@azure/identity 4.10.3-alpha.20250714.3 → 4.11.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (359) hide show
  1. package/README.md +19 -1
  2. package/dist/browser/client/identityClient.js +30 -18
  3. package/dist/browser/client/identityClient.js.map +1 -1
  4. package/dist/browser/constants.d.ts +1 -1
  5. package/dist/browser/constants.d.ts.map +1 -1
  6. package/dist/browser/constants.js +1 -1
  7. package/dist/browser/constants.js.map +1 -1
  8. package/dist/browser/credentials/brokerCredential.d.ts +35 -0
  9. package/dist/browser/credentials/brokerCredential.d.ts.map +1 -0
  10. package/dist/browser/credentials/brokerCredential.js +69 -0
  11. package/dist/browser/credentials/brokerCredential.js.map +1 -0
  12. package/dist/browser/credentials/chainedTokenCredential.js +1 -1
  13. package/dist/browser/credentials/chainedTokenCredential.js.map +1 -1
  14. package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +1 -1
  15. package/dist/browser/credentials/clientSecretCredential.js +7 -2
  16. package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  17. package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  18. package/dist/browser/credentials/defaultAzureCredentialFunctions.js +143 -0
  19. package/dist/browser/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  20. package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +1 -1
  21. package/dist/browser/credentials/interactiveBrowserCredential.js +19 -6
  22. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  23. package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  24. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  25. package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  26. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  27. package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  28. package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +1 -1
  29. package/dist/browser/credentials/usernamePasswordCredential.js +7 -1
  30. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  31. package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  32. package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  33. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  34. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  35. package/dist/browser/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  36. package/dist/browser/errors.js +21 -0
  37. package/dist/browser/errors.js.map +1 -1
  38. package/dist/browser/msal/browserFlows/msalBrowserCommon.js +15 -15
  39. package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  40. package/dist/browser/msal/nodeFlows/msalClient.d.ts +13 -0
  41. package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
  42. package/dist/browser/msal/nodeFlows/msalClient.js +127 -94
  43. package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
  44. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts +19 -1
  45. package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  46. package/dist/browser/msal/nodeFlows/msalPlugins.js +61 -16
  47. package/dist/browser/msal/nodeFlows/msalPlugins.js.map +1 -1
  48. package/dist/browser/msal/utils.js +3 -4
  49. package/dist/browser/msal/utils.js.map +1 -1
  50. package/dist/browser/plugins/provider.d.ts +2 -2
  51. package/dist/browser/plugins/provider.d.ts.map +1 -1
  52. package/dist/browser/plugins/provider.js.map +1 -1
  53. package/dist/browser/regionalAuthority.js +1 -2
  54. package/dist/browser/regionalAuthority.js.map +1 -1
  55. package/dist/browser/tokenProvider.js +1 -2
  56. package/dist/browser/tokenProvider.js.map +1 -1
  57. package/dist/browser/util/logging.js +6 -2
  58. package/dist/browser/util/logging.js.map +1 -1
  59. package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +1 -1
  60. package/dist/browser/util/processMultiTenantRequest.js +1 -2
  61. package/dist/browser/util/processUtils.d.ts +1 -1
  62. package/dist/browser/util/processUtils.d.ts.map +1 -1
  63. package/dist/browser/util/processUtils.js +1 -1
  64. package/dist/browser/util/processUtils.js.map +1 -1
  65. package/dist/commonjs/client/identityClient.js +30 -18
  66. package/dist/commonjs/client/identityClient.js.map +1 -1
  67. package/dist/commonjs/constants.d.ts +1 -1
  68. package/dist/commonjs/constants.d.ts.map +1 -1
  69. package/dist/commonjs/constants.js +1 -1
  70. package/dist/commonjs/constants.js.map +1 -1
  71. package/dist/commonjs/credentials/authorizationCodeCredential.js +17 -3
  72. package/dist/commonjs/credentials/authorizationCodeCredential.js.map +1 -1
  73. package/dist/commonjs/credentials/azureCliCredential.js +15 -12
  74. package/dist/commonjs/credentials/azureCliCredential.js.map +1 -1
  75. package/dist/commonjs/credentials/azureDeveloperCliCredential.js +12 -10
  76. package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +1 -1
  77. package/dist/commonjs/credentials/azurePipelinesCredential.js +9 -5
  78. package/dist/commonjs/credentials/azurePipelinesCredential.js.map +1 -1
  79. package/dist/commonjs/credentials/azurePowerShellCredential.js +10 -7
  80. package/dist/commonjs/credentials/azurePowerShellCredential.js.map +1 -1
  81. package/dist/commonjs/credentials/brokerCredential.d.ts +35 -0
  82. package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -0
  83. package/dist/commonjs/credentials/brokerCredential.js +73 -0
  84. package/dist/commonjs/credentials/brokerCredential.js.map +1 -0
  85. package/dist/commonjs/credentials/chainedTokenCredential.js +1 -1
  86. package/dist/commonjs/credentials/chainedTokenCredential.js.map +1 -1
  87. package/dist/commonjs/credentials/clientAssertionCredential.js +11 -2
  88. package/dist/commonjs/credentials/clientAssertionCredential.js.map +1 -1
  89. package/dist/commonjs/credentials/clientCertificateCredential.js +19 -9
  90. package/dist/commonjs/credentials/clientCertificateCredential.js.map +1 -1
  91. package/dist/commonjs/credentials/clientSecretCredential.js +10 -2
  92. package/dist/commonjs/credentials/clientSecretCredential.js.map +1 -1
  93. package/dist/commonjs/credentials/defaultAzureCredential.d.ts +12 -14
  94. package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -1
  95. package/dist/commonjs/credentials/defaultAzureCredential.js +48 -113
  96. package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -1
  97. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  98. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  99. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +153 -0
  100. package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  101. package/dist/commonjs/credentials/deviceCodeCredential.js +24 -10
  102. package/dist/commonjs/credentials/deviceCodeCredential.js.map +1 -1
  103. package/dist/commonjs/credentials/environmentCredential.js +4 -6
  104. package/dist/commonjs/credentials/environmentCredential.js.map +1 -1
  105. package/dist/commonjs/credentials/interactiveBrowserCredential.js +30 -11
  106. package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +1 -1
  107. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  108. package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  109. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  110. package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  111. package/dist/commonjs/credentials/managedIdentityCredential/index.js +28 -18
  112. package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -1
  113. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  114. package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  115. package/dist/commonjs/credentials/onBehalfOfCredential.js +13 -1
  116. package/dist/commonjs/credentials/onBehalfOfCredential.js.map +1 -1
  117. package/dist/commonjs/credentials/usernamePasswordCredential.js +10 -2
  118. package/dist/commonjs/credentials/usernamePasswordCredential.js.map +1 -1
  119. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts +15 -26
  120. package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  121. package/dist/commonjs/credentials/visualStudioCodeCredential.js +69 -130
  122. package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +1 -1
  123. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  124. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  125. package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  126. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  127. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  128. package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  129. package/dist/commonjs/credentials/workloadIdentityCredential.js +5 -3
  130. package/dist/commonjs/credentials/workloadIdentityCredential.js.map +1 -1
  131. package/dist/commonjs/errors.js +21 -0
  132. package/dist/commonjs/errors.js.map +1 -1
  133. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +15 -15
  134. package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  135. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +13 -0
  136. package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
  137. package/dist/commonjs/msal/nodeFlows/msalClient.js +127 -94
  138. package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -1
  139. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts +19 -1
  140. package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  141. package/dist/commonjs/msal/nodeFlows/msalPlugins.js +63 -17
  142. package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +1 -1
  143. package/dist/commonjs/msal/utils.js +3 -4
  144. package/dist/commonjs/msal/utils.js.map +1 -1
  145. package/dist/commonjs/plugins/consumer.d.ts.map +1 -1
  146. package/dist/commonjs/plugins/consumer.js +1 -2
