@azure/identity 4.10.3-alpha.20250714.3 → 4.11.0-alpha.20250718.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (360) hide show
  1. package/README.md +19 -1
  2. package/dist/browser/client/identityClient.js +30 -18
  3. package/dist/browser/client/identityClient.js.map +1 -1
  4. package/dist/browser/constants.d.ts +1 -1
  5. package/dist/browser/constants.d.ts.map +1 -1
  6. package/dist/browser/constants.js +1 -1
  7. package/dist/browser/constants.js.map +1 -1
  8. package/dist/browser/credentials/brokerCredential.d.ts +35 -0
  9. package/dist/browser/credentials/brokerCredential.d.ts.map +1 -0
  10. package/dist/browser/credentials/brokerCredential.js +69 -0
  11. package/dist/browser/credentials/brokerCredential.js.map +1 -0
  12. package/dist/browser/credentials/chainedTokenCredential.js +1 -1
  13. package/dist/browser/credentials/chainedTokenCredential.js.map +1 -1
  14. package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +1 -1
  15. package/dist/browser/credentials/clientSecretCredential.js +7 -2
  16. package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  17. package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  18. package/dist/browser/credentials/defaultAzureCredentialFunctions.js +143 -0
  19. package/dist/browser/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  20. package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +1 -1
  21. package/dist/browser/credentials/interactiveBrowserCredential.js +19 -6
  22. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  23. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  24. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  25. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  26. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  27. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  28. package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +1 -1
  29. package/dist/browser/credentials/usernamePasswordCredential.js +7 -1
  30. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  31. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  32. package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  33. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  34. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  35. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  36. package/dist/browser/errors.js +21 -0
  37. package/dist/browser/errors.js.map +1 -1
  38. package/dist/browser/msal/browserFlows/msalBrowserCommon.js +15 -15
  39. package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  40. package/dist/browser/msal/nodeFlows/msalClient.d.ts +13 -0
  41. package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
  42. package/dist/browser/msal/nodeFlows/msalClient.js +127 -94
  43. package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
  44. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts +19 -1
  45. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  46. package/dist/browser/msal/nodeFlows/msalPlugins.js +61 -16
  47. package/dist/browser/msal/nodeFlows/msalPlugins.js.map +1 -1
  48. package/dist/browser/msal/utils.js +3 -4
  49. package/dist/browser/msal/utils.js.map +1 -1
  50. package/dist/browser/plugins/provider.d.ts +2 -2
  51. package/dist/browser/plugins/provider.d.ts.map +1 -1
  52. package/dist/browser/plugins/provider.js.map +1 -1
  53. package/dist/browser/regionalAuthority.js +1 -2
  54. package/dist/browser/regionalAuthority.js.map +1 -1
  55. package/dist/browser/tokenProvider.js +1 -2
  56. package/dist/browser/tokenProvider.js.map +1 -1
  57. package/dist/browser/util/logging.js +6 -2
  58. package/dist/browser/util/logging.js.map +1 -1
  59. package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +1 -1
  60. package/dist/browser/util/processMultiTenantRequest.js +1 -2
  61. package/dist/browser/util/processUtils.d.ts +1 -1
  62. package/dist/browser/util/processUtils.d.ts.map +1 -1
  63. package/dist/browser/util/processUtils.js +1 -1
  64. package/dist/browser/util/processUtils.js.map +1 -1
  65. package/dist/commonjs/client/identityClient.js +30 -18
  66. package/dist/commonjs/client/identityClient.js.map +1 -1
  67. package/dist/commonjs/constants.d.ts +1 -1
  68. package/dist/commonjs/constants.d.ts.map +1 -1
  69. package/dist/commonjs/constants.js +1 -1
  70. package/dist/commonjs/constants.js.map +1 -1
  71. package/dist/commonjs/credentials/authorizationCodeCredential.js +17 -3
  72. package/dist/commonjs/credentials/authorizationCodeCredential.js.map +1 -1
  73. package/dist/commonjs/credentials/azureCliCredential.js +15 -12
  74. package/dist/commonjs/credentials/azureCliCredential.js.map +1 -1
  75. package/dist/commonjs/credentials/azureDeveloperCliCredential.js +12 -10
  76. package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +1 -1
  77. package/dist/commonjs/credentials/azurePipelinesCredential.js +9 -5
  78. package/dist/commonjs/credentials/azurePipelinesCredential.js.map +1 -1
  79. package/dist/commonjs/credentials/azurePowerShellCredential.js +10 -7
  80. package/dist/commonjs/credentials/azurePowerShellCredential.js.map +1 -1
  81. package/dist/commonjs/credentials/brokerCredential.d.ts +35 -0
  82. package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -0
  83. package/dist/commonjs/credentials/brokerCredential.js +73 -0
  84. package/dist/commonjs/credentials/brokerCredential.js.map +1 -0
  85. package/dist/commonjs/credentials/chainedTokenCredential.js +1 -1
  86. package/dist/commonjs/credentials/chainedTokenCredential.js.map +1 -1
  87. package/dist/commonjs/credentials/clientAssertionCredential.js +11 -2
  88. package/dist/commonjs/credentials/clientAssertionCredential.js.map +1 -1
  89. package/dist/commonjs/credentials/clientCertificateCredential.js +19 -9
  90. package/dist/commonjs/credentials/clientCertificateCredential.js.map +1 -1
  91. package/dist/commonjs/credentials/clientSecretCredential.js +10 -2
  92. package/dist/commonjs/credentials/clientSecretCredential.js.map +1 -1
  93. package/dist/commonjs/credentials/defaultAzureCredential.d.ts +12 -14
  94. package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -1
  95. package/dist/commonjs/credentials/defaultAzureCredential.js +48 -113
  96. package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -1
  97. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  98. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  99. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +153 -0
  100. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  101. package/dist/commonjs/credentials/deviceCodeCredential.js +24 -10
  102. package/dist/commonjs/credentials/deviceCodeCredential.js.map +1 -1
  103. package/dist/commonjs/credentials/environmentCredential.js +4 -6
  104. package/dist/commonjs/credentials/environmentCredential.js.map +1 -1
  105. package/dist/commonjs/credentials/interactiveBrowserCredential.js +30 -11
  106. package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +1 -1
  107. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  108. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  109. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  110. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  111. package/dist/commonjs/credentials/managedIdentityCredential/index.js +28 -18
  112. package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -1
  113. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  114. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  115. package/dist/commonjs/credentials/onBehalfOfCredential.js +13 -1
  116. package/dist/commonjs/credentials/onBehalfOfCredential.js.map +1 -1
  117. package/dist/commonjs/credentials/usernamePasswordCredential.js +10 -2
  118. package/dist/commonjs/credentials/usernamePasswordCredential.js.map +1 -1
  119. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts +15 -26
  120. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  121. package/dist/commonjs/credentials/visualStudioCodeCredential.js +69 -130
  122. package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +1 -1
  123. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  124. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  125. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  126. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  127. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  128. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  129. package/dist/commonjs/credentials/workloadIdentityCredential.js +5 -3
  130. package/dist/commonjs/credentials/workloadIdentityCredential.js.map +1 -1
  131. package/dist/commonjs/errors.js +21 -0
  132. package/dist/commonjs/errors.js.map +1 -1
  133. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +15 -15
