@azure/identity 4.10.3-alpha.20250708.2 → 4.11.0-alpha.20250717.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (351) hide show
  1. package/README.md +19 -1
  2. package/dist/browser/client/identityClient.js +30 -18
  3. package/dist/browser/client/identityClient.js.map +1 -1
  4. package/dist/browser/constants.d.ts +1 -1
  5. package/dist/browser/constants.d.ts.map +1 -1
  6. package/dist/browser/constants.js +1 -1
  7. package/dist/browser/constants.js.map +1 -1
  8. package/dist/browser/credentials/brokerCredential.d.ts +35 -0
  9. package/dist/browser/credentials/brokerCredential.d.ts.map +1 -0
  10. package/dist/browser/credentials/brokerCredential.js +69 -0
  11. package/dist/browser/credentials/brokerCredential.js.map +1 -0
  12. package/dist/browser/credentials/chainedTokenCredential.js +1 -1
  13. package/dist/browser/credentials/chainedTokenCredential.js.map +1 -1
  14. package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +1 -1
  15. package/dist/browser/credentials/clientSecretCredential.js +7 -2
  16. package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +1 -1
  17. package/dist/browser/credentials/interactiveBrowserCredential.js +19 -6
  18. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  19. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  20. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +5 -4
  21. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -1
  22. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js +16 -6
  23. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  24. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  25. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  26. package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +1 -1
  27. package/dist/browser/credentials/usernamePasswordCredential.js +7 -1
  28. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  29. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  30. package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  31. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  32. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  33. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  34. package/dist/browser/errors.js +21 -0
  35. package/dist/browser/errors.js.map +1 -1
  36. package/dist/browser/msal/browserFlows/msalBrowserCommon.js +15 -15
  37. package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  38. package/dist/browser/msal/nodeFlows/msalClient.d.ts +13 -0
  39. package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
  40. package/dist/browser/msal/nodeFlows/msalClient.js +127 -94
  41. package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
  42. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts +19 -1
  43. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  44. package/dist/browser/msal/nodeFlows/msalPlugins.js +61 -16
  45. package/dist/browser/msal/nodeFlows/msalPlugins.js.map +1 -1
  46. package/dist/browser/msal/utils.js +3 -4
  47. package/dist/browser/msal/utils.js.map +1 -1
  48. package/dist/browser/plugins/provider.d.ts +2 -2
  49. package/dist/browser/plugins/provider.d.ts.map +1 -1
  50. package/dist/browser/plugins/provider.js.map +1 -1
  51. package/dist/browser/regionalAuthority.js +1 -2
  52. package/dist/browser/regionalAuthority.js.map +1 -1
  53. package/dist/browser/tokenProvider.js +1 -2
  54. package/dist/browser/tokenProvider.js.map +1 -1
  55. package/dist/browser/util/logging.js +6 -2
  56. package/dist/browser/util/logging.js.map +1 -1
  57. package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +1 -1
  58. package/dist/browser/util/processMultiTenantRequest.js +1 -2
  59. package/dist/browser/util/processUtils.d.ts +1 -1
  60. package/dist/browser/util/processUtils.d.ts.map +1 -1
  61. package/dist/browser/util/processUtils.js +1 -1
  62. package/dist/browser/util/processUtils.js.map +1 -1
  63. package/dist/commonjs/client/identityClient.js +30 -18
  64. package/dist/commonjs/client/identityClient.js.map +1 -1
  65. package/dist/commonjs/constants.d.ts +1 -1
  66. package/dist/commonjs/constants.d.ts.map +1 -1
  67. package/dist/commonjs/constants.js +1 -1
  68. package/dist/commonjs/constants.js.map +1 -1
  69. package/dist/commonjs/credentials/authorizationCodeCredential.js +17 -3
  70. package/dist/commonjs/credentials/authorizationCodeCredential.js.map +1 -1
  71. package/dist/commonjs/credentials/azureCliCredential.js +15 -12
  72. package/dist/commonjs/credentials/azureCliCredential.js.map +1 -1
  73. package/dist/commonjs/credentials/azureDeveloperCliCredential.js +12 -10
  74. package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +1 -1
  75. package/dist/commonjs/credentials/azurePipelinesCredential.js +9 -5
  76. package/dist/commonjs/credentials/azurePipelinesCredential.js.map +1 -1
  77. package/dist/commonjs/credentials/azurePowerShellCredential.js +10 -7
  78. package/dist/commonjs/credentials/azurePowerShellCredential.js.map +1 -1
  79. package/dist/commonjs/credentials/brokerCredential.d.ts +35 -0
  80. package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -0
  81. package/dist/commonjs/credentials/brokerCredential.js +73 -0
  82. package/dist/commonjs/credentials/brokerCredential.js.map +1 -0
  83. package/dist/commonjs/credentials/chainedTokenCredential.js +1 -1
  84. package/dist/commonjs/credentials/chainedTokenCredential.js.map +1 -1
  85. package/dist/commonjs/credentials/clientAssertionCredential.js +11 -2
  86. package/dist/commonjs/credentials/clientAssertionCredential.js.map +1 -1
  87. package/dist/commonjs/credentials/clientCertificateCredential.js +19 -9
  88. package/dist/commonjs/credentials/clientCertificateCredential.js.map +1 -1
  89. package/dist/commonjs/credentials/clientSecretCredential.js +10 -2
  90. package/dist/commonjs/credentials/clientSecretCredential.js.map +1 -1
  91. package/dist/commonjs/credentials/defaultAzureCredential.d.ts +18 -0
  92. package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -1
  93. package/dist/commonjs/credentials/defaultAzureCredential.js +69 -19
  94. package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -1
  95. package/dist/commonjs/credentials/deviceCodeCredential.js +24 -10
  96. package/dist/commonjs/credentials/deviceCodeCredential.js.map +1 -1
  97. package/dist/commonjs/credentials/environmentCredential.js +4 -6
  98. package/dist/commonjs/credentials/environmentCredential.js.map +1 -1
  99. package/dist/commonjs/credentials/interactiveBrowserCredential.js +30 -11
  100. package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +1 -1
  101. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  102. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  103. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +5 -4