  147. package/dist/commonjs/plugins/consumer.js.map +1 -1
  148. package/dist/commonjs/plugins/provider.d.ts +2 -2
  149. package/dist/commonjs/plugins/provider.d.ts.map +1 -1
  150. package/dist/commonjs/plugins/provider.js.map +1 -1
  151. package/dist/commonjs/regionalAuthority.js +1 -2
  152. package/dist/commonjs/regionalAuthority.js.map +1 -1
  153. package/dist/commonjs/tokenProvider.js +1 -2
  154. package/dist/commonjs/tokenProvider.js.map +1 -1
  155. package/dist/commonjs/util/logging.js +6 -2
  156. package/dist/commonjs/util/logging.js.map +1 -1
  157. package/dist/commonjs/util/processMultiTenantRequest.js +2 -3
  158. package/dist/commonjs/util/processMultiTenantRequest.js.map +1 -1
  159. package/dist/commonjs/util/processUtils.d.ts +1 -1
  160. package/dist/commonjs/util/processUtils.d.ts.map +1 -1
  161. package/dist/commonjs/util/processUtils.js +2 -2
  162. package/dist/commonjs/util/processUtils.js.map +1 -1
  163. package/dist/esm/client/identityClient.js +30 -18
  164. package/dist/esm/client/identityClient.js.map +1 -1
  165. package/dist/esm/constants.d.ts +1 -1
  166. package/dist/esm/constants.d.ts.map +1 -1
  167. package/dist/esm/constants.js +1 -1
  168. package/dist/esm/constants.js.map +1 -1
  169. package/dist/esm/credentials/authorizationCodeCredential.js +17 -3
  170. package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
  171. package/dist/esm/credentials/azureCliCredential.js +15 -12
  172. package/dist/esm/credentials/azureCliCredential.js.map +1 -1
  173. package/dist/esm/credentials/azureDeveloperCliCredential.js +12 -10
  174. package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
  175. package/dist/esm/credentials/azurePipelinesCredential.js +9 -5
  176. package/dist/esm/credentials/azurePipelinesCredential.js.map +1 -1
  177. package/dist/esm/credentials/azurePowerShellCredential.js +10 -7
  178. package/dist/esm/credentials/azurePowerShellCredential.js.map +1 -1
  179. package/dist/esm/credentials/brokerCredential.d.ts +35 -0
  180. package/dist/esm/credentials/brokerCredential.d.ts.map +1 -0
  181. package/dist/esm/credentials/brokerCredential.js +69 -0
  182. package/dist/esm/credentials/brokerCredential.js.map +1 -0
  183. package/dist/esm/credentials/chainedTokenCredential.js +1 -1
  184. package/dist/esm/credentials/chainedTokenCredential.js.map +1 -1
  185. package/dist/esm/credentials/clientAssertionCredential.js +11 -2
  186. package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
  187. package/dist/esm/credentials/clientCertificateCredential.js +19 -9
  188. package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
  189. package/dist/esm/credentials/clientSecretCredential.js +10 -2
  190. package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
  191. package/dist/esm/credentials/defaultAzureCredential.d.ts +12 -14
  192. package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -1
  193. package/dist/esm/credentials/defaultAzureCredential.js +43 -106
  194. package/dist/esm/credentials/defaultAzureCredential.js.map +1 -1
  195. package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  196. package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  197. package/dist/esm/credentials/defaultAzureCredentialFunctions.js +143 -0
  198. package/dist/esm/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  199. package/dist/esm/credentials/deviceCodeCredential.js +24 -10
  200. package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
  201. package/dist/esm/credentials/environmentCredential.js +4 -6
  202. package/dist/esm/credentials/environmentCredential.js.map +1 -1
  203. package/dist/esm/credentials/interactiveBrowserCredential.js +30 -11
  204. package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
  205. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  206. package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  207. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  208. package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  209. package/dist/esm/credentials/managedIdentityCredential/index.js +28 -18
  210. package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -1
  211. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  212. package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  213. package/dist/esm/credentials/onBehalfOfCredential.js +13 -1
  214. package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
  215. package/dist/esm/credentials/usernamePasswordCredential.js +10 -2
  216. package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
  217. package/dist/esm/credentials/visualStudioCodeCredential.d.ts +15 -26
  218. package/dist/esm/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  219. package/dist/esm/credentials/visualStudioCodeCredential.js +69 -128
  220. package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
  221. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  222. package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  223. package/dist/esm/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  224. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  225. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  226. package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  227. package/dist/esm/credentials/workloadIdentityCredential.js +5 -3
  228. package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
  229. package/dist/esm/errors.js +21 -0
  230. package/dist/esm/errors.js.map +1 -1
  231. package/dist/esm/msal/browserFlows/msalBrowserCommon.js +15 -15
  232. package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  233. package/dist/esm/msal/nodeFlows/msalClient.d.ts +13 -0
  234. package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
  235. package/dist/esm/msal/nodeFlows/msalClient.js +127 -94
  236. package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
  237. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts +19 -1
  238. package/dist/esm/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  239. package/dist/esm/msal/nodeFlows/msalPlugins.js +61 -16
  240. package/dist/esm/msal/nodeFlows/msalPlugins.js.map +1 -1
  241. package/dist/esm/msal/utils.js +3 -4
  242. package/dist/esm/msal/utils.js.map +1 -1
  243. package/dist/esm/plugins/consumer.d.ts.map +1 -1
  244. package/dist/esm/plugins/consumer.js +2 -3
  245. package/dist/esm/plugins/consumer.js.map +1 -1
  246. package/dist/esm/plugins/provider.d.ts +2 -2
  247. package/dist/esm/plugins/provider.d.ts.map +1 -1
  248. package/dist/esm/plugins/provider.js.map +1 -1
  249. package/dist/esm/regionalAuthority.js +1 -2
  250. package/dist/esm/regionalAuthority.js.map +1 -1
  251. package/dist/esm/tokenProvider.js +1 -2
  252. package/dist/esm/tokenProvider.js.map +1 -1
  253. package/dist/esm/util/logging.js +6 -2
  254. package/dist/esm/util/logging.js.map +1 -1
  255. package/dist/esm/util/processMultiTenantRequest.js +2 -3
  256. package/dist/esm/util/processMultiTenantRequest.js.map +1 -1
  257. package/dist/esm/util/processUtils.d.ts +1 -1
  258. package/dist/esm/util/processUtils.d.ts.map +1 -1
  259. package/dist/esm/util/processUtils.js +1 -1
  260. package/dist/esm/util/processUtils.js.map +1 -1
  261. package/dist/workerd/client/identityClient.js +30 -18
  262. package/dist/workerd/client/identityClient.js.map +1 -1
  263. package/dist/workerd/constants.d.ts +1 -1
  264. package/dist/workerd/constants.d.ts.map +1 -1
  265. package/dist/workerd/constants.js +1 -1
  266. package/dist/workerd/constants.js.map +1 -1
  267. package/dist/workerd/credentials/authorizationCodeCredential.js +17 -3
  268. package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
  269. package/dist/workerd/credentials/azureCliCredential.js +15 -12
  270. package/dist/workerd/credentials/azureCliCredential.js.map +1 -1
  271. package/dist/workerd/credentials/azureDeveloperCliCredential.js +12 -10
  272. package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
  273. package/dist/workerd/credentials/azurePipelinesCredential.js +9 -5
  274. package/dist/workerd/credentials/azurePipelinesCredential.js.map +1 -1
  275. package/dist/workerd/credentials/azurePowerShellCredential.js +10 -7
  276. package/dist/workerd/credentials/azurePowerShellCredential.js.map +1 -1
  277. package/dist/workerd/credentials/brokerCredential.d.ts +35 -0
  278. package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -0
  279. package/dist/workerd/credentials/brokerCredential.js +69 -0
  280. package/dist/workerd/credentials/brokerCredential.js.map +1 -0
  281. package/dist/workerd/credentials/chainedTokenCredential.js +1 -1
  282. package/dist/workerd/credentials/chainedTokenCredential.js.map +1 -1
  283. package/dist/workerd/credentials/clientAssertionCredential.js +11 -2
  284. package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
  285. package/dist/workerd/credentials/clientCertificateCredential.js +19 -9
  286. package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
  287. package/dist/workerd/credentials/clientSecretCredential.js +10 -2
  288. package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
  289. package/dist/workerd/credentials/defaultAzureCredential.d.ts +12 -14
  290. package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -1
  291. package/dist/workerd/credentials/defaultAzureCredential.js +43 -106
  292. package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -1
  293. package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts +62 -0
  294. package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -0
  295. package/dist/workerd/credentials/defaultAzureCredentialFunctions.js +143 -0
  296. package/dist/workerd/credentials/defaultAzureCredentialFunctions.js.map +1 -0