  134. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  135. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +13 -0
  136. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
  137. package/dist/commonjs/msal/nodeFlows/msalClient.js +127 -94
  138. package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -1
  139. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts +19 -1
  140. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  141. package/dist/commonjs/msal/nodeFlows/msalPlugins.js +63 -17
  142. package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +1 -1
  143. package/dist/commonjs/msal/utils.js +3 -4
  144. package/dist/commonjs/msal/utils.js.map +1 -1
  145. package/dist/commonjs/plugins/consumer.d.ts.map +1 -1
  146. package/dist/commonjs/plugins/consumer.js +1 -2
  147. package/dist/commonjs/plugins/consumer.js.map +1 -1
  148. package/dist/commonjs/plugins/provider.d.ts +2 -2
  149. package/dist/commonjs/plugins/provider.d.ts.map +1 -1
  150. package/dist/commonjs/plugins/provider.js.map +1 -1
  151. package/dist/commonjs/regionalAuthority.js +1 -2
  152. package/dist/commonjs/regionalAuthority.js.map +1 -1
  153. package/dist/commonjs/tokenProvider.js +1 -2
  154. package/dist/commonjs/tokenProvider.js.map +1 -1
  155. package/dist/commonjs/tsdoc-metadata.json +11 -11
  156. package/dist/commonjs/util/logging.js +6 -2
  157. package/dist/commonjs/util/logging.js.map +1 -1
  158. package/dist/commonjs/util/processMultiTenantRequest.js +2 -3
  159. package/dist/commonjs/util/processMultiTenantRequest.js.map +1 -1
  160. package/dist/commonjs/util/processUtils.d.ts +1 -1
  161. package/dist/commonjs/util/processUtils.d.ts.map +1 -1
  162. package/dist/commonjs/util/processUtils.js +2 -2
  163. package/dist/commonjs/util/processUtils.js.map +1 -1
  164. package/dist/esm/client/identityClient.js +30 -18
  165. package/dist/esm/client/identityClient.js.map +1 -1
  166. package/dist/esm/constants.d.ts +1 -1
  167. package/dist/esm/constants.d.ts.map +1 -1
  168. package/dist/esm/constants.js +1 -1
  169. package/dist/esm/constants.js.map +1 -1
  170. package/dist/esm/credentials/authorizationCodeCredential.js +17 -3
  171. package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
  172. package/dist/esm/credentials/azureCliCredential.js +15 -12
  173. package/dist/esm/credentials/azureCliCredential.js.map +1 -1
  174. package/dist/esm/credentials/azureDeveloperCliCredential.js +12 -10
  175. package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
  176. package/dist/esm/credentials/azurePipelinesCredential.js +9 -5
  177. package/dist/esm/credentials/azurePipelinesCredential.js.map +1 -1
  178. package/dist/esm/credentials/azurePowerShellCredential.js +10 -7
  179. package/dist/esm/credentials/azurePowerShellCredential.js.map +1 -1
  180. package/dist/esm/credentials/brokerCredential.d.ts +35 -0
  181. package/dist/esm/credentials/brokerCredential.d.ts.map +1 -0
  182. package/dist/esm/credentials/brokerCredential.js +69 -0
  183. package/dist/esm/credentials/brokerCredential.js.map +1 -0
  184. package/dist/esm/credentials/chainedTokenCredential.js +1 -1
  185. package/dist/esm/credentials/chainedTokenCredential.js.map +1 -1
  186. package/dist/esm/credentials/clientAssertionCredential.js +11 -2
  187. package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
  188. package/dist/esm/credentials/clientCertificateCredential.js +19 -9
  189. package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
  190. package/dist/esm/credentials/clientSecretCredential.js +10 -2
  191. package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
  192. package/dist/esm/credentials/defaultAzureCredential.d.ts +12 -14
  193. package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -1
  194. package/dist/esm/credentials/defaultAzureCredential.js +43 -106
  195. package/dist/esm/credentials/defaultAzureCredential.js.map +1 -1
  196. package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  197. package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  198. package/dist/esm/credentials/defaultAzureCredentialFunctions.js +143 -0
  199. package/dist/esm/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  200. package/dist/esm/credentials/deviceCodeCredential.js +24 -10
  201. package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
  202. package/dist/esm/credentials/environmentCredential.js +4 -6
  203. package/dist/esm/credentials/environmentCredential.js.map +1 -1
  204. package/dist/esm/credentials/interactiveBrowserCredential.js +30 -11
  205. package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
  206. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  207. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  208. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  209. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  210. package/dist/esm/credentials/managedIdentityCredential/index.js +28 -18
  211. package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -1
  212. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  213. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  214. package/dist/esm/credentials/onBehalfOfCredential.js +13 -1
  215. package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
  216. package/dist/esm/credentials/usernamePasswordCredential.js +10 -2
  217. package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
  218. package/dist/esm/credentials/visualStudioCodeCredential.d.ts +15 -26
  219. package/dist/esm/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  220. package/dist/esm/credentials/visualStudioCodeCredential.js +69 -128
  221. package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
  222. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  223. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  224. package/dist/esm/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  225. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  226. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  227. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  228. package/dist/esm/credentials/workloadIdentityCredential.js +5 -3
  229. package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
  230. package/dist/esm/errors.js +21 -0
  231. package/dist/esm/errors.js.map +1 -1
  232. package/dist/esm/msal/browserFlows/msalBrowserCommon.js +15 -15
  233. package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  234. package/dist/esm/msal/nodeFlows/msalClient.d.ts +13 -0
  235. package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
  236. package/dist/esm/msal/nodeFlows/msalClient.js +127 -94
  237. package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
  238. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts +19 -1
  239. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  240. package/dist/esm/msal/nodeFlows/msalPlugins.js +61 -16
  241. package/dist/esm/msal/nodeFlows/msalPlugins.js.map +1 -1
  242. package/dist/esm/msal/utils.js +3 -4
  243. package/dist/esm/msal/utils.js.map +1 -1
  244. package/dist/esm/plugins/consumer.d.ts.map +1 -1
  245. package/dist/esm/plugins/consumer.js +2 -3
  246. package/dist/esm/plugins/consumer.js.map +1 -1
  247. package/dist/esm/plugins/provider.d.ts +2 -2
  248. package/dist/esm/plugins/provider.d.ts.map +1 -1
  249. package/dist/esm/plugins/provider.js.map +1 -1
  250. package/dist/esm/regionalAuthority.js +1 -2
  251. package/dist/esm/regionalAuthority.js.map +1 -1
  252. package/dist/esm/tokenProvider.js +1 -2
  253. package/dist/esm/tokenProvider.js.map +1 -1
  254. package/dist/esm/util/logging.js +6 -2
  255. package/dist/esm/util/logging.js.map +1 -1
  256. package/dist/esm/util/processMultiTenantRequest.js +2 -3
  257. package/dist/esm/util/processMultiTenantRequest.js.map +1 -1
  258. package/dist/esm/util/processUtils.d.ts +1 -1
  259. package/dist/esm/util/processUtils.d.ts.map +1 -1
  260. package/dist/esm/util/processUtils.js +1 -1
  261. package/dist/esm/util/processUtils.js.map +1 -1
  262. package/dist/workerd/client/identityClient.js +30 -18
  263. package/dist/workerd/client/identityClient.js.map +1 -1
  264. package/dist/workerd/constants.d.ts +1 -1
  265. package/dist/workerd/constants.d.ts.map +1 -1
  266. package/dist/workerd/constants.js +1 -1
  267. package/dist/workerd/constants.js.map +1 -1
  268. package/dist/workerd/credentials/authorizationCodeCredential.js +17 -3
  269. package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
  270. package/dist/workerd/credentials/azureCliCredential.js +15 -12
  271. package/dist/workerd/credentials/azureCliCredential.js.map +1 -1
  272. package/dist/workerd/credentials/azureDeveloperCliCredential.js +12 -10
  273. package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
