@azure/identity 4.10.3-alpha.20250714.3 → 4.11.0-alpha.20250717.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -1
- package/dist/browser/client/identityClient.js +30 -18
- package/dist/browser/client/identityClient.js.map +1 -1
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.d.ts.map +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/browser/credentials/brokerCredential.d.ts +35 -0
- package/dist/browser/credentials/brokerCredential.d.ts.map +1 -0
- package/dist/browser/credentials/brokerCredential.js +69 -0
- package/dist/browser/credentials/brokerCredential.js.map +1 -0
- package/dist/browser/credentials/chainedTokenCredential.js +1 -1
- package/dist/browser/credentials/chainedTokenCredential.js.map +1 -1
- package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +1 -1
- package/dist/browser/credentials/clientSecretCredential.js +7 -2
- package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.js +19 -6
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js +4 -6
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
- package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.js +7 -1
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
- package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
- package/dist/browser/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
- package/dist/browser/errors.js +21 -0
- package/dist/browser/errors.js.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +15 -15
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.d.ts +13 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.js +127 -94
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/browser/msal/nodeFlows/msalPlugins.d.ts +19 -1
- package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalPlugins.js +61 -16
- package/dist/browser/msal/nodeFlows/msalPlugins.js.map +1 -1
- package/dist/browser/msal/utils.js +3 -4
- package/dist/browser/msal/utils.js.map +1 -1
- package/dist/browser/plugins/provider.d.ts +2 -2
- package/dist/browser/plugins/provider.d.ts.map +1 -1
- package/dist/browser/plugins/provider.js.map +1 -1
- package/dist/browser/regionalAuthority.js +1 -2
- package/dist/browser/regionalAuthority.js.map +1 -1
- package/dist/browser/tokenProvider.js +1 -2
- package/dist/browser/tokenProvider.js.map +1 -1
- package/dist/browser/util/logging.js +6 -2
- package/dist/browser/util/logging.js.map +1 -1
- package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +1 -1
- package/dist/browser/util/processMultiTenantRequest.js +1 -2
- package/dist/browser/util/processUtils.d.ts +1 -1
- package/dist/browser/util/processUtils.d.ts.map +1 -1
- package/dist/browser/util/processUtils.js +1 -1
- package/dist/browser/util/processUtils.js.map +1 -1
- package/dist/commonjs/client/identityClient.js +30 -18
- package/dist/commonjs/client/identityClient.js.map +1 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.d.ts.map +1 -1
- package/dist/commonjs/constants.js +1 -1
- package/dist/commonjs/constants.js.map +1 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.js +17 -3
- package/dist/commonjs/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/commonjs/credentials/azureCliCredential.js +15 -12
- package/dist/commonjs/credentials/azureCliCredential.js.map +1 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js +12 -10
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/commonjs/credentials/azurePipelinesCredential.js +9 -5
- package/dist/commonjs/credentials/azurePipelinesCredential.js.map +1 -1
- package/dist/commonjs/credentials/azurePowerShellCredential.js +10 -7
- package/dist/commonjs/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist/commonjs/credentials/brokerCredential.d.ts +35 -0
- package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/brokerCredential.js +73 -0
- package/dist/commonjs/credentials/brokerCredential.js.map +1 -0
- package/dist/commonjs/credentials/chainedTokenCredential.js +1 -1
- package/dist/commonjs/credentials/chainedTokenCredential.js.map +1 -1
- package/dist/commonjs/credentials/clientAssertionCredential.js +11 -2
- package/dist/commonjs/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/commonjs/credentials/clientCertificateCredential.js +19 -9
- package/dist/commonjs/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/commonjs/credentials/clientSecretCredential.js +10 -2
- package/dist/commonjs/credentials/clientSecretCredential.js.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts +18 -0
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredential.js +69 -19
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/commonjs/credentials/deviceCodeCredential.js +24 -10
- package/dist/commonjs/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/commonjs/credentials/environmentCredential.js +4 -6
- package/dist/commonjs/credentials/environmentCredential.js.map +1 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.js +30 -11
- package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +4 -6
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +28 -18
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.js +13 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.js +10 -2
- package/dist/commonjs/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts +15 -26
- package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredential.js +69 -130
- package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
- package/dist/commonjs/credentials/workloadIdentityCredential.js +5 -3
- package/dist/commonjs/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/commonjs/errors.js +21 -0
- package/dist/commonjs/errors.js.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +15 -15
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +13 -0
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.js +127 -94
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts +19 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js +63 -17
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +1 -1
- package/dist/commonjs/msal/utils.js +3 -4
- package/dist/commonjs/msal/utils.js.map +1 -1
- package/dist/commonjs/plugins/consumer.d.ts.map +1 -1
- package/dist/commonjs/plugins/consumer.js +1 -2
