@azure/identity 4.10.3-alpha.20250714.3 → 4.11.0-alpha.20250718.3

package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}
+{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}

package/dist/esm/credentials/workloadIdentityCredential.js

@@ -34,18 +34,20 @@ const logger = credentialLogger(credentialName);
  * Workload ID</a> for more information.
  */
 export class WorkloadIdentityCredential {
+    client;
+    azureFederatedTokenFileContent = undefined;
+    cacheDate = undefined;
+    federatedTokenFilePath;
     /**
      * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
      *
      * @param options - The identity client options to use for authentication.
      */
     constructor(options) {
-        this.azureFederatedTokenFileContent = undefined;
-        this.cacheDate = undefined;
         // Logging environment variables for error details
         const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(", ");
         logger.info(`Found the following environment variables: ${assignedEnv}`);
-        const workloadIdentityCredentialOptions = options !== null && options !== void 0 ? options : {};
+        const workloadIdentityCredentialOptions = options ?? {};
         const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
         const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
         this.federatedTokenFilePath =

package/dist/esm/credentials/workloadIdentityCredential.js.map

@@ -1 +1 @@
-{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;iKAIqH,CAAC;YAC5J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options?: WorkloadIdentityCredentialOptions) {\n    // Logging environment variables for error details\n    const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n    const workloadIdentityCredentialOptions = options ?? {};\n    const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n    const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n    this.federatedTokenFilePath =\n      workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    logger.info(\n      `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n    );\n    this.client = new ClientAssertionCredential(\n      tenantId,\n      clientId,\n      this.readFileContents.bind(this),\n      options,\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions,\n  ): Promise<AccessToken> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`,\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`,\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}
+{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAC7B,MAAM,CAAwC;IAC9C,8BAA8B,GAAuB,SAAS,CAAC;IAC/D,SAAS,GAAuB,SAAS,CAAC;IAC1C,sBAAsB,CAAqB;IAEnD;;;;OAIG;IACH,YAAY,OAA2C;QACrD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;iKAIqH,CAAC;YAC5J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n  \"AZURE_TENANT_ID\",\n  \"AZURE_CLIENT_ID\",\n  \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n  private client: ClientAssertionCredential | undefined;\n  private azureFederatedTokenFileContent: string | undefined = undefined;\n  private cacheDate: number | undefined = undefined;\n  private federatedTokenFilePath: string | undefined;\n\n  /**\n   * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n   *\n   * @param options - The identity client options to use for authentication.\n   */\n  constructor(options?: WorkloadIdentityCredentialOptions) {\n    // Logging environment variables for error details\n    const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n    logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n    const workloadIdentityCredentialOptions = options ?? {};\n    const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n    const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n    this.federatedTokenFilePath =\n      workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n    if (tenantId) {\n      checkTenantId(logger, tenantId);\n    }\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n      );\n    }\n\n    logger.info(\n      `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n    );\n    this.client = new ClientAssertionCredential(\n      tenantId,\n      clientId,\n      this.readFileContents.bind(this),\n      options,\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  public async getToken(\n    scopes: string | string[],\n    options?: GetTokenOptions,\n  ): Promise<AccessToken> {\n    if (!this.client) {\n      const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n      \"AZURE_TENANT_ID\",\n      \"AZURE_CLIENT_ID\",\n      \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;\n      logger.info(errorMessage);\n      throw new CredentialUnavailableError(errorMessage);\n    }\n    logger.info(\"Invoking getToken() of Client Assertion Credential\");\n    return this.client.getToken(scopes, options);\n  }\n\n  private async readFileContents(): Promise<string> {\n    // Cached assertions expire after 5 minutes\n    if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n      this.azureFederatedTokenFileContent = undefined;\n    }\n    if (!this.federatedTokenFilePath) {\n      throw new CredentialUnavailableError(\n        `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`,\n      );\n    }\n    if (!this.azureFederatedTokenFileContent) {\n      const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n      const value = file.trim();\n      if (!value) {\n        throw new CredentialUnavailableError(\n          `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`,\n        );\n      } else {\n        this.azureFederatedTokenFileContent = value;\n        this.cacheDate = Date.now();\n      }\n    }\n    return this.azureFederatedTokenFileContent;\n  }\n}\n"]}

