@azure/identity 4.12.0 → 4.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts +3 -1
- package/dist/browser/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -1
- package/dist/browser/credentials/defaultAzureCredentialFunctions.js +4 -0
- package/dist/browser/credentials/defaultAzureCredentialFunctions.js.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/options.d.ts +15 -0
- package/dist/browser/credentials/managedIdentityCredential/options.d.ts.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/options.js.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +0 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.js +0 -2
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/browser/msal/utils.d.ts.map +1 -1
- package/dist/browser/msal/utils.js +0 -4
- package/dist/browser/msal/utils.js.map +1 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.js +1 -1
- package/dist/commonjs/constants.js.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts +1 -1
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredential.js +8 -4
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts +3 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +4 -0
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.d.ts +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/index.d.ts.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +6 -2
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/options.d.ts +15 -0
- package/dist/commonjs/credentials/managedIdentityCredential/options.d.ts.map +1 -1
- package/dist/commonjs/credentials/managedIdentityCredential/options.js.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +0 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.js +0 -2
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/commonjs/msal/utils.d.ts.map +1 -1
- package/dist/commonjs/msal/utils.js +0 -4
- package/dist/commonjs/msal/utils.js.map +1 -1
- package/dist/commonjs/plugins/consumer.d.ts.map +1 -1
- package/dist/commonjs/plugins/consumer.js +0 -1
- package/dist/commonjs/plugins/consumer.js.map +1 -1
- package/dist/commonjs/tsdoc-metadata.json +1 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredential.d.ts +1 -1
- package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/esm/credentials/defaultAzureCredential.js +8 -4
- package/dist/esm/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts +3 -1
- package/dist/esm/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialFunctions.js +4 -0
- package/dist/esm/credentials/defaultAzureCredentialFunctions.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/index.d.ts +1 -0
- package/dist/esm/credentials/managedIdentityCredential/index.d.ts.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/index.js +6 -2
- package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/options.d.ts +15 -0
- package/dist/esm/credentials/managedIdentityCredential/options.d.ts.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/options.js.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +0 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.js +0 -2
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/esm/msal/utils.d.ts.map +1 -1
- package/dist/esm/msal/utils.js +0 -4
- package/dist/esm/msal/utils.js.map +1 -1
- package/dist/esm/plugins/consumer.d.ts.map +1 -1
- package/dist/esm/plugins/consumer.js +0 -1
- package/dist/esm/plugins/consumer.js.map +1 -1
- package/dist/workerd/constants.d.ts +1 -1
- package/dist/workerd/constants.js +1 -1
- package/dist/workerd/constants.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredential.d.ts +1 -1
- package/dist/workerd/credentials/defaultAzureCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredential.js +8 -4
- package/dist/workerd/credentials/defaultAzureCredential.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts +3 -1
- package/dist/workerd/credentials/defaultAzureCredentialFunctions.d.ts.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialFunctions.js +4 -0
- package/dist/workerd/credentials/defaultAzureCredentialFunctions.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/index.d.ts +1 -0
- package/dist/workerd/credentials/managedIdentityCredential/index.d.ts.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/index.js +6 -2
- package/dist/workerd/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/options.d.ts +15 -0
- package/dist/workerd/credentials/managedIdentityCredential/options.d.ts.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/options.js.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +0 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.js +0 -2
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/workerd/msal/utils.d.ts.map +1 -1
- package/dist/workerd/msal/utils.js +0 -4
- package/dist/workerd/msal/utils.js.map +1 -1
- package/dist/workerd/plugins/consumer.d.ts.map +1 -1
- package/dist/workerd/plugins/consumer.js +0 -1
- package/dist/workerd/plugins/consumer.js.map +1 -1
- package/package.json +3 -3
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAKzC,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAExE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAG9D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAGhE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAoOlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;IAEzC,MAAM,cAAc,GAAG,eAAe,CACpC,iBAAiB,CAAC,MAAM,IAAI,UAAU,EACtC,QAAQ,EACR,QAAQ,CACT,CAAC;IAEF,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAAC,cAAc,EAAE,gBAAgB,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAEpF,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC;QACpC,GAAG,iBAAiB,CAAC,sBAAsB;QAC3C,aAAa,EAAE,SAAS;QACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc;KACjD,CAAC,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,iBAAiB,CAAC,MAAM,IAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,EAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAyBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,WAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;QACrF,MAAM,EAAE,uBAAuB,CAAC,MAAM,IAAI,UAAU;KACrD,CAAC;IAEF,MAAM,UAAU,GAA8C,IAAI,GAAG,EAAE,CAAC;IACxE,KAAK,UAAU,YAAY,CACzB,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;YAC7F,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,iDAAiD,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAC/F,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,eAAe,GAAG,IAAI,IAAI,CAAC,uBAAuB,CAAC;YACjD,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAExC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,sEAAsE,CACvE,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,uDACE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAClC,GAAG,CACJ,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,CAAC;YAC7D,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACtE,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAA2B;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC;QAEF,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,aAAa,CAAC,oBAAoB,KAAK,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1D,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YAChE,aAAa,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAC3C,aAAa,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YAC7F,aAAa,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QACzF,