@azure/identity 4.10.3-alpha.20250714.3 → 4.11.0-alpha.20250717.4

package/dist/commonjs/plugins/provider.d.ts

@@ -1,5 +1,4 @@
 import type { TokenCachePersistenceOptions } from "../msal/nodeFlows/tokenCachePersistenceOptions.js";
-import type { VSCodeCredentialFinder } from "../credentials/visualStudioCodeCredentialPlugin.js";
 /**
  * The type of an Azure Identity plugin, a function accepting a plugin
  * context.
@@ -18,7 +17,8 @@ export interface NativeBrokerPluginControl {
  * Plugin context entries for controlling VisualStudioCodeCredential.
  */
 export interface VisualStudioCodeCredentialControl {
-    setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;
+    setVSCodeAuthRecordPath(path: string): void;
+    setVSCodeBroker(broker: import("@azure/msal-node").INativeBrokerPlugin): void;
 }
 /**
  * Context options passed to a plugin during initialization.

package/dist/commonjs/plugins/provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mDAAmD,CAAC;AACtG,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oDAAoD,CAAC;AAEjG;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,cAAc,CACZ,kBAAkB,EAAE,CAClB,OAAO,CAAC,EAAE,4BAA4B,KAEnC,OAAO,CAAC,OAAO,kBAAkB,EAAE,YAAY,CAAC,GACpD,IAAI,CAAC;CACT;AAED,MAAM,WAAW,yBAAyB;IAExC,eAAe,CAAC,YAAY,EAAE,OAAO,kBAAkB,EAAE,mBAAmB,GAAG,IAAI,CAAC;CACrF;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,yBAAyB,CAAC,MAAM,EAAE,sBAAsB,GAAG,IAAI,CAAC;CACjE;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,yBAAyB,CAAC;IACrD,uBAAuB,EAAE,iCAAiC,CAAC;CAC5D"}
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mDAAmD,CAAC;AAEtG;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,cAAc,CACZ,kBAAkB,EAAE,CAClB,OAAO,CAAC,EAAE,4BAA4B,KAEnC,OAAO,CAAC,OAAO,kBAAkB,EAAE,YAAY,CAAC,GACpD,IAAI,CAAC;CACT;AAED,MAAM,WAAW,yBAAyB;IAExC,eAAe,CAAC,YAAY,EAAE,OAAO,kBAAkB,EAAE,mBAAmB,GAAG,IAAI,CAAC;CACrF;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,eAAe,CAAC,MAAM,EAAE,OAAO,kBAAkB,EAAE,mBAAmB,GAAG,IAAI,CAAC;CAC/E;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,yBAAyB,CAAC;IACrD,uBAAuB,EAAE,iCAAiC,CAAC;CAC5D"}

package/dist/commonjs/plugins/provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions.js\";\nimport type { VSCodeCredentialFinder } from \"../credentials/visualStudioCodeCredentialPlugin.js\";\n\n/**\n * The type of an Azure Identity plugin, a function accepting a plugin\n * context.\n */\nexport type IdentityPlugin = (context: unknown) => void;\n\n/**\n * Plugin context entries for controlling cache plugins.\n */\nexport interface CachePluginControl {\n  setPersistence(\n    persistenceFactory: (\n      options?: TokenCachePersistenceOptions,\n      // eslint-disable-next-line @typescript-eslint/consistent-type-imports\n    ) => Promise<import(\"@azure/msal-node\").ICachePlugin>,\n  ): void;\n}\n\nexport interface NativeBrokerPluginControl {\n  // eslint-disable-next-line @typescript-eslint/consistent-type-imports\n  setNativeBroker(nativeBroker: import(\"@azure/msal-node\").INativeBrokerPlugin): void;\n}\n\n/**\n * Plugin context entries for controlling VisualStudioCodeCredential.\n */\nexport interface VisualStudioCodeCredentialControl {\n  setVsCodeCredentialFinder(finder: VSCodeCredentialFinder): void;\n}\n\n/**\n * Context options passed to a plugin during initialization.\n *\n * Plugin authors are responsible for casting their plugin context values\n * to this type.\n *\n * @internal\n */\nexport interface AzurePluginContext {\n  cachePluginControl: CachePluginControl;\n  nativeBrokerPluginControl: NativeBrokerPluginControl;\n  vsCodeCredentialControl: VisualStudioCodeCredentialControl;\n}\n"]}
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/plugins/provider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions.js\";\n\n/**\n * The type of an Azure Identity plugin, a function accepting a plugin\n * context.\n */\nexport type IdentityPlugin = (context: unknown) => void;\n\n/**\n * Plugin context entries for controlling cache plugins.\n */\nexport interface CachePluginControl {\n  setPersistence(\n    persistenceFactory: (\n      options?: TokenCachePersistenceOptions,\n      // eslint-disable-next-line @typescript-eslint/consistent-type-imports\n    ) => Promise<import(\"@azure/msal-node\").ICachePlugin>,\n  ): void;\n}\n\nexport interface NativeBrokerPluginControl {\n  // eslint-disable-next-line @typescript-eslint/consistent-type-imports\n  setNativeBroker(nativeBroker: import(\"@azure/msal-node\").INativeBrokerPlugin): void;\n}\n\n/**\n * Plugin context entries for controlling VisualStudioCodeCredential.\n */\nexport interface VisualStudioCodeCredentialControl {\n  setVSCodeAuthRecordPath(path: string): void;\n  setVSCodeBroker(broker: import(\"@azure/msal-node\").INativeBrokerPlugin): void;\n}\n\n/**\n * Context options passed to a plugin during initialization.\n *\n * Plugin authors are responsible for casting their plugin context values\n * to this type.\n *\n * @internal\n */\nexport interface AzurePluginContext {\n  cachePluginControl: CachePluginControl;\n  nativeBrokerPluginControl: NativeBrokerPluginControl;\n  vsCodeCredentialControl: VisualStudioCodeCredentialControl;\n}\n"]}

package/dist/commonjs/regionalAuthority.js

@@ -129,11 +129,10 @@ function calculateRegionalAuthority(regionalAuthority) {
     // Note: as of today only 3 credentials support regional authority, and the parameter
     // is not exposed via the public API. Regional Authority is _only_ supported
     // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.
-    var _a, _b;
     // Accepting the regionalAuthority parameter will allow us to support it in the future.
     let azureRegion = regionalAuthority;
     if (azureRegion === undefined &&
-        ((_b = (_a = globalThis.process) === null || _a === void 0 ? void 0 : _a.env) === null || _b === void 0 ? void 0 : _b.AZURE_REGIONAL_AUTHORITY_NAME) !== undefined) {
+        globalThis.process?.env?.AZURE_REGIONAL_AUTHORITY_NAME !== undefined) {
         azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;
     }
     if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {

