\n      const cache = app.getTokenCache();\n      const accounts = await cache.getAllAccounts();\n\n      if (accounts === undefined || accounts.length === 0) {\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      if (accounts.length > 1) {\n        msalLogger.info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n        throw new AuthenticationRequiredError({ scopes });\n      }\n\n      state.cachedAccount = accounts[0];\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    const silentRequest: msal.SilentFlowRequest = {\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    };\n\n    if (state.pluginConfiguration.broker.isEnabled) {\n      silentRequest.tokenQueryParameters ||= {};\n      if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    msalLogger.getToken.info(\"Attempting to acquire token silently\");\n    return app.acquireTokenSilent(silentRequest);\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (createMsalClientOptions.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    msalLogger.getToken.info(formatSuccess(scopes));\n\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n    };\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n      }),\n    );\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n        clientAssertion,\n      }),\n    );\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () =>\n      msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: state.msalConfig.auth.authority,\n        claims: options?.claims,\n      }),\n    );\n  }\n\n  return {\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n  };\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalPlugins.js

@@ -43,15 +43,16 @@ export const msalNodeFlowNativeBrokerControl = {
  * @returns plugin configuration
  */
 function generatePluginConfiguration(options) {
-    var _a, _b, _c, _d, _e;
+    var _a, _b, _c, _d, _e, _f, _g;
     const config = {
         cache: {},
         broker: {
-            enableMsaPassthrough: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.legacyEnableMsaPassthrough) !== null && _b !== void 0 ? _b : false,
-            parentWindowHandle: (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.parentWindowHandle,
+            isEnabled: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : false,
+            enableMsaPassthrough: (_d = (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough) !== null && _d !== void 0 ? _d : false,
+            parentWindowHandle: (_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.parentWindowHandle,
         },
     };
-    if ((_d = options.tokenCachePersistenceOptions) === null || _d === void 0 ? void 0 : _d.enabled) {
+    if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
         if (persistenceProvider === undefined) {
             throw new Error([
                 "Persistent token caching was requested, but no persistence provider was configured.",
@@ -64,7 +65,7 @@ function generatePluginConfiguration(options) {
         config.cache.cachePlugin = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
         config.cache.cachePluginCae = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
     }
-    if ((_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.enabled) {
+    if ((_g = options.brokerOptions) === null || _g === void 0 ? void 0 : _g.enabled) {
         if (nativeBrokerInfo === undefined) {
             throw new Error([
                 "Broker for WAM was requested to be enabled, but no native broker was configured.",

package/dist-esm/src/msal/nodeFlows/msalPlugins.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AA2BnG;;;GAGG;AACH,MAAM,CAAC,IAAI,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,IAAI,gBAAgB,GAIX,SAAS,CAAC;AAE1B,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,gBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,oBAAoB,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,0BAA0B,mCAAI,KAAK;YAChF,kBAAkB,EAAE,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB;SAC9D;KACF,CAAC;IAEF,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;QAClD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,wBAAwB,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,mBAAmB,iBAC5C,IAAI,EAAE,GAAG,aAAa,IAAI,oBAAoB,EAAE,IAC7C,OAAO,CAAC,4BAA4B,EACvC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,mBAAmB,iBAC/C,IAAI,EAAE,GAAG,aAAa,IAAI,gBAAgB,EAAE,IACzC,OAAO,CAAC,4BAA4B,EACvC,CAAC;IACL,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,EAAE,CAAC;QACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,gBAAiB,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DEFAULT_TOKEN_CACHE_NAME } from \"../../constants\";\n\nimport { MsalClientOptions } from \"./msalClient\";\nimport { NativeBrokerPluginControl } from \"../../plugins/provider\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    enableMsaPassthrough: boolean;\n    parentWindowHandle?: Uint8Array;\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n      parentWindowHandle: options.brokerOptions?.parentWindowHandle,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (nativeBrokerInfo === undefined) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n\n    config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n  }\n\n  return config;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}
+{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAgDnG;;;GAGG;AACH,MAAM,CAAC,IAAI,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,IAAI,gBAAgB,GAIX,SAAS,CAAC;AAE1B,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,gBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,SAAS,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,mCAAI,KAAK;YAClD,oBAAoB,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,0BAA0B,mCAAI,KAAK;YAChF,kBAAkB,EAAE,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB;SAC9D;KACF,CAAC;IAEF,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;QAClD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,wBAAwB,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,mBAAmB,iBAC5C,IAAI,EAAE,GAAG,aAAa,IAAI,oBAAoB,EAAE,IAC7C,OAAO,CAAC,4BAA4B,EACvC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,mBAAmB,iBAC/C,IAAI,EAAE,GAAG,aAAa,IAAI,gBAAgB,EAAE,IACzC,OAAO,CAAC,4BAA4B,EACvC,CAAC;IACL,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,EAAE,CAAC;QACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,gBAAiB,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DEFAULT_TOKEN_CACHE_NAME } from \"../../constants\";\n\nimport { MsalClientOptions } from \"./msalClient\";\nimport { NativeBrokerPluginControl } from \"../../plugins/provider\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    /**\n     * The non-CAE cache plugin handler.\n     */\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    /**\n     * The CAE cache plugin handler - persisted to a different file.\n     */\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    /**\n     * True if the broker plugin is enabled and available. False otherwise.\n     *\n     * It is a bug if this is true and the broker plugin is not available.\n     */\n    isEnabled: boolean;\n    /**\n     * If true, MSA account will be passed through, required for WAM authentication.\n     */\n    enableMsaPassthrough: boolean;\n    /**\n     * The parent window handle for the broker.\n     */\n    parentWindowHandle?: Uint8Array;\n    /**\n     * The native broker plugin handler.\n     */\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      isEnabled: options.brokerOptions?.enabled ?? false,\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n      parentWindowHandle: options.brokerOptions?.parentWindowHandle,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (nativeBrokerInfo === undefined) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n    config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n  }\n\n  return config;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}