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,yBAAyB,CAAC,OAAyB;QAC1D,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,gBAAgB,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;IACzC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAsC,EACtC,wBAAyE;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE9E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAsC,EACtC,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;gBACvB,eAAe;aAChB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,oBAAoB,CACjC,MAAgB,EAChB,kBAA4C,EAC5C,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAA2B;gBAC7C,MAAM;gBACN,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,IAAI,KAAK;gBAC9C,kBAAkB;gBAClB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,0BAA0B,CACvC,MAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QAEtF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAAiC;gBACnD,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YAEF,OAAO,OAAO,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,gBAAgB;QACvB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAAmB,EACnB,iBAAyB,EACzB,YAAqB,EACrB,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,IAAI,OAA0E,CAAC;QAC/E,IAAI,YAAY,EAAE,CAAC;YACjB,mFAAmF;YACnF,gIAAgI;YAChI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAClD,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,OAAO,OAAO,CAAC,kBAAkB,CAAC;gBAChC,MAAM;gBACN,WAAW;gBACX,IAAI,EAAE,iBAAiB;gBACvB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,kBAAkB,CAC/B,MAAgB,EAChB,kBAA0B,EAC1B,iBAAsE,EACtE,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAElF,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,gBAAgB;YAChB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACtE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC;QACzD,CAAC;aAAM,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACnD,mBAAmB;YACnB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YAClF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,iBAAiB,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,qBAAqB;YACrB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC3E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC9D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,sBAAsB,CAAC;gBACpD,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,kBAAkB;aACjC,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,SAAS,4BAA4B,CACnC,MAAgB,EAChB,OAAmC;QAEnC,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACzB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC;YACD,MAAM;YACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;YAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,aAAa,EAAE,OAAO,EAAE,2BAA2B,EAAE,YAAY;YACjE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE,cAAc;YACrE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,wBAAwB,CACrC,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACxD,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAC3C,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,CACpD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,+EAA+E;YAC/E,UAAU,CAAC,OAAO,CAChB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC1D,CAAC,kBAAkB,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QACD,IAAI,uBAAuB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,UAAU,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC5F,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAChD,kBAAkB,CAAC,qBAAqB;gBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,UAAU,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EAAE,2DAA2D;iBACrE,CAAC,CAAC;YACL,CAAC;YACD,oGAAoG;YACpG,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO,wBAAwB,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,2FAA2F,uBAAuB,EAAE,CACrH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAC;QAC1F,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,4BAA4B,CACzC,MAAgB,EAChB,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAEtE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,OAAO,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,wBAAwB,CAC7B,MAAM,EACN,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,uBAAuB,IAAI,KAAK,EACjE,OAAO,CACR,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;gBACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;gBACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;gBAChD,kBAAkB,CAAC,qBAAqB;oBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;gBACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;YAC9F,CAAC;YACD,OAAO,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,gBAAgB;QAChB,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;QAC3B,oBAAoB;QACpB,0BAA0B;QAC1B,2BAA2B;QAC3B,kBAAkB;QAClB,4BAA4B;KAC7B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, CertificateParts } from \"../types.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging.js\";\nimport type { PluginConfiguration } from \"./msalPlugins.js\";\nimport { msalPlugins } from \"./msalPlugins.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getAuthorityHost,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport { AuthenticationRequiredError } from \"../../errors.js\";\nimport type { BrokerOptions } from \"./brokerOptions.js\";\nimport type { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions.js\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\nimport type { InteractiveBrowserCredentialNodeOptions } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\nimport { calculateRegionalAuthority } from \"../../regionalAuthority.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils.js\";\n\n/**\n * The default logger used if no logger was passed in by the credential.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents the options for acquiring a token using flows that support silent authentication.\n */\nexport interface GetTokenWithSilentAuthOptions extends GetTokenOptions {\n  /**\n   * Disables automatic authentication. If set to true, the method will throw an error if the user needs to authenticate.\n   *\n   * @remarks\n   *\n   * This option will be set to `false` when the user calls `authenticate` directly on a credential that supports it.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n\n/**\n * Represents the options for acquiring a token interactively.\n */\nexport interface GetTokenInteractiveOptions extends GetTokenWithSilentAuthOptions {\n  /**\n   * Window handle for parent window, required for WAM authentication.\n   */\n  parentWindowHandle?: Buffer;\n  /**\n   * Shared configuration options for browser customization\n   */\n  browserCustomizationOptions?: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   *\n   * Retrieves an access token by using the on-behalf-of flow and a client assertion callback of the calling service.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userAssertionToken - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.\n   * @param clientCredentials - The client secret OR client certificate OR client `getAssertion` callback.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an interactive prompt (InteractiveBrowserCredential).\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a user's username and password.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param username - The username provided by the developer.\n   * @param password - The user's password provided by the developer.