@azure/identity 4.1.1-alpha.20240419.1 → 4.1.1-alpha.20240423.2

package/dist/index.js

@@ -150,15 +150,16 @@ const msalNodeFlowNativeBrokerControl = {
  * @returns plugin configuration
  */
 function generatePluginConfiguration(options) {
-    var _a, _b, _c, _d, _e;
+    var _a, _b, _c, _d, _e, _f, _g;
     const config = {
         cache: {},
         broker: {
-            enableMsaPassthrough: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.legacyEnableMsaPassthrough) !== null && _b !== void 0 ? _b : false,
-            parentWindowHandle: (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.parentWindowHandle,
+            isEnabled: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : false,
+            enableMsaPassthrough: (_d = (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough) !== null && _d !== void 0 ? _d : false,
+            parentWindowHandle: (_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.parentWindowHandle,
         },
     };
-    if ((_d = options.tokenCachePersistenceOptions) === null || _d === void 0 ? void 0 : _d.enabled) {
+    if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
         if (persistenceProvider === undefined) {
             throw new Error([
                 "Persistent token caching was requested, but no persistence provider was configured.",
@@ -171,7 +172,7 @@ function generatePluginConfiguration(options) {
         config.cache.cachePlugin = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
         config.cache.cachePluginCae = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
     }
-    if ((_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.enabled) {
+    if ((_g = options.brokerOptions) === null || _g === void 0 ? void 0 : _g.enabled) {
         if (nativeBrokerInfo === undefined) {
             throw new Error([
                 "Broker for WAM was requested to be enabled, but no native broker was configured.",
@@ -1759,6 +1760,146 @@ const imdsMsi = {
     },
 };
 
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Helps specify a regional authority, or "AutoDiscoverRegion" to auto-detect the region.
+ */
+var RegionalAuthority;
+(function (RegionalAuthority) {
+    /** Instructs MSAL to attempt to discover the region */
+    RegionalAuthority["AutoDiscoverRegion"] = "AutoDiscoverRegion";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */
+    RegionalAuthority["USWest"] = "westus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */
+    RegionalAuthority["USWest2"] = "westus2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */
+    RegionalAuthority["USCentral"] = "centralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */
+    RegionalAuthority["USEast"] = "eastus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */
+    RegionalAuthority["USEast2"] = "eastus2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */
+    RegionalAuthority["USNorthCentral"] = "northcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */
+    RegionalAuthority["USSouthCentral"] = "southcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */
+    RegionalAuthority["USWestCentral"] = "westcentralus";
+    /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */
+    RegionalAuthority["CanadaCentral"] = "canadacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */
+    RegionalAuthority["CanadaEast"] = "canadaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */
+    RegionalAuthority["BrazilSouth"] = "brazilsouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */
+    RegionalAuthority["EuropeNorth"] = "northeurope";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */
+    RegionalAuthority["EuropeWest"] = "westeurope";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */
+    RegionalAuthority["UKSouth"] = "uksouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */
+    RegionalAuthority["UKWest"] = "ukwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */
+    RegionalAuthority["FranceCentral"] = "francecentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */
+    RegionalAuthority["FranceSouth"] = "francesouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */
+    RegionalAuthority["SwitzerlandNorth"] = "switzerlandnorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */
+    RegionalAuthority["SwitzerlandWest"] = "switzerlandwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */
+    RegionalAuthority["GermanyNorth"] = "germanynorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */
+    RegionalAuthority["GermanyWestCentral"] = "germanywestcentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */
+    RegionalAuthority["NorwayWest"] = "norwaywest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */
+    RegionalAuthority["NorwayEast"] = "norwayeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */
+    RegionalAuthority["AsiaEast"] = "eastasia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */
+    RegionalAuthority["AsiaSouthEast"] = "southeastasia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */
+    RegionalAuthority["JapanEast"] = "japaneast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */
+    RegionalAuthority["JapanWest"] = "japanwest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */
+    RegionalAuthority["AustraliaEast"] = "australiaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */
+    RegionalAuthority["AustraliaSouthEast"] = "australiasoutheast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */
+    RegionalAuthority["AustraliaCentral"] = "australiacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */
+    RegionalAuthority["AustraliaCentral2"] = "australiacentral2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */
+    RegionalAuthority["IndiaCentral"] = "centralindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */
+    RegionalAuthority["IndiaSouth"] = "southindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */
+    RegionalAuthority["IndiaWest"] = "westindia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */
+    RegionalAuthority["KoreaSouth"] = "koreasouth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */
+    RegionalAuthority["KoreaCentral"] = "koreacentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */
+    RegionalAuthority["UAECentral"] = "uaecentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */
+    RegionalAuthority["UAENorth"] = "uaenorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */
+    RegionalAuthority["SouthAfricaNorth"] = "southafricanorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */
+    RegionalAuthority["SouthAfricaWest"] = "southafricawest";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */
+    RegionalAuthority["ChinaNorth"] = "chinanorth";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */
+    RegionalAuthority["ChinaEast"] = "chinaeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */
+    RegionalAuthority["ChinaNorth2"] = "chinanorth2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */
+    RegionalAuthority["ChinaEast2"] = "chinaeast2";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */
+    RegionalAuthority["GermanyCentral"] = "germanycentral";
+    /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */
+    RegionalAuthority["GermanyNorthEast"] = "germanynortheast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */
+    RegionalAuthority["GovernmentUSVirginia"] = "usgovvirginia";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */
+    RegionalAuthority["GovernmentUSIowa"] = "usgoviowa";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */
+    RegionalAuthority["GovernmentUSArizona"] = "usgovarizona";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */
+    RegionalAuthority["GovernmentUSTexas"] = "usgovtexas";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */
+    RegionalAuthority["GovernmentUSDodEast"] = "usdodeast";
+    /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */
+    RegionalAuthority["GovernmentUSDodCentral"] = "usdodcentral";
+})(RegionalAuthority || (RegionalAuthority = {}));
+/**
+ * Calculates the correct regional authority based on the supplied value
+ * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.
+ *
+ * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}
+ * which is mapped to a value MSAL can understand.
+ *
+ * @internal
+ */
+function calculateRegionalAuthority(regionalAuthority) {
+    // Note: as of today only 3 credentials support regional authority, and the parameter
+    // is not exposed via the public API. Regional Authority is _only_ supported
+    // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.
+    var _a, _b;
+    // Accepting the regionalAuthority parameter will allow us to support it in the future.
+    let azureRegion = regionalAuthority;
+    if (azureRegion === undefined &&
+        ((_b = (_a = globalThis.process) === null || _a === void 0 ? void 0 : _a.env) === null || _b === void 0 ? void 0 : _b.AZURE_REGIONAL_AUTHORITY_NAME) !== undefined) {
+        azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;
+    }
+    if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {
+        return "AUTO_DISCOVER";
+    }
+    return azureRegion;
+}
+
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -1819,9 +1960,11 @@ function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
         const appKey = options.enableCae ? "CAE" : "default";
         let confidentialClientApp = confidentialApps.get(appKey);
         if (confidentialClientApp) {
+            msalLogger.getToken.info("Existing ConfidentialClientApplication found in cache, returning it.");
             return confidentialClientApp;
         }
         // Initialize a new app and cache it
+        msalLogger.getToken.info(`Creating new ConfidentialClientApplication with CAE ${options.enableCae ? "enabled" : "disabled"}.`);
         const cachePlugin = options.enableCae
             ? state.pluginConfiguration.cache.cachePluginCae
             : state.pluginConfiguration.cache.cachePlugin;
@@ -1832,6 +1975,7 @@ function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
     }
     async function getTokenSilent(app, scopes, options = {}) {
         if (state.cachedAccount === null) {
+            msalLogger.getToken.info("No cached account found in local state, attempting to load it from MSAL cache.");
             const cache = app.getTokenCache();
             const accounts = await cache.getAllAccounts();
             if (accounts === undefined || accounts.length === 0) {
@@ -1851,14 +1995,19 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         if (options.claims) {
             state.cachedClaims = options.claims;
         }
-        // TODO: port over changes for broker
-        // https://github.com/Azure/azure-sdk-for-js/blob/727a7208251961b5036d8e1d86edaa944c42e3d6/sdk/identity/identity/src/msal/nodeFlows/msalNodeCommon.ts#L383-L395
-        msalLogger.getToken.info("Attempting to acquire token silently");
-        return app.acquireTokenSilent({
+        const silentRequest = {
             account: state.cachedAccount,
             scopes,
             claims: state.cachedClaims,
-        });
+        };
+        if (state.pluginConfiguration.broker.isEnabled) {
+            silentRequest.tokenQueryParameters || (silentRequest.tokenQueryParameters = {});
+            if (state.pluginConfiguration.broker.enableMsaPassthrough) {
+                silentRequest.tokenQueryParameters["msal_request_type"] = "consumer_passthrough";
+            }
+        }
+        msalLogger.getToken.info("Attempting to acquire token silently");
+        return app.acquireTokenSilent(silentRequest);
     }
     /**
      * Performs silent authentication using MSAL to acquire an access token.