  104. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -1
  105. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +16 -6
  106. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  107. package/dist/commonjs/credentials/managedIdentityCredential/index.js +28 -18
  108. package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -1
  109. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  110. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  111. package/dist/commonjs/credentials/onBehalfOfCredential.js +13 -1
  112. package/dist/commonjs/credentials/onBehalfOfCredential.js.map +1 -1
  113. package/dist/commonjs/credentials/usernamePasswordCredential.js +10 -2
  114. package/dist/commonjs/credentials/usernamePasswordCredential.js.map +1 -1
  115. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts +15 -26
  116. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  117. package/dist/commonjs/credentials/visualStudioCodeCredential.js +69 -130
  118. package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +1 -1
  119. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  120. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  121. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  122. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  123. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  124. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  125. package/dist/commonjs/credentials/workloadIdentityCredential.js +5 -3
  126. package/dist/commonjs/credentials/workloadIdentityCredential.js.map +1 -1
  127. package/dist/commonjs/errors.js +21 -0
  128. package/dist/commonjs/errors.js.map +1 -1
  129. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +15 -15
  130. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  131. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +13 -0
  132. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
  133. package/dist/commonjs/msal/nodeFlows/msalClient.js +127 -94
  134. package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -1
  135. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts +19 -1
  136. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  137. package/dist/commonjs/msal/nodeFlows/msalPlugins.js +63 -17
  138. package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +1 -1
  139. package/dist/commonjs/msal/utils.js +3 -4
  140. package/dist/commonjs/msal/utils.js.map +1 -1
  141. package/dist/commonjs/plugins/consumer.d.ts.map +1 -1
  142. package/dist/commonjs/plugins/consumer.js +1 -2
  143. package/dist/commonjs/plugins/consumer.js.map +1 -1
  144. package/dist/commonjs/plugins/provider.d.ts +2 -2
  145. package/dist/commonjs/plugins/provider.d.ts.map +1 -1
  146. package/dist/commonjs/plugins/provider.js.map +1 -1
  147. package/dist/commonjs/regionalAuthority.js +1 -2
  148. package/dist/commonjs/regionalAuthority.js.map +1 -1
  149. package/dist/commonjs/tokenProvider.js +1 -2
  150. package/dist/commonjs/tokenProvider.js.map +1 -1
  151. package/dist/commonjs/util/logging.js +6 -2
  152. package/dist/commonjs/util/logging.js.map +1 -1
  153. package/dist/commonjs/util/processMultiTenantRequest.js +2 -3
  154. package/dist/commonjs/util/processMultiTenantRequest.js.map +1 -1
  155. package/dist/commonjs/util/processUtils.d.ts +1 -1
  156. package/dist/commonjs/util/processUtils.d.ts.map +1 -1
  157. package/dist/commonjs/util/processUtils.js +2 -2
  158. package/dist/commonjs/util/processUtils.js.map +1 -1
  159. package/dist/esm/client/identityClient.js +30 -18
  160. package/dist/esm/client/identityClient.js.map +1 -1
  161. package/dist/esm/constants.d.ts +1 -1
  162. package/dist/esm/constants.d.ts.map +1 -1
  163. package/dist/esm/constants.js +1 -1
  164. package/dist/esm/constants.js.map +1 -1
  165. package/dist/esm/credentials/authorizationCodeCredential.js +17 -3
  166. package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
  167. package/dist/esm/credentials/azureCliCredential.js +15 -12
  168. package/dist/esm/credentials/azureCliCredential.js.map +1 -1
  169. package/dist/esm/credentials/azureDeveloperCliCredential.js +12 -10
  170. package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
  171. package/dist/esm/credentials/azurePipelinesCredential.js +9 -5
  172. package/dist/esm/credentials/azurePipelinesCredential.js.map +1 -1
  173. package/dist/esm/credentials/azurePowerShellCredential.js +10 -7
  174. package/dist/esm/credentials/azurePowerShellCredential.js.map +1 -1
  175. package/dist/esm/credentials/brokerCredential.d.ts +35 -0
  176. package/dist/esm/credentials/brokerCredential.d.ts.map +1 -0
  177. package/dist/esm/credentials/brokerCredential.js +69 -0
  178. package/dist/esm/credentials/brokerCredential.js.map +1 -0
  179. package/dist/esm/credentials/chainedTokenCredential.js +1 -1
  180. package/dist/esm/credentials/chainedTokenCredential.js.map +1 -1
  181. package/dist/esm/credentials/clientAssertionCredential.js +11 -2
  182. package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
  183. package/dist/esm/credentials/clientCertificateCredential.js +19 -9
  184. package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
  185. package/dist/esm/credentials/clientSecretCredential.js +10 -2
  186. package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
  187. package/dist/esm/credentials/defaultAzureCredential.d.ts +18 -0
  188. package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -1
  189. package/dist/esm/credentials/defaultAzureCredential.js +67 -19
  190. package/dist/esm/credentials/defaultAzureCredential.js.map +1 -1
  191. package/dist/esm/credentials/deviceCodeCredential.js +24 -10
  192. package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
  193. package/dist/esm/credentials/environmentCredential.js +4 -6
  194. package/dist/esm/credentials/environmentCredential.js.map +1 -1
  195. package/dist/esm/credentials/interactiveBrowserCredential.js +30 -11
  196. package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
  197. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  198. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  199. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +5 -4
  200. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -1
  201. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js +16 -6
  202. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  203. package/dist/esm/credentials/managedIdentityCredential/index.js +28 -18
  204. package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -1
  205. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  206. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  207. package/dist/esm/credentials/onBehalfOfCredential.js +13 -1
  208. package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