package/dist/esm/errors.js

@@ -31,6 +31,14 @@ export const AuthenticationErrorName = "AuthenticationError";
  * the specific failure.
  */
 export class AuthenticationError extends Error {
+    /**
+     * The HTTP status code returned from the authentication request.
+     */
+    statusCode;
+    /**
+     * The error response details.
+     */
+    errorResponse;
     constructor(statusCode, errorBody, options) {
         let errorResponse = {
             error: "unknown",
@@ -85,6 +93,11 @@ export const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
  * for authentication failures from credentials in a {@link ChainedTokenCredential}.
  */
 export class AggregateAuthenticationError extends Error {
+    /**
+     * The array of error objects that were thrown while trying to authenticate
+     * with the credentials in a {@link ChainedTokenCredential}.
+     */
+    errors;
     constructor(errors, errorMessage) {
         const errorDetail = errors.join("\n");
         super(`${errorMessage}\n${errorDetail}`);
@@ -107,6 +120,14 @@ function convertOAuthErrorResponseToErrorResponse(errorBody) {
  * Error used to enforce authentication after trying to retrieve a token silently.
  */
 export class AuthenticationRequiredError extends Error {
+    /**
+     * The list of scopes for which the token will have access.
+     */
+    scopes;
+    /**
+     * The options passed to the getToken request.
+     */
+    getTokenOptions;
     constructor(
     /**
      * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.

package/dist/esm/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string, options?: { cause?: unknown }) {\n    // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n    super(message, options);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  constructor(\n    statusCode: number,\n    errorBody: object | string | undefined | null,\n    options?: { cause?: unknown },\n  ) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\",\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e: any) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"invalid_request\",\n            errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\",\n      };\n    }\n\n    super(\n      `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n      // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n      options,\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id,\n  };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  getTokenOptions?: GetTokenOptions;\n  /**\n   * The message of the error.\n   */\n  message?: string;\n  /**\n   * The underlying cause, if any, that caused the authentication to fail.\n   */\n  cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  public scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  public getTokenOptions?: GetTokenOptions;\n\n  constructor(\n    /**\n     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n     */\n    options: AuthenticationRequiredErrorOptions,\n  ) {\n    super(\n      options.message,\n      // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n      options.cause ? { cause: options.cause } : undefined,\n    );\n    this.scopes = options.scopes;\n    this.getTokenOptions = options.getTokenOptions;\n    this.name = \"AuthenticationRequiredError\";\n  }\n}\n"]}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C;;OAEG;IACa,UAAU,CAAS;IAEnC;;OAEG;IACa,aAAa,CAAgB;IAE7C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IACrD;;;OAGG;IACI,MAAM,CAAQ;IAErB,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACpD;;OAEG;IACI,MAAM,CAAW;IACxB;;OAEG;IACI,eAAe,CAAmB;IAEzC;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string, options?: { cause?: unknown }) {\n    // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n    super(message, options);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  constructor(\n    statusCode: number,\n    errorBody: object | string | undefined | null,\n    options?: { cause?: unknown },\n  ) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\",\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e: any) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"invalid_request\",\n            errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\",\n      };\n    }\n\n    super(\n      `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n      // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n      options,\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id,\n  };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  getTokenOptions?: GetTokenOptions;\n  /**\n   * The message of the error.\n   */\n  message?: string;\n  /**\n   * The underlying cause, if any, that caused the authentication to fail.\n   */\n  cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n  /**\n   * The list of scopes for which the token will have access.\n   */\n  public scopes: string[];\n  /**\n   * The options passed to the getToken request.\n   */\n  public getTokenOptions?: GetTokenOptions;\n\n  constructor(\n    /**\n     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n     */\n    options: AuthenticationRequiredErrorOptions,\n  ) {\n    super(\n      options.message,\n      // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n      options.cause ? { cause: options.cause } : undefined,\n    );\n    this.scopes = options.scopes;\n    this.getTokenOptions = options.getTokenOptions;\n    this.name = \"AuthenticationRequiredError\";\n  }\n}\n"]}