- package/dist/commonjs/plugins/consumer.js.map +1 -1
- package/dist/commonjs/plugins/provider.d.ts +2 -2
- package/dist/commonjs/plugins/provider.d.ts.map +1 -1
- package/dist/commonjs/plugins/provider.js.map +1 -1
- package/dist/commonjs/regionalAuthority.js +1 -2
- package/dist/commonjs/regionalAuthority.js.map +1 -1
- package/dist/commonjs/tokenProvider.js +1 -2
- package/dist/commonjs/tokenProvider.js.map +1 -1
- package/dist/commonjs/util/logging.js +6 -2
- package/dist/commonjs/util/logging.js.map +1 -1
- package/dist/commonjs/util/processMultiTenantRequest.js +2 -3
- package/dist/commonjs/util/processMultiTenantRequest.js.map +1 -1
- package/dist/commonjs/util/processUtils.d.ts +1 -1
- package/dist/commonjs/util/processUtils.d.ts.map +1 -1
- package/dist/commonjs/util/processUtils.js +2 -2
- package/dist/commonjs/util/processUtils.js.map +1 -1
- package/dist/esm/client/identityClient.js +30 -18
- package/dist/esm/client/identityClient.js.map +1 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.d.ts.map +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredential.js +17 -3
- package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/esm/credentials/azureCliCredential.js +15 -12
- package/dist/esm/credentials/azureCliCredential.js.map +1 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.js +12 -10
- package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/esm/credentials/azurePipelinesCredential.js +9 -5
- package/dist/esm/credentials/azurePipelinesCredential.js.map +1 -1
- package/dist/esm/credentials/azurePowerShellCredential.js +10 -7
- package/dist/esm/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist/esm/credentials/brokerCredential.d.ts +35 -0
- package/dist/esm/credentials/brokerCredential.d.ts.map +1 -0
- package/dist/esm/credentials/brokerCredential.js +69 -0
- package/dist/esm/credentials/brokerCredential.js.map +1 -0
- package/dist/esm/credentials/chainedTokenCredential.js +1 -1
- package/dist/esm/credentials/chainedTokenCredential.js.map +1 -1
- package/dist/esm/credentials/clientAssertionCredential.js +11 -2
- package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/esm/credentials/clientCertificateCredential.js +19 -9
- package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/esm/credentials/clientSecretCredential.js +10 -2
- package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredential.d.ts +18 -0
- package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/esm/credentials/defaultAzureCredential.js +67 -19
- package/dist/esm/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/esm/credentials/deviceCodeCredential.js +24 -10
- package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/esm/credentials/environmentCredential.js +4 -6
- package/dist/esm/credentials/environmentCredential.js.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredential.js +30 -11
- package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js +4 -6
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/index.js +28 -18
- package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/esm/credentials/onBehalfOfCredential.js +13 -1
- package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredential.js +10 -2
- package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredential.d.ts +15 -26
- package/dist/esm/credentials/visualStudioCodeCredential.d.ts.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredential.js +69 -128
- package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredential.js +5 -3
- package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/esm/errors.js +21 -0
- package/dist/esm/errors.js.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +15 -15
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.d.ts +13 -0
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.js +127 -94
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalPlugins.d.ts +19 -1
- package/dist/esm/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalPlugins.js +61 -16
- package/dist/esm/msal/nodeFlows/msalPlugins.js.map +1 -1
- package/dist/esm/msal/utils.js +3 -4
- package/dist/esm/msal/utils.js.map +1 -1
- package/dist/esm/plugins/consumer.d.ts.map +1 -1
- package/dist/esm/plugins/consumer.js +2 -3
- package/dist/esm/plugins/consumer.js.map +1 -1
- package/dist/esm/plugins/provider.d.ts +2 -2
- package/dist/esm/plugins/provider.d.ts.map +1 -1
- package/dist/esm/plugins/provider.js.map +1 -1
- package/dist/esm/regionalAuthority.js +1 -2
- package/dist/esm/regionalAuthority.js.map +1 -1
- package/dist/esm/tokenProvider.js +1 -2
- package/dist/esm/tokenProvider.js.map +1 -1
- package/dist/esm/util/logging.js +6 -2
- package/dist/esm/util/logging.js.map +1 -1
- package/dist/esm/util/processMultiTenantRequest.js +2 -3
- package/dist/esm/util/processMultiTenantRequest.js.map +1 -1
- package/dist/esm/util/processUtils.d.ts +1 -1
- package/dist/esm/util/processUtils.d.ts.map +1 -1
- package/dist/esm/util/processUtils.js +1 -1
- package/dist/esm/util/processUtils.js.map +1 -1
- package/dist/workerd/client/identityClient.js +30 -18
- package/dist/workerd/client/identityClient.js.map +1 -1
- package/dist/workerd/constants.d.ts +1 -1
- package/dist/workerd/constants.d.ts.map +1 -1
- package/dist/workerd/constants.js +1 -1
- package/dist/workerd/constants.js.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredential.js +17 -3
- package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/azureCliCredential.js +15 -12
- package/dist/workerd/credentials/azureCliCredential.js.map +1 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.js +12 -10
- package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/workerd/credentials/azurePipelinesCredential.js +9 -5
- package/dist/workerd/credentials/azurePipelinesCredential.js.map +1 -1
- package/dist/workerd/credentials/azurePowerShellCredential.js +10 -7
- package/dist/workerd/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist/workerd/credentials/brokerCredential.d.ts +35 -0
- package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -0
- package/dist/workerd/credentials/brokerCredential.js +69 -0
- package/dist/workerd/credentials/brokerCredential.js.map +1 -0
- package/dist/workerd/credentials/chainedTokenCredential.js +1 -1