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by prompting the user to authenticate using a device code.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userPromptCallback - The callback function that allows developers to customize the prompt message.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByDeviceCode(\n    scopes: string[],\n    userPromptCallback: DeviceCodePromptCallback,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client `getAssertion` callback used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an authorization code flow.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param authorizationCode - An authorization code that was received from following the\n                              authorization code flow.  This authorization code must not\n                              have already been used to obtain an access token.\n   * @param redirectUri - The redirect URI that was used to request the authorization code.\n                        Must be the same URI that is configured for the App Registration.\n   * @param clientSecret - An optional client secret that was generated for the App Registration.\n   * @param options - Additional options that may be provided to the method.\n   */\n  getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves the last authenticated account. This method expects an authentication record to have been previously loaded.\n   *\n   * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.\n   */\n  getActiveAccount(): AuthenticationRecord | undefined;\n\n  /**\n   * Retrieves an access token using brokered authentication.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options?: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Represents the options for configuring the MsalClient.\n */\nexport interface MsalClientOptions {\n  /**\n   * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n   */\n  brokerOptions?: BrokerOptions;\n\n  /**\n   * Parameters that enable token cache persistence in the Identity credentials.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n\n  /**\n   * Indicates if this is being used by VSCode credential.\n   */\n  isVSCodeCredential?: boolean;\n\n  /**\n   * A custom authority host.\n   */\n  authorityHost?: IdentityClient[\"tokenCredentialOptions\"][\"authorityHost\"];\n\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: IdentityClient[\"tokenCredentialOptions\"][\"loggingOptions\"];\n\n  /**\n   * The token credential options for the MsalClient.\n   */\n  tokenCredentialOptions?: IdentityClient[\"tokenCredentialOptions\"];\n\n  /**\n   * Determines whether instance discovery is disabled.\n   */\n  disableInstanceDiscovery?: boolean;\n\n  /**\n   * The logger for the MsalClient.\n   */\n  logger?: CredentialLogger;\n\n  /**\n   * The authentication record for the MsalClient.\n   */\n  authenticationRecord?: AuthenticationRecord;\n}\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(\n    msalClientOptions.logger ?? msalLogger,\n    tenantId,\n    clientId,\n  );\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n\n  /** The logger instance */\n  logger: CredentialLogger;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n    logger: createMsalClientOptions.logger ?? msalLogger,\n  };\n\n  const publicApps: Map<string, msal.PublicClientApplication> = new Map();\n  async function getPublicApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.PublicClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let publicClientApp = publicApps.get(appKey);\n    if (publicClientApp) {\n      state.logger.getToken.info(\"Existing PublicClientApplication found in cache, returning it.\");\n      return publicClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new PublicClientApplication with CAE ${options.enableCae ? \"enabled\" : \"disabled\"}.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    publicClientApp = new msal.PublicClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    publicApps.set(appKey, publicClientApp);\n\n    return publicClientApp;\n  }\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      state.logger.getToken.info(\n        \"Existing ConfidentialClientApplication found in cache, returning it.\",\n      );\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new ConfidentialClientApplication with CAE ${\n        options.enableCae ? \"enabled\" : \"disabled\"\n      }.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      state.logger.getToken.info(\"No cached account found in local state.\");\n      throw new AuthenticationRequiredError({ scopes });\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    const silentRequest: msal.SilentFlowRequest = {\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    };\n\n    if (state.pluginConfiguration.broker.isEnabled) {\n      silentRequest.tokenQueryParameters ||= {};\n      if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    if (options.proofOfPossessionOptions) {\n      silentRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      silentRequest.authenticationScheme = \"pop\";\n      silentRequest.resourceRequestMethod = options.proofOfPossessionOptions.resourceRequestMethod;\n      silentRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    state.logger.getToken.info(\"Attempting to acquire token silently\");\n    try {\n      return await app.acquireTokenSilent(silentRequest);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Builds an authority URL for the given request. The authority may be different than the one used when creating the MSAL client\n   * if the user is creating cross-tenant requests\n   */\n  function calculateRequestAuthority(options?: GetTokenOptions): string | undefined {\n    if (options?.tenantId) {\n      return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));\n    }\n    return state.msalConfig.auth.authority;\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenWithSilentAuthOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n        clientAssertion,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByDeviceCode(\n    scopes: string[],\n    deviceCodeCallback: DeviceCodePromptCallback,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using device code`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.DeviceCodeRequest = {\n        scopes,\n        cancel: options?.abortSignal?.aborted ?? false,\n        deviceCodeCallback,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n      const deviceCodeRequest = msalApp.acquireTokenByDeviceCode(requestOptions);\n      if (options.abortSignal) {\n        options.abortSignal.addEventListener(\"abort\", () => {\n          requestOptions.cancel = true;\n        });\n      }\n\n      return deviceCodeRequest;\n    });\n  }\n\n  async function getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using username and password`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.UsernamePasswordRequest = {\n        scopes,\n        username,\n        password,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n\n      return msalApp.acquireTokenByUsernamePassword(requestOptions);\n    });\n  }\n\n  function getActiveAccount(): AuthenticationRecord | undefined {\n    if (!state.cachedAccount) {\n      return