@@ -1913,6 +2062,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         return withSilentAuthentication(msalApp, scopes, options, () => msalApp.acquireTokenByClientCredential({
             scopes,
             authority: state.msalConfig.auth.authority,
+            azureRegion: calculateRegionalAuthority(),
             claims: options === null || options === void 0 ? void 0 : options.claims,
         }));
     }
@@ -1923,6 +2073,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         return withSilentAuthentication(msalApp, scopes, options, () => msalApp.acquireTokenByClientCredential({
             scopes,
             authority: state.msalConfig.auth.authority,
+            azureRegion: calculateRegionalAuthority(),
             claims: options === null || options === void 0 ? void 0 : options.claims,
             clientAssertion,
         }));
@@ -1933,6 +2084,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
         const msalApp = await getConfidentialApp(options);
         return withSilentAuthentication(msalApp, scopes, options, () => msalApp.acquireTokenByClientCredential({
             scopes,
+            azureRegion: calculateRegionalAuthority(),
             authority: state.msalConfig.auth.authority,
             claims: options === null || options === void 0 ? void 0 : options.claims,
         }));
@@ -3217,142 +3369,6 @@ class ClientSecretCredential {
     }
 }
 
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * Helps specify a regional authority, or "AutoDiscoverRegion" to auto-detect the region.
- */
-var RegionalAuthority;
-(function (RegionalAuthority) {
-    /** Instructs MSAL to attempt to discover the region */
-    RegionalAuthority["AutoDiscoverRegion"] = "AutoDiscoverRegion";
-    /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */
-    RegionalAuthority["USWest"] = "westus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */
-    RegionalAuthority["USWest2"] = "westus2";
-    /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */
-    RegionalAuthority["USCentral"] = "centralus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */
-    RegionalAuthority["USEast"] = "eastus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */
-    RegionalAuthority["USEast2"] = "eastus2";
-    /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */
-    RegionalAuthority["USNorthCentral"] = "northcentralus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */
-    RegionalAuthority["USSouthCentral"] = "southcentralus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */
-    RegionalAuthority["USWestCentral"] = "westcentralus";
-    /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */
-    RegionalAuthority["CanadaCentral"] = "canadacentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */
-    RegionalAuthority["CanadaEast"] = "canadaeast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */
-    RegionalAuthority["BrazilSouth"] = "brazilsouth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */
-    RegionalAuthority["EuropeNorth"] = "northeurope";
-    /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */
-    RegionalAuthority["EuropeWest"] = "westeurope";
-    /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */
-    RegionalAuthority["UKSouth"] = "uksouth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */
-    RegionalAuthority["UKWest"] = "ukwest";
-    /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */
-    RegionalAuthority["FranceCentral"] = "francecentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */
-    RegionalAuthority["FranceSouth"] = "francesouth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */
-    RegionalAuthority["SwitzerlandNorth"] = "switzerlandnorth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */
-    RegionalAuthority["SwitzerlandWest"] = "switzerlandwest";
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */
-    RegionalAuthority["GermanyNorth"] = "germanynorth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */
-    RegionalAuthority["GermanyWestCentral"] = "germanywestcentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */
-    RegionalAuthority["NorwayWest"] = "norwaywest";
-    /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */
-    RegionalAuthority["NorwayEast"] = "norwayeast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */
-    RegionalAuthority["AsiaEast"] = "eastasia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */
-    RegionalAuthority["AsiaSouthEast"] = "southeastasia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */
-    RegionalAuthority["JapanEast"] = "japaneast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */
-    RegionalAuthority["JapanWest"] = "japanwest";
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */
-    RegionalAuthority["AustraliaEast"] = "australiaeast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */
-    RegionalAuthority["AustraliaSouthEast"] = "australiasoutheast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */
-    RegionalAuthority["AustraliaCentral"] = "australiacentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */
-    RegionalAuthority["AustraliaCentral2"] = "australiacentral2";
-    /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */
-    RegionalAuthority["IndiaCentral"] = "centralindia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */
-    RegionalAuthority["IndiaSouth"] = "southindia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */
-    RegionalAuthority["IndiaWest"] = "westindia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */
-    RegionalAuthority["KoreaSouth"] = "koreasouth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */
-    RegionalAuthority["KoreaCentral"] = "koreacentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */
-    RegionalAuthority["UAECentral"] = "uaecentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */
-    RegionalAuthority["UAENorth"] = "uaenorth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */
-    RegionalAuthority["SouthAfricaNorth"] = "southafricanorth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */
-    RegionalAuthority["SouthAfricaWest"] = "southafricawest";
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */
-    RegionalAuthority["ChinaNorth"] = "chinanorth";
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */
-    RegionalAuthority["ChinaEast"] = "chinaeast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */
-    RegionalAuthority["ChinaNorth2"] = "chinanorth2";
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */
-    RegionalAuthority["ChinaEast2"] = "chinaeast2";
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */
-    RegionalAuthority["GermanyCentral"] = "germanycentral";
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */
-    RegionalAuthority["GermanyNorthEast"] = "germanynortheast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */
-    RegionalAuthority["GovernmentUSVirginia"] = "usgovvirginia";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */
-    RegionalAuthority["GovernmentUSIowa"] = "usgoviowa";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */
-    RegionalAuthority["GovernmentUSArizona"] = "usgovarizona";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */
-    RegionalAuthority["GovernmentUSTexas"] = "usgovtexas";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */
-    RegionalAuthority["GovernmentUSDodEast"] = "usdodeast";
-    /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */
-    RegionalAuthority["GovernmentUSDodCentral"] = "usdodcentral";
-})(RegionalAuthority || (RegionalAuthority = {}));
-/**
- * Calculates the correct regional authority based on the supplied value
- * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.
- *
- * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}
- * which is mapped to a value MSAL can understand.
- *
- * @internal
- */
-function calculateRegionalAuthority(regionalAuthority) {
-    var _a, _b;
-    let azureRegion = regionalAuthority;
-    if (azureRegion === undefined &&
-        ((_b = (_a = globalThis.process) === null || _a === void 0 ? void 0 : _a.env) === null || _b === void 0 ? void 0 : _b.AZURE_REGIONAL_AUTHORITY_NAME) !== undefined) {
-        azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;
-    }
-    if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {
-        return "AUTO_DISCOVER";
-    }
-    return azureRegion;
-}
-
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -4546,6 +4562,57 @@ class OnBehalfOfCredential {
     }
 }
 
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Returns a callback that provides a bearer token.
+ * For example, the bearer token can be used to authenticate a request as follows:
+ * ```js
+ * import { DefaultAzureCredential } from "@azure/identity";
+ *
+ * const credential = new DefaultAzureCredential();
+ * const scope = "https://cognitiveservices.azure.com/.default";
+ * const getAccessToken = getBearerTokenProvider(credential, scope);
+ * const token = await getAccessToken();
+ *
+ * // usage
+ * const request = createPipelineRequest({ url: "https://example.com" });
+ * request.headers.set("Authorization", `Bearer ${token}`);
+ * ```
+ *
+ * @param credential - The credential used to authenticate the request.
+ * @param scopes - The scopes required for the bearer token.
+ * @param options - Options to configure the token provider.
+ * @returns a callback that provides a bearer token.
+ */
+function getBearerTokenProvider(credential, scopes, options) {
+    const { abortSignal, tracingOptions } = options || {};
+    const pipeline = coreRestPipeline.createEmptyPipeline();
+    pipeline.addPolicy(coreRestPipeline.bearerTokenAuthenticationPolicy({ credential, scopes }));
+    async function getRefreshedToken() {
+        var _a;
+        // Create a pipeline with just the bearer token policy
+        // and run a dummy request through it to get the token
+        const res = await pipeline.sendRequest({
+            sendRequest: (request) => Promise.resolve({
+                request,
+                status: 200,
+                headers: request.headers,
+            }),
+        }, coreRestPipeline.createPipelineRequest({
+            url: "https://example.com",
+            abortSignal,
+            tracingOptions,
+        }));
+        const accessToken = (_a = res.headers.get("authorization")) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+        if (!accessToken) {
+            throw new Error("Failed to get access token");
+        }
+        return accessToken;
+    }
+    return getRefreshedToken;
+}
+
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -4580,6 +4647,7 @@ exports.UsernamePasswordCredential = UsernamePasswordCredential;
 exports.VisualStudioCodeCredential = VisualStudioCodeCredential;
 exports.WorkloadIdentityCredential = WorkloadIdentityCredential;
 exports.deserializeAuthenticationRecord = deserializeAuthenticationRecord;
+exports.getBearerTokenProvider = getBearerTokenProvider;
 exports.getDefaultAzureCredential = getDefaultAzureCredential;
 exports.logger = logger$p;
 exports.serializeAuthenticationRecord = serializeAuthenticationRecord;