package/dist/commonjs/regionalAuthority.js.map

@@ -1 +1 @@
-{"version":3,"file":"regionalAuthority.js","sourceRoot":"","sources":["../../src/regionalAuthority.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA2HlC,gEAoBC;AA7ID;;GAEG;AACH,IAAY,iBA2GX;AA3GD,WAAY,iBAAiB;IAC3B,uDAAuD;IACvD,8DAAyC,CAAA;IACzC,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,mFAAmF;IACnF,4DAAuC,CAAA;IACvC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,+EAA+E;IAC/E,2DAAsC,CAAA;IACtC,2EAA2E;IAC3E,mDAA8B,CAAA;IAC9B,8EAA8E;IAC9E,yDAAoC,CAAA;IACpC,4EAA4E;IAC5E,qDAAgC,CAAA;IAChC,2EAA2E;IAC3E,sDAAiC,CAAA;IACjC,8EAA8E;IAC9E,4DAAuC,CAAA;AACzC,CAAC,EA3GW,iBAAiB,iCAAjB,iBAAiB,QA2G5B;AAED;;;;;;;;GAQG;AACH,SAAgB,0BAA0B,CAAC,iBAA0B;IACnE,qFAAqF;IACrF,4EAA4E;IAC5E,oJAAoJ;;IAEpJ,uFAAuF;IACvF,IAAI,WAAW,GAAG,iBAAiB,CAAC;IAEpC,IACE,WAAW,KAAK,SAAS;QACzB,CAAA,MAAA,MAAA,UAAU,CAAC,OAAO,0CAAE,GAAG,0CAAE,6BAA6B,MAAK,SAAS,EACpE,CAAC;QACD,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;IAC1D,CAAC;IAED,IAAI,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;QACzD,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Helps specify a regional authority, or \"AutoDiscoverRegion\" to auto-detect the region.\n */\nexport enum RegionalAuthority {\n  /** Instructs MSAL to attempt to discover the region */\n  AutoDiscoverRegion = \"AutoDiscoverRegion\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */\n  USWest = \"westus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */\n  USWest2 = \"westus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */\n  USCentral = \"centralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */\n  USEast = \"eastus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */\n  USEast2 = \"eastus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */\n  USNorthCentral = \"northcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */\n  USSouthCentral = \"southcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */\n  USWestCentral = \"westcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */\n  CanadaCentral = \"canadacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */\n  CanadaEast = \"canadaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */\n  BrazilSouth = \"brazilsouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */\n  EuropeNorth = \"northeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */\n  EuropeWest = \"westeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */\n  UKSouth = \"uksouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */\n  UKWest = \"ukwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */\n  FranceCentral = \"francecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */\n  FranceSouth = \"francesouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */\n  SwitzerlandNorth = \"switzerlandnorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */\n  SwitzerlandWest = \"switzerlandwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */\n  GermanyNorth = \"germanynorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */\n  GermanyWestCentral = \"germanywestcentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */\n  NorwayWest = \"norwaywest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */\n  NorwayEast = \"norwayeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */\n  AsiaEast = \"eastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */\n  AsiaSouthEast = \"southeastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */\n  JapanEast = \"japaneast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */\n  JapanWest = \"japanwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */\n  AustraliaEast = \"australiaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */\n  AustraliaSouthEast = \"australiasoutheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */\n  AustraliaCentral = \"australiacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */\n  AustraliaCentral2 = \"australiacentral2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */\n  IndiaCentral = \"centralindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */\n  IndiaSouth = \"southindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */\n  IndiaWest = \"westindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */\n  KoreaSouth = \"koreasouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */\n  KoreaCentral = \"koreacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */\n  UAECentral = \"uaecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */\n  UAENorth = \"uaenorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */\n  SouthAfricaNorth = \"southafricanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */\n  SouthAfricaWest = \"southafricawest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */\n  ChinaNorth = \"chinanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */\n  ChinaEast = \"chinaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */\n  ChinaNorth2 = \"chinanorth2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */\n  ChinaEast2 = \"chinaeast2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */\n  GermanyCentral = \"germanycentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */\n  GermanyNorthEast = \"germanynortheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */\n  GovernmentUSVirginia = \"usgovvirginia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */\n  GovernmentUSIowa = \"usgoviowa\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */\n  GovernmentUSArizona = \"usgovarizona\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */\n  GovernmentUSTexas = \"usgovtexas\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */\n  GovernmentUSDodEast = \"usdodeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */\n  GovernmentUSDodCentral = \"usdodcentral\",\n}\n\n/**\n * Calculates the correct regional authority based on the supplied value\n * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.\n *\n * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}\n * which is mapped to a value MSAL can understand.\n *\n * @internal\n */\nexport function calculateRegionalAuthority(regionalAuthority?: string): string | undefined {\n  // Note: as of today only 3 credentials support regional authority, and the parameter\n  // is not exposed via the public API. Regional Authority is _only_ supported\n  // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.\n\n  // Accepting the regionalAuthority parameter will allow us to support it in the future.\n  let azureRegion = regionalAuthority;\n\n  if (\n    azureRegion === undefined &&\n    globalThis.process?.env?.AZURE_REGIONAL_AUTHORITY_NAME !== undefined\n  ) {\n    azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n  }\n\n  if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n    return \"AUTO_DISCOVER\";\n  }\n\n  return azureRegion;\n}\n"]}
+{"version":3,"file":"regionalAuthority.js","sourceRoot":"","sources":["../../src/regionalAuthority.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA2HlC,gEAoBC;AA7ID;;GAEG;AACH,IAAY,iBA2GX;AA3GD,WAAY,iBAAiB;IAC3B,uDAAuD;IACvD,8DAAyC,CAAA;IACzC,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,yEAAyE;IACzE,wCAAmB,CAAA;IACnB,wEAAwE;IACxE,sCAAiB,CAAA;IACjB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,+EAA+E;IAC/E,oDAA+B,CAAA;IAC/B,oFAAoF;IACpF,8DAAyC,CAAA;IACzC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,mFAAmF;IACnF,4DAAuC,CAAA;IACvC,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,8EAA8E;IAC9E,kDAA6B,CAAA;IAC7B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,0EAA0E;IAC1E,0CAAqB,CAAA;IACrB,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,iFAAiF;IACjF,wDAAmC,CAAA;IACnC,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,2EAA2E;IAC3E,4CAAuB,CAAA;IACvB,6EAA6E;IAC7E,gDAA2B,CAAA;IAC3B,4EAA4E;IAC5E,8CAAyB,CAAA;IACzB,gFAAgF;IAChF,sDAAiC,CAAA;IACjC,kFAAkF;IAClF,0DAAqC,CAAA;IACrC,+EAA+E;IAC/E,2DAAsC,CAAA;IACtC,2EAA2E;IAC3E,mDAA8B,CAAA;IAC9B,8EAA8E;IAC9E,yDAAoC,CAAA;IACpC,4EAA4E;IAC5E,qDAAgC,CAAA;IAChC,2EAA2E;IAC3E,sDAAiC,CAAA;IACjC,8EAA8E;IAC9E,4DAAuC,CAAA;AACzC,CAAC,EA3GW,iBAAiB,iCAAjB,iBAAiB,QA2G5B;AAED;;;;;;;;GAQG;AACH,SAAgB,0BAA0B,CAAC,iBAA0B;IACnE,qFAAqF;IACrF,4EAA4E;IAC5E,oJAAoJ;IAEpJ,uFAAuF;IACvF,IAAI,WAAW,GAAG,iBAAiB,CAAC;IAEpC,IACE,WAAW,KAAK,SAAS;QACzB,UAAU,CAAC,OAAO,EAAE,GAAG,EAAE,6BAA6B,KAAK,SAAS,EACpE,CAAC;QACD,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;IAC1D,CAAC;IAED,IAAI,WAAW,KAAK,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;QACzD,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Helps specify a regional authority, or \"AutoDiscoverRegion\" to auto-detect the region.\n */\nexport enum RegionalAuthority {\n  /** Instructs MSAL to attempt to discover the region */\n  AutoDiscoverRegion = \"AutoDiscoverRegion\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */\n  USWest = \"westus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */\n  USWest2 = \"westus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */\n  USCentral = \"centralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */\n  USEast = \"eastus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */\n  USEast2 = \"eastus2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */\n  USNorthCentral = \"northcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */\n  USSouthCentral = \"southcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */\n  USWestCentral = \"westcentralus\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */\n  CanadaCentral = \"canadacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */\n  CanadaEast = \"canadaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */\n  BrazilSouth = \"brazilsouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */\n  EuropeNorth = \"northeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */\n  EuropeWest = \"westeurope\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */\n  UKSouth = \"uksouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */\n  UKWest = \"ukwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */\n  FranceCentral = \"francecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */\n  FranceSouth = \"francesouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */\n  SwitzerlandNorth = \"switzerlandnorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */\n  SwitzerlandWest = \"switzerlandwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */\n  GermanyNorth = \"germanynorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */\n  GermanyWestCentral = \"germanywestcentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */\n  NorwayWest = \"norwaywest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */\n  NorwayEast = \"norwayeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */\n  AsiaEast = \"eastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */\n  AsiaSouthEast = \"southeastasia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */\n  JapanEast = \"japaneast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */\n  JapanWest = \"japanwest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */\n  AustraliaEast = \"australiaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */\n  AustraliaSouthEast = \"australiasoutheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */\n  AustraliaCentral = \"australiacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */\n  AustraliaCentral2 = \"australiacentral2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */\n  IndiaCentral = \"centralindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */\n  IndiaSouth = \"southindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */\n  IndiaWest = \"westindia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */\n  KoreaSouth = \"koreasouth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */\n  KoreaCentral = \"koreacentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */\n  UAECentral = \"uaecentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */\n  UAENorth = \"uaenorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */\n  SouthAfricaNorth = \"southafricanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */\n  SouthAfricaWest = \"southafricawest\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */\n  ChinaNorth = \"chinanorth\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */\n  ChinaEast = \"chinaeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */\n  ChinaNorth2 = \"chinanorth2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */\n  ChinaEast2 = \"chinaeast2\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */\n  GermanyCentral = \"germanycentral\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */\n  GermanyNorthEast = \"germanynortheast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */\n  GovernmentUSVirginia = \"usgovvirginia\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */\n  GovernmentUSIowa = \"usgoviowa\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */\n  GovernmentUSArizona = \"usgovarizona\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */\n  GovernmentUSTexas = \"usgovtexas\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */\n  GovernmentUSDodEast = \"usdodeast\",\n  /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */\n  GovernmentUSDodCentral = \"usdodcentral\",\n}\n\n/**\n * Calculates the correct regional authority based on the supplied value\n * and the AZURE_REGIONAL_AUTHORITY_NAME environment variable.\n *\n * Values will be returned verbatim, except for {@link RegionalAuthority.AutoDiscoverRegion}\n * which is mapped to a value MSAL can understand.\n *\n * @internal\n */\nexport function calculateRegionalAuthority(regionalAuthority?: string): string | undefined {\n  // Note: as of today only 3 credentials support regional authority, and the parameter\n  // is not exposed via the public API. Regional Authority is _only_ supported\n  // via the AZURE_REGIONAL_AUTHORITY_NAME env var and _only_ for: ClientSecretCredential, ClientCertificateCredential, and ClientAssertionCredential.\n\n  // Accepting the regionalAuthority parameter will allow us to support it in the future.\n  let azureRegion = regionalAuthority;\n\n  if (\n    azureRegion === undefined &&\n    globalThis.process?.env?.AZURE_REGIONAL_AUTHORITY_NAME !== undefined\n  ) {\n    azureRegion = process.env.AZURE_REGIONAL_AUTHORITY_NAME;\n  }\n\n  if (azureRegion === RegionalAuthority.AutoDiscoverRegion) {\n    return \"AUTO_DISCOVER\";\n  }\n\n  return azureRegion;\n}\n"]}