- package/dist/workerd/credentials/chainedTokenCredential.js.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredential.js +11 -2
- package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredential.js +19 -9
- package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/workerd/credentials/clientSecretCredential.js +10 -2
- package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredential.d.ts +18 -0
- package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredential.js +67 -19
- package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredential.js +24 -10
- package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/environmentCredential.js +4 -6
- package/dist/workerd/credentials/environmentCredential.js.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.js +30 -11
- package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js +4 -6
- package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
- package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/index.js +28 -18
- package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js +13 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredential.js +10 -2
- package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredential.d.ts +15 -26
- package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredential.js +69 -128
- package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredential.js +5 -3
- package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/workerd/errors.js +21 -0
- package/dist/workerd/errors.js.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +15 -15
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts +13 -0
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.js +127 -94
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts +19 -1
- package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalPlugins.js +61 -16
- package/dist/workerd/msal/nodeFlows/msalPlugins.js.map +1 -1
- package/dist/workerd/msal/utils.js +3 -4
- package/dist/workerd/msal/utils.js.map +1 -1
- package/dist/workerd/plugins/consumer.d.ts.map +1 -1
- package/dist/workerd/plugins/consumer.js +2 -3
- package/dist/workerd/plugins/consumer.js.map +1 -1
- package/dist/workerd/plugins/provider.d.ts +2 -2
- package/dist/workerd/plugins/provider.d.ts.map +1 -1
- package/dist/workerd/plugins/provider.js.map +1 -1
- package/dist/workerd/regionalAuthority.js +1 -2
- package/dist/workerd/regionalAuthority.js.map +1 -1
- package/dist/workerd/tokenProvider.js +1 -2
- package/dist/workerd/tokenProvider.js.map +1 -1
- package/dist/workerd/util/logging.js +6 -2
- package/dist/workerd/util/logging.js.map +1 -1
- package/dist/workerd/util/processMultiTenantRequest.js +2 -3
- package/dist/workerd/util/processMultiTenantRequest.js.map +1 -1
- package/dist/workerd/util/processUtils.d.ts +1 -1
- package/dist/workerd/util/processUtils.d.ts.map +1 -1
- package/dist/workerd/util/processUtils.js +1 -1
- package/dist/workerd/util/processUtils.js.map +1 -1
- package/package.json +2 -2
|
@@ -11,6 +11,10 @@ const logger = credentialLogger("InteractiveBrowserCredential");
|
|
|
11
11
|
* using the interactive login flow.
|
|
12
12
|
*/
|
|
13
13
|
export class InteractiveBrowserCredential {
|
|
14
|
+
tenantId;
|
|
15
|
+
additionallyAllowedTenantIds;
|
|
16
|
+
msalClient;
|
|
17
|
+
disableAutomaticAuthentication;
|
|
14
18
|
/**
|
|
15
19
|
* Creates an instance of the InteractiveBrowserCredential with the
|
|
16
20
|
* details needed to authenticate against Microsoft Entra ID with
|
|
@@ -26,13 +30,13 @@ export class InteractiveBrowserCredential {
|
|
|
26
30
|
* @param options - Options for configuring the client which makes the authentication request.
|
|
27
31
|
*/
|
|
28
32
|
constructor(options) {
|
|
29
|
-
if (!
|
|
33
|
+
if (!options?.clientId) {
|
|
30
34
|
const error = new Error("The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`");
|
|
31
35
|
logger.info(formatError("", error));
|
|
32
36
|
throw error;
|
|
33
37
|
}
|
|
34
|
-
this.tenantId = options
|
|
35
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
38
|
+
this.tenantId = options?.tenantId;
|
|
39
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
|
|
36
40
|
const browserOptions = options;
|
|
37
41
|
const loginStyle = browserOptions.loginStyle || "popup";
|
|
38
42
|
const loginStyles = ["redirect", "popup"];
|
|
@@ -41,9 +45,15 @@ export class InteractiveBrowserCredential {
|
|
|
41
45
|
logger.info(formatError("", error));
|
|
42
46
|
throw error;
|
|
43
47
|
}
|
|
44
|
-
const msalOptions =
|
|
48
|
+
const msalOptions = {
|
|
49
|
+
...options,
|
|
50
|
+
tokenCredentialOptions: options,
|
|
51
|
+
logger,
|
|
52
|
+
loginStyle: loginStyle,
|
|
53
|
+
redirectUri: typeof options.redirectUri === "function" ? options.redirectUri() : options.redirectUri,
|
|
54
|
+
};
|
|
45
55
|
this.msalClient = createMsalBrowserClient(msalOptions);
|
|
46
|
-
this.disableAutomaticAuthentication = options
|
|
56
|
+
this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
|
|
47
57
|
}
|
|
48
58
|
/**
|
|
49
59
|
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
@@ -62,7 +72,10 @@ export class InteractiveBrowserCredential {
|
|
|
62
72
|
const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
|
|
63
73
|
newOptions.tenantId = tenantId;
|
|
64
74
|
const arrayScopes = ensureScopes(scopes);
|
|
65
|
-
return this.msalClient.getToken(arrayScopes,
|
|
75
|
+
return this.msalClient.getToken(arrayScopes, {
|
|
76
|
+
...newOptions,
|
|
77
|
+
disableAutomaticAuthentication: this.disableAutomaticAuthentication,
|
|
78
|
+
});
|
|
66
79
|
});
|
|
67
80
|
}
|
|
68
81
|
/**
|
|
@@ -14,14 +14,13 @@ const imdsEndpointPath = "/metadata/identity/oauth2/token";
|
|
|
14
14
|
* The response indicates the availability of IMSD service; otherwise the request would time out.
|
|
15
15
|
*/
|
|
16
16
|
function prepareInvalidRequestOptions(scopes) {
|
|
17
|
-
var _a;
|
|
18
17
|
const resource = mapScopesToResource(scopes);
|
|
19
18
|
if (!resource) {
|
|
20
19
|
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
|
21
20
|
}
|
|
22
21
|
// Pod Identity will try to process this request even if the Metadata header is missing.