  297. package/dist/workerd/credentials/deviceCodeCredential.js +24 -10
  298. package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
  299. package/dist/workerd/credentials/environmentCredential.js +4 -6
  300. package/dist/workerd/credentials/environmentCredential.js.map +1 -1
  301. package/dist/workerd/credentials/interactiveBrowserCredential.js +30 -11
  302. package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
  303. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js +4 -6
  304. package/dist/workerd/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
  305. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js +2 -2
  306. package/dist/workerd/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -1
  307. package/dist/workerd/credentials/managedIdentityCredential/index.js +28 -18
  308. package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -1
  309. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js +7 -1
  310. package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
  311. package/dist/workerd/credentials/onBehalfOfCredential.js +13 -1
  312. package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
  313. package/dist/workerd/credentials/usernamePasswordCredential.js +10 -2
  314. package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
  315. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts +15 -26
  316. package/dist/workerd/credentials/visualStudioCodeCredential.d.ts.map +1 -1
  317. package/dist/workerd/credentials/visualStudioCodeCredential.js +69 -128
  318. package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
  319. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts +0 -4
  320. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -1
  321. package/dist/workerd/credentials/visualStudioCodeCredentialOptions.js.map +1 -1
  322. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts +0 -4
  323. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -1
  324. package/dist/workerd/credentials/visualStudioCodeCredentialPlugin.js.map +1 -1
  325. package/dist/workerd/credentials/workloadIdentityCredential.js +5 -3
  326. package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
  327. package/dist/workerd/errors.js +21 -0
  328. package/dist/workerd/errors.js.map +1 -1
  329. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +15 -15
  330. package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  331. package/dist/workerd/msal/nodeFlows/msalClient.d.ts +13 -0
  332. package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
  333. package/dist/workerd/msal/nodeFlows/msalClient.js +127 -94
  334. package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
  335. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts +19 -1
  336. package/dist/workerd/msal/nodeFlows/msalPlugins.d.ts.map +1 -1
  337. package/dist/workerd/msal/nodeFlows/msalPlugins.js +61 -16
  338. package/dist/workerd/msal/nodeFlows/msalPlugins.js.map +1 -1
  339. package/dist/workerd/msal/utils.js +3 -4
  340. package/dist/workerd/msal/utils.js.map +1 -1
  341. package/dist/workerd/plugins/consumer.d.ts.map +1 -1
  342. package/dist/workerd/plugins/consumer.js +2 -3
  343. package/dist/workerd/plugins/consumer.js.map +1 -1
  344. package/dist/workerd/plugins/provider.d.ts +2 -2
  345. package/dist/workerd/plugins/provider.d.ts.map +1 -1
  346. package/dist/workerd/plugins/provider.js.map +1 -1
  347. package/dist/workerd/regionalAuthority.js +1 -2
  348. package/dist/workerd/regionalAuthority.js.map +1 -1
  349. package/dist/workerd/tokenProvider.js +1 -2
  350. package/dist/workerd/tokenProvider.js.map +1 -1
  351. package/dist/workerd/util/logging.js +6 -2
  352. package/dist/workerd/util/logging.js.map +1 -1
  353. package/dist/workerd/util/processMultiTenantRequest.js +2 -3
  354. package/dist/workerd/util/processMultiTenantRequest.js.map +1 -1
  355. package/dist/workerd/util/processUtils.d.ts +1 -1
  356. package/dist/workerd/util/processUtils.d.ts.map +1 -1
  357. package/dist/workerd/util/processUtils.js +1 -1
  358. package/dist/workerd/util/processUtils.js.map +1 -1
  359. package/package.json +6 -6
package/dist/browser/credentials/defaultAzureCredentialFunctions.js ADDED
@@ -0,0 +1,143 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
3
+ import { EnvironmentCredential } from "./environmentCredential.js";
4
+ import { ManagedIdentityCredential } from "./managedIdentityCredential/index.js";
5
+ import { WorkloadIdentityCredential } from "./workloadIdentityCredential.js";
6
+ import { AzureDeveloperCliCredential } from "./azureDeveloperCliCredential.js";
7
+ import { AzureCliCredential } from "./azureCliCredential.js";
8
+ import { AzurePowerShellCredential } from "./azurePowerShellCredential.js";
9
+ import { VisualStudioCodeCredential } from "./visualStudioCodeCredential.js";
10
+ import { BrokerCredential } from "./brokerCredential.js";
11
+ /**
12
+ * Creates a {@link BrokerCredential} instance with the provided options.
13
+ * This credential uses the Windows Authentication Manager (WAM) broker for authentication.
14
+ * It will only attempt to authenticate silently using the default broker account
15
+ *
16
+ * @param options - Options for configuring the credential.
17
+ *
18
+ * @internal
19
+ */
20
+ export function createDefaultBrokerCredential(options = {}) {
21
+ return new BrokerCredential(options);
22
+ }
23
+ /**
24
+ * Creates a {@link VisualStudioCodeCredential} from the provided options.
25
+ * @param options - Options to configure the credential.
26
+ *
27
+ * @internal
28
+ */
29
+ export function createDefaultVisualStudioCodeCredential(options = {}) {
30
+ return new VisualStudioCodeCredential(options);
31
+ }
32
+ /**
33
+ * Creates a {@link ManagedIdentityCredential} from the provided options.
34
+ * @param options - Options to configure the credential.
35
+ *
36
+ * @internal
37
+ */
38
+ export function createDefaultManagedIdentityCredential(options = {}) {
39
+ options.retryOptions ??= {
40
+ maxRetries: 5,
41
+ retryDelayInMs: 800,
42
+ };
43
+ const managedIdentityClientId = options?.managedIdentityClientId ??
44
+ process.env.AZURE_CLIENT_ID;
45
+ const workloadIdentityClientId = options?.workloadIdentityClientId ??
46
+ managedIdentityClientId;
47
+ const managedResourceId = options
48
+ ?.managedIdentityResourceId;
49
+ const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
50
+ const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;
51
+ if (managedResourceId) {
52
+ const managedIdentityResourceIdOptions = {
53
+ ...options,
54
+ resourceId: managedResourceId,
55
+ };
56
+ return new ManagedIdentityCredential(managedIdentityResourceIdOptions);
57
+ }
58
+ if (workloadFile && workloadIdentityClientId) {
59
+ const workloadIdentityCredentialOptions = {
60
+ ...options,
61
+ tenantId: tenantId,
62
+ };
63
+ return new ManagedIdentityCredential(workloadIdentityClientId, workloadIdentityCredentialOptions);
64
+ }
65
+ if (managedIdentityClientId) {
66
+ const managedIdentityClientOptions = {
67
+ ...options,
68
+ clientId: managedIdentityClientId,
69
+ };
70
+ return new ManagedIdentityCredential(managedIdentityClientOptions);
71
+ }
72
+ // We may be able to return a UnavailableCredential here, but that may be a breaking change
73
+ return new ManagedIdentityCredential(options);
74
+ }
75
+ /**
76
+ * Creates a {@link WorkloadIdentityCredential} from the provided options.
77
+ * @param options - Options to configure the credential.
78
+ *
79
+ * @internal
80
+ */
81
+ export function createDefaultWorkloadIdentityCredential(options) {
82
+ const managedIdentityClientId = options?.managedIdentityClientId ??
83
+ process.env.AZURE_CLIENT_ID;
84
+ const workloadIdentityClientId = options?.workloadIdentityClientId ??
85
+ managedIdentityClientId;
86
+ const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;
87
+ const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;
88
+ if (workloadFile && workloadIdentityClientId) {
89
+ const workloadIdentityCredentialOptions = {
90
+ ...options,
91
+ tenantId,
92
+ clientId: workloadIdentityClientId,
93
+ tokenFilePath: workloadFile,
94
+ };
95
+ return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);
96
+ }
97
+ if (tenantId) {
98
+ const workloadIdentityClientTenantOptions = {
99
+ ...options,
100
+ tenantId,
101
+ };
102
+ return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);
103
+ }
104
+ // We may be able to return a UnavailableCredential here, but that may be a breaking change
105
+ return new WorkloadIdentityCredential(options);
106
+ }
107
+ /**
108
+ * Creates a {@link AzureDeveloperCliCredential} from the provided options.
109
+ * @param options - Options to configure the credential.
110
+ *
111
+ * @internal
112
+ */
113
+ export function createDefaultAzureDeveloperCliCredential(options = {}) {
114
+ return new AzureDeveloperCliCredential(options);
115
+ }
116
+ /**
117
+ * Creates a {@link AzureCliCredential} from the provided options.
118
+ * @param options - Options to configure the credential.
119
+ *
120
+ * @internal
121
+ */
122
+ export function createDefaultAzureCliCredential(options = {}) {
123
+ return new AzureCliCredential(options);
124
+ }
125
+ /**
126
+ * Creates a {@link AzurePowerShellCredential} from the provided options.
127
+ * @param options - Options to configure the credential.
128
+ *
129
+ * @internal
130
+ */
131
+ export function createDefaultAzurePowershellCredential(options = {}) {
132
+ return new AzurePowerShellCredential(options);
133
+ }
134
+ /**
135
+ * Creates an {@link EnvironmentCredential} from the provided options.
136
+ * @param options - Options to configure the credential.