package/dist/commonjs/tokenProvider.js

@@ -31,7 +31,6 @@ function getBearerTokenProvider(credential, scopes, options) {
     const pipeline = (0, core_rest_pipeline_1.createEmptyPipeline)();
     pipeline.addPolicy((0, core_rest_pipeline_1.bearerTokenAuthenticationPolicy)({ credential, scopes }));
     async function getRefreshedToken() {
-        var _a;
         // Create a pipeline with just the bearer token policy
         // and run a dummy request through it to get the token
         const res = await pipeline.sendRequest({
@@ -45,7 +44,7 @@ function getBearerTokenProvider(credential, scopes, options) {
             abortSignal,
             tracingOptions,
         }));
-        const accessToken = (_a = res.headers.get("authorization")) === null || _a === void 0 ? void 0 : _a.split(" ")[1];
+        const accessToken = res.headers.get("authorization")?.split(" ")[1];
         if (!accessToken) {
             throw new Error("Failed to get access token");
         }

package/dist/commonjs/tokenProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA8ClC,wDAiCC;AA5ED,kEAImC;AAiBnC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAA,wCAAmB,GAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,IAAA,oDAA+B,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,IAAA,0CAAqB,EAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n  bearerTokenAuthenticationPolicy,\n  createEmptyPipeline,\n  createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n  /** The abort signal to abort requests to get tokens */\n  abortSignal?: AbortSignal;\n  /** The tracing options for the requests to get tokens */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request to get a token.\n     */\n    tracingContext?: TracingContext;\n  };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```ts snippet:token_provider_example\n * import { DefaultAzureCredential, getBearerTokenProvider } from \"@azure/identity\";\n * import { createPipelineRequest } from \"@azure/core-rest-pipeline\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n *\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n  credential: TokenCredential,\n  scopes: string | string[],\n  options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n  const { abortSignal, tracingOptions } = options || {};\n  const pipeline = createEmptyPipeline();\n  pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n  async function getRefreshedToken(): Promise<string> {\n    // Create a pipeline with just the bearer token policy\n    // and run a dummy request through it to get the token\n    const res = await pipeline.sendRequest(\n      {\n        sendRequest: (request) =>\n          Promise.resolve({\n            request,\n            status: 200,\n            headers: request.headers,\n          }),\n      },\n      createPipelineRequest({\n        url: \"https://example.com\",\n        abortSignal,\n        tracingOptions,\n      }),\n    );\n    const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n    if (!accessToken) {\n      throw new Error(\"Failed to get access token\");\n    }\n    return accessToken;\n  }\n  return getRefreshedToken;\n}\n"]}
+{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA8ClC,wDAiCC;AA5ED,kEAImC;AAiBnC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAA,wCAAmB,GAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,IAAA,oDAA+B,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,IAAA,0CAAqB,EAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n  bearerTokenAuthenticationPolicy,\n  createEmptyPipeline,\n  createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n  /** The abort signal to abort requests to get tokens */\n  abortSignal?: AbortSignal;\n  /** The tracing options for the requests to get tokens */\n  tracingOptions?: {\n    /**\n     * Tracing Context for the current request to get a token.\n     */\n    tracingContext?: TracingContext;\n  };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```ts snippet:token_provider_example\n * import { DefaultAzureCredential, getBearerTokenProvider } from \"@azure/identity\";\n * import { createPipelineRequest } from \"@azure/core-rest-pipeline\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n *\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n  credential: TokenCredential,\n  scopes: string | string[],\n  options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n  const { abortSignal, tracingOptions } = options || {};\n  const pipeline = createEmptyPipeline();\n  pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n  async function getRefreshedToken(): Promise<string> {\n    // Create a pipeline with just the bearer token policy\n    // and run a dummy request through it to get the token\n    const res = await pipeline.sendRequest(\n      {\n        sendRequest: (request) =>\n          Promise.resolve({\n            request,\n            status: 200,\n            headers: request.headers,\n          }),\n      },\n      createPipelineRequest({\n        url: \"https://example.com\",\n        abortSignal,\n        tracingOptions,\n      }),\n    );\n    const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n    if (!accessToken) {\n      throw new Error(\"Failed to get access token\");\n    }\n    return accessToken;\n  }\n  return getRefreshedToken;\n}\n"]}

package/dist/commonjs/util/logging.js

@@ -50,7 +50,7 @@ function formatSuccess(scope) {
  */
 function formatError(scope, error) {
     let message = "ERROR.";
-    if (scope === null || scope === void 0 ? void 0 : scope.length) {
+    if (scope?.length) {
         message += ` Scopes: ${Array.isArray(scope) ? scope.join(", ") : scope}.`;
     }
     return `${message} Error message: ${typeof error === "string" ? error : error.message}.`;
@@ -98,6 +98,10 @@ function credentialLoggerInstance(title, parent, log = exports.logger) {
  */
 function credentialLogger(title, log = exports.logger) {
     const credLogger = credentialLoggerInstance(title, undefined, log);
-    return Object.assign(Object.assign({}, credLogger), { parent: log, getToken: credentialLoggerInstance("=> getToken()", credLogger, log) });
+    return {
+        ...credLogger,
+        parent: log,
+        getToken: credentialLoggerInstance("=> getToken()", credLogger, log),
+    };
 }
 //# sourceMappingURL=logging.js.map