  274. package/dist/workerd/credentials/azurePipelinesCredential.js +9 -5
  275. package/dist/workerd/credentials/azurePipelinesCredential.js.map +1 -1
  276. package/dist/workerd/credentials/azurePowerShellCredential.js +10 -7
  277. package/dist/workerd/credentials/azurePowerShellCredential.js.map +1 -1
  278. package/dist/workerd/credentials/brokerCredential.d.ts +35 -0
  279. package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -0
  280. package/dist/workerd/credentials/brokerCredential.js +69 -0
  281. package/dist/workerd/credentials/brokerCredential.js.map +1 -0
  282. package/dist/workerd/credentials/chainedTokenCredential.js +1 -1
  283. package/dist/workerd/credentials/chainedTokenCredential.js.map +1 -1
  284. package/dist/workerd/credentials/clientAssertionCredential.js +11 -2
  285. package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
  286. package/dist/workerd/credentials/clientCertificateCredential.js +19 -9
  287. package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
  288. package/dist/workerd/credentials/clientSecretCredential.js +10 -2
  289. package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
  290. package/dist/workerd/credentials/defaultAzureCredential.d.ts +12 -14
  291. package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -1
  292. package/dist/workerd/credentials/defaultAzureCredential.js +43 -106
  293. package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -1
  294. package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  295. package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  296. package/dist/workerd/credentials/defaultAzureCredentialFunctions.js +143 -0
  297. package/dist/workerd/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  298. package/dist/workerd/credentials/deviceCodeCredential.js +24 -10
  299. package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
  300. package/dist/workerd/credentials/environmentCredential.js +4 -6
  301. package/dist/workerd/credentials/environmentCredential.js.map +1 -1
  302. package/dist/workerd/credentials/interactiveBrowserCredential.js +30 -11
  303. package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
  304. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  305. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  306. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  307. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  308. package/dist/workerd/credentials/managedIdentityCredential/index.js +28 -18
  309. package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -1
  310. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  311. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  312. package/dist/workerd/credentials/onBehalfOfCredential.js +13 -1
  313. package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
  314. package/dist/workerd/credentials/usernamePasswordCredential.js +10 -2
  315. package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
  316. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts +15 -26
  317. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  318. package/dist/workerd/credentials/visualStudioCodeCredential.js +69 -128
  319. package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
  320. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  321. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  322. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  323. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  324. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  325. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  326. package/dist/workerd/credentials/workloadIdentityCredential.js +5 -3
  327. package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
  328. package/dist/workerd/errors.js +21 -0
  329. package/dist/workerd/errors.js.map +1 -1
  330. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +15 -15
  331. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  332. package/dist/workerd/msal/nodeFlows/msalClient.d.ts +13 -0
  333. package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
  334. package/dist/workerd/msal/nodeFlows/msalClient.js +127 -94
  335. package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
  336. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts +19 -1
  337. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  338. package/dist/workerd/msal/nodeFlows/msalPlugins.js +61 -16
  339. package/dist/workerd/msal/nodeFlows/msalPlugins.js.map +1 -1
  340. package/dist/workerd/msal/utils.js +3 -4
  341. package/dist/workerd/msal/utils.js.map +1 -1
  342. package/dist/workerd/plugins/consumer.d.ts.map +1 -1
  343. package/dist/workerd/plugins/consumer.js +2 -3
  344. package/dist/workerd/plugins/consumer.js.map +1 -1
  345. package/dist/workerd/plugins/provider.d.ts +2 -2
  346. package/dist/workerd/plugins/provider.d.ts.map +1 -1
  347. package/dist/workerd/plugins/provider.js.map +1 -1
  348. package/dist/workerd/regionalAuthority.js +1 -2
  349. package/dist/workerd/regionalAuthority.js.map +1 -1
  350. package/dist/workerd/tokenProvider.js +1 -2
  351. package/dist/workerd/tokenProvider.js.map +1 -1
  352. package/dist/workerd/util/logging.js +6 -2
  353. package/dist/workerd/util/logging.js.map +1 -1
  354. package/dist/workerd/util/processMultiTenantRequest.js +2 -3
  355. package/dist/workerd/util/processMultiTenantRequest.js.map +1 -1
  356. package/dist/workerd/util/processUtils.d.ts +1 -1
  357. package/dist/workerd/util/processUtils.d.ts.map +1 -1
  358. package/dist/workerd/util/processUtils.js +1 -1
  359. package/dist/workerd/util/processUtils.js.map +1 -1
  360. package/package.json +2 -2
package/dist/workerd/credentials/defaultAzureCredential.js CHANGED
@@ -1,113 +1,16 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- import { ManagedIdentityCredential } from "./managedIdentityCredential/index.js";
4
- import { AzureCliCredential } from "./azureCliCredential.js";
5
- import { AzureDeveloperCliCredential } from "./azureDeveloperCliCredential.js";
6
- import { AzurePowerShellCredential } from "./azurePowerShellCredential.js";
7
3
  import { ChainedTokenCredential } from "./chainedTokenCredential.js";
8
- import { EnvironmentCredential } from "./environmentCredential.js";
9
- import { WorkloadIdentityCredential } from "./workloadIdentityCredential.js";
10
4
  import { credentialLogger } from "../util/logging.js";
5
+ import { createDefaultAzureCliCredential, createDefaultAzureDeveloperCliCredential, createDefaultAzurePowershellCredential, createDefaultBrokerCredential, createDefaultManagedIdentityCredential, createDefaultVisualStudioCodeCredential, createDefaultWorkloadIdentityCredential, createDefaultEnvironmentCredential, } from "./defaultAzureCredentialFunctions.js";
11
6
  const logger = credentialLogger("DefaultAzureCredential");
12
- /**
13
- * Creates a {@link ManagedIdentityCredential} from the provided options.
14
- * @param options - Options to configure the credential.
15
- *
16
- * @internal
17
- */
18
- export function createDefaultManagedIdentityCredential(options = {}) {
19
- var _a, _b, _c, _d;
20
- (_a = options.retryOptions) !== null && _a !== void 0 ? _a : (options.retryOptions = {
21
- maxRetries: 5,
22
- retryDelayInMs: 800,
23
- });
24
- const managedIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _b !== void 0 ? _b : process.env.AZURE_CLIENT_ID;
25
- const workloadIdentityClientId = (_c = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _c !== void 0 ? _c : managedIdentityClientId;
26
- const managedResourceId = options === null || options === void 0 ? void 0 : options.managedIdentityResourceId;
27
- const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
28
- const tenantId = (_d = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _d !== void 0 ? _d : process.env.AZURE_TENANT_ID;
29
- if (managedResourceId) {
30
- const managedIdentityResourceIdOptions = Object.assign(Object.assign({}, options), { resourceId: managedResourceId });
31
- return new ManagedIdentityCredential(managedIdentityResourceIdOptions);
32
- }
33
- if (workloadFile && workloadIdentityClientId) {
34
- const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId: tenantId });
35
- return new ManagedIdentityCredential(workloadIdentityClientId, workloadIdentityCredentialOptions);
36
- }
37
- if (managedIdentityClientId) {
38
- const managedIdentityClientOptions = Object.assign(Object.assign({}, options), { clientId: managedIdentityClientId });
39
- return new ManagedIdentityCredential(managedIdentityClientOptions);
40
- }
41
- // We may be able to return a UnavailableCredential here, but that may be a breaking change
42
- return new ManagedIdentityCredential(options);
43
- }
44
- /**
45
- * Creates a {@link WorkloadIdentityCredential} from the provided options.