|
|
23
22
|
// We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.
|
|
24
|
-
const url = new URL(imdsEndpointPath,
|
|
23
|
+
const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);
|
|
25
24
|
const rawHeaders = {
|
|
26
25
|
Accept: "application/json",
|
|
27
26
|
// intentionally leave out the Metadata header to invoke an error from IMDS endpoint.
|
|
@@ -55,8 +54,7 @@ export const imdsMsi = {
|
|
|
55
54
|
throw new Error("Missing IdentityClient");
|
|
56
55
|
}
|
|
57
56
|
const requestOptions = prepareInvalidRequestOptions(resource);
|
|
58
|
-
return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions
|
|
59
|
-
var _a, _b;
|
|
57
|
+
return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions ?? {}, async (updatedOptions) => {
|
|
60
58
|
requestOptions.tracingOptions = updatedOptions.tracingOptions;
|
|
61
59
|
// Create a request with a timeout since we expect that
|
|
62
60
|
// not having a "Metadata" header should cause an error to be
|
|
@@ -64,7 +62,7 @@ export const imdsMsi = {
|
|
|
64
62
|
const request = createPipelineRequest(requestOptions);
|
|
65
63
|
// Default to 1000 if the default of 0 is used.
|
|
66
64
|
// Negative values can still be used to disable the timeout.
|
|
67
|
-
request.timeout =
|
|
65
|
+
request.timeout = updatedOptions.requestOptions?.timeout || 1000;
|
|
68
66
|
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
|
69
67
|
request.allowInsecureConnection = true;
|
|
70
68
|
let response;
|
|
@@ -84,7 +82,7 @@ export const imdsMsi = {
|
|
|
84
82
|
return false;
|
|
85
83
|
}
|
|
86
84
|
if (response.status === 403) {
|
|
87
|
-
if (
|
|
85
|
+
if (response.bodyAsText?.includes("unreachable")) {
|
|
88
86
|
logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
|
|
89
87
|
logger.info(`${msiName}: ${response.bodyAsText}`);
|
|
90
88
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"imdsMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,MAAM,OAAO,GAAG,kCAAkC,CAAC;AACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAE3D;;;GAGG;AACH,SAAS,4BAA4B,CAAC,MAAyB
|
|
1
|
+
{"version":3,"file":"imdsMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,MAAM,OAAO,GAAG,kCAAkC,CAAC;AACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAE3D;;;GAGG;AACH,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,wFAAwF;IACxF,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,QAAQ,CAAC,CAAC;IAEjG,MAAM,UAAU,GAA2B;QACzC,MAAM,EAAE,kBAAkB;QAC1B,qFAAqF;KACtF,CAAC;IAEF,OAAO;QACL,wCAAwC;QACxC,GAAG,EAAE,GAAG,GAAG,EAAE;QACb,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC,UAAU,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,IAAI,EAAE,SAAS;IACf,KAAK,CAAC,WAAW,CAAC,OAMjB;QACC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;QAC5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,oHAAoH;QACpH,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;QAE9D,OAAO,aAAa,CAAC,QAAQ,CAC3B,4CAA4C,EAC5C,eAAe,IAAI,EAAE,EACrB,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,cAAc,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;YAE9D,uDAAuD;YACvD,6DAA6D;YAC7D,gEAAgE;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAEtD,+CAA+C;YAC/C,4DAA4D;YAC5D,OAAO,CAAC,OAAO,GAAG,cAAc,CAAC,cAAc,EAAE,OAAO,IAAI,IAAI,CAAC;YAEjE,2EAA2E;YAC3E,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACvC,IAAI,QAA0B,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mCAAmC,CAAC,CAAC;gBAC3D,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,0EAA0E;gBAC1E,wEAAwE;gBACxE,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjB,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,kBAAkB,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzE,CAAC;gBACD,6NAA6N;gBAC7N,4CAA4C;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;oBAClD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,yDAAyD;YACzD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,wCAAwC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelineRequestOptions, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { isError } from \"@azure/core-util\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport { mapScopesToResource } from \"./utils.js\";\nimport { tracingClient } from \"../../util/tracing.js\";\nimport type { IdentityClient } from \"../../client/identityClient.js\";\n\nconst msiName = \"ManagedIdentityCredential - IMDS\";\nconst logger = credentialLogger(msiName);\n\nconst imdsHost = \"http://169.254.169.254\";\nconst imdsEndpointPath = \"/metadata/identity/oauth2/token\";\n\n/**\n * Generates an invalid request options to get a response quickly from IMDS endpoint.\n * The response indicates the availability of IMSD service; otherwise the request would time out.\n */\nfunction prepareInvalidRequestOptions(scopes: string | string[]): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const rawHeaders: Record<string, string> = {\n Accept: \"application/json\",\n // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.\n };\n\n return {\n // intentionally not including any query\n url: `${url}`,\n method: \"GET\",\n headers: createHttpHeaders(rawHeaders),\n };\n}\n\n/**\n * Defines how to determine whether the Azure IMDS MSI is available.\n *\n * Actually getting the token once we determine IMDS is available is handled by MSAL.\n */\nexport const imdsMsi = {\n name: \"imdsMsi\",\n async isAvailable(options: {\n scopes: string | string[];\n identityClient?: IdentityClient;\n clientId?: string;\n resourceId?: string;\n getTokenOptions?: GetTokenOptions;\n }): Promise<boolean> {\n const { scopes, identityClient, getTokenOptions } = options;\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n if (!identityClient) {\n throw new Error(\"Missing IdentityClient\");\n }\n\n const requestOptions = prepareInvalidRequestOptions(resource);\n\n return tracingClient.withSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions ?? {},\n async (updatedOptions) => {\n requestOptions.tracingOptions = updatedOptions.tracingOptions;\n\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const request = createPipelineRequest(requestOptions);\n\n // Default to 1000 if the default of 0 is used.