undefined;\n    }\n    return msalToPublic(clientId, state.cachedAccount);\n  }\n\n  async function getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using authorization code`);\n\n    let msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication;\n    if (clientSecret) {\n      // If a client secret is provided, we need to use a confidential client application\n      // See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-client_secret\n      state.msalConfig.auth.clientSecret = clientSecret;\n      msalApp = await getConfidentialApp(options);\n    } else {\n      msalApp = await getPublicApp(options);\n    }\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      return msalApp.acquireTokenByCode({\n        scopes,\n        redirectUri,\n        code: authorizationCode,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      });\n    });\n  }\n\n  async function getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);\n\n    if (typeof clientCredentials === \"string\") {\n      // Client secret\n      msalLogger.getToken.info(`Using client secret for on behalf of flow`);\n      state.msalConfig.auth.clientSecret = clientCredentials;\n    } else if (typeof clientCredentials === \"function\") {\n      // Client Assertion\n      msalLogger.getToken.info(`Using client assertion callback for on behalf of flow`);\n      state.msalConfig.auth.clientAssertion = clientCredentials;\n    } else {\n      // Client certificate\n      msalLogger.getToken.info(`Using client certificate for on behalf of flow`);\n      state.msalConfig.auth.clientCertificate = clientCredentials;\n    }\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenOnBehalfOf({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        claims: options.claims,\n        oboAssertion: userAssertionToken,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      msalLogger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Creates a base interactive request configuration for MSAL interactive authentication.\n   * This is shared between interactive and brokered authentication flows.\n   *\n   * @internal\n   */\n  function createBaseInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): msal.InteractiveRequest {\n    return {\n      openBrowser: async (url) => {\n        const open = await import(\"open\");\n        await open.default(url, { newInstance: true });\n      },\n      scopes,\n      authority: calculateRequestAuthority(options),\n      claims: options?.claims,\n      loginHint: options?.loginHint,\n      errorTemplate: options?.browserCustomizationOptions?.errorMessage,\n      successTemplate: options?.browserCustomizationOptions?.successMessage,\n      prompt: options?.loginHint ? \"login\" : \"select_account\",\n    };\n  }\n\n  /**\n   * @internal\n   */\n  async function getBrokeredTokenInternal(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    msalLogger.verbose(\"Authentication will resume through the broker\");\n\n    const app = await getPublicApp(options);\n\n    const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n    if (state.pluginConfiguration.broker.parentWindowHandle) {\n      interactiveRequest.windowHandle = Buffer.from(\n        state.pluginConfiguration.broker.parentWindowHandle,\n      );\n    } else {\n      // this is a bug, as the pluginConfiguration handler should validate this case.\n      msalLogger.warning(\n        \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n      );\n    }\n\n    if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n      (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n        \"consumer_passthrough\";\n    }\n    if (useDefaultBrokerAccount) {\n      interactiveRequest.prompt = \"none\";\n      msalLogger.verbose(\"Attempting broker authentication using the default broker account\");\n    } else {\n      msalLogger.verbose(\"Attempting broker authentication without the default broker account\");\n    }\n\n    if (options.proofOfPossessionOptions) {\n      interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      interactiveRequest.authenticationScheme = \"pop\";\n      interactiveRequest.resourceRequestMethod =\n        options.proofOfPossessionOptions.resourceRequestMethod;\n      interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    try {\n      return await app.acquireTokenInteractive(interactiveRequest);\n    } catch (e: any) {\n      msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message: \"Cannot silently authenticate with default broker account.\",\n        });\n      }\n      // If we tried to use the default broker account and failed, fall back to interactive authentication\n      if (useDefaultBrokerAccount) {\n        return getBrokeredTokenInternal(scopes, false, options);\n      } else {\n        throw e;\n      }\n    }\n  }\n\n  /**\n   * A helper function that supports brokered authentication through the MSAL's public application.\n   *\n   * When useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n   * If the default broker account is not available, the method will fall back to interactive authentication.\n   */\n  async function getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(\n      `Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${useDefaultBrokerAccount}`,\n    );\n    const response = await getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options);\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token interactively`);\n\n    const app = await getPublicApp(options);\n\n    return withSilentAuthentication(app, scopes, options, async () => {\n      const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n\n      if (state.pluginConfiguration.broker.isEnabled) {\n        return getBrokeredTokenInternal(\n          scopes,\n          state.pluginConfiguration.broker.useDefaultBrokerAccount ?? false,\n          options,\n        );\n      }\n      if (options.proofOfPossessionOptions) {\n        interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n        interactiveRequest.authenticationScheme = \"pop\";\n        interactiveRequest.resourceRequestMethod =\n          options.proofOfPossessionOptions.resourceRequestMethod;\n        interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n      }\n      return app.acquireTokenInteractive(interactiveRequest);\n    });\n  }\n\n  return {\n    getActiveAccount,\n    getBrokeredToken,\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n    getTokenByDeviceCode,\n    getTokenByUsernamePassword,\n    getTokenByAuthorizationCode,\n    getTokenOnBehalfOf,\n    getTokenByInteractiveRequest,\n  };\n}\n"]}
         | 
| 1 | 
            +