137
+ *
138
+ * @internal
139
+ */
140
+ export function createDefaultEnvironmentCredential(options = {}) {
141
+ return new EnvironmentCredential(options);
142
+ }
143
+ //# sourceMappingURL=defaultAzureCredentialFunctions.js.map
package/dist/browser/credentials/defaultAzureCredentialFunctions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"defaultAzureCredentialFunctions.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAQlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAKnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,UAAyC,EAAE;IAE3C,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAG4C,EAAE;IAE9C,OAAO,CAAC,YAAY,KAAK;QACvB,UAAU,EAAE,CAAC;QACb,cAAc,EAAE,GAAG;KACpB,CAAC;IACF,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,iBAAiB,GAAI,OAAmD;QAC5E,EAAE,yBAAyB,CAAC;IAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,gCAAgC,GAA+C;YACnF,GAAG,OAAO;YACV,UAAU,EAAE,iBAAiB;SAC9B,CAAC;QACF,OAAO,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAkC;YACvE,GAAG,OAAO;YACV,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAClC,wBAAwB,EACxB,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,4BAA4B,GAA6C;YAC7E,GAAG,OAAO;YACV,QAAQ,EAAE,uBAAuB;SAClC,CAAC;QAEF,OAAO,IAAI,yBAAyB,CAAC,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uCAAuC,CACrD,OAA+E;IAE/E,MAAM,uBAAuB,GAC1B,OAAiD,EAAE,uBAAuB;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,MAAM,wBAAwB,GAC3B,OAAiD,EAAE,wBAAwB;QAC5E,uBAAuB,CAAC;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,YAAY,IAAI,wBAAwB,EAAE,CAAC;QAC7C,MAAM,iCAAiC,GAAsC;YAC3E,GAAG,OAAO;YACV,QAAQ;YACR,QAAQ,EAAE,wBAAwB;YAClC,aAAa,EAAE,YAAY;SAC5B,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,mCAAmC,GAAsC;YAC7E,GAAG,OAAO;YACV,QAAQ;SACT,CAAC;QACF,OAAO,IAAI,0BAA0B,CAAC,mCAAmC,CAAC,CAAC;IAC7E,CAAC;IAED,2FAA2F;IAC3F,OAAO,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wCAAwC,CACtD,UAAyC,EAAE;IAE3C,OAAO,IAAI,2BAA2B,CAAC,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAC7C,UAAyC,EAAE;IAE3C,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sCAAsC,CACpD,UAAyC,EAAE;IAE3C,OAAO,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAAyC,EAAE;IAE3C,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n} from \"./managedIdentityCredential/options.js\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { BrokerCredential } from \"./brokerCredential.js\";\n\n/**\n * Creates a {@link BrokerCredential} instance with the provided options.\n * This credential uses the Windows Authentication Manager (WAM) broker for authentication.\n * It will only attempt to authenticate silently using the default broker account\n *\n * @param options - Options for configuring the credential.\n *\n * @internal\n */\nexport function createDefaultBrokerCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new BrokerCredential(options);\n}\n\n/**\n * Creates a {@link VisualStudioCodeCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultVisualStudioCodeCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new VisualStudioCodeCredential(options);\n}\n\n/**\n * Creates a {@link ManagedIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultManagedIdentityCredential(\n options:\n | DefaultAzureCredentialOptions\n | DefaultAzureCredentialResourceIdOptions\n | DefaultAzureCredentialClientIdOptions = {},\n): TokenCredential {\n options.retryOptions ??= {\n maxRetries: 5,\n retryDelayInMs: 800,\n };\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const managedResourceId = (options as DefaultAzureCredentialResourceIdOptions)\n ?.managedIdentityResourceId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (managedResourceId) {\n const managedIdentityResourceIdOptions: ManagedIdentityCredentialResourceIdOptions = {\n ...options,\n resourceId: managedResourceId,\n };\n return new ManagedIdentityCredential(managedIdentityResourceIdOptions);\n }\n\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: DefaultAzureCredentialOptions = {\n ...options,\n tenantId: tenantId,\n };\n\n return new ManagedIdentityCredential(\n workloadIdentityClientId,\n workloadIdentityCredentialOptions,\n );\n }\n\n if (managedIdentityClientId) {\n const managedIdentityClientOptions: ManagedIdentityCredentialClientIdOptions = {\n ...options,\n clientId: managedIdentityClientId,\n };\n\n return new ManagedIdentityCredential(managedIdentityClientOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new ManagedIdentityCredential(options);\n}\n\n/**\n * Creates a {@link WorkloadIdentityCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultWorkloadIdentityCredential(\n options?: DefaultAzureCredentialOptions | DefaultAzureCredentialClientIdOptions,\n): TokenCredential {\n const managedIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.managedIdentityClientId ??\n process.env.AZURE_CLIENT_ID;\n const workloadIdentityClientId =\n (options as DefaultAzureCredentialClientIdOptions)?.workloadIdentityClientId ??\n managedIdentityClientId;\n const workloadFile = process.env.AZURE_FEDERATED_TOKEN_FILE;\n const tenantId = options?.tenantId ?? process.env.AZURE_TENANT_ID;\n if (workloadFile && workloadIdentityClientId) {\n const workloadIdentityCredentialOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n clientId: workloadIdentityClientId,\n tokenFilePath: workloadFile,\n };\n return new WorkloadIdentityCredential(workloadIdentityCredentialOptions);\n }\n if (tenantId) {\n const workloadIdentityClientTenantOptions: WorkloadIdentityCredentialOptions = {\n ...options,\n tenantId,\n };\n return new WorkloadIdentityCredential(workloadIdentityClientTenantOptions);\n }\n\n // We may be able to return a UnavailableCredential here, but that may be a breaking change\n return new WorkloadIdentityCredential(options);\n}\n\n/**\n * Creates a {@link AzureDeveloperCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzureDeveloperCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureDeveloperCliCredential(options);\n}\n\n/**\n * Creates a {@link AzureCliCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzureCliCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzureCliCredential(options);\n}\n\n/**\n * Creates a {@link AzurePowerShellCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultAzurePowershellCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new AzurePowerShellCredential(options);\n}\n\n/**\n * Creates an {@link EnvironmentCredential} from the provided options.\n * @param options - Options to configure the credential.\n *\n * @internal\n */\nexport function createDefaultEnvironmentCredential(\n options: DefaultAzureCredentialOptions = {},\n): TokenCredential {\n return new EnvironmentCredential(options);\n}\n"]}
package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"interactiveBrowserCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAMvC;;;;;;;;;;;;;OAaG;IACH,YACE,OAA+F;QAE/F,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAA,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,0FAA0F,CAC3F,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,cAAc,GAAG,OAAuD,CAAC;QAC/E,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC;QACxD,MAAM,WAAW,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uBACE,cAAc,CAAC,UACjB,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/D,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,WAAW,mCACZ,OAAO,KACV,sBAAsB,EAAE,OAAO,EAC/B,MAAM,EACN,UAAU,EAAE,UAAU,EACtB,WAAW,EACT,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,GAC1F,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;QACvD,IAAI,CAAC,8BAA8B,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,kCACtC,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IACnE,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type {\n InteractiveBrowserCredentialInBrowserOptions,\n InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport type { MsalBrowserFlowOptions } from \"../msal/browserFlows/msalBrowserOptions.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalBrowserClient } from \"../msal/browserFlows/msalBrowserCommon.js\";\nimport { createMsalBrowserClient } from \"../msal/browserFlows/msalBrowserCommon.js\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalBrowserClient;\n private disableAutomaticAuthentication?: boolean;\n\n /**\n * Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Microsoft Entra ID with\n * a user identity.\n *\n * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n *\n * It's recommended that the Microsoft Entra Applications used are configured to authenticate using Single Page Applications.\n * More information here: [link](https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n options: InteractiveBrowserCredentialInBrowserOptions | InteractiveBrowserCredentialNodeOptions,\n ) {\n if (!options?.clientId) {\n const error = new Error(\n \"The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.tenantId = options?.tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n const browserOptions = options as InteractiveBrowserCredentialInBrowserOptions;\n const loginStyle = browserOptions.loginStyle || \"popup\";\n const loginStyles = [\"redirect\", \"popup\"];\n\n if (loginStyles.indexOf(loginStyle) === -1) {\n const error = new Error(\n `Invalid loginStyle: ${\n browserOptions.loginStyle\n }. Should be any of the following: ${loginStyles.join(\", \")}.`,\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n const msalOptions: MsalBrowserFlowOptions = {\n ...options,\n tokenCredentialOptions: options,\n logger,\n loginStyle: loginStyle,\n redirectUri:\n typeof options.redirectUri === \"function\" ? options.redirectUri() : options.redirectUri,\n };\n\n this.msalClient = createMsalBrowserClient(msalOptions);\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AuthenticationRecord | undefined> {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalClient.getToken(arrayScopes, newOptions);\n return this.msalClient.getActiveAccount();\n },\n );\n }\n}\n"]}
1
+ {"version":3,"file":"interactiveBrowserCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF,MAAM,MAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IAC/B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,UAAU,CAAoB;IAC9B,8BAA8B,CAAW;IAEjD;;;;;;;;;;;;;OAaG;IACH,YACE,OAA+F;QAE/F,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,0FAA0F,CAC3F,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,cAAc,GAAG,OAAuD,CAAC;QAC/E,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC;QACxD,MAAM,WAAW,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uBACE,cAAc,CAAC,UACjB,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/D,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAA2B;YAC1C,GAAG,OAAO;YACV,sBAAsB,EAAE,OAAO;YAC/B,MAAM;YACN,UAAU,EAAE,UAAU;YACtB,WAAW,EACT,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;SAC1F,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;QACvD,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE;gBAC3C,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;aACpE,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type {\n InteractiveBrowserCredentialInBrowserOptions,\n InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport type { MsalBrowserFlowOptions } from \"../msal/browserFlows/msalBrowserOptions.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalBrowserClient } from \"../msal/browserFlows/msalBrowserCommon.js\";\nimport { createMsalBrowserClient } from \"../msal/browserFlows/msalBrowserCommon.js\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalBrowserClient;\n private disableAutomaticAuthentication?: boolean;\n\n /**\n * Creates an instance of the InteractiveBrowserCredential with the\n * details needed to authenticate against Microsoft Entra ID with\n * a user identity.\n *\n * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n *\n * It's recommended that the Microsoft Entra Applications used are configured to authenticate using Single Page Applications.\n * More information here: [link](https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow).\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n options: InteractiveBrowserCredentialInBrowserOptions | InteractiveBrowserCredentialNodeOptions,\n ) {\n if (!options?.clientId) {\n const error = new Error(\n \"The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.tenantId = options?.tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n const browserOptions = options as InteractiveBrowserCredentialInBrowserOptions;\n const loginStyle = browserOptions.loginStyle || \"popup\";\n const loginStyles = [\"redirect\", \"popup\"];\n\n if (loginStyles.indexOf(loginStyle) === -1) {\n const error = new Error(\n `Invalid loginStyle: ${\n browserOptions.loginStyle\n }. Should be any of the following: ${loginStyles.join(\", \")}.`,\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n const msalOptions: MsalBrowserFlowOptions = {\n ...options,\n tokenCredentialOptions: options,\n logger,\n loginStyle: loginStyle,\n redirectUri:\n typeof options.redirectUri === \"function\" ? options.redirectUri() : options.redirectUri,\n };\n\n this.msalClient = createMsalBrowserClient(msalOptions);\n this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getToken(arrayScopes, {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n });\n },\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async authenticate(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AuthenticationRecord | undefined> {\n return tracingClient.withSpan(\n `${this.constructor.name}.authenticate`,\n options,\n async (newOptions) => {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n await this.msalClient.getToken(arrayScopes, newOptions);\n return this.msalClient.getActiveAccount();\n },\n );\n }\n}\n"]}
package/dist/browser/credentials/interactiveBrowserCredential.js CHANGED
@@ -11,6 +11,10 @@ const logger = credentialLogger("InteractiveBrowserCredential");
11
11
  * using the interactive login flow.