package/dist/commonjs/util/logging.js.map

@@ -1 +1 @@
-{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAmBlC,wCAYC;AAQD,gCAKC;AAKD,sCAEC;AAKD,kCAMC;AAsBD,4DA+BC;AAqBD,4CAOC;AA5ID,0CAAmD;AAEnD;;GAEG;AACU,QAAA,MAAM,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;AAOrD;;;GAGG;AACH,SAAgB,cAAc,CAAC,gBAA0B;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB,EAAE,EAAE;QACnD,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,cAAsB,EAAE,gBAA0B;IAC3E,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACtD,cAAM,CAAC,IAAI,CACT,GAAG,cAAc,kDAAkD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,KAAwB;IACpD,OAAO,oBAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,KAAoC,EAAE,KAAqB;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE,CAAC;QAClB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAC5E,CAAC;IACD,OAAO,GAAG,OAAO,mBAAmB,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAcD;;;;;;;GAOG;AACH,SAAgB,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmB,cAAM;IAEzB,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe;QAC3B,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,KAAK,CAAC,OAAe;QAC5B,GAAG,CAAC,KAAK,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;QACJ,OAAO;QACP,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAWD;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAAC,KAAa,EAAE,MAAmB,cAAM;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACnE,uCACK,UAAU,KACb,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC,IACpE;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AzureLogger } from \"@azure/logger\";\nimport { createClientLogger } from \"@azure/logger\";\n\n/**\n * The AzureLogger used for all clients within the identity package\n */\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n  missing: string[];\n  assigned: string[];\n}\n\n/**\n * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n */\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n  return supportedEnvVars.reduce(\n    (acc: EnvironmentAccumulator, envVariable: string) => {\n      if (process.env[envVariable]) {\n        acc.assigned.push(envVariable);\n      } else {\n        acc.missing.push(envVariable);\n      }\n      return acc;\n    },\n    { missing: [], assigned: [] },\n  );\n}\n\n/**\n * Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n */\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n  const { assigned } = processEnvVars(supportedEnvVars);\n  logger.info(\n    `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`,\n  );\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatSuccess(scope: string | string[]): string {\n  return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatError(scope: string | string[] | undefined, error: Error | string): string {\n  let message = \"ERROR.\";\n  if (scope?.length) {\n    message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n  }\n  return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/**\n * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n */\nexport interface CredentialLoggerInstance {\n  title: string;\n  fullTitle: string;\n  info(message: string): void;\n  warning(message: string): void;\n  verbose(message: string): void;\n  error(err: string): void;\n}\n\n/**\n * Generates a CredentialLoggerInstance.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *\n */\nexport function credentialLoggerInstance(\n  title: string,\n  parent?: CredentialLoggerInstance,\n  log: AzureLogger = logger,\n): CredentialLoggerInstance {\n  const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n  function info(message: string): void {\n    log.info(`${fullTitle} =>`, message);\n  }\n\n  function warning(message: string): void {\n    log.warning(`${fullTitle} =>`, message);\n  }\n\n  function verbose(message: string): void {\n    log.verbose(`${fullTitle} =>`, message);\n  }\n\n  function error(message: string): void {\n    log.error(`${fullTitle} =>`, message);\n  }\n\n  return {\n    title,\n    fullTitle,\n    info,\n    warning,\n    verbose,\n    error,\n  };\n}\n\n/**\n * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n */\nexport interface CredentialLogger extends CredentialLoggerInstance {\n  parent: AzureLogger;\n  getToken: CredentialLoggerInstance;\n}\n\n/**\n * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *   `[title] => getToken() => [message]`\n *\n */\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n  const credLogger = credentialLoggerInstance(title, undefined, log);\n  return {\n    ...credLogger,\n    parent: log,\n    getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log),\n  };\n}\n"]}
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../../src/util/logging.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAmBlC,wCAYC;AAQD,gCAKC;AAKD,sCAEC;AAKD,kCAMC;AAsBD,4DA+BC;AAqBD,4CAOC;AA5ID,0CAAmD;AAEnD;;GAEG;AACU,QAAA,MAAM,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;AAOrD;;;GAGG;AACH,SAAgB,cAAc,CAAC,gBAA0B;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB,EAAE,EAAE;QACnD,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,cAAsB,EAAE,gBAA0B;IAC3E,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACtD,cAAM,CAAC,IAAI,CACT,GAAG,cAAc,kDAAkD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,KAAwB;IACpD,OAAO,oBAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,KAAoC,EAAE,KAAqB;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;QAClB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;IAC5E,CAAC;IACD,OAAO,GAAG,OAAO,mBAAmB,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAcD;;;;;;;GAOG;AACH,SAAgB,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmB,cAAM;IAEzB,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe;QAC3B,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,OAAO,CAAC,OAAe;QAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS,KAAK,CAAC,OAAe;QAC5B,GAAG,CAAC,KAAK,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;QACJ,OAAO;QACP,OAAO;QACP,KAAK;KACN,CAAC;AACJ,CAAC;AAWD;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAAC,KAAa,EAAE,MAAmB,cAAM;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO;QACL,GAAG,UAAU;QACb,MAAM,EAAE,GAAG;QACX,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC;KACrE,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AzureLogger } from \"@azure/logger\";\nimport { createClientLogger } from \"@azure/logger\";\n\n/**\n * The AzureLogger used for all clients within the identity package\n */\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n  missing: string[];\n  assigned: string[];\n}\n\n/**\n * Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n */\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n  return supportedEnvVars.reduce(\n    (acc: EnvironmentAccumulator, envVariable: string) => {\n      if (process.env[envVariable]) {\n        acc.assigned.push(envVariable);\n      } else {\n        acc.missing.push(envVariable);\n      }\n      return acc;\n    },\n    { missing: [], assigned: [] },\n  );\n}\n\n/**\n * Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n */\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n  const { assigned } = processEnvVars(supportedEnvVars);\n  logger.info(\n    `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`,\n  );\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatSuccess(scope: string | string[]): string {\n  return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/**\n * Formatting the success event on the credentials\n */\nexport function formatError(scope: string | string[] | undefined, error: Error | string): string {\n  let message = \"ERROR.\";\n  if (scope?.length) {\n    message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n  }\n  return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/**\n * A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n */\nexport interface CredentialLoggerInstance {\n  title: string;\n  fullTitle: string;\n  info(message: string): void;\n  warning(message: string): void;\n  verbose(message: string): void;\n  error(err: string): void;\n}\n\n/**\n * Generates a CredentialLoggerInstance.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *\n */\nexport function credentialLoggerInstance(\n  title: string,\n  parent?: CredentialLoggerInstance,\n  log: AzureLogger = logger,\n): CredentialLoggerInstance {\n  const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n  function info(message: string): void {\n    log.info(`${fullTitle} =>`, message);\n  }\n\n  function warning(message: string): void {\n    log.warning(`${fullTitle} =>`, message);\n  }\n\n  function verbose(message: string): void {\n    log.verbose(`${fullTitle} =>`, message);\n  }\n\n  function error(message: string): void {\n    log.error(`${fullTitle} =>`, message);\n  }\n\n  return {\n    title,\n    fullTitle,\n    info,\n    warning,\n    verbose,\n    error,\n  };\n}\n\n/**\n * A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n */\nexport interface CredentialLogger extends CredentialLoggerInstance {\n  parent: AzureLogger;\n  getToken: CredentialLoggerInstance;\n}\n\n/**\n * Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n *\n * It logs with the format:\n *\n *   `[title] => [message]`\n *   `[title] => getToken() => [message]`\n *\n */\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n  const credLogger = credentialLoggerInstance(title, undefined, log);\n  return {\n    ...credLogger,\n    parent: log,\n    getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log),\n  };\n}\n"]}