46
- * @param options - Options to configure the credential.
47
- *
48
- * @internal
49
- */
50
- function createDefaultWorkloadIdentityCredential(options) {
51
- var _a, _b, _c;
52
- const managedIdentityClientId = (_a = options === null || options === void 0 ? void 0 : options.managedIdentityClientId) !== null && _a !== void 0 ? _a : process.env.AZURE_CLIENT_ID;
53
- const workloadIdentityClientId = (_b = options === null || options === void 0 ? void 0 : options.workloadIdentityClientId) !== null && _b !== void 0 ? _b : managedIdentityClientId;
54
- const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
55
- const tenantId = (_c = options === null || options === void 0 ? void 0 : options.tenantId) !== null && _c !== void 0 ? _c : process.env.AZURE_TENANT_ID;
56
- if (workloadFile && workloadIdentityClientId) {
57
- const workloadIdentityCredentialOptions = Object.assign(Object.assign({}, options), { tenantId, clientId: workloadIdentityClientId, tokenFilePath: workloadFile });
58
- return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);
59
- }
60
- if (tenantId) {
61
- const workloadIdentityClientTenantOptions = Object.assign(Object.assign({}, options), { tenantId });
62
- return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);
63
- }
64
- // We may be able to return a UnavailableCredential here, but that may be a breaking change
65
- return new WorkloadIdentityCredential(options);
66
- }
67
- /**
68
- * Creates a {@link AzureDeveloperCliCredential} from the provided options.
69
- * @param options - Options to configure the credential.
70
- *
71
- * @internal
72
- */
73
- function createDefaultAzureDeveloperCliCredential(options = {}) {
74
- const processTimeoutInMs = options.processTimeoutInMs;
75
- return new AzureDeveloperCliCredential(Object.assign({ processTimeoutInMs }, options));
76
- }
77
- /**
78
- * Creates a {@link AzureCliCredential} from the provided options.
79
- * @param options - Options to configure the credential.
80
- *
81
- * @internal
82
- */
83
- function createDefaultAzureCliCredential(options = {}) {
84
- const processTimeoutInMs = options.processTimeoutInMs;
85
- return new AzureCliCredential(Object.assign({ processTimeoutInMs }, options));
86
- }
87
- /**
88
- * Creates a {@link AzurePowerShellCredential} from the provided options.
89
- * @param options - Options to configure the credential.
90
- *
91
- * @internal
92
- */
93
- function createDefaultAzurePowershellCredential(options = {}) {
94
- const processTimeoutInMs = options.processTimeoutInMs;
95
- return new AzurePowerShellCredential(Object.assign({ processTimeoutInMs }, options));
96
- }
97
- /**
98
- * Creates an {@link EnvironmentCredential} from the provided options.
99
- * @param options - Options to configure the credential.
100
- *
101
- * @internal
102
- */
103
- export function createEnvironmentCredential(options = {}) {
104
- return new EnvironmentCredential(options);
105
- }
106
7
  /**
107
8
  * A no-op credential that logs the reason it was skipped if getToken is called.
108
9
  * @internal
109
10
  */
110
11
  export class UnavailableDefaultCredential {
12
+ credentialUnavailableErrorMessage;
13
+ credentialName;
111
14
  constructor(credentialName, message) {
112
15
  this.credentialName = credentialName;
113
16
  this.credentialUnavailableErrorMessage = message;
@@ -127,12 +30,24 @@ export class UnavailableDefaultCredential {
127
30
  * - {@link EnvironmentCredential}
128
31
  * - {@link WorkloadIdentityCredential}
129
32
  * - {@link ManagedIdentityCredential}
33
+ * - {@link VisualStudioCodeCredential}
130
34
  * - {@link AzureCliCredential}
131
35
  * - {@link AzurePowerShellCredential}
132
36
  * - {@link AzureDeveloperCliCredential}
133
37
  *
134
38
  * Consult the documentation of these credential types for more information
135
39
  * on how they attempt authentication.
40
+ *
41
+ * Selecting credentials
42
+ *
43
+ * Set environment variable AZURE_TOKEN_CREDENTIALS to select a subset of the credential chain.
44
+ * DefaultAzureCredential will try only the specified credential(s), but its other behavior remains the same.
45
+ * Valid values for AZURE_TOKEN_CREDENTIALS are the name of any single type in the above chain, for example
46
+ * "EnvironmentCredential" or "AzureCliCredential", and these special values:
47
+ *
48
+ * - "dev": try [VisualStudioCodeCredential], [AzureCliCredential], [AzurePowerShellCredential] and [AzureDeveloperCliCredential], in that order
49
+ * - "prod": try [EnvironmentCredential], [WorkloadIdentityCredential], and [ManagedIdentityCredential], in that order
50
+ *
136
51
  */
137
52
  export class DefaultAzureCredential extends ChainedTokenCredential {
138
53
  constructor(options) {
@@ -141,32 +56,54 @@ export class DefaultAzureCredential extends ChainedTokenCredential {
141
56
  ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()
142
57
  : undefined;
143
58
  const devCredentialFunctions = [
59
+ createDefaultVisualStudioCodeCredential,
144
60
  createDefaultAzureCliCredential,
145
61
  createDefaultAzurePowershellCredential,
146
62
  createDefaultAzureDeveloperCliCredential,
63
+ createDefaultBrokerCredential,
147
64
  ];
148
65
  const prodCredentialFunctions = [
149
- createEnvironmentCredential,
66
+ createDefaultEnvironmentCredential,
150
67
  createDefaultWorkloadIdentityCredential,
151
68
  createDefaultManagedIdentityCredential,
152
69
  ];
153
70
  let credentialFunctions = [];
71
+ const validCredentialNames = "EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential";
154
72
  // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.
155
- // The value of AZURE_TOKEN_CREDENTIALS should be either "dev" or "prod".
73
+ // The value of AZURE_TOKEN_CREDENTIALS should be either "dev" or "prod" or any one of these credentials - {validCredentialNames}.
156
74
  if (azureTokenCredentials) {
157
75
  switch (azureTokenCredentials) {
158
76
  case "dev":
159
- // If AZURE_TOKEN_CREDENTIALS is set to "dev", use the developer tool-based credential chain.
160
77
  credentialFunctions = devCredentialFunctions;
161
78
  break;
162
79
  case "prod":
163
- // If AZURE_TOKEN_CREDENTIALS is set to "prod", use the production credential chain.