package/dist-esm/src/tokenProvider.js

@@ -0,0 +1,52 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+import { bearerTokenAuthenticationPolicy, createEmptyPipeline, createPipelineRequest, } from "@azure/core-rest-pipeline";
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```js
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+export function getBearerTokenProvider(credential, scopes, options) {
+    const { abortSignal, tracingOptions } = options || {};
+    const pipeline = createEmptyPipeline();
+    pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));
+    async function getRefreshedToken() {
+        var _a;
+        // Create a pipeline with just the bearer token policy
+        // and run a dummy request through it to get the token
+        const res = await pipeline.sendRequest({
+            sendRequest: (request) => Promise.resolve({
+                request,
+                status: 200,
+                headers: request.headers,
+            }),
+        }, createPipelineRequest({
+            url: "https://example.com",
+            abortSignal,
+            tracingOptions,
+        }));
+        const accessToken = (_a = res.headers.get("authorization")) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+        if (!accessToken) {
+            throw new Error("Failed to get access token");
+        }
+        return accessToken;
+    }
+    return getRefreshedToken;
+}
+//# sourceMappingURL=tokenProvider.js.map

package/dist-esm/src/tokenProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n  bearerTokenAuthenticationPolicy,\n  createEmptyPipeline,\n  createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n  /** The abort signal to abort requests to get tokens */\n  abortSignal?: AbortSignal;\n  /** The tracing options for the requests to get tokens */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request to get a token.\n     */\n    tracingContext?: TracingContext;\n  };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```js\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n *\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n  credential: TokenCredential,\n  scopes: string | string[],\n  options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n  const { abortSignal, tracingOptions } = options || {};\n  const pipeline = createEmptyPipeline();\n  pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n  async function getRefreshedToken(): Promise<string> {\n    // Create a pipeline with just the bearer token policy\n    // and run a dummy request through it to get the token\n    const res = await pipeline.sendRequest(\n      {\n        sendRequest: (request) =>\n          Promise.resolve({\n            request,\n            status: 200,\n            headers: request.headers,\n          }),\n      },\n      createPipelineRequest({\n        url: \"https://example.com\",\n        abortSignal,\n        tracingOptions,\n      }),\n    );\n    const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n    if (!accessToken) {\n      throw new Error(\"Failed to get access token\");\n    }\n    return accessToken;\n  }\n  return getRefreshedToken;\n}\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "4.1.1-alpha.20240419.1",
+  "version": "4.1.1-alpha.20240422.3",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",

package/types/identity.d.ts

@@ -4,6 +4,7 @@ import { CommonClientOptions } from '@azure/core-client';
 import { GetTokenOptions } from '@azure/core-auth';
 import { LogPolicyOptions } from '@azure/core-rest-pipeline';
 import { TokenCredential } from '@azure/core-auth';
+import type { TracingContext } from '@azure/core-auth';
 
 export { AccessToken }
 
@@ -1075,6 +1076,44 @@ export declare interface ErrorResponse {
     correlationId?: string;
 }
 
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```js
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+export declare function getBearerTokenProvider(credential: TokenCredential, scopes: string | string[], options?: GetBearerTokenProviderOptions): () => Promise<string>;
+
+/**
+ * The options to configure the token provider.
+ */
+export declare interface GetBearerTokenProviderOptions {
+    /** The abort signal to abort requests to get tokens */
+    abortSignal?: AbortSignal;
+    /** The tracing options for the requests to get tokens */
+    tracingOptions?: {
+        /**
+         * Tracing Context for the current request to get a token.
+         */
+        tracingContext?: TracingContext;
+    };
+}
+
 /**
  * Returns a new instance of the {@link DefaultAzureCredential}.
  */