  209. package/dist/esm/credentials/usernamePasswordCredential.js +10 -2
  210. package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
  211. package/dist/esm/credentials/visualStudioCodeCredential.d.ts +15 -26
  212. package/dist/esm/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  213. package/dist/esm/credentials/visualStudioCodeCredential.js +69 -128
  214. package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
  215. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  216. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  217. package/dist/esm/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  218. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  219. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  220. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  221. package/dist/esm/credentials/workloadIdentityCredential.js +5 -3
  222. package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
  223. package/dist/esm/errors.js +21 -0
  224. package/dist/esm/errors.js.map +1 -1
  225. package/dist/esm/msal/browserFlows/msalBrowserCommon.js +15 -15
  226. package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  227. package/dist/esm/msal/nodeFlows/msalClient.d.ts +13 -0
  228. package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
  229. package/dist/esm/msal/nodeFlows/msalClient.js +127 -94
  230. package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
  231. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts +19 -1
  232. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  233. package/dist/esm/msal/nodeFlows/msalPlugins.js +61 -16
  234. package/dist/esm/msal/nodeFlows/msalPlugins.js.map +1 -1
  235. package/dist/esm/msal/utils.js +3 -4
  236. package/dist/esm/msal/utils.js.map +1 -1
  237. package/dist/esm/plugins/consumer.d.ts.map +1 -1
  238. package/dist/esm/plugins/consumer.js +2 -3
  239. package/dist/esm/plugins/consumer.js.map +1 -1
  240. package/dist/esm/plugins/provider.d.ts +2 -2
  241. package/dist/esm/plugins/provider.d.ts.map +1 -1
  242. package/dist/esm/plugins/provider.js.map +1 -1
  243. package/dist/esm/regionalAuthority.js +1 -2
  244. package/dist/esm/regionalAuthority.js.map +1 -1
  245. package/dist/esm/tokenProvider.js +1 -2
  246. package/dist/esm/tokenProvider.js.map +1 -1
  247. package/dist/esm/util/logging.js +6 -2
  248. package/dist/esm/util/logging.js.map +1 -1
  249. package/dist/esm/util/processMultiTenantRequest.js +2 -3
  250. package/dist/esm/util/processMultiTenantRequest.js.map +1 -1
  251. package/dist/esm/util/processUtils.d.ts +1 -1
  252. package/dist/esm/util/processUtils.d.ts.map +1 -1
  253. package/dist/esm/util/processUtils.js +1 -1
  254. package/dist/esm/util/processUtils.js.map +1 -1
  255. package/dist/workerd/client/identityClient.js +30 -18
  256. package/dist/workerd/client/identityClient.js.map +1 -1
  257. package/dist/workerd/constants.d.ts +1 -1
  258. package/dist/workerd/constants.d.ts.map +1 -1
  259. package/dist/workerd/constants.js +1 -1
  260. package/dist/workerd/constants.js.map +1 -1
  261. package/dist/workerd/credentials/authorizationCodeCredential.js +17 -3
  262. package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
  263. package/dist/workerd/credentials/azureCliCredential.js +15 -12
  264. package/dist/workerd/credentials/azureCliCredential.js.map +1 -1
  265. package/dist/workerd/credentials/azureDeveloperCliCredential.js +12 -10
  266. package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
  267. package/dist/workerd/credentials/azurePipelinesCredential.js +9 -5
  268. package/dist/workerd/credentials/azurePipelinesCredential.js.map +1 -1
  269. package/dist/workerd/credentials/azurePowerShellCredential.js +10 -7
  270. package/dist/workerd/credentials/azurePowerShellCredential.js.map +1 -1
  271. package/dist/workerd/credentials/brokerCredential.d.ts +35 -0
  272. package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -0
  273. package/dist/workerd/credentials/brokerCredential.js +69 -0
  274. package/dist/workerd/credentials/brokerCredential.js.map +1 -0
  275. package/dist/workerd/credentials/chainedTokenCredential.js +1 -1
  276. package/dist/workerd/credentials/chainedTokenCredential.js.map +1 -1
  277. package/dist/workerd/credentials/clientAssertionCredential.js +11 -2
  278. package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
  279. package/dist/workerd/credentials/clientCertificateCredential.js +19 -9
  280. package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
  281. package/dist/workerd/credentials/clientSecretCredential.js +10 -2
  282. package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
  283. package/dist/workerd/credentials/defaultAzureCredential.d.ts +18 -0
  284. package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -1
  285. package/dist/workerd/credentials/defaultAzureCredential.js +67 -19
  286. package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -1
  287. package/dist/workerd/credentials/deviceCodeCredential.js +24 -10
  288. package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
  289. package/dist/workerd/credentials/environmentCredential.js +4 -6
  290. package/dist/workerd/credentials/environmentCredential.js.map +1 -1
  291. package/dist/workerd/credentials/interactiveBrowserCredential.js +30 -11
  292. package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
  293. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  294. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  295. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +5 -4
  296. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -1
  297. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js +16 -6
  298. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  299. package/dist/workerd/credentials/managedIdentityCredential/index.js +28 -18
  300. package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -1
  301. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  302. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  303. package/dist/workerd/credentials/onBehalfOfCredential.js +13 -1
  304. package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
  305. package/dist/workerd/credentials/usernamePasswordCredential.js +10 -2
  306. package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
  307. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts +15 -26
  308. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  309. package/dist/workerd/credentials/visualStudioCodeCredential.js +69 -128
  310. package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