164
80
  credentialFunctions = prodCredentialFunctions;
165
81
  break;
82
+ case "environmentcredential":
83
+ credentialFunctions = [createDefaultEnvironmentCredential];
84
+ break;
85
+ case "workloadidentitycredential":
86
+ credentialFunctions = [createDefaultWorkloadIdentityCredential];
87
+ break;
88
+ case "managedidentitycredential":
89
+ credentialFunctions = [createDefaultManagedIdentityCredential];
90
+ break;
91
+ case "visualstudiocodecredential":
92
+ credentialFunctions = [createDefaultVisualStudioCodeCredential];
93
+ break;
94
+ case "azureclicredential":
95
+ credentialFunctions = [createDefaultAzureCliCredential];
96
+ break;
97
+ case "azurepowershellcredential":
98
+ credentialFunctions = [createDefaultAzurePowershellCredential];
99
+ break;
100
+ case "azuredeveloperclicredential":
101
+ credentialFunctions = [createDefaultAzureDeveloperCliCredential];
102
+ break;
166
103
  default: {
167
104
  // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.
168
- // We will throw an error here to prevent the creation of the DefaultAzureCredential.
169
- const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;
105
+ // This will prevent the creation of the DefaultAzureCredential.
106
+ const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;
170
107
  logger.warning(errorMessage);
171
108
  throw new Error(errorMessage);
172
109
  }
package/dist/workerd/credentials/defaultAzureCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AAEjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;;IAE9C,MAAA,OAAO,CAAC,YAAY,oCAApB,OAAO,CAAC,YAAY,GAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,EAAC;IACF,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD,aAAnD,OAAO,uBAAP,OAAO,CAC9B,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,mCACjC,OAAO,KACV,UAAU,EAAE,iBAAiB,GAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EAAE,QAAQ,GACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,mCAC7B,OAAO,KACV,QAAQ,EAAE,uBAAuB,GAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,uCAAuC,CAC9C,OAA+E;;IAE/E,MAAM,uBAAuB,GAC3B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,uBAAuB,mCAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC5B,MAAC,OAAiD,aAAjD,OAAO,uBAAP,OAAO,CAA4C,wBAAwB,mCAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,mCAClC,OAAO,KACV,QAAQ,EACR,QAAQ,EAAE,wBAAwB,EAClC,aAAa,EAAE,YAAY,GAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,mCACpC,OAAO,KACV,QAAQ,GACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAS,wCAAwC,CAC/C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,2BAA2B,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC7E,CAAC;AAED;;;;;GAKG;AACH,SAAS,+BAA+B,CACtC,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,kBAAkB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AACpE,CAAC;AAED;;;;;GAKG;AACH,SAAS,sCAAsC,CAC7C,UAAyC,EAAE;IAE3C,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACtD,OAAO,IAAI,yBAAyB,iBAAG,kBAAkB,IAAK,OAAO,EAAG,CAAC;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAIvC,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;SACzC,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,2BAA2B;YAC3B,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,6FAA6F;oBAC7F,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,oFAAoF;oBACpF,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,qFAAqF;oBACrF,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,qCAAqC,CAAC;oBAC7I,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\n\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n options:\n | DefaultAzureCredentialOptions\n | DefaultAzureCredentialResourceIdOptions\n | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n options.retryOptions ??= {\n maxRetries: 5,\n retryDelayInMs: 800,\n };\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n }\n\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n ...options,\n tenantId: tenantId,\n };\n\n return new ManagedIdentityCredential(\n workloadIdentityClientId,\n workloadIdentityCredentialOptions,\n );\n }\n\n if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n\n return new ManagedIdentityCredential(managedIdentityClientOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultWorkloadIdentityCredential(\n options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n clientId: workloadIdentityClientId,\n tokenFilePath: workloadFile,\n };\n return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n }\n if (tenantId) {\n const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n };\n return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureDeveloperCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n const processTimeoutInMs = options.processTimeoutInMs;\n return new AzureDeveloperCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzureCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n const processTimeoutInMs = options.processTimeoutInMs;\n return new AzureCliCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nfunction createDefaultAzurePowershellCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n const processTimeoutInMs = options.processTimeoutInMs;\n return new AzurePowerShellCredential({ processTimeoutInMs, ...options });\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createEnvironmentCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new EnvironmentCredential(options);\n}\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n credentialUnavailableErrorMessage: string;\n credentialName: string;\n\n constructor(credentialName: string, message: string) {\n this.credentialName = credentialName;\n this.credentialUnavailableErrorMessage = message;\n }\n\n getToken(): Promise<null> {\n logger.getToken.info(\n `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n );\n return Promise.resolve(null);\n }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n */\n constructor(options?: DefaultAzureCredentialOptions);\n\n constructor(options?: DefaultAzureCredentialOptions) {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n : undefined;\n const devCredentialFunctions = [\n createDefaultAzureCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultAzureDeveloperCliCredential,\n ];\n const prodCredentialFunctions = [\n createEnvironmentCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultManagedIdentityCredential,\n ];\n let credentialFunctions = [];\n // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\".\n if (azureTokenCredentials) {\n switch (azureTokenCredentials) {\n case \"dev\":\n // If AZURE_TOKEN_CREDENTIALS is set to \"dev\", use the developer tool-based credential chain.\n credentialFunctions = devCredentialFunctions;\n break;\n case \"prod\":\n // If AZURE_TOKEN_CREDENTIALS is set to \"prod\", use the production credential chain.\n credentialFunctions = prodCredentialFunctions;\n break;\n default: {\n // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n // We will throw an error here to prevent the creation of the DefaultAzureCredential.\n const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev'.`;\n logger.warning(errorMessage);\n throw new Error(errorMessage);\n }\n }\n } else {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n }\n\n // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n // When adding new credentials to the default chain, consider:\n // 1. Making the constructor parameters required and explicit\n // 2. Validating any required parameters in the factory function\n // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n try {\n return createCredentialFn(options);\n } catch (err: any) {\n logger.warning(\n `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n );\n return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n }\n });\n\n super(...credentials);\n }\n}\n"]}
1