package/dist/esm/msal/browserFlows/msalBrowserCommon.js

@@ -15,7 +15,6 @@ const isLocationDefined = typeof self !== "undefined" && self.location !== undef
  * @internal
  */
 function generateMsalBrowserConfiguration(options) {
-    var _a;
     const tenantId = options.tenantId || DefaultTenantId;
     const authority = getAuthority(tenantId, options.authorityHost);
     return {
@@ -36,7 +35,7 @@ function generateMsalBrowserConfiguration(options) {
             loggerOptions: {
                 loggerCallback: defaultLoggerCallback(options.logger, "Browser"),
                 logLevel: getMSALLogLevel(getLogLevel()),
-                piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
+                piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,
             },
         },
     };
@@ -49,7 +48,6 @@ const redirectHash = isLocationDefined ? self.location.hash : undefined;
  * @internal
  */
 export function createMsalBrowserClient(options) {
-    var _a;
     const loginStyle = options.loginStyle;
     if (!options.clientId) {
         throw new CredentialUnavailableError("A client ID is required in browsers");
@@ -57,14 +55,17 @@ export function createMsalBrowserClient(options) {
     const clientId = options.clientId;
     const logger = options.logger;
     const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);
-    const additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
+    const additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.tokenCredentialOptions?.additionallyAllowedTenants);
     const authorityHost = options.authorityHost;
     const msalConfig = generateMsalBrowserConfiguration(options);
     const disableAutomaticAuthentication = options.disableAutomaticAuthentication;
     const loginHint = options.loginHint;
     let account;
     if (options.authenticationRecord) {
-        account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId });
+        account = {
+            ...options.authenticationRecord,
+            tenantId,
+        };
     }
     // This variable should only be used through calling `getApp` function
     let app;
@@ -108,8 +109,7 @@ export function createMsalBrowserClient(options) {
      * If the token received is invalid, an error will be thrown depending on what's missing.
      */
     function handleResult(scopes, result, getTokenOptions) {
-        var _a;
-        if (result === null || result === void 0 ? void 0 : result.account) {
+        if (result?.account) {
             account = msalToPublic(clientId, result.account);
         }
         ensureValidMsalToken(scopes, result, getTokenOptions);
@@ -117,7 +117,7 @@ export function createMsalBrowserClient(options) {
         return {
             token: result.accessToken,
             expiresOnTimestamp: result.expiresOn.getTime(),
-            refreshAfterTimestamp: (_a = result.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
+            refreshAfterTimestamp: result.refreshOn?.getTime(),
             tokenType: "Bearer",
         };
     }
@@ -171,9 +171,9 @@ export function createMsalBrowserClient(options) {
             });
         }
         const parameters = {
-            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
-            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
-            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            authority: getTokenOptions?.authority || msalConfig.auth.authority,
+            correlationId: getTokenOptions?.correlationId,
+            claims: getTokenOptions?.claims,
             account: publicToMsal(activeAccount),
             forceRefresh: false,
             scopes,
@@ -201,9 +201,9 @@ export function createMsalBrowserClient(options) {
             });
         }
         const parameters = {
-            authority: (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.authority) || msalConfig.auth.authority,
-            correlationId: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.correlationId,
-            claims: getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.claims,
+            authority: getTokenOptions?.authority || msalConfig.auth.authority,
+            correlationId: getTokenOptions?.correlationId,
+            claims: getTokenOptions?.claims,
             account: publicToMsal(activeAccount),
             loginHint: loginHint,
             scopes,
@@ -243,7 +243,7 @@ export function createMsalBrowserClient(options) {
             if (err.name !== "AuthenticationRequiredError") {
                 throw err;
             }
-            if (getTokenOptions === null || getTokenOptions === void 0 ? void 0 : getTokenOptions.disableAutomaticAuthentication) {
+            if (getTokenOptions?.disableAutomaticAuthentication) {
                 throw new AuthenticationRequiredError({
                     scopes,
                     getTokenOptions,