12
12
  */
13
13
  export class InteractiveBrowserCredential {
14
+ tenantId;
15
+ additionallyAllowedTenantIds;
16
+ msalClient;
17
+ disableAutomaticAuthentication;
14
18
  /**
15
19
  * Creates an instance of the InteractiveBrowserCredential with the
16
20
  * details needed to authenticate against Microsoft Entra ID with
@@ -26,13 +30,13 @@ export class InteractiveBrowserCredential {
26
30
  * @param options - Options for configuring the client which makes the authentication request.
27
31
  */
28
32
  constructor(options) {
29
- if (!(options === null || options === void 0 ? void 0 : options.clientId)) {
33
+ if (!options?.clientId) {
30
34
  const error = new Error("The parameter `clientId` cannot be left undefined for the `InteractiveBrowserCredential`");
31
35
  logger.info(formatError("", error));
32
36
  throw error;
33
37
  }
34
- this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
35
- this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
38
+ this.tenantId = options?.tenantId;
39
+ this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
36
40
  const browserOptions = options;
37
41
  const loginStyle = browserOptions.loginStyle || "popup";
38
42
  const loginStyles = ["redirect", "popup"];
@@ -41,9 +45,15 @@ export class InteractiveBrowserCredential {
41
45
  logger.info(formatError("", error));
42
46
  throw error;
43
47
  }
44
- const msalOptions = Object.assign(Object.assign({}, options), { tokenCredentialOptions: options, logger, loginStyle: loginStyle, redirectUri: typeof options.redirectUri === "function" ? options.redirectUri() : options.redirectUri });
48
+ const msalOptions = {
49
+ ...options,
50
+ tokenCredentialOptions: options,
51
+ logger,
52
+ loginStyle: loginStyle,
53
+ redirectUri: typeof options.redirectUri === "function" ? options.redirectUri() : options.redirectUri,
54
+ };
45
55
  this.msalClient = createMsalBrowserClient(msalOptions);
46
- this.disableAutomaticAuthentication = options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication;
56
+ this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
47
57
  }
48
58
  /**
49
59
  * Authenticates with Microsoft Entra ID and returns an access token if successful.
@@ -62,7 +72,10 @@ export class InteractiveBrowserCredential {
62
72
  const tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
63
73
  newOptions.tenantId = tenantId;
64
74
  const arrayScopes = ensureScopes(scopes);
65
- return this.msalClient.getToken(arrayScopes, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
75
+ return this.msalClient.getToken(arrayScopes, {
76
+ ...newOptions,
77
+ disableAutomaticAuthentication: this.disableAutomaticAuthentication,
78
+ });
66
79
  });
67
80
  }
68
81
  /**
package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js CHANGED
@@ -14,14 +14,13 @@ const imdsEndpointPath = "/metadata/identity/oauth2/token";
14
14
  * The response indicates the availability of IMSD service; otherwise the request would time out.
15
15
  */
16
16
  function prepareInvalidRequestOptions(scopes) {
17
- var _a;
18
17
  const resource = mapScopesToResource(scopes);
19
18
  if (!resource) {
20
19
  throw new Error(`${msiName}: Multiple scopes are not supported.`);
21
20
  }
22
21
  // Pod Identity will try to process this request even if the Metadata header is missing.
23
22
  // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.
24
- const url = new URL(imdsEndpointPath, (_a = process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) !== null && _a !== void 0 ? _a : imdsHost);
23
+ const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);
25
24
  const rawHeaders = {
26
25
  Accept: "application/json",
27
26
  // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.
@@ -55,8 +54,7 @@ export const imdsMsi = {
55
54
  throw new Error("Missing IdentityClient");
56
55
  }
57
56
  const requestOptions = prepareInvalidRequestOptions(resource);
58
- return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions !== null && getTokenOptions !== void 0 ? getTokenOptions : {}, async (updatedOptions) => {
59
- var _a, _b;
57
+ return tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions ?? {}, async (updatedOptions) => {
60
58
  requestOptions.tracingOptions = updatedOptions.tracingOptions;
61
59
  // Create a request with a timeout since we expect that
62
60
  // not having a "Metadata" header should cause an error to be
@@ -64,7 +62,7 @@ export const imdsMsi = {
64
62
  const request = createPipelineRequest(requestOptions);
65
63
  // Default to 1000 if the default of 0 is used.
66
64
  // Negative values can still be used to disable the timeout.