\n // Negative values can still be used to disable the timeout.\n request.timeout = updatedOptions.requestOptions?.timeout || 1000;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n let response: PipelineResponse;\n try {\n logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);\n response = await identityClient.sendRequest(request);\n } catch (err: unknown) {\n // If the request failed, or Node.js was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n if (isError(err)) {\n logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);\n }\n // This is a special case for Docker Desktop which responds with a 403 with a message that contains \"A socket operation was attempted to an unreachable network\" or \"A socket operation was attempted to an unreachable host\"\n // rather than just timing out, as expected.\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n return false;\n }\n if (response.status === 403) {\n if (response.bodyAsText?.includes(\"unreachable\")) {\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n logger.info(`${msiName}: ${response.bodyAsText}`);\n return false;\n }\n }\n // If we received any response, the endpoint is available\n logger.info(`${msiName}: The Azure IMDS endpoint is available`);\n return true;\n },\n );\n },\n};\n"]}
|
|
@@ -23,11 +23,11 @@ export function imdsRetryPolicy(msiRetryConfig) {
|
|
|
23
23
|
{
|
|
24
24
|
name: "imdsRetryPolicy",
|
|
25
25
|
retry: ({ retryCount, response }) => {
|
|
26
|
-
if (
|
|
26
|
+
if (response?.status !== 404 && response?.status !== 410) {
|
|
27
27
|
return { skipStrategy: true };
|
|
28
28
|
}
|
|
29
29
|
// For 410 responses, use a minimum 3-second delay to ensure at least 70 seconds total retry duration
|
|
30
|
-
const initialDelayMs =
|
|
30
|
+
const initialDelayMs = response?.status === 410
|
|
31
31
|
? Math.max(MIN_DELAY_FOR_410_MS, msiRetryConfig.startDelayInMs)
|
|
32
32
|
: msiRetryConfig.startDelayInMs;
|
|
33
33
|
return calculateRetryDelay(retryCount, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"imdsRetryPolicy.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,0EAA0E;AAC1E,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,CAAC;AAEpD,sEAAsE;AACtE,oFAAoF;AACpF,kFAAkF;AAClF,sEAAsE;AACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,cAA+C;IAC7E,OAAO,WAAW,CAChB;QACE;YACE,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAClC,IAAI,
|
|
1
|
+
{"version":3,"file":"imdsRetryPolicy.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,0EAA0E;AAC1E,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,CAAC;AAEpD,sEAAsE;AACtE,oFAAoF;AACpF,kFAAkF;AAClF,sEAAsE;AACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,cAA+C;IAC7E,OAAO,WAAW,CAChB;QACE;YACE,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAClC,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;oBACzD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAED,qGAAqG;gBACrG,MAAM,cAAc,GAClB,QAAQ,EAAE,MAAM,KAAK,GAAG;oBACtB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,cAAc,CAAC;oBAC/D,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC;gBAEpC,OAAO,mBAAmB,CAAC,UAAU,EAAE;oBACrC,cAAc,EAAE,cAAc;oBAC9B,iBAAiB,EAAE,iCAAiC;iBACrD,CAAC,CAAC;YACL,CAAC;SACF;KACF,EACD;QACE,UAAU,EAAE,cAAc,CAAC,UAAU;KACtC,CACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"@azure/core-rest-pipeline\";\nimport { retryPolicy } from \"@azure/core-rest-pipeline\";\n\nimport type { MSIConfiguration } from \"./models.js\";\nimport { calculateRetryDelay } from \"@azure/core-util\";\n\n// Matches the default retry configuration in expontentialRetryStrategy.ts\nconst DEFAULT_CLIENT_MAX_RETRY_INTERVAL = 1000 * 64;\n\n// For 410 responses, we need at least 70 seconds total retry duration\n// With 5 retries using exponential backoff: delays of d, 2d, 4d, 8d, 16d sum to 31d\n// Accounting for jitter (which can reduce delays by 20%), we need 31d * 0.8 >= 70\n// So we need d >= 70/24.8 = 2.82 seconds. Using 3 seconds to be safe.\nconst MIN_DELAY_FOR_410_MS = 3000;\n\n/**\n * An additional policy that retries on 404 and 410 errors. The default retry policy does not retry on\n * 404s or 410s, but the IMDS endpoint can return these when the token is not yet available or when\n * the identity is still being set up. This policy will retry on 404s and 410s with an exponential backoff.\n * For 410 responses, it uses a minimum 3-second initial delay to ensure at least 70 seconds total duration.\n *\n * @param msiRetryConfig - The retry configuration for the MSI credential.\n * @returns - The policy that will retry on 404s and 410s.\n */\nexport function imdsRetryPolicy(msiRetryConfig: MSIConfiguration[\"retryConfig\"]): PipelinePolicy {\n return retryPolicy(\n [\n {\n name: \"imdsRetryPolicy\",\n retry: ({ retryCount, response }) => {\n if (response?.status !== 404 && response?.status !== 410) {\n return { skipStrategy: true };\n }\n\n // For 410 responses, use a minimum 3-second delay to ensure at least 70 seconds total retry duration\n const initialDelayMs =\n response?.status === 410\n ? Math.max(MIN_DELAY_FOR_410_MS, msiRetryConfig.startDelayInMs)\n : msiRetryConfig.startDelayInMs;\n\n return calculateRetryDelay(retryCount, {\n retryDelayInMs: initialDelayMs,\n maxRetryDelayInMs: DEFAULT_CLIENT_MAX_RETRY_INTERVAL,\n });\n },\n },\n ],\n {\n maxRetries: msiRetryConfig.maxRetries,\n },\n );\n}\n"]}
|
|
@@ -25,7 +25,13 @@ export const tokenExchangeMsi = {
|
|
|
25
25
|
async getToken(configuration, getTokenOptions = {}) {
|
|
26
26
|
const { scopes, clientId } = configuration;
|
|
27
27
|
const identityClientTokenCredentialOptions = {};
|
|
28
|
-