package/dist/commonjs/util/processMultiTenantRequest.js

@@ -14,7 +14,6 @@ function createConfigurationErrorMessage(tenantId) {
  * @internal
  */
 function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds = [], logger) {
-    var _a;
     let resolvedTenantId;
     if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {
         resolvedTenantId = tenantId;
@@ -23,14 +22,14 @@ function processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowe
         resolvedTenantId = tenantId;
     }
     else {
-        resolvedTenantId = (_a = getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.tenantId) !== null && _a !== void 0 ? _a : tenantId;
+        resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;
     }
     if (tenantId &&
         resolvedTenantId !== tenantId &&
         !additionallyAllowedTenantIds.includes("*") &&
         !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId) === 0)) {
         const message = createConfigurationErrorMessage(resolvedTenantId);
-        logger === null || logger === void 0 ? void 0 : logger.info(message);
+        logger?.info(message);
         throw new errors_js_1.CredentialUnavailableError(message);
     }
     return resolvedTenantId;

package/dist/commonjs/util/processMultiTenantRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAgBlC,8DA0BC;AAvCD,4CAA0D;AAG1D,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,SAAgB,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;QACvD,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ,mCAAI,QAAQ,CAAC;IAC3D,CAAC;IACD,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF,CAAC;QACD,MAAM,OAAO,GAAG,+BAA+B,CAAC,gBAAiB,CAAC,CAAC;QACnE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"./logging.js\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n  return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"*\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions,\n  additionallyAllowedTenantIds: string[] = [],\n  logger?: CredentialLogger,\n): string | undefined {\n  let resolvedTenantId: string | undefined;\n  if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n    resolvedTenantId = tenantId;\n  } else if (tenantId === \"adfs\") {\n    resolvedTenantId = tenantId;\n  } else {\n    resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n  }\n  if (\n    tenantId &&\n    resolvedTenantId !== tenantId &&\n    !additionallyAllowedTenantIds.includes(\"*\") &&\n    !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n  ) {\n    const message = createConfigurationErrorMessage(resolvedTenantId!);\n    logger?.info(message);\n    throw new CredentialUnavailableError(message);\n  }\n\n  return resolvedTenantId;\n}\n"]}
+{"version":3,"file":"processMultiTenantRequest.js","sourceRoot":"","sources":["../../../src/util/processMultiTenantRequest.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAgBlC,8DA0BC;AAvCD,4CAA0D;AAG1D,SAAS,+BAA+B,CAAC,QAAgB;IACvD,OAAO,yEAAyE,QAAQ,qMAAqM,CAAC;AAChS,CAAC;AAED;;;;;GAKG;AACH,SAAgB,yBAAyB,CACvC,QAAiB,EACjB,eAAiC,EACjC,+BAAyC,EAAE,EAC3C,MAAyB;IAEzB,IAAI,gBAAoC,CAAC;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC;QACvD,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,gBAAgB,GAAG,QAAQ,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,eAAe,EAAE,QAAQ,IAAI,QAAQ,CAAC;IAC3D,CAAC;IACD,IACE,QAAQ;QACR,gBAAgB,KAAK,QAAQ;QAC7B,CAAC,4BAA4B,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC3C,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,gBAAiB,CAAC,KAAK,CAAC,CAAC,EACnF,CAAC;QACD,MAAM,OAAO,GAAG,+BAA+B,CAAC,gBAAiB,CAAC,CAAC;QACnE,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"./logging.js\";\n\nfunction createConfigurationErrorMessage(tenantId: string): string {\n  return `The current credential is not configured to acquire tokens for tenant ${tenantId}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add \"*\" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`;\n}\n\n/**\n * Of getToken contains a tenantId, this functions allows picking this tenantId as the appropriate for authentication,\n * unless multitenant authentication has been disabled through the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH (on Node.js),\n * or unless the original tenant Id is `adfs`.\n * @internal\n */\nexport function processMultiTenantRequest(\n  tenantId?: string,\n  getTokenOptions?: GetTokenOptions,\n  additionallyAllowedTenantIds: string[] = [],\n  logger?: CredentialLogger,\n): string | undefined {\n  let resolvedTenantId: string | undefined;\n  if (process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH) {\n    resolvedTenantId = tenantId;\n  } else if (tenantId === \"adfs\") {\n    resolvedTenantId = tenantId;\n  } else {\n    resolvedTenantId = getTokenOptions?.tenantId ?? tenantId;\n  }\n  if (\n    tenantId &&\n    resolvedTenantId !== tenantId &&\n    !additionallyAllowedTenantIds.includes(\"*\") &&\n    !additionallyAllowedTenantIds.some((t) => t.localeCompare(resolvedTenantId!) === 0)\n  ) {\n    const message = createConfigurationErrorMessage(resolvedTenantId!);\n    logger?.info(message);\n    throw new CredentialUnavailableError(message);\n  }\n\n  return resolvedTenantId;\n}\n"]}

package/dist/commonjs/util/processUtils.d.ts

@@ -1,4 +1,4 @@
-import * as childProcess from "child_process";
+import childProcess from "node:child_process";
 /**
  * Easy to mock childProcess utils.
  * @internal

package/dist/commonjs/util/processUtils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,YAAY,MAAM,eAAe,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}
+{"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,YAAY,MAAM,oBAAoB,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}

package/dist/commonjs/util/processUtils.js

@@ -4,7 +4,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processUtils = void 0;
 const tslib_1 = require("tslib");
-const childProcess = tslib_1.__importStar(require("child_process"));
+const node_child_process_1 = tslib_1.__importDefault(require("node:child_process"));
 /**
  * Easy to mock childProcess utils.
  * @internal
@@ -16,7 +16,7 @@ exports.processUtils = {
      */
     execFile(file, params, options) {
         return new Promise((resolve, reject) => {
-            childProcess.execFile(file, params, options, (error, stdout, stderr) => {
+            node_child_process_1.default.execFile(file, params, options, (error, stdout, stderr) => {
                 if (Buffer.isBuffer(stdout)) {
                     stdout = stdout.toString("utf8");
                 }

package/dist/commonjs/util/processUtils.js.map

@@ -1 +1 @@
-{"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,oEAA8C;AAE9C;;;GAGG;AACU,QAAA,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as childProcess from \"child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n  /**\n   * Promisifying childProcess.execFile\n   * @internal\n   */\n  execFile(\n    file: string,\n    params: string[],\n    options?: childProcess.ExecFileOptionsWithStringEncoding,\n  ): Promise<string | Buffer> {\n    return new Promise((resolve, reject) => {\n      childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n        if (Buffer.isBuffer(stdout)) {\n          stdout = stdout.toString(\"utf8\");\n        }\n        if (Buffer.isBuffer(stderr)) {\n          stderr = stderr.toString(\"utf8\");\n        }\n        if (stderr || error) {\n          reject(stderr ? new Error(stderr) : error);\n        } else {\n          resolve(stdout);\n        }\n      });\n    });\n  },\n};\n"]}
+{"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,oFAA8C;AAE9C;;;GAGG;AACU,QAAA,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,4BAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport childProcess from \"node:child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n  /**\n   * Promisifying childProcess.execFile\n   * @internal\n   */\n  execFile(\n    file: string,\n    params: string[],\n    options?: childProcess.ExecFileOptionsWithStringEncoding,\n  ): Promise<string | Buffer> {\n    return new Promise((resolve, reject) => {\n      childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n        if (Buffer.isBuffer(stdout)) {\n          stdout = stdout.toString(\"utf8\");\n        }\n        if (Buffer.isBuffer(stderr)) {\n          stderr = stderr.toString(\"utf8\");\n        }\n        if (stderr || error) {\n          reject(stderr ? new Error(stderr) : error);\n        } else {\n          resolve(stdout);\n        }\n      });\n    });\n  },\n};\n"]}