+ {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAalC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAIrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,+BAA+B,EAC/B,wCAAwC,EACxC,sCAAsC,EACtC,6BAA6B,EAC7B,sCAAsC,EACtC,uCAAuC,EACvC,uCAAuC,EACvC,kCAAkC,GACnC,MAAM,sCAAsC,CAAC;AAE9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC,iCAAiC,CAAS;IAC1C,cAAc,CAAS;IAEvB,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,uCAAuC;YACvC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;YACxC,6BAA6B;SAC9B,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,kCAAkC;YAClC,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,MAAM,oBAAoB,GACxB,sLAAsL,CAAC;QACzL,mFAAmF;QACnF,kIAAkI;QAClI,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,KAAK,uBAAuB;oBAC1B,mBAAmB,GAAG,CAAC,kCAAkC,CAAC,CAAC;oBAC3D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,oBAAoB;oBACvB,mBAAmB,GAAG,CAAC,+BAA+B,CAAC,CAAC;oBACxD,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,6BAA6B;oBAChC,mBAAmB,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACjE,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,gEAAgE;oBAChE,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,oEAAoE,oBAAoB,GAAG,CAAC;oBACnM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\n\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport {\n createDefaultAzureCliCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultBrokerCredential,\n createDefaultManagedIdentityCredential,\n createDefaultVisualStudioCodeCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultEnvironmentCredential,\n} from \"./defaultAzureCredentialFunctions.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n credentialUnavailableErrorMessage: string;\n credentialName: string;\n\n constructor(credentialName: string, message: string) {\n this.credentialName = credentialName;\n this.credentialUnavailableErrorMessage = message;\n }\n\n getToken(): Promise<null> {\n logger.getToken.info(\n `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n );\n return Promise.resolve(null);\n }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * Selecting credentials\n *\n * Set environment variable AZURE_TOKEN_CREDENTIALS to select a subset of the credential chain.\n * DefaultAzureCredential will try only the specified credential(s), but its other behavior remains the same.\n * Valid values for AZURE_TOKEN_CREDENTIALS are the name of any single type in the above chain, for example\n * \"EnvironmentCredential\" or \"AzureCliCredential\", and these special values:\n *\n * - \"dev\": try [VisualStudioCodeCredential], [AzureCliCredential], [AzurePowerShellCredential] and [AzureDeveloperCliCredential], in that order\n * - \"prod\": try [EnvironmentCredential], [WorkloadIdentityCredential], and [ManagedIdentityCredential], in that order\n *\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n */\n constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n /**\n * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n *\n * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n */\n constructor(options?: DefaultAzureCredentialOptions);\n\n constructor(options?: DefaultAzureCredentialOptions) {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n : undefined;\n const devCredentialFunctions = [\n createDefaultVisualStudioCodeCredential,\n createDefaultAzureCliCredential,\n createDefaultAzurePowershellCredential,\n createDefaultAzureDeveloperCliCredential,\n createDefaultBrokerCredential,\n ];\n const prodCredentialFunctions = [\n createDefaultEnvironmentCredential,\n createDefaultWorkloadIdentityCredential,\n createDefaultManagedIdentityCredential,\n ];\n let credentialFunctions = [];\n const validCredentialNames =\n \"EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential\";\n // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\" or any one of these credentials - {validCredentialNames}.\n if (azureTokenCredentials) {\n switch (azureTokenCredentials) {\n case \"dev\":\n credentialFunctions = devCredentialFunctions;\n break;\n case \"prod\":\n credentialFunctions = prodCredentialFunctions;\n break;\n case \"environmentcredential\":\n credentialFunctions = [createDefaultEnvironmentCredential];\n break;\n case \"workloadidentitycredential\":\n credentialFunctions = [createDefaultWorkloadIdentityCredential];\n break;\n case \"managedidentitycredential\":\n credentialFunctions = [createDefaultManagedIdentityCredential];\n break;\n case \"visualstudiocodecredential\":\n credentialFunctions = [createDefaultVisualStudioCodeCredential];\n break;\n case \"azureclicredential\":\n credentialFunctions = [createDefaultAzureCliCredential];\n break;\n case \"azurepowershellcredential\":\n credentialFunctions = [createDefaultAzurePowershellCredential];\n break;\n case \"azuredeveloperclicredential\":\n credentialFunctions = [createDefaultAzureDeveloperCliCredential];\n break;\n default: {\n // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n // This will prevent the creation of the DefaultAzureCredential.\n const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;\n logger.warning(errorMessage);\n throw new Error(errorMessage);\n }\n }\n } else {\n // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n }\n\n // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n // When adding new credentials to the default chain, consider:\n // 1. Making the constructor parameters required and explicit\n // 2. Validating any required parameters in the factory function\n // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n try {\n return createCredentialFn(options);\n } catch (err: any) {\n logger.warning(\n `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n );\n return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n }\n });\n\n super(...credentials);\n }\n}\n"]}
package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts ADDED
@@ -0,0 +1,62 @@
1
+ import type { TokenCredential } from "@azure/core-auth";
2
+ import type { DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialOptions, DefaultAzureCredentialResourceIdOptions } from "./defaultAzureCredentialOptions.js";
3
+ /**
4
+ * Creates a {@link BrokerCredential} instance with the provided options.
5
+ * This credential uses the Windows Authentication Manager (WAM) broker for authentication.
6
+ * It will only attempt to authenticate silently using the default broker account
7
+ *
8
+ * @param options - Options for configuring the credential.
9
+ *
10
+ * @internal
11
+ */
12
+ export declare function createDefaultBrokerCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
13
+ /**
14
+ * Creates a {@link VisualStudioCodeCredential} from the provided options.
15
+ * @param options - Options to configure the credential.
16
+ *
17
+ * @internal
18
+ */
19
+ export declare function createDefaultVisualStudioCodeCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
20
+ /**
21
+ * Creates a {@link ManagedIdentityCredential} from the provided options.
22
+ * @param options - Options to configure the credential.
23
+ *
24
+ * @internal
25
+ */
26
+ export declare function createDefaultManagedIdentityCredential(options?: DefaultAzureCredentialOptions | DefaultAzureCredentialResourceIdOptions | DefaultAzureCredentialClientIdOptions): TokenCredential;
27
+ /**
28
+ * Creates a {@link WorkloadIdentityCredential} from the provided options.
29
+ * @param options - Options to configure the credential.
30
+ *
31
+ * @internal
32
+ */
33
+ export declare function createDefaultWorkloadIdentityCredential(options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions): TokenCredential;
34
+ /**
35
+ * Creates a {@link AzureDeveloperCliCredential} from the provided options.
36
+ * @param options - Options to configure the credential.
37
+ *
38
+ * @internal
39
+ */
40
+ export declare function createDefaultAzureDeveloperCliCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
41
+ /**
42
+ * Creates a {@link AzureCliCredential} from the provided options.
43
+ * @param options - Options to configure the credential.
44
+ *
45
+ * @internal
46
+ */
47
+ export declare function createDefaultAzureCliCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
48
+ /**
49
+ * Creates a {@link AzurePowerShellCredential} from the provided options.
50
+ * @param options - Options to configure the credential.
51
+ *
52
+ * @internal
53
+ */
54
+ export declare function createDefaultAzurePowershellCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
55
+ /**
56
+ * Creates an {@link EnvironmentCredential} from the provided options.
57
+ * @param options - Options to configure the credential.
58
+ *
59
+ * @internal
60
+ */
61
+ export declare function createDefaultEnvironmentCredential(options?: DefaultAzureCredentialOptions): TokenCredential;
62
+ //# sourceMappingURL=defaultAzureCredentialFunctions.d.ts.map
package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"defaultAzureCredentialFunctions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAe5C;;;;;;;;GAQG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GACH,6BAA6B,GAC7B,uCAAuC,GACvC,qCAA0C,GAC7C,eAAe,CA8CjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,CAAC,EAAE,6BAA6B,GAAG,qCAAqC,GAC9E,eAAe,CA4BjB;AAED;;;;;GAKG;AACH,wBAAgB,wCAAwC,CACtD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,kCAAkC,CAChD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB"}
package/dist/workerd/credentials/defaultAzureCredentialFunctions.js ADDED
@@ -0,0 +1,143 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
3
+ import { EnvironmentCredential } from "./environmentCredential.js";
4
+ import { ManagedIdentityCredential } from "./managedIdentityCredential/index.js";
5
+ import { WorkloadIdentityCredential } from "./workloadIdentityCredential.js";
6
+ import { AzureDeveloperCliCredential } from "./azureDeveloperCliCredential.js";
7
+ import { AzureCliCredential } from "./azureCliCredential.js";
8
+ import { AzurePowerShellCredential } from "./azurePowerShellCredential.js";
9
+ import { VisualStudioCodeCredential } from "./visualStudioCodeCredential.js";
10
+ import { BrokerCredential } from "./brokerCredential.js";
11
+ /**
12
+ * Creates a {@link BrokerCredential} instance with the provided options.