const workloadIdentityCredential = new WorkloadIdentityCredential(
|
|
28
|
+
const workloadIdentityCredential = new WorkloadIdentityCredential({
|
|
29
|
+
clientId,
|
|
30
|
+
tenantId: process.env.AZURE_TENANT_ID,
|
|
31
|
+
tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,
|
|
32
|
+
...identityClientTokenCredentialOptions,
|
|
33
|
+
disableInstanceDiscovery: true,
|
|
34
|
+
});
|
|
29
35
|
return workloadIdentityCredential.getToken(scopes, getTokenOptions);
|
|
30
36
|
},
|
|
31
37
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,kBAAkB;IACxB,KAAK,CAAC,WAAW,CAAC,QAAiB;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;YAC/B,GAAG,CAAC,eAAe;YACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;QAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC,
|
|
1
|
+
{"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,kBAAkB;IACxB,KAAK,CAAC,WAAW,CAAC,QAAiB;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;YAC/B,GAAG,CAAC,eAAe;YACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;QAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC;YAChE,QAAQ;YACR,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YACrC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;YACrD,GAAG,oCAAoC;YACvC,wBAAwB,EAAE,IAAI;SACM,CAAC,CAAC;QACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACtE,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { MSIConfiguration } from \"./models.js\";\nimport { WorkloadIdentityCredential } from \"../workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"../workloadIdentityCredentialOptions.js\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n *\n * Token exchange MSI (used by AKS) is the only MSI implementation handled entirely by Azure Identity.\n * The rest have been migrated to MSAL.\n */\nexport const tokenExchangeMsi = {\n name: \"tokenExchangeMsi\",\n async isAvailable(clientId?: string): Promise<boolean> {\n const env = process.env;\n const result = Boolean(\n (clientId || env.AZURE_CLIENT_ID) &&\n env.AZURE_TENANT_ID &&\n process.env.AZURE_FEDERATED_TOKEN_FILE,\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`,\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n const { scopes, clientId } = configuration;\n const identityClientTokenCredentialOptions = {};\n const workloadIdentityCredential = new WorkloadIdentityCredential({\n clientId,\n tenantId: process.env.AZURE_TENANT_ID,\n tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,\n ...identityClientTokenCredentialOptions,\n disableInstanceDiscovery: true,\n } as WorkloadIdentityCredentialOptions);\n return workloadIdentityCredential.getToken(scopes, getTokenOptions);\n },\n};\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"usernamePasswordCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,OAAO,0BAA0B;
|
|
1
|
+
{"version":3,"file":"usernamePasswordCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,OAAO,0BAA0B;IAC7B,cAAc,CAAiB;IAC/B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAEzB;;;;;;;;;;;OAWG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA2C;QAE3C,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { credentialLogger, formatSuccess } from \"../util/logging.js\";\nimport { IdentityClient } from \"../client/identityClient.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n * \n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private clientId: string;\n private username: string;\n private password: string;\n\n /**\n * Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n *\n * @param tenantIdOrName - The Microsoft Entra tenant (directory) ID or name.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n * \n */\n constructor(\n tenantIdOrName: string,\n clientId: string,\n username: string,\n password: string,\n options?: UsernamePasswordCredentialOptions,\n ) {\n checkTenantId(logger, tenantIdOrName);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantIdOrName;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.clientId = clientId;\n this.username = username;\n this.password = password;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n return tracingClient.withSpan(\n \"UsernamePasswordCredential.getToken\",\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const params = new URLSearchParams({\n response_type: \"token\",\n grant_type: \"password\",\n client_id: this.clientId,\n username: this.username,\n password: this.password,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n });\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: params.toString(),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: newOptions.tracingOptions,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n );\n }\n}\n"]}
|
|
@@ -16,6 +16,12 @@ const logger = credentialLogger("UsernamePasswordCredential");
|
|
|
16
16
|
* @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
|
|
17
17
|
*/
|
|
18
18
|
export class UsernamePasswordCredential {
|
|
19
|
+
identityClient;
|
|
20
|
+
tenantId;
|
|
21
|
+
additionallyAllowedTenantIds;
|
|
22
|
+
clientId;
|
|
23
|
+
username;
|
|
24
|
+
password;
|
|
19
25
|
/**
|
|
20
26
|
* Creates an instance of the UsernamePasswordCredential with the details
|
|
21
27
|
* needed to authenticate against Microsoft Entra ID with a username
|
|
@@ -32,7 +38,7 @@ export class UsernamePasswordCredential {
|
|
|
32
38
|
checkTenantId(logger, tenantIdOrName);
|
|
33
39
|
this.identityClient = new IdentityClient(options);
|
|
34
40
|
this.tenantId = tenantIdOrName;
|
|
35
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
41
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
|
|
36
42
|
this.clientId = clientId;
|
|
37
43
|
this.username = username;
|
|
38
44
|
this.password = password;
|
|
@@ -2,10 +2,6 @@ import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCreden
|
|
|
2
2
|
/**
|
|
3
3
|
* Provides options to configure the Visual Studio Code credential.