67
- request.timeout = ((_a = updatedOptions.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 1000;
65
+ request.timeout = updatedOptions.requestOptions?.timeout || 1000;
68
66
  // This MSI uses the imdsEndpoint to get the token, which only uses http://
69
67
  request.allowInsecureConnection = true;
70
68
  let response;
@@ -84,7 +82,7 @@ export const imdsMsi = {
84
82
  return false;
85
83
  }
86
84
  if (response.status === 403) {
87
- if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("unreachable")) {
85
+ if (response.bodyAsText?.includes("unreachable")) {
88
86
  logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
89
87
  logger.info(`${msiName}: ${response.bodyAsText}`);
90
88
  return false;
package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"imdsMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,MAAM,OAAO,GAAG,kCAAkC,CAAC;AACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAE3D;;;GAGG;AACH,SAAS,4BAA4B,CAAC,MAAyB;;IAC7D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,wFAAwF;IACxF,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,mCAAI,QAAQ,CAAC,CAAC;IAEjG,MAAM,UAAU,GAA2B;QACzC,MAAM,EAAE,kBAAkB;QAC1B,qFAAqF;KACtF,CAAC;IAEF,OAAO;QACL,wCAAwC;QACxC,GAAG,EAAE,GAAG,GAAG,EAAE;QACb,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC,UAAU,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,IAAI,EAAE,SAAS;IACf,KAAK,CAAC,WAAW,CAAC,OAMjB;QACC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;QAC5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,oHAAoH;QACpH,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;QAE9D,OAAO,aAAa,CAAC,QAAQ,CAC3B,4CAA4C,EAC5C,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,EAAE,EACrB,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,cAAc,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;YAE9D,uDAAuD;YACvD,6DAA6D;YAC7D,gEAAgE;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAEtD,+CAA+C;YAC/C,4DAA4D;YAC5D,OAAO,CAAC,OAAO,GAAG,CAAA,MAAA,cAAc,CAAC,cAAc,0CAAE,OAAO,KAAI,IAAI,CAAC;YAEjE,2EAA2E;YAC3E,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACvC,IAAI,QAA0B,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mCAAmC,CAAC,CAAC;gBAC3D,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,0EAA0E;gBAC1E,wEAAwE;gBACxE,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjB,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,kBAAkB,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzE,CAAC;gBACD,6NAA6N;gBAC7N,4CAA4C;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,MAAA,QAAQ,CAAC,UAAU,0CAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;oBAClD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,yDAAyD;YACzD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,wCAAwC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelineRequestOptions, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { isError } from \"@azure/core-util\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport { mapScopesToResource } from \"./utils.js\";\nimport { tracingClient } from \"../../util/tracing.js\";\nimport type { IdentityClient } from \"../../client/identityClient.js\";\n\nconst msiName = \"ManagedIdentityCredential - IMDS\";\nconst logger = credentialLogger(msiName);\n\nconst imdsHost = \"http://169.254.169.254\";\nconst imdsEndpointPath = \"/metadata/identity/oauth2/token\";\n\n/**\n * Generates an invalid request options to get a response quickly from IMDS endpoint.\n * The response indicates the availability of IMSD service; otherwise the request would time out.\n */\nfunction prepareInvalidRequestOptions(scopes: string | string[]): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const rawHeaders: Record<string, string> = {\n Accept: \"application/json\",\n // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.\n };\n\n return {\n // intentionally not including any query\n url: `${url}`,\n method: \"GET\",\n headers: createHttpHeaders(rawHeaders),\n };\n}\n\n/**\n * Defines how to determine whether the Azure IMDS MSI is available.\n *\n * Actually getting the token once we determine IMDS is available is handled by MSAL.\n */\nexport const imdsMsi = {\n name: \"imdsMsi\",\n async isAvailable(options: {\n scopes: string | string[];\n identityClient?: IdentityClient;\n clientId?: string;\n resourceId?: string;\n getTokenOptions?: GetTokenOptions;\n }): Promise<boolean> {\n const { scopes, identityClient, getTokenOptions } = options;\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n if (!identityClient) {\n throw new Error(\"Missing IdentityClient\");\n }\n\n const requestOptions = prepareInvalidRequestOptions(resource);\n\n return tracingClient.withSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions ?? {},\n async (updatedOptions) => {\n requestOptions.tracingOptions = updatedOptions.tracingOptions;\n\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const request = createPipelineRequest(requestOptions);\n\n // Default to 1000 if the default of 0 is used.\n // Negative values can still be used to disable the timeout.\n request.timeout = updatedOptions.requestOptions?.timeout || 1000;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n let response: PipelineResponse;\n try {\n logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);\n response = await identityClient.sendRequest(request);\n } catch (err: unknown) {\n // If the request failed, or Node.js was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n if (isError(err)) {\n logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);\n }\n // This is a special case for Docker Desktop which responds with a 403 with a message that contains \"A socket operation was attempted to an unreachable network\" or \"A socket operation was attempted to an unreachable host\"\n // rather than just timing out, as expected.\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n return false;\n }\n if (response.status === 403) {\n if (response.bodyAsText?.includes(\"unreachable\")) {\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n logger.info(`${msiName}: ${response.bodyAsText}`);\n return false;\n }\n }\n // If we received any response, the endpoint is available\n logger.info(`${msiName}: The Azure IMDS endpoint is available`);\n return true;\n },\n );\n },\n};\n"]}
1
+ {"version":3,"file":"imdsMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD,MAAM,OAAO,GAAG,kCAAkC,CAAC;AACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAE3D;;;GAGG;AACH,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,wFAAwF;IACxF,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,QAAQ,CAAC,CAAC;IAEjG,MAAM,UAAU,GAA2B;QACzC,MAAM,EAAE,kBAAkB;QAC1B,qFAAqF;KACtF,CAAC;IAEF,OAAO;QACL,wCAAwC;QACxC,GAAG,EAAE,GAAG,GAAG,EAAE;QACb,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC,UAAU,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,IAAI,EAAE,SAAS;IACf,KAAK,CAAC,WAAW,CAAC,OAMjB;QACC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;QAC5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,oHAAoH;QACpH,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;QAE9D,OAAO,aAAa,CAAC,QAAQ,CAC3B,4CAA4C,EAC5C,eAAe,IAAI,EAAE,EACrB,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,cAAc,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;YAE9D,uDAAuD;YACvD,6DAA6D;YAC7D,gEAAgE;YAChE,MAAM,OAAO,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAEtD,+CAA+C;YAC/C,4DAA4D;YAC5D,OAAO,CAAC,OAAO,GAAG,cAAc,CAAC,cAAc,EAAE,OAAO,IAAI,IAAI,CAAC;YAEjE,2EAA2E;YAC3E,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACvC,IAAI,QAA0B,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mCAAmC,CAAC,CAAC;gBAC3D,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,0EAA0E;gBAC1E,wEAAwE;gBACxE,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjB,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,kBAAkB,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzE,CAAC;gBACD,6NAA6N;gBAC7N,4CAA4C;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;oBAClD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,yDAAyD;YACzD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,wCAAwC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelineRequestOptions, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { isError } from \"@azure/core-util\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport { mapScopesToResource } from \"./utils.js\";\nimport { tracingClient } from \"../../util/tracing.js\";\nimport type { IdentityClient } from \"../../client/identityClient.js\";\n\nconst msiName = \"ManagedIdentityCredential - IMDS\";\nconst logger = credentialLogger(msiName);\n\nconst imdsHost = \"http://169.254.169.254\";\nconst imdsEndpointPath = \"/metadata/identity/oauth2/token\";\n\n/**\n * Generates an invalid request options to get a response quickly from IMDS endpoint.\n * The response indicates the availability of IMSD service; otherwise the request would time out.\n */\nfunction prepareInvalidRequestOptions(scopes: string | string[]): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const rawHeaders: Record<string, string> = {\n Accept: \"application/json\",\n // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.\n };\n\n return {\n // intentionally not including any query\n url: `${url}`,\n method: \"GET\",\n headers: createHttpHeaders(rawHeaders),\n };\n}\n\n/**\n * Defines how to determine whether the Azure IMDS MSI is available.\n *\n * Actually getting the token once we determine IMDS is available is handled by MSAL.\n */\nexport const imdsMsi = {\n name: \"imdsMsi\",\n async isAvailable(options: {\n scopes: string | string[];\n identityClient?: IdentityClient;\n clientId?: string;\n resourceId?: string;\n getTokenOptions?: GetTokenOptions;\n }): Promise<boolean> {\n const { scopes, identityClient, getTokenOptions } = options;\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n if (!identityClient) {\n throw new Error(\"Missing IdentityClient\");\n }\n\n const requestOptions = prepareInvalidRequestOptions(resource);\n\n return tracingClient.withSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions ?? {},\n async (updatedOptions) => {\n requestOptions.tracingOptions = updatedOptions.tracingOptions;\n\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const request = createPipelineRequest(requestOptions);\n\n // Default to 1000 if the default of 0 is used.\n // Negative values can still be used to disable the timeout.\n request.timeout = updatedOptions.requestOptions?.timeout || 1000;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n let response: PipelineResponse;\n try {\n logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);\n response = await identityClient.sendRequest(request);\n } catch (err: unknown) {\n // If the request failed, or Node.js was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n if (isError(err)) {\n logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);\n }\n // This is a special case for Docker Desktop which responds with a 403 with a message that contains \"A socket operation was attempted to an unreachable network\" or \"A socket operation was attempted to an unreachable host\"\n // rather than just timing out, as expected.\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n return false;\n }\n if (response.status === 403) {\n if (response.bodyAsText?.includes(\"unreachable\")) {\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n logger.info(`${msiName}: ${response.bodyAsText}`);\n return false;\n }\n }\n // If we received any response, the endpoint is available\n logger.info(`${msiName}: The Azure IMDS endpoint is available`);\n return true;\n },\n );\n },\n};\n"]}