  311. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  312. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  313. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  314. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  315. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  316. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  317. package/dist/workerd/credentials/workloadIdentityCredential.js +5 -3
  318. package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
  319. package/dist/workerd/errors.js +21 -0
  320. package/dist/workerd/errors.js.map +1 -1
  321. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +15 -15
  322. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  323. package/dist/workerd/msal/nodeFlows/msalClient.d.ts +13 -0
  324. package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
  325. package/dist/workerd/msal/nodeFlows/msalClient.js +127 -94
  326. package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
  327. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts +19 -1
  328. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  329. package/dist/workerd/msal/nodeFlows/msalPlugins.js +61 -16
  330. package/dist/workerd/msal/nodeFlows/msalPlugins.js.map +1 -1
  331. package/dist/workerd/msal/utils.js +3 -4
  332. package/dist/workerd/msal/utils.js.map +1 -1
  333. package/dist/workerd/plugins/consumer.d.ts.map +1 -1
  334. package/dist/workerd/plugins/consumer.js +2 -3
  335. package/dist/workerd/plugins/consumer.js.map +1 -1
  336. package/dist/workerd/plugins/provider.d.ts +2 -2
  337. package/dist/workerd/plugins/provider.d.ts.map +1 -1
  338. package/dist/workerd/plugins/provider.js.map +1 -1
  339. package/dist/workerd/regionalAuthority.js +1 -2
  340. package/dist/workerd/regionalAuthority.js.map +1 -1
  341. package/dist/workerd/tokenProvider.js +1 -2
  342. package/dist/workerd/tokenProvider.js.map +1 -1
  343. package/dist/workerd/util/logging.js +6 -2
  344. package/dist/workerd/util/logging.js.map +1 -1
  345. package/dist/workerd/util/processMultiTenantRequest.js +2 -3
  346. package/dist/workerd/util/processMultiTenantRequest.js.map +1 -1
  347. package/dist/workerd/util/processUtils.d.ts +1 -1
  348. package/dist/workerd/util/processUtils.d.ts.map +1 -1
  349. package/dist/workerd/util/processUtils.js +1 -1
  350. package/dist/workerd/util/processUtils.js.map +1 -1
  351. package/package.json +2 -2
package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,mCACF,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,GACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nfunction generateMsalBrowserConfiguration(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId || DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n },\n cache: {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n },\n system: {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n const loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n const clientId = options.clientId;\n const logger = options.logger;\n const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n const authorityHost = options.authorityHost;\n const msalConfig = generateMsalBrowserConfiguration(options);\n const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n const loginHint = options.loginHint;\n\n let account: AuthenticationRecord | undefined;\n if (options.authenticationRecord) {\n account = {\n ...options.authenticationRecord,\n tenantId,\n };\n }\n\n // This variable should only be used through calling `getApp` function\n let app: msalBrowser.IPublicClientApplication;\n /**\n * Return the MSAL account if not set yet\n * @returns MSAL application\n */\n async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!app) {\n // Prepare the MSAL application\n app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n // setting the account right after the app is created.\n if (account) {\n app.setActiveAccount(publicToMsal(account));\n }\n }\n\n return app;\n }\n\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n async function handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n const msalApp = await getApp();\n if (result && result.account) {\n logger.info(`MSAL Browser V2 authentication successful.`);\n msalApp.setActiveAccount(result.account);\n return msalToPublic(clientId, result.account);\n }\n } catch (e: any) {\n logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n function handleResult(\n scopes: string | string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n };\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n const activeAccount = msalApp.getActiveAccount();\n if (!activeAccount) {\n return;\n }\n return msalToPublic(clientId, activeAccount);\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: loginHint,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n }\n }\n\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n async function getTokenSilent(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n forceRefresh: false,\n scopes,\n };\n\n try {\n logger.info(\"Attempting to acquire token silently\");\n const msalApp = await getApp();\n const response = await msalApp.acquireTokenSilent(parameters);\n return handleResult(scopes, response);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser through interactive methods.\n */\n async function getTokenInteractive(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n loginHint: loginHint,\n scopes,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await msalApp.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n case \"popup\":\n return handleResult(scopes, await app.acquireTokenPopup(parameters));\n }\n }\n\n /**\n * Attempts to get token through the silent flow.\n * If failed, get token through interactive method with `doGetToken` method.\n */\n async function getToken(\n scopes: string[],\n getTokenOptions: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const getTokenTenantId =\n processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n tenantId;\n\n if (!getTokenOptions.authority) {\n getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await handleRedirect();\n\n if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n await login(scopes);\n }\n\n // Attempts to get the token silently; else, falls back to interactive method.\n try {\n return await getTokenSilent(scopes, getTokenOptions);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (getTokenOptions?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n });\n }\n logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n return getTokenInteractive(scopes, getTokenOptions);\n }\n }\n return {\n getActiveAccount,\n getToken,\n };\n}\n"]}
1