package/dist/esm/client/identityClient.js

@@ -15,13 +15,13 @@ const noCorrelationId = "noCorrelationId";
  */
 export function getIdentityClientAuthorityHost(options) {
     // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
-    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
+    let authorityHost = options?.authorityHost;
     // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
     if (isNode) {
-        authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
+        authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;
     }
     // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
-    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
+    return authorityHost ?? DefaultAuthorityHost;
 }
 /**
  * The network module used by the Identity credentials.
@@ -31,29 +31,39 @@ export function getIdentityClientAuthorityHost(options) {
  *
  */
 export class IdentityClient extends ServiceClient {
+    authorityHost;
+    allowLoggingAccountIdentifiers;
+    abortControllers;
+    allowInsecureConnection = false;
+    // used for WorkloadIdentity
+    tokenCredentialOptions;
     constructor(options) {
-        var _a, _b;
         const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
-        const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
+        const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix
             ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
             : `${packageDetails}`;
         const baseUri = getIdentityClientAuthorityHost(options);
         if (!baseUri.startsWith("https:")) {
             throw new Error("The authorityHost address must use the 'https' protocol.");
         }
-        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
+        super({
+            requestContentType: "application/json; charset=utf-8",
+            retryOptions: {
                 maxRetries: 3,
-            } }, options), { userAgentOptions: {
+            },
+            ...options,
+            userAgentOptions: {
                 userAgentPrefix,
-            }, baseUri }));
-        this.allowInsecureConnection = false;
+            },
+            baseUri,
+        });
         this.authorityHost = baseUri;
         this.abortControllers = new Map();
-        this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
+        this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;
         // used for WorkloadIdentity
-        this.tokenCredentialOptions = Object.assign({}, options);
+        this.tokenCredentialOptions = { ...options };
         // used for ManagedIdentity
-        if (options === null || options === void 0 ? void 0 : options.allowInsecureConnection) {
+        if (options?.allowInsecureConnection) {
             this.allowInsecureConnection = options.allowInsecureConnection;
         }
     }
@@ -165,8 +175,10 @@ export class IdentityClient extends ServiceClient {
         this.abortControllers.set(key, undefined);
     }
     getCorrelationId(options) {
-        var _a;
-        const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
+        const parameter = options?.body
+            ?.split("&")
+            .map((part) => part.split("="))
+            .find(([key]) => key === "client-request-id");
         return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
     }
     // The MSAL network module methods follow
@@ -174,9 +186,9 @@ export class IdentityClient extends ServiceClient {
         const request = createPipelineRequest({
             url,
             method: "GET",
-            body: options === null || options === void 0 ? void 0 : options.body,
+            body: options?.body,
             allowInsecureConnection: this.allowInsecureConnection,
-            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            headers: createHttpHeaders(options?.headers),
             abortSignal: this.generateAbortSignal(noCorrelationId),
         });
         const response = await this.sendRequest(request);
@@ -191,8 +203,8 @@ export class IdentityClient extends ServiceClient {
         const request = createPipelineRequest({
             url,
             method: "POST",
-            body: options === null || options === void 0 ? void 0 : options.body,
-            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            body: options?.body,
+            headers: createHttpHeaders(options?.headers),
             allowInsecureConnection: this.allowInsecureConnection,
             // MSAL doesn't send the correlation ID on the get requests.
             abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),