package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js CHANGED
@@ -23,11 +23,11 @@ export function imdsRetryPolicy(msiRetryConfig) {
23
23
  {
24
24
  name: "imdsRetryPolicy",
25
25
  retry: ({ retryCount, response }) => {
26
- if ((response === null || response === void 0 ? void 0 : response.status) !== 404 && (response === null || response === void 0 ? void 0 : response.status) !== 410) {
26
+ if (response?.status !== 404 && response?.status !== 410) {
27
27
  return { skipStrategy: true };
28
28
  }
29
29
  // For 410 responses, use a minimum 3-second delay to ensure at least 70 seconds total retry duration
30
- const initialDelayMs = (response === null || response === void 0 ? void 0 : response.status) === 410
30
+ const initialDelayMs = response?.status === 410
31
31
  ? Math.max(MIN_DELAY_FOR_410_MS, msiRetryConfig.startDelayInMs)
32
32
  : msiRetryConfig.startDelayInMs;
33
33
  return calculateRetryDelay(retryCount, {
package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"imdsRetryPolicy.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,0EAA0E;AAC1E,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,CAAC;AAEpD,sEAAsE;AACtE,oFAAoF;AACpF,kFAAkF;AAClF,sEAAsE;AACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,cAA+C;IAC7E,OAAO,WAAW,CAChB;QACE;YACE,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAClC,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,GAAG,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;oBACzD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAED,qGAAqG;gBACrG,MAAM,cAAc,GAClB,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,GAAG;oBACtB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,cAAc,CAAC;oBAC/D,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC;gBAEpC,OAAO,mBAAmB,CAAC,UAAU,EAAE;oBACrC,cAAc,EAAE,cAAc;oBAC9B,iBAAiB,EAAE,iCAAiC;iBACrD,CAAC,CAAC;YACL,CAAC;SACF;KACF,EACD;QACE,UAAU,EAAE,cAAc,CAAC,UAAU;KACtC,CACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"@azure/core-rest-pipeline\";\nimport { retryPolicy } from \"@azure/core-rest-pipeline\";\n\nimport type { MSIConfiguration } from \"./models.js\";\nimport { calculateRetryDelay } from \"@azure/core-util\";\n\n// Matches the default retry configuration in expontentialRetryStrategy.ts\nconst DEFAULT_CLIENT_MAX_RETRY_INTERVAL = 1000 * 64;\n\n// For 410 responses, we need at least 70 seconds total retry duration\n// With 5 retries using exponential backoff: delays of d, 2d, 4d, 8d, 16d sum to 31d\n// Accounting for jitter (which can reduce delays by 20%), we need 31d * 0.8 >= 70\n// So we need d >= 70/24.8 = 2.82 seconds. Using 3 seconds to be safe.\nconst MIN_DELAY_FOR_410_MS = 3000;\n\n/**\n * An additional policy that retries on 404 and 410 errors. The default retry policy does not retry on\n * 404s or 410s, but the IMDS endpoint can return these when the token is not yet available or when\n * the identity is still being set up. This policy will retry on 404s and 410s with an exponential backoff.\n * For 410 responses, it uses a minimum 3-second initial delay to ensure at least 70 seconds total duration.\n *\n * @param msiRetryConfig - The retry configuration for the MSI credential.\n * @returns - The policy that will retry on 404s and 410s.\n */\nexport function imdsRetryPolicy(msiRetryConfig: MSIConfiguration[\"retryConfig\"]): PipelinePolicy {\n return retryPolicy(\n [\n {\n name: \"imdsRetryPolicy\",\n retry: ({ retryCount, response }) => {\n if (response?.status !== 404 && response?.status !== 410) {\n return { skipStrategy: true };\n }\n\n // For 410 responses, use a minimum 3-second delay to ensure at least 70 seconds total retry duration\n const initialDelayMs =\n response?.status === 410\n ? Math.max(MIN_DELAY_FOR_410_MS, msiRetryConfig.startDelayInMs)\n : msiRetryConfig.startDelayInMs;\n\n return calculateRetryDelay(retryCount, {\n retryDelayInMs: initialDelayMs,\n maxRetryDelayInMs: DEFAULT_CLIENT_MAX_RETRY_INTERVAL,\n });\n },\n },\n ],\n {\n maxRetries: msiRetryConfig.maxRetries,\n },\n );\n}\n"]}
1
+ {"version":3,"file":"imdsRetryPolicy.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,0EAA0E;AAC1E,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,CAAC;AAEpD,sEAAsE;AACtE,oFAAoF;AACpF,kFAAkF;AAClF,sEAAsE;AACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,cAA+C;IAC7E,OAAO,WAAW,CAChB;QACE;YACE,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAClC,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;oBACzD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAED,qGAAqG;gBACrG,MAAM,cAAc,GAClB,QAAQ,EAAE,MAAM,KAAK,GAAG;oBACtB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,cAAc,CAAC;oBAC/D,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC;gBAEpC,OAAO,mBAAmB,CAAC,UAAU,EAAE;oBACrC,cAAc,EAAE,cAAc;oBAC9B,iBAAiB,EAAE,iCAAiC;iBACrD,CAAC,CAAC;YACL,CAAC;SACF;KACF,EACD;QACE,UAAU,EAAE,cAAc,CAAC,UAAU;KACtC,CACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"@azure/core-rest-pipeline\";\nimport { retryPolicy } from \"@azure/core-rest-pipeline\";\n\nimport type { MSIConfiguration } from \"./models.js\";\nimport { calculateRetryDelay } from \"@azure/core-util\";\n\n// Matches the default retry configuration in expontentialRetryStrategy.ts\nconst DEFAULT_CLIENT_MAX_RETRY_INTERVAL = 1000 * 64;\n\n// For 410 responses, we need at least 70 seconds total retry duration\n// With 5 retries using exponential backoff: delays of d, 2d, 4d, 8d, 16d sum to 31d\n// Accounting for jitter (which can reduce delays by 20%), we need 31d * 0.8 >= 70\n// So we need d >= 70/24.8 = 2.82 seconds. Using 3 seconds to be safe.\nconst MIN_DELAY_FOR_410_MS = 3000;\n\n/**\n * An additional policy that retries on 404 and 410 errors. The default retry policy does not retry on\n * 404s or 410s, but the IMDS endpoint can return these when the token is not yet available or when\n * the identity is still being set up. This policy will retry on 404s and 410s with an exponential backoff.\n * For 410 responses, it uses a minimum 3-second initial delay to ensure at least 70 seconds total duration.\n *\n * @param msiRetryConfig - The retry configuration for the MSI credential.\n * @returns - The policy that will retry on 404s and 410s.\n */\nexport function imdsRetryPolicy(msiRetryConfig: MSIConfiguration[\"retryConfig\"]): PipelinePolicy {\n return retryPolicy(\n [\n {\n name: \"imdsRetryPolicy\",\n retry: ({ retryCount, response }) => {\n if (response?.status !== 404 && response?.status !== 410) {\n return { skipStrategy: true };\n }\n\n // For 410 responses, use a minimum 3-second delay to ensure at least 70 seconds total retry duration\n const initialDelayMs =\n response?.status === 410\n ? Math.max(MIN_DELAY_FOR_410_MS, msiRetryConfig.startDelayInMs)\n : msiRetryConfig.startDelayInMs;\n\n return calculateRetryDelay(retryCount, {\n retryDelayInMs: initialDelayMs,\n maxRetryDelayInMs: DEFAULT_CLIENT_MAX_RETRY_INTERVAL,\n });\n },\n },\n ],\n {\n maxRetries: msiRetryConfig.maxRetries,\n },\n );\n}\n"]}
package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js CHANGED
@@ -25,7 +25,13 @@ export const tokenExchangeMsi = {
25
25
  async getToken(configuration, getTokenOptions = {}) {
26
26
  const { scopes, clientId } = configuration;
27
27
  const identityClientTokenCredentialOptions = {};
28
- const workloadIdentityCredential = new WorkloadIdentityCredential(Object.assign(Object.assign({ clientId, tenantId: process.env.AZURE_TENANT_ID, tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE }, identityClientTokenCredentialOptions), { disableInstanceDiscovery: true }));
28
+ const workloadIdentityCredential = new WorkloadIdentityCredential({
29
+ clientId,
30
+ tenantId: process.env.AZURE_TENANT_ID,
31
+ tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,
32
+ ...identityClientTokenCredentialOptions,
33
+ disableInstanceDiscovery: true,
34
+ });
29
35
  return workloadIdentityCredential.getToken(scopes, getTokenOptions);
30
36
  },
31
37
  };
package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,kBAAkB;IACxB,KAAK,CAAC,WAAW,CAAC,QAAiB;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;YAC/B,GAAG,CAAC,eAAe;YACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;QAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC,8BAChE,QAAQ,EACR,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EACrC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAClD,oCAAoC,KACvC,wBAAwB,EAAE,IAAI,GACM,CAAC,CAAC;QACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACtE,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { MSIConfiguration } from \"./models.js\";\nimport { WorkloadIdentityCredential } from \"../workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"../workloadIdentityCredentialOptions.js\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n *\n * Token exchange MSI (used by AKS) is the only MSI implementation handled entirely by Azure Identity.\n * The rest have been migrated to MSAL.\n */\nexport const tokenExchangeMsi = {\n name: \"tokenExchangeMsi\",\n async isAvailable(clientId?: string): Promise<boolean> {\n const env = process.env;\n const result = Boolean(\n (clientId || env.AZURE_CLIENT_ID) &&\n env.AZURE_TENANT_ID &&\n process.env.AZURE_FEDERATED_TOKEN_FILE,\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`,\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n const { scopes, clientId } = configuration;\n const identityClientTokenCredentialOptions = {};\n const workloadIdentityCredential = new WorkloadIdentityCredential({\n clientId,\n tenantId: process.env.AZURE_TENANT_ID,\n tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,\n ...identityClientTokenCredentialOptions,\n disableInstanceDiscovery: true,\n } as WorkloadIdentityCredentialOptions);\n return workloadIdentityCredential.getToken(scopes, getTokenOptions);\n },\n};\n"]}
1