+ {"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nfunction generateMsalBrowserConfiguration(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId || DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n },\n cache: {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n },\n system: {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n const loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n const clientId = options.clientId;\n const logger = options.logger;\n const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n const authorityHost = options.authorityHost;\n const msalConfig = generateMsalBrowserConfiguration(options);\n const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n const loginHint = options.loginHint;\n\n let account: AuthenticationRecord | undefined;\n if (options.authenticationRecord) {\n account = {\n ...options.authenticationRecord,\n tenantId,\n };\n }\n\n // This variable should only be used through calling `getApp` function\n let app: msalBrowser.IPublicClientApplication;\n /**\n * Return the MSAL account if not set yet\n * @returns MSAL application\n */\n async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!app) {\n // Prepare the MSAL application\n app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n // setting the account right after the app is created.\n if (account) {\n app.setActiveAccount(publicToMsal(account));\n }\n }\n\n return app;\n }\n\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n async function handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n const msalApp = await getApp();\n if (result && result.account) {\n logger.info(`MSAL Browser V2 authentication successful.`);\n msalApp.setActiveAccount(result.account);\n return msalToPublic(clientId, result.account);\n }\n } catch (e: any) {\n logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n function handleResult(\n scopes: string | string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n };\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n const activeAccount = msalApp.getActiveAccount();\n if (!activeAccount) {\n return;\n }\n return msalToPublic(clientId, activeAccount);\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: loginHint,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n }\n }\n\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n async function getTokenSilent(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n forceRefresh: false,\n scopes,\n };\n\n try {\n logger.info(\"Attempting to acquire token silently\");\n const msalApp = await getApp();\n const response = await msalApp.acquireTokenSilent(parameters);\n return handleResult(scopes, response);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser through interactive methods.\n */\n async function getTokenInteractive(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n loginHint: loginHint,\n scopes,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await msalApp.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n case \"popup\":\n return handleResult(scopes, await app.acquireTokenPopup(parameters));\n }\n }\n\n /**\n * Attempts to get token through the silent flow.\n * If failed, get token through interactive method with `doGetToken` method.\n */\n async function getToken(\n scopes: string[],\n getTokenOptions: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const getTokenTenantId =\n processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n tenantId;\n\n if (!getTokenOptions.authority) {\n getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await handleRedirect();\n\n if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n await login(scopes);\n }\n\n // Attempts to get the token silently; else, falls back to interactive method.\n try {\n return await getTokenSilent(scopes, getTokenOptions);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (getTokenOptions?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n });\n }\n logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n return getTokenInteractive(scopes, getTokenOptions);\n }\n }\n return {\n getActiveAccount,\n getToken,\n };\n}\n"]}
package/dist/browser/msal/nodeFlows/msalClient.d.ts CHANGED
@@ -125,6 +125,15 @@ export interface MsalClient {
125
125
  * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.
126
126
  */
127
127
  getActiveAccount(): AuthenticationRecord | undefined;
128
+ /**
129
+ * Retrieves an access token using brokered authentication.
130
+ *
131
+ * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.
132
+ * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.
133
+ * @param options - Additional options that may be provided to the method.
134
+ * @returns An access token.
135
+ */
136
+ getBrokeredToken(scopes: string[], useDefaultBrokerAccount: boolean, options?: GetTokenInteractiveOptions): Promise<AccessToken>;
128
137
  }
129
138
  /**
130
139
  * Represents the options for configuring the MsalClient.
@@ -138,6 +147,10 @@ export interface MsalClientOptions {
138
147
  * Parameters that enable token cache persistence in the Identity credentials.
139
148
  */
140
149
  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
150
+ /**
151
+ * Indicates if this is being used by VSCode credential.
152
+ */
153
+ isVSCodeCredential?: boolean;
141
154
  /**
142
155
  * A custom authority host.
143
156
  */
package/dist/browser/msal/nodeFlows/msalClient.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAyBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA0gBZ"}
1
+ {"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;IAErD;;;;;;;OAOG;IACH,gBAAgB,CACd,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,OAAO,EAChC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,WAAW,CAAC,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAyBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA6jBZ"}
package/dist/browser/msal/nodeFlows/msalClient.js CHANGED
@@ -22,11 +22,14 @@ const msalLogger = credentialLogger("MsalClient");
22
22
  * @returns The MSAL configuration object.
23
23
  */
24
24
  export function generateMsalConfiguration(clientId, tenantId, msalClientOptions = {}) {
25
- var _a, _b, _c;
26
- const resolvedTenant = resolveTenantId((_a = msalClientOptions.logger) !== null && _a !== void 0 ? _a : msalLogger, tenantId, clientId);
25
+ const resolvedTenant = resolveTenantId(msalClientOptions.logger ?? msalLogger, tenantId, clientId);
27
26
  // TODO: move and reuse getIdentityClientAuthorityHost
28
27
  const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));
29
- const httpClient = new IdentityClient(Object.assign(Object.assign({}, msalClientOptions.tokenCredentialOptions), { authorityHost: authority, loggingOptions: msalClientOptions.loggingOptions }));
28
+ const httpClient = new IdentityClient({
29
+ ...msalClientOptions.tokenCredentialOptions,
30
+ authorityHost: authority,
31
+ loggingOptions: msalClientOptions.loggingOptions,
32
+ });
30
33
  const msalConfig = {
31
34
  auth: {
32
35
  clientId,
@@ -36,9 +39,9 @@ export function generateMsalConfiguration(clientId, tenantId, msalClientOptions
36
39
  system: {
37
40