            {"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAKzC,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAExE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAG9D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAGhE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D;;GAEG;AACH,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAoOlD;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;IAEzC,MAAM,cAAc,GAAG,eAAe,CACpC,iBAAiB,CAAC,MAAM,IAAI,UAAU,EACtC,QAAQ,EACR,QAAQ,CACT,CAAC;IAEF,sDAAsD;IACtD,MAAM,SAAS,GAAG,YAAY,CAAC,cAAc,EAAE,gBAAgB,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAEpF,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC;QACpC,GAAG,iBAAiB,CAAC,sBAAsB;QAC3C,aAAa,EAAE,SAAS;QACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc;KACjD,CAAC,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,iBAAiB,CAAC,MAAM,IAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,EAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAuBD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,YAAY,CAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,WAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;QACrF,MAAM,EAAE,uBAAuB,CAAC,MAAM,IAAI,UAAU;KACrD,CAAC;IAEF,MAAM,UAAU,GAA8C,IAAI,GAAG,EAAE,CAAC;IACxE,KAAK,UAAU,YAAY,CACzB,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;YAC7F,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,iDAAiD,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAC/F,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,eAAe,GAAG,IAAI,IAAI,CAAC,uBAAuB,CAAC;YACjD,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAExC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,sEAAsE,CACvE,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,uDACE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAClC,GAAG,CACJ,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,CAAC;YAC7D,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACtE,MAAM,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAA2B;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC;QAEF,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,aAAa,CAAC,oBAAoB,KAAK,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1D,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YAChE,aAAa,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAC3C,aAAa,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YAC7F,aAAa,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QACzF,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,yBAAyB,CAAC,OAAyB;QAC1D,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,gBAAgB,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;IACzC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAsC,EACtC,wBAAyE;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE9E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAsC,EACtC,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;gBACvB,eAAe;aAChB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,0BAA0B,EAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,oBAAoB,CACjC,MAAgB,EAChB,kBAA4C,EAC5C,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAA2B;gBAC7C,MAAM;gBACN,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,IAAI,KAAK;gBAC9C,kBAAkB;gBAClB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,0BAA0B,CACvC,MAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QAEtF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAAiC;gBACnD,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YAEF,OAAO,OAAO,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,gBAAgB;QACvB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAAmB,EACnB,iBAAyB,EACzB,YAAqB,EACrB,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,IAAI,OAA0E,CAAC;QAC/E,IAAI,YAAY,EAAE,CAAC;YACjB,mFAAmF;YACnF,gIAAgI;YAChI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAClD,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,OAAO,OAAO,CAAC,kBAAkB,CAAC;gBAChC,MAAM;gBACN,WAAW;gBACX,IAAI,EAAE,iBAAiB;gBACvB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,kBAAkB,CAC/B,MAAgB,EAChB,kBAA0B,EAC1B,iBAAsE,EACtE,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAElF,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,gBAAgB;YAChB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACtE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC;QACzD,CAAC;aAAM,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACnD,mBAAmB;YACnB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YAClF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,iBAAiB,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,qBAAqB;YACrB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC3E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC9D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,sBAAsB,CAAC;gBACpD,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,kBAAkB;aACjC,CAAC,CAAC;YACH,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,4BAA4B,CACnC,MAAgB,EAChB,OAAmC;QAEnC,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACzB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC;YACD,MAAM;YACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;YAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,aAAa,EAAE,OAAO,EAAE,2BAA2B,EAAE,YAAY;YACjE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE,cAAc;YACrE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,wBAAwB,CACrC,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACxD,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAC3C,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,CACpD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,+EAA+E;YAC/E,UAAU,CAAC,OAAO,CAChB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC1D,CAAC,kBAAkB,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QACD,IAAI,uBAAuB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,UAAU,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC5F,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAChD,kBAAkB,CAAC,qBAAqB;gBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,UAAU,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EAAE,2DAA2D;iBACrE,CAAC,CAAC;YACL,CAAC;YACD,oGAAoG;YACpG,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO,wBAAwB,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,2FAA2F,uBAAuB,EAAE,CACrH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAC;QAC1F,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,4BAA4B,CACzC,MAAgB,EAChB,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAEtE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,OAAO,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,wBAAwB,CAC7B,MAAM,EACN,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,uBAAuB,IAAI,KAAK,EACjE,OAAO,CACR,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;gBACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;gBACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;gBAChD,kBAAkB,CAAC,qBAAqB;oBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;gBACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;YAC9F,CAAC;YACD,OAAO,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,gBAAgB;QAChB,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;QAC3B,oBAAoB;QACpB,0BAA0B;QAC1B,2BAA2B;QAC3B,kBAAkB;QAClB,4BAA4B;KAC7B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, CertificateParts } from \"../types.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging.js\";\nimport type { PluginConfiguration } from \"./msalPlugins.js\";\nimport { msalPlugins } from \"./msalPlugins.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getAuthorityHost,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport { AuthenticationRequiredError } from \"../../errors.js\";\nimport type { BrokerOptions } from \"./brokerOptions.js\";\nimport type { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions.js\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\nimport type { InteractiveBrowserCredentialNodeOptions } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\nimport { calculateRegionalAuthority } from \"../../regionalAuthority.