|
|
4
4
|
*
|
|
5
|
-
* @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
|
|
6
|
-
* relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
|
|
7
|
-
* {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
|
|
8
|
-
* local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
|
|
9
5
|
*/
|
|
10
6
|
export interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
|
|
11
7
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"visualStudioCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG
|
|
1
|
+
{"version":3,"file":"visualStudioCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,iCAAkC,SAAQ,iCAAiC;IAC1F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n *\n
|
|
1
|
+
{"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n *\n */\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n"]}
|
|
@@ -4,10 +4,6 @@
|
|
|
4
4
|
* @returns an array of credentials (username and password)
|
|
5
5
|
* @internal
|
|
6
6
|
*
|
|
7
|
-
* @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
|
|
8
|
-
* relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
|
|
9
|
-
* {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
|
|
10
|
-
* local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
|
|
11
7
|
*/
|
|
12
8
|
export type VSCodeCredentialFinder = () => Promise<Array<{
|
|
13
9
|
account: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA
|
|
1
|
+
{"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n
|
|
1
|
+
{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}
|
package/dist/browser/errors.js
CHANGED
|
@@ -31,6 +31,14 @@ export const AuthenticationErrorName = "AuthenticationError";
|
|
|
31
31
|
* the specific failure.
|
|
32
32
|
*/
|
|
33
33
|
export class AuthenticationError extends Error {
|
|
34
|
+
/**
|
|
35
|
+
* The HTTP status code returned from the authentication request.
|
|
36
|
+
*/
|
|
37
|
+
statusCode;
|
|
38
|
+
/**
|
|
39
|
+
* The error response details.
|
|
40
|
+
*/
|
|
41
|
+
errorResponse;
|
|
34
42
|
constructor(statusCode, errorBody, options) {
|
|
35
43
|
let errorResponse = {
|
|
36
44
|
error: "unknown",
|
|
@@ -85,6 +93,11 @@ export const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
|
|
|
85
93
|
* for authentication failures from credentials in a {@link ChainedTokenCredential}.
|
|
86
94
|
*/
|
|
87
95
|
export class AggregateAuthenticationError extends Error {
|
|
96
|
+
/**
|
|
97
|
+
* The array of error objects that were thrown while trying to authenticate
|
|
98
|
+
* with the credentials in a {@link ChainedTokenCredential}.
|
|
99
|
+
*/
|
|
100
|
+
errors;
|
|
88
101
|
constructor(errors, errorMessage) {
|
|
89
102
|
const errorDetail = errors.join("\n");
|
|
90
103
|
super(`${errorMessage}\n${errorDetail}`);
|
|
@@ -107,6 +120,14 @@ function convertOAuthErrorResponseToErrorResponse(errorBody) {
|
|
|
107
120
|
* Error used to enforce authentication after trying to retrieve a token silently.
|
|
108
121
|
*/
|
|
109
122
|
export class AuthenticationRequiredError extends Error {
|
|
123
|
+
/**
|
|
124
|
+
* The list of scopes for which the token will have access.
|
|
125
|
+
*/
|
|
126
|
+
scopes;
|
|
127
|
+
/**
|
|
128
|
+
* The options passed to the getToken request.
|
|
129
|
+
*/
|
|
130
|
+
getTokenOptions;
|
|
110
131
|
constructor(
|
|
111
132
|
/**
|
|
112
133
|
* Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object | string | undefined | null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n /**\n * The list of scopes for which the token will have access.\n */\n scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n getTokenOptions?: GetTokenOptions;\n /**\n * The message of the error.\n */\n message?: string;\n /**\n * The underlying cause, if any, that caused the authentication to fail.\n */\n cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /**\n * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(\n options.message,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options.cause ? { cause: options.cause } : undefined,\n );\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C;;OAEG;IACa,UAAU,CAAS;IAEnC;;OAEG;IACa,aAAa,CAAgB;IAE7C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IACrD;;;OAGG;IACI,MAAM,CAAQ;IAErB,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACpD;;OAEG;IACI,MAAM,CAAW;IACxB;;OAEG;IACI,eAAe,CAAmB;IAEzC;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object | string | undefined | null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n /**\n * The list of scopes for which the token will have access.\n */\n scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n getTokenOptions?: GetTokenOptions;\n /**\n * The message of the error.\n */\n message?: string;\n /**\n * The underlying cause, if any, that caused the authentication to fail.\n */\n cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /**\n * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(\n options.message,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options.cause ? { cause: options.cause } : undefined,\n );\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}