  networkClient: httpClient,
38
41
  loggerOptions: {
39
- loggerCallback: defaultLoggerCallback((_b = msalClientOptions.logger) !== null && _b !== void 0 ? _b : msalLogger),
42
+ loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),
40
43
  logLevel: getMSALLogLevel(getLogLevel()),
41
- piiLoggingEnabled: (_c = msalClientOptions.loggingOptions) === null || _c === void 0 ? void 0 : _c.enableUnsafeSupportLogging,
44
+ piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,
42
45
  },
43
46
  },
44
47
  };
@@ -55,14 +58,13 @@ export function generateMsalConfiguration(clientId, tenantId, msalClientOptions
55
58
  * @public
56
59
  */
57
60
  export function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
58
- var _a;
59
61
  const state = {
60
62
  msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),
61
63
  cachedAccount: createMsalClientOptions.authenticationRecord
62
64
  ? publicToMsal(createMsalClientOptions.authenticationRecord)
63
65
  : null,
64
66
  pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),
65
- logger: (_a = createMsalClientOptions.logger) !== null && _a !== void 0 ? _a : msalLogger,
67
+ logger: createMsalClientOptions.logger ?? msalLogger,
66
68
  };
67
69
  const publicApps = new Map();
68
70
  async function getPublicApp(options = {}) {
@@ -78,7 +80,11 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
78
80
  ? state.pluginConfiguration.cache.cachePluginCae
79
81
  : state.pluginConfiguration.cache.cachePlugin;
80
82
  state.msalConfig.auth.clientCapabilities = options.enableCae ? ["cp1"] : undefined;
81
- publicClientApp = new msal.PublicClientApplication(Object.assign(Object.assign({}, state.msalConfig), { broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin }, cache: { cachePlugin: await cachePlugin } }));
83
+ publicClientApp = new msal.PublicClientApplication({
84
+ ...state.msalConfig,
85
+ broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },
86
+ cache: { cachePlugin: await cachePlugin },
87
+ });
82
88
  publicApps.set(appKey, publicClientApp);
83
89
  return publicClientApp;
84
90
  }
@@ -96,7 +102,11 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
96
102
  ? state.pluginConfiguration.cache.cachePluginCae
97
103
  : state.pluginConfiguration.cache.cachePlugin;
98
104
  state.msalConfig.auth.clientCapabilities = options.enableCae ? ["cp1"] : undefined;
99
- confidentialClientApp = new msal.ConfidentialClientApplication(Object.assign(Object.assign({}, state.msalConfig), { broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin }, cache: { cachePlugin: await cachePlugin } }));
105
+ confidentialClientApp = new msal.ConfidentialClientApplication({
106
+ ...state.msalConfig,
107
+ broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },
108
+ cache: { cachePlugin: await cachePlugin },
109
+ });
100
110
  confidentialApps.set(appKey, confidentialClientApp);
101
111
  return confidentialClientApp;
102
112
  }
@@ -115,7 +125,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
115
125
  claims: state.cachedClaims,
116
126
  };
117
127
  if (state.pluginConfiguration.broker.isEnabled) {
118
- silentRequest.tokenQueryParameters || (silentRequest.tokenQueryParameters = {});
128
+ silentRequest.tokenQueryParameters ||= {};
119
129
  if (state.pluginConfiguration.broker.enableMsaPassthrough) {
120
130
  silentRequest.tokenQueryParameters["msal_request_type"] = "consumer_passthrough";
121
131
  }
@@ -139,7 +149,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
139
149
  * if the user is creating cross-tenant requests
140
150
  */
141
151
  function calculateRequestAuthority(options) {
142
- if (options === null || options === void 0 ? void 0 : options.tenantId) {
152
+ if (options?.tenantId) {
143
153
  return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));
144
154
  }
145
155
  return state.msalConfig.auth.authority;
@@ -155,7 +165,6 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
155
165
  * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.
156
166
  */
157
167
  async function withSilentAuthentication(msalApp, scopes, options, onAuthenticationRequired) {
158
- var _a, _b;
159
168
  let response = null;
160
169
  try {
161
170
  response = await getTokenSilent(msalApp, scopes, options);
@@ -183,17 +192,16 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
183
192
  }
184
193
  // At this point we should have a token, process it
185
194
  ensureValidMsalToken(scopes, response, options);
186
- state.cachedAccount = (_a = response === null || response === void 0 ? void 0 : response.account) !== null && _a !== void 0 ? _a : null;
195
+ state.cachedAccount = response?.account ?? null;
187
196
  state.logger.getToken.info(formatSuccess(scopes));
188
197
  return {
189
198
  token: response.accessToken,
190
199
  expiresOnTimestamp: response.expiresOn.getTime(),
191
- refreshAfterTimestamp: (_b = response.refreshOn) === null || _b === void 0 ? void 0 : _b.getTime(),
200
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
192
201
  tokenType: response.tokenType,
193
202
  };
194
203
  }
195
204
  async function getTokenByClientSecret(scopes, clientSecret, options = {}) {
196
- var _a;
197
205
  state.logger.getToken.info(`Attempting to acquire token using client secret`);
198
206
  state.msalConfig.auth.clientSecret = clientSecret;
199
207
  const msalApp = await getConfidentialApp(options);
@@ -202,14 +210,14 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
202
210
  scopes,
203
211
  authority: calculateRequestAuthority(options),
204
212
  azureRegion: calculateRegionalAuthority(),
205
- claims: options === null || options === void 0 ? void 0 : options.claims,
213
+ claims: options?.claims,
206
214
  });
207
215
  ensureValidMsalToken(scopes, response, options);
208
216
  state.logger.getToken.info(formatSuccess(scopes));
209
217
  return {
210
218
  token: response.accessToken,
211
219
  expiresOnTimestamp: response.expiresOn.getTime(),
212
- refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
220
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
213
221
  tokenType: response.tokenType,
214
222
  };
215
223
  }
@@ -218,7 +226,6 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
218
226
  }
219
227
  }
220
228
  async function getTokenByClientAssertion(scopes, clientAssertion, options = {}) {
221
- var _a;
222
229
  state.logger.getToken.info(`Attempting to acquire token using client assertion`);
223
230
  state.msalConfig.auth.clientAssertion = clientAssertion;
224
231
  const msalApp = await getConfidentialApp(options);
@@ -227,7 +234,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
227
234
  scopes,
228
235
  authority: calculateRequestAuthority(options),
229
236
  azureRegion: calculateRegionalAuthority(),
230
- claims: options === null || options === void 0 ? void 0 : options.claims,