package/dist/esm/client/identityClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAErF,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,mDAAmD,CAAC;AAE3D,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACpE,CAAC;IAED,wHAAwH;IACxH,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IAQ/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,EACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd,IACE,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAzBG,4BAAuB,GAAY,KAAK,CAAC;QA2B/C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,0CAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,qBAAQ,OAAO,CAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,uBAAuB,EAAE,CAAC;YACrC,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QACjE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,CAAC;YAChF,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;oBACxD,qBAAqB,EAAE,qBAAqB,CAAC,UAAU,CAAC;oBACxD,SAAS,EAAE,QAAQ;iBACL;gBAChB,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD,CAAC;oBACD,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE,CAAC;gBACpB,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;;QAC9C,MAAM,SAAS,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,0CAC3B,KAAK,CAAC,GAAG,EACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAC7B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,uEAAuE;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport type { PipelineRequest, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport type { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { logger } from \"../util/logging.js\";\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions.js\";\nimport type { TokenResponseParsedBody } from \"../credentials/managedIdentityCredential/utils.js\";\nimport {\n  parseExpirationTimestamp,\n  parseRefreshTimestamp,\n} from \"../credentials/managedIdentityCredential/utils.js\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n  /**\n   * The AccessToken to be returned from getToken.\n   */\n  accessToken: AccessToken;\n  /**\n   * The refresh token if the 'offline_access' scope was used.\n   */\n  refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n  // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n  let authorityHost = options?.authorityHost;\n\n  // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n  if (isNode) {\n    authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n  }\n\n  // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n  return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n  public authorityHost: string;\n  private allowLoggingAccountIdentifiers?: boolean;\n  private abortControllers: Map<string, AbortController[] | undefined>;\n  private allowInsecureConnection: boolean = false;\n  // used for WorkloadIdentity\n  private tokenCredentialOptions: TokenCredentialOptions;\n\n  constructor(options?: TokenCredentialOptions) {\n    const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n    const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n      ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n      : `${packageDetails}`;\n\n    const baseUri = getIdentityClientAuthorityHost(options);\n    if (!baseUri.startsWith(\"https:\")) {\n      throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n    }\n\n    super({\n      requestContentType: \"application/json; charset=utf-8\",\n      retryOptions: {\n        maxRetries: 3,\n      },\n      ...options,\n      userAgentOptions: {\n        userAgentPrefix,\n      },\n      baseUri,\n    });\n\n    this.authorityHost = baseUri;\n    this.abortControllers = new Map();\n    this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n    // used for WorkloadIdentity\n    this.tokenCredentialOptions = { ...options };\n\n    // used for ManagedIdentity\n    if (options?.allowInsecureConnection) {\n      this.allowInsecureConnection = options.allowInsecureConnection;\n    }\n  }\n\n  async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null> {\n    logger.info(`IdentityClient: sending token request to [${request.url}]`);\n    const response = await this.sendRequest(request);\n    if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n      const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n      if (!parsedBody.access_token) {\n        return null;\n      }\n\n      this.logIdentifiers(response);\n\n      const token = {\n        accessToken: {\n          token: parsedBody.access_token,\n          expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n          refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),\n          tokenType: \"Bearer\",\n        } as AccessToken,\n        refreshToken: parsedBody.refresh_token,\n      };\n\n      logger.info(\n        `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n      );\n      return token;\n    } else {\n      const error = new AuthenticationError(response.status, response.bodyAsText);\n      logger.warning(\n        `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n      );\n      throw error;\n    }\n  }\n\n  async refreshAccessToken(\n    tenantId: string,\n    clientId: string,\n    scopes: string,\n    refreshToken: string | undefined,\n    clientSecret: string | undefined,\n    options: GetTokenOptions = {},\n  ): Promise<TokenResponse | null> {\n    if (refreshToken === undefined) {\n      return null;\n    }\n    logger.info(\n      `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n    );\n\n    const refreshParams = {\n      grant_type: \"refresh_token\",\n      client_id: clientId,\n      refresh_token: refreshToken,\n      scope: scopes,\n    };\n\n    if (clientSecret !== undefined) {\n      (refreshParams as any).client_secret = clientSecret;\n    }\n\n    const query = new URLSearchParams(refreshParams);\n\n    return tracingClient.withSpan(\n      \"IdentityClient.refreshAccessToken\",\n      options,\n      async (updatedOptions) => {\n        try {\n          const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n          const request = createPipelineRequest({\n            url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n            method: \"POST\",\n            body: query.toString(),\n            abortSignal: options.abortSignal,\n            headers: createHttpHeaders({\n              Accept: \"application/json\",\n              \"Content-Type\": \"application/x-www-form-urlencoded\",\n            }),\n            tracingOptions: updatedOptions.tracingOptions,\n          });\n\n          const response = await this.sendTokenRequest(request);\n          logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n          return response;\n        } catch (err: any) {\n          if (\n            err.name === AuthenticationErrorName &&\n            err.errorResponse.error === \"interaction_required\"\n          ) {\n            // It's likely that the refresh token has expired, so\n            // return null so that the credential implementation will\n            // initiate the authentication flow again.\n            logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n            return null;\n          } else {\n            logger.warning(\n              `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n            );\n            throw err;\n          }\n        }\n      },\n    );\n  }\n\n  // Here is a custom layer that allows us to abort requests that go through MSAL,\n  // since MSAL doesn't allow us to pass options all the way through.\n\n  generateAbortSignal(correlationId: string): AbortSignalLike {\n    const controller = new AbortController();\n    const controllers = this.abortControllers.get(correlationId) || [];\n    controllers.push(controller);\n    this.abortControllers.set(correlationId, controllers);\n    const existingOnAbort = controller.signal.onabort;\n    controller.signal.onabort = (...params) => {\n      this.abortControllers.set(correlationId, undefined);\n      if (existingOnAbort) {\n        existingOnAbort.apply(controller.signal, params);\n      }\n    };\n    return controller.signal;\n  }\n\n  abortRequests(correlationId?: string): void {\n    const key = correlationId || noCorrelationId;\n    const controllers = [\n      ...(this.abortControllers.get(key) || []),\n      // MSAL passes no correlation ID to the get requests...\n      ...(this.abortControllers.get(noCorrelationId) || []),\n    ];\n    if (!controllers.length) {\n      return;\n    }\n    for (const controller of controllers) {\n      controller.abort();\n    }\n    this.abortControllers.set(key, undefined);\n  }\n\n  getCorrelationId(options?: NetworkRequestOptions): string {\n    const parameter = options?.body\n      ?.split(\"&\")\n      .map((part) => part.split(\"=\"))\n      .find(([key]) => key === \"client-request-id\");\n    return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n  }\n\n  // The MSAL network module methods follow\n\n  async sendGetRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions,\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"GET\",\n      body: options?.body,\n      allowInsecureConnection: this.allowInsecureConnection,\n      headers: createHttpHeaders(options?.headers),\n      abortSignal: this.generateAbortSignal(noCorrelationId),\n    });\n\n    const response = await this.sendRequest(request);\n\n    this.logIdentifiers(response);\n\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status,\n    };\n  }\n\n  async sendPostRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions,\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"POST\",\n      body: options?.body,\n      headers: createHttpHeaders(options?.headers),\n      allowInsecureConnection: this.allowInsecureConnection,\n      // MSAL doesn't send the correlation ID on the get requests.\n      abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n    });\n\n    const response = await this.sendRequest(request);\n\n    this.logIdentifiers(response);\n\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status,\n    };\n  }\n\n  /**\n   *\n   * @internal\n   */\n  getTokenCredentialOptions(): TokenCredentialOptions {\n    return this.tokenCredentialOptions;\n  }\n  /**\n   * If allowLoggingAccountIdentifiers was set on the constructor options\n   * we try to log the account identifiers by parsing the received access token.\n   *\n   * The account identifiers we try to log are:\n   * - `appid`: The application or Client Identifier.\n   * - `upn`: User Principal Name.\n   *   - It might not be available in some authentication scenarios.\n   *   - If it's not available, we put a placeholder: \"No User Principal Name available\".\n   * - `tid`: Tenant Identifier.\n   * - `oid`: Object Identifier of the authenticated user.\n   */\n  private logIdentifiers(response: PipelineResponse): void {\n    if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {\n      return;\n    }\n    const unavailableUpn = \"No User Principal Name available\";\n    try {\n      const parsed = (response as any).parsedBody || JSON.parse(response.bodyAsText);\n      const accessToken = parsed.access_token;\n      if (!accessToken) {\n        // Without an access token allowLoggingAccountIdentifiers isn't useful.\n        return;\n      }\n      const base64Metadata = accessToken.split(\".\")[1];\n      const { appid, upn, tid, oid } = JSON.parse(\n        Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n      );\n\n      logger.info(\n        `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n          upn || unavailableUpn\n        }. Object ID (user): ${oid}`,\n      );\n    } catch (e: any) {\n      logger.warning(\n        \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n        e.message,\n      );\n    }\n  }\n}\n"]}
+{"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAErF,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,mDAAmD,CAAC;AAE3D,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,GAAG,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACpE,CAAC;IAED,wHAAwH;IACxH,OAAO,aAAa,IAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IACxC,aAAa,CAAS;IACrB,8BAA8B,CAAW;IACzC,gBAAgB,CAA6C;IAC7D,uBAAuB,GAAY,KAAK,CAAC;IACjD,4BAA4B;IACpB,sBAAsB,CAAyB;IAEvD,YAAY,OAAgC;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,OAAO,EAAE,gBAAgB,EAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,KAAK,CAAC;YACJ,kBAAkB,EAAE,iCAAiC;YACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd;YACD,GAAG,OAAO;YACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB;YACD,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,cAAc,EAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,OAAO,EAAE,uBAAuB,EAAE,CAAC;YACrC,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QACjE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,CAAC;YAChF,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;oBACxD,qBAAqB,EAAE,qBAAqB,CAAC,UAAU,CAAC;oBACxD,SAAS,EAAE,QAAQ;iBACL;gBAChB,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD,CAAC;oBACD,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE,CAAC;gBACpB,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;QAC9C,MAAM,SAAS,GAAG,OAAO,EAAE,IAAI;YAC7B,EAAE,KAAK,CAAC,GAAG,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,uEAAuE;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport type { PipelineRequest, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport type { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { logger } from \"../util/logging.js\";\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions.js\";\nimport type { TokenResponseParsedBody } from \"../credentials/managedIdentityCredential/utils.js\";\nimport {\n  parseExpirationTimestamp,\n  parseRefreshTimestamp,\n} from \"../credentials/managedIdentityCredential/utils.js\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/**\n * An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n */\nexport interface TokenResponse {\n  /**\n   * The AccessToken to be returned from getToken.\n   */\n  accessToken: AccessToken;\n  /**\n   * The refresh token if the 'offline_access' scope was used.\n   */\n  refreshToken?: string;\n}\n\n/**\n * @internal\n */\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n  // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n  let authorityHost = options?.authorityHost;\n\n  // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n  if (isNode) {\n    authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n  }\n\n  // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n  return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * The network module used by the Identity credentials.\n *\n * It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n *\n */\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n  public authorityHost: string;\n  private allowLoggingAccountIdentifiers?: boolean;\n  private abortControllers: Map<string, AbortController[] | undefined>;\n  private allowInsecureConnection: boolean = false;\n  // used for WorkloadIdentity\n  private tokenCredentialOptions: TokenCredentialOptions;\n\n  constructor(options?: TokenCredentialOptions) {\n    const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n    const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n      ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n      : `${packageDetails}`;\n\n    const baseUri = getIdentityClientAuthorityHost(options);\n    if (!baseUri.startsWith(\"https:\")) {\n      throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n    }\n\n    super({\n      requestContentType: \"application/json; charset=utf-8\",\n      retryOptions: {\n        maxRetries: 3,\n      },\n      ...options,\n      userAgentOptions: {\n        userAgentPrefix,\n      },\n      baseUri,\n    });\n\n    this.authorityHost = baseUri;\n    this.abortControllers = new Map();\n    this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n    // used for WorkloadIdentity\n    this.tokenCredentialOptions = { ...options };\n\n    // used for ManagedIdentity\n    if (options?.allowInsecureConnection) {\n      this.allowInsecureConnection = options.allowInsecureConnection;\n    }\n  }\n\n  async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null> {\n    logger.info(`IdentityClient: sending token request to [${request.url}]`);\n    const response = await this.sendRequest(request);\n    if (response.bodyAsText && (response.status === 200 || response.status === 201)) {\n      const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n      if (!parsedBody.access_token) {\n        return null;\n      }\n\n      this.logIdentifiers(response);\n\n      const token = {\n        accessToken: {\n          token: parsedBody.access_token,\n          expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n          refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),\n          tokenType: \"Bearer\",\n        } as AccessToken,\n        refreshToken: parsedBody.refresh_token,\n      };\n\n      logger.info(\n        `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n      );\n      return token;\n    } else {\n      const error = new AuthenticationError(response.status, response.bodyAsText);\n      logger.warning(\n        `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n      );\n      throw error;\n    }\n  }\n\n  async refreshAccessToken(\n    tenantId: string,\n    clientId: string,\n    scopes: string,\n    refreshToken: string | undefined,\n    clientSecret: string | undefined,\n    options: GetTokenOptions = {},\n  ): Promise<TokenResponse | null> {\n    if (refreshToken === undefined) {\n      return null;\n    }\n    logger.info(\n      `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n    );\n\n    const refreshParams = {\n      grant_type: \"refresh_token\",\n      client_id: clientId,\n      refresh_token: refreshToken,\n      scope: scopes,\n    };\n\n    if (clientSecret !== undefined) {\n      (refreshParams as any).client_secret = clientSecret;\n    }\n\n    const query = new URLSearchParams(refreshParams);\n\n    return tracingClient.withSpan(\n      \"IdentityClient.refreshAccessToken\",\n      options,\n      async (updatedOptions) => {\n        try {\n          const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n          const request = createPipelineRequest({\n            url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n            method: \"POST\",\n            body: query.toString(),\n            abortSignal: options.abortSignal,\n            headers: createHttpHeaders({\n              Accept: \"application/json\",\n              \"Content-Type\": \"application/x-www-form-urlencoded\",\n            }),\n            tracingOptions: updatedOptions.tracingOptions,\n          });\n\n          const response = await this.sendTokenRequest(request);\n          logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n          return response;\n        } catch (err: any) {\n          if (\n            err.name === AuthenticationErrorName &&\n            err.errorResponse.error === \"interaction_required\"\n          ) {\n            // It's likely that the refresh token has expired, so\n            // return null so that the credential implementation will\n            // initiate the authentication flow again.\n            logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n            return null;\n          } else {\n            logger.warning(\n              `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n            );\n            throw err;\n          }\n        }\n      },\n    );\n  }\n\n  // Here is a custom layer that allows us to abort requests that go through MSAL,\n  // since MSAL doesn't allow us to pass options all the way through.\n\n  generateAbortSignal(correlationId: string): AbortSignalLike {\n    const controller = new AbortController();\n    const controllers = this.abortControllers.get(correlationId) || [];\n    controllers.push(controller);\n    this.abortControllers.set(correlationId, controllers);\n    const existingOnAbort = controller.signal.onabort;\n    controller.signal.onabort = (...params) => {\n      this.abortControllers.set(correlationId, undefined);\n      if (existingOnAbort) {\n        existingOnAbort.apply(controller.signal, params);\n      }\n    };\n    return controller.signal;\n  }\n\n  abortRequests(correlationId?: string): void {\n    const key = correlationId || noCorrelationId;\n    const controllers = [\n      ...(this.abortControllers.get(key) || []),\n      // MSAL passes no correlation ID to the get requests...\n      ...(this.abortControllers.get(noCorrelationId) || []),\n    ];\n    if (!controllers.length) {\n      return;\n    }\n    for (const controller of controllers) {\n      controller.abort();\n    }\n    this.abortControllers.set(key, undefined);\n  }\n\n  getCorrelationId(options?: NetworkRequestOptions): string {\n    const parameter = options?.body\n      ?.split(\"&\")\n      .map((part) => part.split(\"=\"))\n      .find(([key]) => key === \"client-request-id\");\n    return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;\n  }\n\n  // The MSAL network module methods follow\n\n  async sendGetRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions,\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"GET\",\n      body: options?.body,\n      allowInsecureConnection: this.allowInsecureConnection,\n      headers: createHttpHeaders(options?.headers),\n      abortSignal: this.generateAbortSignal(noCorrelationId),\n    });\n\n    const response = await this.sendRequest(request);\n\n    this.logIdentifiers(response);\n\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status,\n    };\n  }\n\n  async sendPostRequestAsync<T>(\n    url: string,\n    options?: NetworkRequestOptions,\n  ): Promise<NetworkResponse<T>> {\n    const request = createPipelineRequest({\n      url,\n      method: \"POST\",\n      body: options?.body,\n      headers: createHttpHeaders(options?.headers),\n      allowInsecureConnection: this.allowInsecureConnection,\n      // MSAL doesn't send the correlation ID on the get requests.\n      abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n    });\n\n    const response = await this.sendRequest(request);\n\n    this.logIdentifiers(response);\n\n    return {\n      body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n      headers: response.headers.toJSON(),\n      status: response.status,\n    };\n  }\n\n  /**\n   *\n   * @internal\n   */\n  getTokenCredentialOptions(): TokenCredentialOptions {\n    return this.tokenCredentialOptions;\n  }\n  /**\n   * If allowLoggingAccountIdentifiers was set on the constructor options\n   * we try to log the account identifiers by parsing the received access token.\n   *\n   * The account identifiers we try to log are:\n   * - `appid`: The application or Client Identifier.\n   * - `upn`: User Principal Name.\n   *   - It might not be available in some authentication scenarios.\n   *   - If it's not available, we put a placeholder: \"No User Principal Name available\".\n   * - `tid`: Tenant Identifier.\n   * - `oid`: Object Identifier of the authenticated user.\n   */\n  private logIdentifiers(response: PipelineResponse): void {\n    if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {\n      return;\n    }\n    const unavailableUpn = \"No User Principal Name available\";\n    try {\n      const parsed = (response as any).parsedBody || JSON.parse(response.bodyAsText);\n      const accessToken = parsed.access_token;\n      if (!accessToken) {\n        // Without an access token allowLoggingAccountIdentifiers isn't useful.\n        return;\n      }\n      const base64Metadata = accessToken.split(\".\")[1];\n      const { appid, upn, tid, oid } = JSON.parse(\n        Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n      );\n\n      logger.info(\n        `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n          upn || unavailableUpn\n        }. Object ID (user): ${oid}`,\n      );\n    } catch (e: any) {\n      logger.warning(\n        \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n        e.message,\n      );\n    }\n  }\n}\n"]}