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils.js\";\n\n/**\n * The default logger used if no logger was passed in by the credential.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents the options for acquiring a token using flows that support silent authentication.\n */\nexport interface GetTokenWithSilentAuthOptions extends GetTokenOptions {\n  /**\n   * Disables automatic authentication. If set to true, the method will throw an error if the user needs to authenticate.\n   *\n   * @remarks\n   *\n   * This option will be set to `false` when the user calls `authenticate` directly on a credential that supports it.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n\n/**\n * Represents the options for acquiring a token interactively.\n */\nexport interface GetTokenInteractiveOptions extends GetTokenWithSilentAuthOptions {\n  /**\n   * Window handle for parent window, required for WAM authentication.\n   */\n  parentWindowHandle?: Buffer;\n  /**\n   * Shared configuration options for browser customization\n   */\n  browserCustomizationOptions?: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   *\n   * Retrieves an access token by using the on-behalf-of flow and a client assertion callback of the calling service.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userAssertionToken - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.\n   * @param clientCredentials - The client secret OR client certificate OR client `getAssertion` callback.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an interactive prompt (InteractiveBrowserCredential).\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a user's username and password.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param username - The username provided by the developer.\n   * @param password - The user's password provided by the developer.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by prompting the user to authenticate using a device code.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userPromptCallback - The callback function that allows developers to customize the prompt message.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByDeviceCode(\n    scopes: string[],\n    userPromptCallback: DeviceCodePromptCallback,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client `getAssertion` callback used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an authorization code flow.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param authorizationCode - An authorization code that was received from following the\n                              authorization code flow.  This authorization code must not\n                              have already been used to obtain an access token.\n   * @param redirectUri - The redirect URI that was used to request the authorization code.\n                        Must be the same URI that is configured for the App Registration.\n   * @param clientSecret - An optional client secret that was generated for the App Registration.\n   * @param options - Additional options that may be provided to the method.\n   */\n  getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves the last authenticated account. This method expects an authentication record to have been previously loaded.\n   *\n   * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.\n   */\n  getActiveAccount(): AuthenticationRecord | undefined;\n\n  /**\n   * Retrieves an access token using brokered authentication.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options?: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Represents the options for configuring the MsalClient.\n */\nexport interface MsalClientOptions {\n  /**\n   * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n   */\n  brokerOptions?: BrokerOptions;\n\n  /**\n   * Parameters that enable token cache persistence in the Identity credentials.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n\n  /**\n   * Indicates if this is being used by VSCode credential.\n   */\n  isVSCodeCredential?: boolean;\n\n  /**\n   * A custom authority host.\n   */\n  authorityHost?: IdentityClient[\"tokenCredentialOptions\"][\"authorityHost\"];\n\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: IdentityClient[\"tokenCredentialOptions\"][\"loggingOptions\"];\n\n  /**\n   * The token credential options for the MsalClient.\n   */\n  tokenCredentialOptions?: IdentityClient[\"tokenCredentialOptions\"];\n\n  /**\n   * Determines whether instance discovery is disabled.\n   */\n  disableInstanceDiscovery?: boolean;\n\n  /**\n   * The logger for the MsalClient.\n   */\n  logger?: CredentialLogger;\n\n  /**\n   * The authentication record for the MsalClient.\n   */\n  authenticationRecord?: AuthenticationRecord;\n}\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(\n    msalClientOptions.logger ?? msalLogger,\n    tenantId,\n    clientId,\n  );\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n\n  /** The logger instance */\n  logger: CredentialLogger;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n    logger: createMsalClientOptions.logger ?? msalLogger,\n  };\n\n  const publicApps: Map<string, msal.PublicClientApplication> = new Map();\n  async function getPublicApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.PublicClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let publicClientApp = publicApps.get(appKey);\n    if (publicClientApp) {\n      state.logger.getToken.info(\"Existing PublicClientApplication found in cache, returning it.\");\n      return publicClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new PublicClientApplication with CAE ${options.enableCae ? \"enabled\" : \"disabled\"}.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    publicClientApp = new msal.PublicClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    publicApps.set(appKey, publicClientApp);\n\n    return publicClientApp;\n  }\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      state.logger.getToken.info(\n        \"Existing ConfidentialClientApplication found in cache, returning it.\",\n      );\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new ConfidentialClientApplication with CAE ${\n        options.enableCae ? \"enabled\" : \"disabled\"\n      }.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      state.logger.getToken.info(\"No cached account found in local state.