237
+ claims: options?.claims,
231
238
  clientAssertion,
232
239
  });
233
240
  ensureValidMsalToken(scopes, response, options);
@@ -235,7 +242,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
235
242
  return {
236
243
  token: response.accessToken,
237
244
  expiresOnTimestamp: response.expiresOn.getTime(),
238
- refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
245
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
239
246
  tokenType: response.tokenType,
240
247
  };
241
248
  }
@@ -244,7 +251,6 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
244
251
  }
245
252
  }
246
253
  async function getTokenByClientCertificate(scopes, certificate, options = {}) {
247
- var _a;
248
254
  state.logger.getToken.info(`Attempting to acquire token using client certificate`);
249
255
  state.msalConfig.auth.clientCertificate = certificate;
250
256
  const msalApp = await getConfidentialApp(options);
@@ -253,14 +259,14 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
253
259
  scopes,
254
260
  authority: calculateRequestAuthority(options),
255
261
  azureRegion: calculateRegionalAuthority(),
256
- claims: options === null || options === void 0 ? void 0 : options.claims,
262
+ claims: options?.claims,
257
263
  });
258
264
  ensureValidMsalToken(scopes, response, options);
259
265
  state.logger.getToken.info(formatSuccess(scopes));
260
266
  return {
261
267
  token: response.accessToken,
262
268
  expiresOnTimestamp: response.expiresOn.getTime(),
263
- refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
269
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
264
270
  tokenType: response.tokenType,
265
271
  };
266
272
  }
@@ -272,13 +278,12 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
272
278
  state.logger.getToken.info(`Attempting to acquire token using device code`);
273
279
  const msalApp = await getPublicApp(options);
274
280
  return withSilentAuthentication(msalApp, scopes, options, () => {
275
- var _a, _b;
276
281
  const requestOptions = {
277
282
  scopes,
278
- cancel: (_b = (_a = options === null || options === void 0 ? void 0 : options.abortSignal) === null || _a === void 0 ? void 0 : _a.aborted) !== null && _b !== void 0 ? _b : false,
283
+ cancel: options?.abortSignal?.aborted ?? false,
279
284
  deviceCodeCallback,
280
285
  authority: calculateRequestAuthority(options),
281
- claims: options === null || options === void 0 ? void 0 : options.claims,
286
+ claims: options?.claims,
282
287
  };
283
288
  const deviceCodeRequest = msalApp.acquireTokenByDeviceCode(requestOptions);
284
289
  if (options.abortSignal) {
@@ -298,7 +303,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
298
303
  username,
299
304
  password,
300
305
  authority: calculateRequestAuthority(options),
301
- claims: options === null || options === void 0 ? void 0 : options.claims,
306
+ claims: options?.claims,
302
307
  };
303
308
  return msalApp.acquireTokenByUsernamePassword(requestOptions);
304
309
  });
@@ -327,12 +332,11 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
327
332
  redirectUri,
328
333
  code: authorizationCode,
329
334
  authority: calculateRequestAuthority(options),
330
- claims: options === null || options === void 0 ? void 0 : options.claims,
335
+ claims: options?.claims,
331
336
  });
332
337
  });
333
338
  }
334
339
  async function getTokenOnBehalfOf(scopes, userAssertionToken, clientCredentials, options = {}) {
335
- var _a;
336
340
  msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);
337
341
  if (typeof clientCredentials === "string") {
338
342
  // Client secret
@@ -362,7 +366,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
362
366
  return {
363
367
  token: response.accessToken,
364
368
  expiresOnTimestamp: response.expiresOn.getTime(),
365
- refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
369
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
366
370
  tokenType: response.tokenType,
367
371
  };
368
372
  }
@@ -370,79 +374,107 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
370
374
  throw handleMsalError(scopes, err, options);
371
375
  }
372
376
  }
373
- async function getTokenByInteractiveRequest(scopes, options = {}) {
374
- msalLogger.getToken.info(`Attempting to acquire token interactively`);
377
+ /**
378
+ * Creates a base interactive request configuration for MSAL interactive authentication.
379
+ * This is shared between interactive and brokered authentication flows.
380
+ *
381
+ * @internal
382
+ */
383
+ function createBaseInteractiveRequest(scopes, options) {
384
+ return {
385
+ openBrowser: async (url) => {
386
+ const open = await import("open");
387
+ await open.default(url, { wait: true, newInstance: true });
388
+ },
389
+ scopes,
390
+ authority: calculateRequestAuthority(options),
391
+ claims: options?.claims,
392
+ loginHint: options?.loginHint,
393
+ errorTemplate: options?.browserCustomizationOptions?.errorMessage,
394
+ successTemplate: options?.browserCustomizationOptions?.successMessage,
395
+ prompt: options?.loginHint ? "login" : "select_account",
396
+ };
397
+ }
398
+ /**
399
+ * @internal
400
+ */
401
+ async function getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options = {}) {
402
+ msalLogger.verbose("Authentication will resume through the broker");
375
403
  const app = await getPublicApp(options);
376
- /**
377
- * A helper function that supports brokered authentication through the MSAL's public application.
378
- *
379
- * When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.
380
- * If the default broker account is not available, the method will fall back to interactive authentication.
381
- */
382
- async function getBrokeredToken(useDefaultBrokerAccount) {
383
- var _a;
384
- msalLogger.verbose("Authentication will resume through the broker");
385
- const interactiveRequest = createBaseInteractiveRequest();
386
- if (state.pluginConfiguration.broker.parentWindowHandle) {
387
- interactiveRequest.windowHandle = Buffer.from(state.pluginConfiguration.broker.parentWindowHandle);
388
- }
389
- else {
390
- // this is a bug, as the pluginConfiguration handler should validate this case.
391
- msalLogger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
392
- }
393
- if (state.pluginConfiguration.broker.enableMsaPassthrough) {
394
- ((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
395
- "consumer_passthrough";
404
+ const interactiveRequest = createBaseInteractiveRequest(scopes, options);
405
+ if (state.pluginConfiguration.broker.parentWindowHandle) {
406
+ interactiveRequest.windowHandle = Buffer.from(state.pluginConfiguration.broker.parentWindowHandle);
407
+ }
408
+ else {
409
+ // this is a bug, as the pluginConfiguration handler should validate this case.