package/dist/esm/constants.d.ts

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.10.3";
+export declare const SDK_VERSION = "4.11.0-beta.1";
 /**
  * The default client ID for authentication
  * @internal

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,WAAW,kBAAkB,CAAC;AAE3C;;;GAGG;AAIH,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,eAAe,WAAW,CAAC;AAExC;;GAEG;AACH,oBAAY,mBAAmB;IAC7B;;OAEG;IACH,UAAU,mCAAmC;IAC7C;;;;;SAKK;IACL,YAAY,qCAAqC;IACjD;;OAEG;IACH,eAAe,qCAAqC;IACpD;;OAEG;IACH,gBAAgB,sCAAsC;CACvD;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uCAAuC,CAAC;AAEzE;;;GAGG;AACH,eAAO,MAAM,gBAAgB,8BAA8B,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,EAAU,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eAAe,CAAC"}

package/dist/esm/constants.js

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.10.3`;
+export const SDK_VERSION = `4.11.0-beta.1`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/esm/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.10.3`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,CAAC;AAE3C;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.11.0-beta.1`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/esm/credentials/authorizationCodeCredential.js

@@ -15,6 +15,13 @@ const logger = credentialLogger("AuthorizationCodeCredential");
  * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
  */
 export class AuthorizationCodeCredential {
+    msalClient;
+    disableAutomaticAuthentication;
+    authorizationCode;
+    redirectUri;
+    tenantId;
+    additionallyAllowedTenantIds;
+    clientSecret;
     /**
      * @hidden
      * @internal
@@ -37,8 +44,12 @@ export class AuthorizationCodeCredential {
         }
         // TODO: Validate tenant if provided
         this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
+        this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
+        this.msalClient = createMsalClient(clientId, tenantId, {
+            ...options,
+            logger,
+            tokenCredentialOptions: options ?? {},
+        });
     }
     /**
      * Authenticates with Microsoft Entra ID and returns an access token if successful.
@@ -53,7 +64,10 @@ export class AuthorizationCodeCredential {
             const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
             newOptions.tenantId = tenantId;
             const arrayScopes = ensureScopes(scopes);
-            return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
+            return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, {
+                ...newOptions,
+                disableAutomaticAuthentication: this.disableAutomaticAuthentication,
+            });
         });
     }
 }