\");\n      throw new AuthenticationRequiredError({ scopes });\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    const silentRequest: msal.SilentFlowRequest = {\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    };\n\n    if (state.pluginConfiguration.broker.isEnabled) {\n      silentRequest.tokenQueryParameters ||= {};\n      if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    if (options.proofOfPossessionOptions) {\n      silentRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      silentRequest.authenticationScheme = \"pop\";\n      silentRequest.resourceRequestMethod = options.proofOfPossessionOptions.resourceRequestMethod;\n      silentRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    state.logger.getToken.info(\"Attempting to acquire token silently\");\n    try {\n      return await app.acquireTokenSilent(silentRequest);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Builds an authority URL for the given request. The authority may be different than the one used when creating the MSAL client\n   * if the user is creating cross-tenant requests\n   */\n  function calculateRequestAuthority(options?: GetTokenOptions): string | undefined {\n    if (options?.tenantId) {\n      return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));\n    }\n    return state.msalConfig.auth.authority;\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenWithSilentAuthOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n        clientAssertion,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByDeviceCode(\n    scopes: string[],\n    deviceCodeCallback: DeviceCodePromptCallback,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using device code`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.DeviceCodeRequest = {\n        scopes,\n        cancel: options?.abortSignal?.aborted ?? false,\n        deviceCodeCallback,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n      const deviceCodeRequest = msalApp.acquireTokenByDeviceCode(requestOptions);\n      if (options.abortSignal) {\n        options.abortSignal.addEventListener(\"abort\", () => {\n          requestOptions.cancel = true;\n        });\n      }\n\n      return deviceCodeRequest;\n    });\n  }\n\n  async function getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using username and password`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.UsernamePasswordRequest = {\n        scopes,\n        username,\n        password,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n\n      return msalApp.acquireTokenByUsernamePassword(requestOptions);\n    });\n  }\n\n  function getActiveAccount(): AuthenticationRecord | undefined {\n    if (!state.cachedAccount) {\n      return undefined;\n    }\n    return msalToPublic(clientId, state.cachedAccount);\n  }\n\n  async function getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using authorization code`);\n\n    let msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication;\n    if (clientSecret) {\n      // If a client secret is provided, we need to use a confidential client application\n      // See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-client_secret\n      state.msalConfig.auth.clientSecret = clientSecret;\n      msalApp = await getConfidentialApp(options);\n    } else {\n      msalApp = await getPublicApp(options);\n    }\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      return msalApp.acquireTokenByCode({\n        scopes,\n        redirectUri,\n        code: authorizationCode,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      });\n    });\n  }\n\n  async function getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);\n\n    if (typeof clientCredentials === \"string\") {\n      // Client secret\n      msalLogger.getToken.info(`Using client secret for on behalf of flow`);\n      state.msalConfig.auth.clientSecret = clientCredentials;\n    } else if (typeof clientCredentials === \"function\") {\n      // Client Assertion\n      msalLogger.getToken.info(`Using client assertion callback for on behalf of flow`);\n      state.msalConfig.auth.clientAssertion = clientCredentials;\n    } else {\n      // Client certificate\n      msalLogger.getToken.info(`Using client certificate for on behalf of flow`);\n      state.msalConfig.auth.clientCertificate = clientCredentials;\n    }\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenOnBehalfOf({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        claims: options.claims,\n        oboAssertion: userAssertionToken,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      msalLogger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Creates a base interactive request configuration for MSAL interactive authentication.\n   * This is shared between interactive and brokered authentication flows.\n   */\n  function createBaseInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): msal.InteractiveRequest {\n    return {\n      openBrowser: async (url) => {\n        const open = await import(\"open\");\n        await open.default(url, { newInstance: true });\n      },\n      scopes,\n      authority: calculateRequestAuthority(options),\n      claims: options?.claims,\n      loginHint: options?.loginHint,\n      errorTemplate: options?.browserCustomizationOptions?.errorMessage,\n      successTemplate: options?.browserCustomizationOptions?.successMessage,\n      prompt: options?.loginHint ? \"login\" : \"select_account\",\n    };\n  }\n\n  /**\n   * @internal\n   */\n  async function getBrokeredTokenInternal(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    msalLogger.verbose(\"Authentication will resume through the broker\");\n\n    const app = await getPublicApp(options);\n\n    const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n    if (state.pluginConfiguration.broker.parentWindowHandle) {\n      interactiveRequest.windowHandle = Buffer.from(\n        state.pluginConfiguration.broker.parentWindowHandle,\n      );\n    } else {\n      // this is a bug, as the pluginConfiguration handler should validate this case.\n      msalLogger.warning(\n        \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n      );\n    }\n\n    if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n      (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n        \"consumer_passthrough\";\n    }\n    if (useDefaultBrokerAccount) {\n      interactiveRequest.prompt = \"none\";\n      msalLogger.verbose(\"Attempting broker authentication using the default broker account\");\n    } else {\n      msalLogger.verbose(\"Attempting broker authentication without the default broker account\");\n    }\n\n    if (options.proofOfPossessionOptions) {\n      interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      interactiveRequest.authenticationScheme = \"pop\";\n      interactiveRequest.resourceRequestMethod =\n        options.proofOfPossessionOptions.resourceRequestMethod;\n      interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    try {\n      return await app.acquireTokenInteractive(interactiveRequest);\n    } catch (e: any) {\n      msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message: \"Cannot silently authenticate with default broker account.\",\n        });\n      }\n      // If we tried to use the default broker account and failed, fall back to interactive authentication\n      if (useDefaultBrokerAccount) {\n        return getBrokeredTokenInternal(scopes, false, options);\n      } else {\n        throw e;\n      }\n    }\n  }\n\n  /**\n   * A helper function that supports brokered authentication through the MSAL's public application.\n   *\n   * When useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n   * If the default broker account is not available, the method will fall back to interactive authentication.