410
+ msalLogger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
411
+ }
412
+ if (state.pluginConfiguration.broker.enableMsaPassthrough) {
413
+ (interactiveRequest.tokenQueryParameters ??= {})["msal_request_type"] =
414
+ "consumer_passthrough";
415
+ }
416
+ if (useDefaultBrokerAccount) {
417
+ interactiveRequest.prompt = "none";
418
+ msalLogger.verbose("Attempting broker authentication using the default broker account");
419
+ }
420
+ else {
421
+ msalLogger.verbose("Attempting broker authentication without the default broker account");
422
+ }
423
+ if (options.proofOfPossessionOptions) {
424
+ interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;
425
+ interactiveRequest.authenticationScheme = "pop";
426
+ interactiveRequest.resourceRequestMethod =
427
+ options.proofOfPossessionOptions.resourceRequestMethod;
428
+ interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;
429
+ }
430
+ try {
431
+ return await app.acquireTokenInteractive(interactiveRequest);
432
+ }
433
+ catch (e) {
434
+ msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);
435
+ if (options.disableAutomaticAuthentication) {
436
+ throw new AuthenticationRequiredError({
437
+ scopes,
438
+ getTokenOptions: options,
439
+ message: "Cannot silently authenticate with default broker account.",
440
+ });
396
441
  }
442
+ // If we tried to use the default broker account and failed, fall back to interactive authentication
397
443
  if (useDefaultBrokerAccount) {
398
- interactiveRequest.prompt = "none";
399
- msalLogger.verbose("Attempting broker authentication using the default broker account");
444
+ return getBrokeredTokenInternal(scopes, false, options);
400
445
  }
401
446
  else {
402
- msalLogger.verbose("Attempting broker authentication without the default broker account");
403
- }
404
- if (options.proofOfPossessionOptions) {
405
- interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;
406
- interactiveRequest.authenticationScheme = "pop";
407
- interactiveRequest.resourceRequestMethod =
408
- options.proofOfPossessionOptions.resourceRequestMethod;
409
- interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;
410
- }
411
- try {
412
- return await app.acquireTokenInteractive(interactiveRequest);
413
- }
414
- catch (e) {
415
- msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);
416
- // If we tried to use the default broker account and failed, fall back to interactive authentication
417
- if (useDefaultBrokerAccount) {
418
- return getBrokeredToken(/* useDefaultBrokerAccount: */ false);
419
- }
420
- else {
421
- throw e;
422
- }
447
+ throw e;
423
448
  }
424
449
  }
425
- function createBaseInteractiveRequest() {
426
- var _a, _b;
427
- return {
428
- openBrowser: async (url) => {
429
- const open = await import("open");
430
- await open.default(url, { wait: true, newInstance: true });
431
- },
432
- scopes,
433
- authority: calculateRequestAuthority(options),
434
- claims: options === null || options === void 0 ? void 0 : options.claims,
435
- loginHint: options === null || options === void 0 ? void 0 : options.loginHint,
436
- errorTemplate: (_a = options === null || options === void 0 ? void 0 : options.browserCustomizationOptions) === null || _a === void 0 ? void 0 : _a.errorMessage,
437
- successTemplate: (_b = options === null || options === void 0 ? void 0 : options.browserCustomizationOptions) === null || _b === void 0 ? void 0 : _b.successMessage,
438
- prompt: (options === null || options === void 0 ? void 0 : options.loginHint) ? "login" : "select_account",
439
- };
440
- }
450
+ }
451
+ /**
452
+ * A helper function that supports brokered authentication through the MSAL's public application.
453
+ *
454
+ * When useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.
455
+ * If the default broker account is not available, the method will fall back to interactive authentication.
456
+ */
457
+ async function getBrokeredToken(scopes, useDefaultBrokerAccount, options = {}) {
458
+ msalLogger.getToken.info(`Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${useDefaultBrokerAccount}`);
459
+ const response = await getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options);
460
+ ensureValidMsalToken(scopes, response, options);
461
+ ensureValidMsalToken(scopes, response, options);
462
+ state.cachedAccount = response?.account ?? null;
463
+ state.logger.getToken.info(formatSuccess(scopes));
464
+ return {
465
+ token: response.accessToken,
466
+ expiresOnTimestamp: response.expiresOn.getTime(),
467
+ refreshAfterTimestamp: response.refreshOn?.getTime(),
468
+ tokenType: response.tokenType,
469
+ };
470
+ }
471
+ async function getTokenByInteractiveRequest(scopes, options = {}) {
472
+ msalLogger.getToken.info(`Attempting to acquire token interactively`);
473
+ const app = await getPublicApp(options);
441
474
  return withSilentAuthentication(app, scopes, options, async () => {
442
- var _a;
443
- const interactiveRequest = createBaseInteractiveRequest();
475
+ const interactiveRequest = createBaseInteractiveRequest(scopes, options);
444
476
  if (state.pluginConfiguration.broker.isEnabled) {
445
- return getBrokeredToken((_a = state.pluginConfiguration.broker.useDefaultBrokerAccount) !== null && _a !== void 0 ? _a : false);
477
+ return getBrokeredTokenInternal(scopes, state.pluginConfiguration.broker.useDefaultBrokerAccount ?? false, options);
446
478
  }
447
479
  if (options.proofOfPossessionOptions) {
448
480
  interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;
@@ -456,6 +488,7 @@ export function createMsalClient(clientId, tenantId, createMsalClientOptions = {
456
488
  }
457
489
  return {
458
490
  getActiveAccount,
491
+ getBrokeredToken,
459
492
  getTokenByClientSecret,
460
493
  getTokenByClientAssertion,
461
494
  getTokenByClientCertificate,