|
|
@@ -15,7 +15,6 @@ const isLocationDefined = typeof self !== "undefined" && self.location !== undef
|
|
|
15
15
|
* @internal
|
|
16
16
|
*/
|
|
17
17
|
function generateMsalBrowserConfiguration(options) {
|
|
18
|
-
var _a;
|
|
19
18
|
const tenantId = options.tenantId || DefaultTenantId;
|
|
20
19
|
const authority = getAuthority(tenantId, options.authorityHost);
|
|
21
20
|
return {
|
|
@@ -36,7 +35,7 @@ function generateMsalBrowserConfiguration(options) {
|
|
|
36
35
|
loggerOptions: {
|
|
37
36
|
loggerCallback: defaultLoggerCallback(options.logger, "Browser"),
|
|
38
37
|
logLevel: getMSALLogLevel(getLogLevel()),
|
|
39
|
-
piiLoggingEnabled:
|
|
38
|
+
piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,
|
|
40
39
|
},
|
|
41
40
|
},
|
|
42
41
|
};
|
|
@@ -49,7 +48,6 @@ const redirectHash = isLocationDefined ? self.location.hash : undefined;
|
|
|
49
48
|
* @internal
|
|
50
49
|
*/
|
|
51
50
|
export function createMsalBrowserClient(options) {
|
|
52
|
-
var _a;
|
|
53
51
|
const loginStyle = options.loginStyle;
|
|
54
52
|
if (!options.clientId) {
|
|
55
53
|
throw new CredentialUnavailableError("A client ID is required in browsers");
|
|
@@ -57,14 +55,17 @@ export function createMsalBrowserClient(options) {
|
|
|
57
55
|
const clientId = options.clientId;
|
|
58
56
|
const logger = options.logger;
|
|
59
57
|
const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);
|
|
60
|
-
const additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(
|
|
58
|
+
const additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.tokenCredentialOptions?.additionallyAllowedTenants);
|
|
61
59
|
const authorityHost = options.authorityHost;
|
|
62
60
|
const msalConfig = generateMsalBrowserConfiguration(options);
|
|
63
61
|
const disableAutomaticAuthentication = options.disableAutomaticAuthentication;
|
|
64
62
|
const loginHint = options.loginHint;
|
|
65
63
|
let account;
|
|
66
64
|
if (options.authenticationRecord) {
|
|
67
|
-
account =
|
|
65
|
+
account = {
|
|
66
|
+
...options.authenticationRecord,
|
|
67
|
+
tenantId,
|
|
68
|
+
};
|
|
68
69
|
}
|
|
69
70
|
// This variable should only be used through calling `getApp` function
|
|
70
71
|
let app;
|
|
@@ -108,8 +109,7 @@ export function createMsalBrowserClient(options) {
|
|
|
108
109
|
* If the token received is invalid, an error will be thrown depending on what's missing.
|
|
109
110
|
*/
|
|
110
111
|
function handleResult(scopes, result, getTokenOptions) {
|
|
111
|
-
|
|
112
|
-
if (result === null || result === void 0 ? void 0 : result.account) {
|
|
112
|
+
if (result?.account) {
|
|
113
113
|
account = msalToPublic(clientId, result.account);
|
|
114
114
|
}
|
|
115
115
|
ensureValidMsalToken(scopes, result, getTokenOptions);
|
|
@@ -117,7 +117,7 @@ export function createMsalBrowserClient(options) {
|
|
|
117
117
|
return {
|
|
118
118
|
token: result.accessToken,
|
|
119
119
|
expiresOnTimestamp: result.expiresOn.getTime(),
|
|
120
|
-
refreshAfterTimestamp:
|
|
120
|
+
refreshAfterTimestamp: result.refreshOn?.getTime(),
|
|
121
121
|
tokenType: "Bearer",
|
|
122
122
|
};
|
|
123
123
|
}
|
|
@@ -171,9 +171,9 @@ export function createMsalBrowserClient(options) {
|
|
|
171
171
|
});
|
|
172
172
|
}
|
|
173
173
|
const parameters = {
|
|
174
|
-
authority:
|
|
175
|
-
correlationId: getTokenOptions
|
|
176
|
-
claims: getTokenOptions
|
|
174
|
+
authority: getTokenOptions?.authority || msalConfig.auth.authority,
|
|
175
|
+
correlationId: getTokenOptions?.correlationId,
|
|
176
|
+
claims: getTokenOptions?.claims,
|
|
177
177
|
account: publicToMsal(activeAccount),
|
|
178
178
|
forceRefresh: false,
|
|
179
179
|
scopes,
|
|
@@ -201,9 +201,9 @@ export function createMsalBrowserClient(options) {
|
|
|
201
201
|
});
|
|
202
202
|
}
|
|
203
203
|
const parameters = {
|
|
204
|
-
authority:
|
|
205
|
-
correlationId: getTokenOptions
|
|
206
|
-
claims: getTokenOptions
|
|
204
|
+
authority: getTokenOptions?.authority || msalConfig.auth.authority,
|
|
205
|
+
correlationId: getTokenOptions?.correlationId,
|
|
206
|
+
claims: getTokenOptions?.claims,
|
|
207
207
|
account: publicToMsal(activeAccount),
|
|
208
208
|
loginHint: loginHint,
|
|
209
209
|
scopes,
|
|
@@ -243,7 +243,7 @@ export function createMsalBrowserClient(options) {
|
|
|
243
243
|
if (err.name !== "AuthenticationRequiredError") {
|
|
244
244
|
throw err;
|
|
245
245
|
}
|
|
246
|
-
if (getTokenOptions
|
|
246
|
+
if (getTokenOptions?.disableAutomaticAuthentication) {
|
|
247
247
|
throw new AuthenticationRequiredError({
|
|
248
248
|
scopes,
|
|
249
249
|
getTokenOptions,
|