13
+ * This credential uses the Windows Authentication Manager (WAM) broker for authentication.
14
+ * It will only attempt to authenticate silently using the default broker account
15
+ *
16
+ * @param options - Options for configuring the credential.
17
+ *
18
+ * @internal
19
+ */
20
+ export function createDefaultBrokerCredential(options = {}) {
21
+ return new BrokerCredential(options);
22
+ }
23
+ /**
24
+ * Creates a {@link VisualStudioCodeCredential} from the provided options.
25
+ * @param options - Options to configure the credential.
26
+ *
27
+ * @internal
28
+ */
29
+ export function createDefaultVisualStudioCodeCredential(options = {}) {
30
+ return new VisualStudioCodeCredential(options);
31
+ }
32
+ /**
33
+ * Creates a {@link ManagedIdentityCredential} from the provided options.
34
+ * @param options - Options to configure the credential.
35
+ *
36
+ * @internal
37
+ */
38
+ export function createDefaultManagedIdentityCredential(options = {}) {
39
+ options.retryOptions ??= {
40
+ maxRetries: 5,
41
+ retryDelayInMs: 800,
42
+ };
43
+ const managedIdentityClientId = options?.managedIdentityClientId ??
44
+ process.env.AZURE_CLIENT_ID;
45
+ const workloadIdentityClientId = options?.workloadIdentityClientId ??
46
+ managedIdentityClientId;
47
+ const managedResourceId = options
48
+ ?.managedIdentityResourceId;
49
+ const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
50
+ const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;
51
+ if (managedResourceId) {
52
+ const managedIdentityResourceIdOptions = {
53
+ ...options,
54
+ resourceId: managedResourceId,
55
+ };
56
+ return new ManagedIdentityCredential(managedIdentityResourceIdOptions);
57
+ }
58
+ if (workloadFile && workloadIdentityClientId) {
59
+ const workloadIdentityCredentialOptions = {
60
+ ...options,
61
+ tenantId: tenantId,
62
+ };
63
+ return new ManagedIdentityCredential(workloadIdentityClientId, workloadIdentityCredentialOptions);
64
+ }
65
+ if (managedIdentityClientId) {
66
+ const managedIdentityClientOptions = {
67
+ ...options,
68
+ clientId: managedIdentityClientId,
69
+ };
70
+ return new ManagedIdentityCredential(managedIdentityClientOptions);
71
+ }
72
+ // We may be able to return a UnavailableCredential here, but that may be a breaking change
73
+ return new ManagedIdentityCredential(options);
74
+ }
75
+ /**
76
+ * Creates a {@link WorkloadIdentityCredential} from the provided options.
77
+ * @param options - Options to configure the credential.
78
+ *
79
+ * @internal
80
+ */
81
+ export function createDefaultWorkloadIdentityCredential(options) {
82
+ const managedIdentityClientId = options?.managedIdentityClientId ??
83
+ process.env.AZURE_CLIENT_ID;
84
+ const workloadIdentityClientId = options?.workloadIdentityClientId ??
85
+ managedIdentityClientId;
86
+ const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
87
+ const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;
88
+ if (workloadFile && workloadIdentityClientId) {
89
+ const workloadIdentityCredentialOptions = {
90
+ ...options,
91
+ tenantId,
92
+ clientId: workloadIdentityClientId,
93
+ tokenFilePath: workloadFile,
94
+ };
95
+ return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);
96
+ }
97
+ if (tenantId) {
98
+ const workloadIdentityClientTenantOptions = {
99
+ ...options,
100
+ tenantId,
101
+ };
102
+ return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);
103
+ }
104
+ // We may be able to return a UnavailableCredential here, but that may be a breaking change
105
+ return new WorkloadIdentityCredential(options);
106
+ }
107
+ /**
108
+ * Creates a {@link AzureDeveloperCliCredential} from the provided options.
109
+ * @param options - Options to configure the credential.
110
+ *
111
+ * @internal
112
+ */
113
+ export function createDefaultAzureDeveloperCliCredential(options = {}) {
114
+ return new AzureDeveloperCliCredential(options);
115
+ }
116
+ /**
117
+ * Creates a {@link AzureCliCredential} from the provided options.
118
+ * @param options - Options to configure the credential.
119
+ *
120
+ * @internal
121
+ */
122
+ export function createDefaultAzureCliCredential(options = {}) {
123
+ return new AzureCliCredential(options);
124
+ }
125
+ /**
126
+ * Creates a {@link AzurePowerShellCredential} from the provided options.
127
+ * @param options - Options to configure the credential.
128
+ *
129
+ * @internal
130
+ */
131
+ export function createDefaultAzurePowershellCredential(options = {}) {
132
+ return new AzurePowerShellCredential(options);
133
+ }
134
+ /**
135
+ * Creates an {@link EnvironmentCredential} from the provided options.
136
+ * @param options - Options to configure the credential.
137
+ *
138
+ * @internal
139
+ */
140
+ export function createDefaultEnvironmentCredential(options = {}) {
141
+ return new EnvironmentCredential(options);
142
+ }
143
+ //# sourceMappingURL=defaultAzureCredentialFunctions.js.map
package/dist/workerd/credentials/defaultAzureCredentialFunctions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"defaultAzureCredentialFunctions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAKnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,UAAyC,EAAE;IAE3C,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;IAE9C,OAAO,CAAC,YAAY,KAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,CAAC;IACF,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD;QAC5E,EAAE,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,GAA+C;YACnF,GAAG,OAAO;YACV,UAAU,EAAE,iBAAiB;SAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAkC;YACvE,GAAG,OAAO;YACV,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,GAA6C;YAC7E,GAAG,OAAO;YACV,QAAQ,EAAE,uBAAuB;SAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,OAA+E;IAE/E,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAsC;YAC3E,GAAG,OAAO;YACV,QAAQ;YACR,QAAQ,EAAE,wBAAwB;YAClC,aAAa,EAAE,YAAY;SAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,GAAsC;YAC7E,GAAG,OAAO;YACV,QAAQ;SACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wCAAwC,CACtD,UAAyC,EAAE;IAE3C,OAAO,IAAI,2BAA2B,CAAC,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAC7C,UAAyC,EAAE;IAE3C,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAAyC,EAAE;IAE3C,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { BrokerCredential } from \"./brokerCredential.js\";\n\n/**\n * Creates a {@link BrokerCredential} instance with the provided options.\n * This credential uses the Windows Authentication Manager (WAM) broker for authentication.\n * It will only attempt to authenticate silently using the default broker account\n *\n * @param options - Options for configuring the credential.\n *\n * @internal\n */\nexport function createDefaultBrokerCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new BrokerCredential(options);\n}\n\n/**\n * Creates a {@link VisualStudioCodeCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultVisualStudioCodeCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new VisualStudioCodeCredential(options);\n}\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n options:\n | DefaultAzureCredentialOptions\n | DefaultAzureCredentialResourceIdOptions\n | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n options.retryOptions ??= {\n maxRetries: 5,\n retryDelayInMs: 800,\n };\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n }\n\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n ...options,\n tenantId: tenantId,\n };\n\n return new ManagedIdentityCredential(\n workloadIdentityClientId,\n workloadIdentityCredentialOptions,\n );\n }\n\n if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n\n return new ManagedIdentityCredential(managedIdentityClientOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultWorkloadIdentityCredential(\n options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n clientId: workloadIdentityClientId,\n tokenFilePath: workloadFile,\n };\n return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n }\n if (tenantId) {\n const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n };\n return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzureDeveloperCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureDeveloperCliCredential(options);\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzureCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureCliCredential(options);\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzurePowershellCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzurePowerShellCredential(options);\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultEnvironmentCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new EnvironmentCredential(options);\n}\n"]}
package/dist/workerd/credentials/deviceCodeCredential.js CHANGED
@@ -19,6 +19,11 @@ export function defaultDeviceCodePromptCallback(deviceCodeInfo) {
19
19
  * that the user can enter into https://microsoft.com/devicelogin.