+ {"version":3,"file":"tokenExchangeMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/tokenExchangeMsi.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,MAAM,OAAO,GAAG,4CAA4C,CAAC;AAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,kBAAkB;IACxB,KAAK,CAAC,WAAW,CAAC,QAAiB;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,OAAO,CACpB,CAAC,QAAQ,IAAI,GAAG,CAAC,eAAe,CAAC;YAC/B,GAAG,CAAC,eAAe;YACnB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CACzC,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CACT,GAAG,OAAO,qKAAqK,CAChL,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,CAAC,QAAQ,CACZ,aAA+B,EAC/B,kBAAmC,EAAE;QAErC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC;QAC3C,MAAM,oCAAoC,GAAG,EAAE,CAAC;QAChD,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,CAAC;YAChE,QAAQ;YACR,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YACrC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;YACrD,GAAG,oCAAoC;YACvC,wBAAwB,EAAE,IAAI;SACM,CAAC,CAAC;QACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACtE,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { MSIConfiguration } from \"./models.js\";\nimport { WorkloadIdentityCredential } from \"../workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"../workloadIdentityCredentialOptions.js\";\n\nconst msiName = \"ManagedIdentityCredential - Token Exchange\";\nconst logger = credentialLogger(msiName);\n\n/**\n * Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.\n *\n * Token exchange MSI (used by AKS) is the only MSI implementation handled entirely by Azure Identity.\n * The rest have been migrated to MSAL.\n */\nexport const tokenExchangeMsi = {\n name: \"tokenExchangeMsi\",\n async isAvailable(clientId?: string): Promise<boolean> {\n const env = process.env;\n const result = Boolean(\n (clientId || env.AZURE_CLIENT_ID) &&\n env.AZURE_TENANT_ID &&\n process.env.AZURE_FEDERATED_TOKEN_FILE,\n );\n if (!result) {\n logger.info(\n `${msiName}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`,\n );\n }\n return result;\n },\n async getToken(\n configuration: MSIConfiguration,\n getTokenOptions: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n const { scopes, clientId } = configuration;\n const identityClientTokenCredentialOptions = {};\n const workloadIdentityCredential = new WorkloadIdentityCredential({\n clientId,\n tenantId: process.env.AZURE_TENANT_ID,\n tokenFilePath: process.env.AZURE_FEDERATED_TOKEN_FILE,\n ...identityClientTokenCredentialOptions,\n disableInstanceDiscovery: true,\n } as WorkloadIdentityCredentialOptions);\n return workloadIdentityCredential.getToken(scopes, getTokenOptions);\n },\n};\n"]}
package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"usernamePasswordCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,OAAO,0BAA0B;IAQrC;;;;;;;;;;;OAWG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA2C;QAE3C,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { credentialLogger, formatSuccess } from \"../util/logging.js\";\nimport { IdentityClient } from \"../client/identityClient.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n * \n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private clientId: string;\n private username: string;\n private password: string;\n\n /**\n * Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n *\n * @param tenantIdOrName - The Microsoft Entra tenant (directory) ID or name.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n * \n */\n constructor(\n tenantIdOrName: string,\n clientId: string,\n username: string,\n password: string,\n options?: UsernamePasswordCredentialOptions,\n ) {\n checkTenantId(logger, tenantIdOrName);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantIdOrName;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.clientId = clientId;\n this.username = username;\n this.password = password;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n return tracingClient.withSpan(\n \"UsernamePasswordCredential.getToken\",\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const params = new URLSearchParams({\n response_type: \"token\",\n grant_type: \"password\",\n client_id: this.clientId,\n username: this.username,\n password: this.password,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n });\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: params.toString(),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: newOptions.tracingOptions,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n );\n }\n}\n"]}
1
+ {"version":3,"file":"usernamePasswordCredential-browser.mjs","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential-browser.mts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,OAAO,0BAA0B;IAC7B,cAAc,CAAiB;IAC/B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAEzB;;;;;;;;;;;OAWG;IACH,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAA2C;QAE3C,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,UAAU;gBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAqB,CAAC;gBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;gBACzE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvB,OAAO,EAAE,iBAAiB,CAAC;oBACzB,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD,CAAC;gBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;gBAC3C,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QAC9D,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { credentialLogger, formatSuccess } from \"../util/logging.js\";\nimport { IdentityClient } from \"../client/identityClient.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n * \n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private clientId: string;\n private username: string;\n private password: string;\n\n /**\n * Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n *\n * @param tenantIdOrName - The Microsoft Entra tenant (directory) ID or name.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n * \n */\n constructor(\n tenantIdOrName: string,\n clientId: string,\n username: string,\n password: string,\n options?: UsernamePasswordCredentialOptions,\n ) {\n checkTenantId(logger, tenantIdOrName);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantIdOrName;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.clientId = clientId;\n this.username = username;\n this.password = password;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken | null> {\n return tracingClient.withSpan(\n \"UsernamePasswordCredential.getToken\",\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const params = new URLSearchParams({\n response_type: \"token\",\n grant_type: \"password\",\n client_id: this.clientId,\n username: this.username,\n password: this.password,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \"),\n });\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: params.toString(),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: newOptions.tracingOptions,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) || null;\n },\n );\n }\n}\n"]}
package/dist/browser/credentials/usernamePasswordCredential.js CHANGED
@@ -16,6 +16,12 @@ const logger = credentialLogger("UsernamePasswordCredential");
16
16
  * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.
17
17
  */
18
18
  export class UsernamePasswordCredential {
19
+ identityClient;
20
+ tenantId;
21
+ additionallyAllowedTenantIds;
22
+ clientId;
23
+ username;
24
+ password;
19
25
  /**
20
26
  * Creates an instance of the UsernamePasswordCredential with the details
21
27
  * needed to authenticate against Microsoft Entra ID with a username
@@ -32,7 +38,7 @@ export class UsernamePasswordCredential {
32
38
  checkTenantId(logger, tenantIdOrName);
33
39
  this.identityClient = new IdentityClient(options);
34
40
  this.tenantId = tenantIdOrName;
35
- this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
41
+ this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
36
42
  this.clientId = clientId;
37
43
  this.username = username;
38
44
  this.password = password;
package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts CHANGED
@@ -2,10 +2,6 @@ import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCreden
2
2
  /**
3
3
  * Provides options to configure the Visual Studio Code credential.
4
4
  *
5
- * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
6
- * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
7
- * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
8
- * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
9
5
  */
10
6
  export interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
11
7
  /**
package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"visualStudioCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;;;;;GAOG;AACH,MAAM,WAAW,iCAAkC,SAAQ,iCAAiC;IAC1F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
1
+ {"version":3,"file":"visualStudioCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,iCAAkC,SAAQ,iCAAiC;IAC1F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n */\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n"]}
1
+ {"version":3,"file":"visualStudioCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the Visual Studio Code credential.\n *\n */\nexport interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Optionally pass in a Tenant ID to be used as part of the credential\n */\n tenantId?: string;\n}\n"]}
package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts CHANGED
@@ -4,10 +4,6 @@
4
4
  * @returns an array of credentials (username and password)
5
5
  * @internal
6
6
  *
7
- * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential
8
- * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},
9
- * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their
10
- * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).
11
7
  */
12
8
  export type VSCodeCredentialFinder = () => Promise<Array<{
13
9
  account: string;
package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC"}
package/dist/browser/credentials/visualStudioCodeCredentialPlugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n * @deprecated This credential is deprecated because the VS Code Azure Account extension on which this credential\n * relies has been deprecated. Users should use other dev-time credentials, such as {@link AzureCliCredential},\n * {@link AzureDeveloperCliCredential}, or {@link AzurePowerShellCredential} for their\n * local development needs. See Azure Account extension deprecation notice [here](https://github.com/microsoft/vscode-azure-account/issues/964).\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}
1
+ {"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}
package/dist/browser/errors.js CHANGED
@@ -31,6 +31,14 @@ export const AuthenticationErrorName = "AuthenticationError";
31
31
  * the specific failure.
32
32
  */
33
33
  export class AuthenticationError extends Error {
34
+ /**
35
+ * The HTTP status code returned from the authentication request.
36
+ */
37
+ statusCode;
38
+ /**
39
+ * The error response details.
40
+ */
41
+ errorResponse;
34
42
  constructor(statusCode, errorBody, options) {
35
43
  let errorResponse = {
36
44
  error: "unknown",
@@ -85,6 +93,11 @@ export const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
85
93
  * for authentication failures from credentials in a {@link ChainedTokenCredential}.
86
94
  */
87
95
  export class AggregateAuthenticationError extends Error {
96
+ /**
97
+ * The array of error objects that were thrown while trying to authenticate
98
+ * with the credentials in a {@link ChainedTokenCredential}.
99
+ */
100
+ errors;
88
101
  constructor(errors, errorMessage) {
89
102
  const errorDetail = errors.join("\n");
90
103
  super(`${errorMessage}\n${errorDetail}`);
@@ -107,6 +120,14 @@ function convertOAuthErrorResponseToErrorResponse(errorBody) {
107
120
  * Error used to enforce authentication after trying to retrieve a token silently.
108
121
  */
109
122
  export class AuthenticationRequiredError extends Error {
123
+ /**
124
+ * The list of scopes for which the token will have access.
125
+ */
126
+ scopes;
127
+ /**
128
+ * The options passed to the getToken request.
129
+ */
130
+ getTokenOptions;
110
131
  constructor(
111
132
  /**
112
133
  * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.