package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,mCACF,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,GACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,KAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nfunction generateMsalBrowserConfiguration(\n  options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n    },\n    cache: {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    },\n    system: {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n  getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n  getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n  const loginStyle = options.loginStyle;\n  if (!options.clientId) {\n    throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n  }\n  const clientId = options.clientId;\n  const logger = options.logger;\n  const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n  const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n    options?.tokenCredentialOptions?.additionallyAllowedTenants,\n  );\n  const authorityHost = options.authorityHost;\n  const msalConfig = generateMsalBrowserConfiguration(options);\n  const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n  const loginHint = options.loginHint;\n\n  let account: AuthenticationRecord | undefined;\n  if (options.authenticationRecord) {\n    account = {\n      ...options.authenticationRecord,\n      tenantId,\n    };\n  }\n\n  // This variable should only be used through calling `getApp` function\n  let app: msalBrowser.IPublicClientApplication;\n  /**\n   * Return the MSAL account if not set yet\n   * @returns MSAL application\n   */\n  async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n    if (!app) {\n      // Prepare the MSAL application\n      app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n      // setting the account right after the app is created.\n      if (account) {\n        app.setActiveAccount(publicToMsal(account));\n      }\n    }\n\n    return app;\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  async function handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult,\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      const msalApp = await getApp();\n      if (result && result.account) {\n        logger.info(`MSAL Browser V2 authentication successful.`);\n        msalApp.setActiveAccount(result.account);\n        return msalToPublic(clientId, result.account);\n      }\n    } catch (e: any) {\n      logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  function handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      account = msalToPublic(clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n      refreshAfterTimestamp: result.refreshOn?.getTime(),\n      tokenType: \"Bearer\",\n    };\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    const activeAccount = msalApp.getActiveAccount();\n    if (!activeAccount) {\n      return;\n    }\n    return msalToPublic(clientId, activeAccount);\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: loginHint,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\": {\n        await app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Tries to retrieve the token silently using MSAL.\n   */\n  async function getTokenSilent(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      logger.info(\"Attempting to acquire token silently\");\n      const msalApp = await getApp();\n      const response = await msalApp.acquireTokenSilent(parameters);\n      return handleResult(scopes, response);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser through interactive methods.\n   */\n  async function getTokenInteractive(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      loginHint: loginHint,\n      scopes,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n\n        await msalApp.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n      case \"popup\":\n        return handleResult(scopes, await app.acquireTokenPopup(parameters));\n    }\n  }\n\n  /**\n   * Attempts to get token through the silent flow.\n   * If failed, get token through interactive method with `doGetToken` method.\n   */\n  async function getToken(\n    scopes: string[],\n    getTokenOptions: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const getTokenTenantId =\n      processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n      tenantId;\n\n    if (!getTokenOptions.authority) {\n      getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await handleRedirect();\n\n    if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n      await login(scopes);\n    }\n\n    // Attempts to get the token silently; else, falls back to interactive method.\n    try {\n      return await getTokenSilent(scopes, getTokenOptions);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (getTokenOptions?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions,\n          message:\n            \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n        });\n      }\n      logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n      return getTokenInteractive(scopes, getTokenOptions);\n    }\n  }\n  return {\n    getActiveAccount,\n    getToken,\n  };\n}\n"]}