20
20
  */
21
21
  export class DeviceCodeCredential {
22
+ tenantId;
23
+ additionallyAllowedTenantIds;
24
+ disableAutomaticAuthentication;
25
+ msalClient;
26
+ userPromptCallback;
22
27
  /**
23
28
  * Creates an instance of DeviceCodeCredential with the details needed
24
29
  * to initiate the device code authorization flow with Microsoft Entra ID.
@@ -42,14 +47,17 @@ export class DeviceCodeCredential {
42
47
  * @param options - Options for configuring the client which makes the authentication requests.
43
48
  */
44
49
  constructor(options) {
45
- var _a, _b;
46
- this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
47
- this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
48
- const clientId = (_a = options === null || options === void 0 ? void 0 : options.clientId) !== null && _a !== void 0 ? _a : DeveloperSignOnClientId;
49
- const tenantId = resolveTenantId(logger, options === null || options === void 0 ? void 0 : options.tenantId, clientId);
50
- this.userPromptCallback = (_b = options === null || options === void 0 ? void 0 : options.userPromptCallback) !== null && _b !== void 0 ? _b : defaultDeviceCodePromptCallback;
51
- this.msalClient = createMsalClient(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options || {} }));
52
- this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
50
+ this.tenantId = options?.tenantId;
51
+ this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
52
+ const clientId = options?.clientId ?? DeveloperSignOnClientId;
53
+ const tenantId = resolveTenantId(logger, options?.tenantId, clientId);
54
+ this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;
55
+ this.msalClient = createMsalClient(clientId, tenantId, {
56
+ ...options,
57
+ logger,
58
+ tokenCredentialOptions: options || {},
59
+ });
60
+ this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
53
61
  }
54
62
  /**
55
63
  * Authenticates with Microsoft Entra ID and returns an access token if successful.
@@ -67,7 +75,10 @@ export class DeviceCodeCredential {
67
75
  return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
68
76
  newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
69
77
  const arrayScopes = ensureScopes(scopes);
70
- return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
78
+ return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
79
+ ...newOptions,
80
+ disableAutomaticAuthentication: this.disableAutomaticAuthentication,
81
+ });
71
82
  });
72
83
  }
73
84
  /**
@@ -83,7 +94,10 @@ export class DeviceCodeCredential {
83
94
  async authenticate(scopes, options = {}) {
84
95
  return tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
85
96
  const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
86
- await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: false }));
97
+ await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
98
+ ...newOptions,
99
+ disableAutomaticAuthentication: false, // this method should always allow user interaction
100
+ });
87
101
  return this.msalClient.getActiveAccount();
88
102
  });
89
103
  }
package/dist/workerd/credentials/deviceCodeCredential.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAO/B;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,YAAY,OAAqC;;QAC/C,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,uBAAuB,CAAC;QAC9D,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,kBAAkB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,mCAAI,+BAA+B,CAAC;QACzF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,IAAI,EAAE,IACrC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,kCAC3E,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,kCAC1E,UAAU,KACb,8BAA8B,EAAE,KAAK,IACrC,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\nimport type {\n DeviceCodeCredentialOptions,\n DeviceCodeInfo,\n DeviceCodePromptCallback,\n} from \"./deviceCodeCredentialOptions.js\";\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Microsoft Entra ID using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private disableAutomaticAuthentication?: boolean;\n private msalClient: MsalClient;\n private userPromptCallback: DeviceCodePromptCallback;\n\n /**\n * Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Microsoft Entra ID.\n *\n * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n *\n * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n *\n * ```ts snippet:device_code_credential_example\n * import { DeviceCodeCredential } from \"@azure/identity\";\n *\n * const credential = new DeviceCodeCredential({\n * tenantId: process.env.AZURE_TENANT_ID,\n * clientId: process.env.AZURE_CLIENT_ID,\n * userPromptCallback: (info) => {\n * console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n * },\n * });\n * ```\n *\n * @param options - Options for configuring the client which makes the authentication requests.\n */\n constructor(options?: DeviceCodeCredentialOptions) {\n this.tenantId = options?.tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n const clientId = options?.clientId ?? DeveloperSignOnClientId;\n const tenantId = resolveTenantId(logger, options?.tenantId, clientId);\n this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options || {},\n });\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AuthenticationRecord | undefined> {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n ...newOptions,\n disableAutomaticAuthentication: false, // this method should always allow user interaction\n });\n return this.msalClient.getActiveAccount();\n },\n );\n }\n}\n"]}
1
+ {"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,MAAM,MAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IACvB,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,8BAA8B,CAAW;IACzC,UAAU,CAAa;IACvB,kBAAkB,CAA2B;IAErD;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,YAAY,OAAqC;QAC/C,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,uBAAuB,CAAC;QAC9D,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,IAAI,+BAA+B,CAAC;QACzF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE;YACrD,GAAG,OAAO;YACV,MAAM;YACN,sBAAsB,EAAE,OAAO,IAAI,EAAE;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBAChF,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;aACpE,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBAC/E,GAAG,UAAU;gBACb,8BAA8B,EAAE,KAAK,EAAE,mDAAmD;aAC3F,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\nimport type {\n DeviceCodeCredentialOptions,\n DeviceCodeInfo,\n DeviceCodePromptCallback,\n} from \"./deviceCodeCredentialOptions.js\";\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Microsoft Entra ID using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private disableAutomaticAuthentication?: boolean;\n private msalClient: MsalClient;\n private userPromptCallback: DeviceCodePromptCallback;\n\n /**\n * Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Microsoft Entra ID.\n *\n * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n *\n * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n *\n * ```ts snippet:device_code_credential_example\n * import { DeviceCodeCredential } from \"@azure/identity\";\n *\n * const credential = new DeviceCodeCredential({\n * tenantId: process.env.AZURE_TENANT_ID,\n * clientId: process.env.AZURE_CLIENT_ID,\n * userPromptCallback: (info) => {\n * console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n * },\n * });\n * ```\n *\n * @param options - Options for configuring the client which makes the authentication requests.\n */\n constructor(options?: DeviceCodeCredentialOptions) {\n this.tenantId = options?.tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n const clientId = options?.clientId ?? DeveloperSignOnClientId;\n const tenantId = resolveTenantId(logger, options?.tenantId, clientId);\n this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options || {},\n });\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AuthenticationRecord | undefined> {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n ...newOptions,\n disableAutomaticAuthentication: false, // this method should always allow user interaction\n });\n return this.msalClient.getActiveAccount();\n },\n );\n }\n}\n"]}