+{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nfunction generateMsalBrowserConfiguration(\n  options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n    },\n    cache: {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    },\n    system: {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n  getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n  getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n  const loginStyle = options.loginStyle;\n  if (!options.clientId) {\n    throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n  }\n  const clientId = options.clientId;\n  const logger = options.logger;\n  const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n  const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n    options?.tokenCredentialOptions?.additionallyAllowedTenants,\n  );\n  const authorityHost = options.authorityHost;\n  const msalConfig = generateMsalBrowserConfiguration(options);\n  const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n  const loginHint = options.loginHint;\n\n  let account: AuthenticationRecord | undefined;\n  if (options.authenticationRecord) {\n    account = {\n      ...options.authenticationRecord,\n      tenantId,\n    };\n  }\n\n  // This variable should only be used through calling `getApp` function\n  let app: msalBrowser.IPublicClientApplication;\n  /**\n   * Return the MSAL account if not set yet\n   * @returns MSAL application\n   */\n  async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n    if (!app) {\n      // Prepare the MSAL application\n      app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n      // setting the account right after the app is created.\n      if (account) {\n        app.setActiveAccount(publicToMsal(account));\n      }\n    }\n\n    return app;\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  async function handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult,\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      const msalApp = await getApp();\n      if (result && result.account) {\n        logger.info(`MSAL Browser V2 authentication successful.`);\n        msalApp.setActiveAccount(result.account);\n        return msalToPublic(clientId, result.account);\n      }\n    } catch (e: any) {\n      logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  function handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      account = msalToPublic(clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n      refreshAfterTimestamp: result.refreshOn?.getTime(),\n      tokenType: \"Bearer\",\n    };\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    const activeAccount = msalApp.getActiveAccount();\n    if (!activeAccount) {\n      return;\n    }\n    return msalToPublic(clientId, activeAccount);\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: loginHint,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\": {\n        await app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Tries to retrieve the token silently using MSAL.\n   */\n  async function getTokenSilent(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      logger.info(\"Attempting to acquire token silently\");\n      const msalApp = await getApp();\n      const response = await msalApp.acquireTokenSilent(parameters);\n      return handleResult(scopes, response);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser through interactive methods.\n   */\n  async function getTokenInteractive(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      loginHint: loginHint,\n      scopes,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n\n        await msalApp.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n      case \"popup\":\n        return handleResult(scopes, await app.acquireTokenPopup(parameters));\n    }\n  }\n\n  /**\n   * Attempts to get token through the silent flow.\n   * If failed, get token through interactive method with `doGetToken` method.\n   */\n  async function getToken(\n    scopes: string[],\n    getTokenOptions: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const getTokenTenantId =\n      processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n      tenantId;\n\n    if (!getTokenOptions.authority) {\n      getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await handleRedirect();\n\n    if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n      await login(scopes);\n    }\n\n    // Attempts to get the token silently; else, falls back to interactive method.\n    try {\n      return await getTokenSilent(scopes, getTokenOptions);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (getTokenOptions?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions,\n          message:\n            \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n        });\n      }\n      logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n      return getTokenInteractive(scopes, getTokenOptions);\n    }\n  }\n  return {\n    getActiveAccount,\n    getToken,\n  };\n}\n"]}

package/dist/esm/msal/nodeFlows/msalClient.d.ts

@@ -125,6 +125,15 @@ export interface MsalClient {
      * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.
      */
     getActiveAccount(): AuthenticationRecord | undefined;
+    /**
+     * Retrieves an access token using brokered authentication.
+     *
+     * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.
+     * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.
+     * @param options - Additional options that may be provided to the method.
+     * @returns An access token.
+     */
+    getBrokeredToken(scopes: string[], useDefaultBrokerAccount: boolean, options?: GetTokenInteractiveOptions): Promise<AccessToken>;
 }
 /**
  * Represents the options for configuring the MsalClient.
@@ -138,6 +147,10 @@ export interface MsalClientOptions {
      * Parameters that enable token cache persistence in the Identity credentials.
      */
     tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
+    /**
+     * Indicates if this is being used by VSCode credential.
+     */
+    isVSCodeCredential?: boolean;
     /**
      * A custom authority host.
      */

package/dist/esm/msal/nodeFlows/msalClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAyBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA0gBZ"}
+{"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;IAErD;;;;;;;OAOG;IACH,gBAAgB,CACd,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,OAAO,EAChC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,WAAW,CAAC,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAyBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA6jBZ"}