\n   */\n  async function getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(\n      `Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${useDefaultBrokerAccount}`,\n    );\n    const response = await getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options);\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token interactively`);\n\n    const app = await getPublicApp(options);\n\n    return withSilentAuthentication(app, scopes, options, async () => {\n      const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n\n      if (state.pluginConfiguration.broker.isEnabled) {\n        return getBrokeredTokenInternal(\n          scopes,\n          state.pluginConfiguration.broker.useDefaultBrokerAccount ?? false,\n          options,\n        );\n      }\n      if (options.proofOfPossessionOptions) {\n        interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n        interactiveRequest.authenticationScheme = \"pop\";\n        interactiveRequest.resourceRequestMethod =\n          options.proofOfPossessionOptions.resourceRequestMethod;\n        interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n      }\n      return app.acquireTokenInteractive(interactiveRequest);\n    });\n  }\n\n  return {\n    getActiveAccount,\n    getBrokeredToken,\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n    getTokenByDeviceCode,\n    getTokenByUsernamePassword,\n    getTokenByAuthorizationCode,\n    getTokenOnBehalfOf,\n    getTokenByInteractiveRequest,\n  };\n}\n"]}
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEnG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAM3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,CAAC,KAAK,EAAE,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3E; | 
| 1 | 
            +
            {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEnG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAM3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,CAAC,KAAK,EAAE,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3E;AASD;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,EAC5B,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,SAAS,IAAI,cAAc,CAkBrC;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAAE,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ7E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAYpE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,wBAAwB,CAAC,EAAE,OAAO,GACjC,MAAM,EAAE,CAKV;AAED;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,CAClC,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,KAC1B,eAoBF,CAAC;AAEJ;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAcxF;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,EAAE,KAAK,EACZ,eAAe,CAAC,EAAE,eAAe,GAChC,KAAK,CA6CP;AAGD,wBAAgB,YAAY,CAAC,OAAO,EAAE,oBAAoB,GAAG,UAAU,CAAC,WAAW,CAQlF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,oBAAoB,CAU7F;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAElF;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,+BAA+B,CAAC,gBAAgB,EAAE,MAAM,GAAG,oBAAoB,CAQ9F"}
         | 
    
        package/dist/esm/msal/utils.js
    CHANGED
    
    | @@ -6,13 +6,9 @@ import { DefaultAuthority, DefaultAuthorityHost, DefaultTenantId } from "../cons | |
| 6 6 | 
             
            import { randomUUID as coreRandomUUID, isNode, isNodeLike } from "@azure/core-util";
         | 
| 7 7 | 
             
            import { AbortError } from "@azure/abort-controller";
         | 
| 8 8 | 
             
            import { msalCommon } from "./msal.js";
         | 
| 9 | 
            -
            /**
         | 
| 10 | 
            -
             * @internal
         | 
| 11 | 
            -
             */
         | 
| 12 9 | 
             
            const logger = credentialLogger("IdentityUtils");
         | 
| 13 10 | 
             
            /**
         | 
| 14 11 | 
             
             * Latest AuthenticationRecord version
         | 
| 15 | 
            -
             * @internal
         | 
| 16 12 | 
             
             */
         | 
| 17 13 | 
             
            const LatestAuthenticationRecordVersion = "1.0";
         | 
| 18 14 | 
             
            /**
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC1F,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAMvC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,IAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY;QAC3B,KAAK,CAAC,IAAI,KAAK,qBAAqB,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,kBAAkB;AAClB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,OAAO;QACL,cAAc,EAAE,OAAO,CAAC,aAAa;QACrC,WAAW,EAAE,OAAO,CAAC,SAAS;QAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,OAAO,CAAC,WAAW,IAAI,gBAAgB;QAClD,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"../util/logging.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport { DefaultAuthority, DefaultAuthorityHost, DefaultTenantId } from \"../constants.js\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport type { AzureLogLevel } from \"@azure/logger\";\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal.js\";\n\nexport interface ILoggerCallback {\n  (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n  scopes: string | string[],\n  msalToken?: MsalToken | null,\n  getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n  const error = (message: string): Error => {\n    logger.getToken.info(message);\n    return new AuthenticationRequiredError({\n      scopes: Array.isArray(scopes) ? scopes : [scopes],\n      getTokenOptions,\n      message,\n    });\n  };\n  if (!msalToken) {\n    throw error(\"No response\");\n  }\n  if (!msalToken.expiresOn) {\n    throw error(`Response had no \"expiresOn\" property.`);\n  }\n  if (!msalToken.accessToken) {\n    throw error(`Response had no \"accessToken\" property.`);\n  }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n  let authorityHost = options?.authorityHost;\n\n  if (!authorityHost && isNodeLike) {\n    authorityHost = process.env.AZURE_AUTHORITY_HOST;\n  }\n\n  return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n  if (!host) {\n    host = DefaultAuthorityHost;\n  }\n  if (new RegExp(`${tenantId}/?$`).test(host)) {\n    return host;\n  }\n  if (host.endsWith(\"/\")) {\n    return host + tenantId;\n  } else {\n    return `${host}/${tenantId}`;\n  }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n  tenantId: string,\n  authorityHost: string,\n  disableInstanceDiscovery?: boolean,\n): string[] {\n  if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n    return [authorityHost];\n  }\n  return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n  logger: CredentialLogger,\n  platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n  (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n  (level, message, containsPii): void => {\n    if (containsPii) {\n      return;\n    }\n    switch (level) {\n      case msalCommon.LogLevel.Error:\n        credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n        return;\n      case msalCommon.LogLevel.Info:\n        credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Verbose:\n        credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Warning:\n        credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n        return;\n    }\n  };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n  switch (logLevel) {\n    case \"error\":\n      return msalCommon.LogLevel.Error;\n    case \"info\":\n      return msalCommon.LogLevel.Info;\n    case \"verbose\":\n      return msalCommon.LogLevel.Verbose;\n    case \"warning\":\n      return msalCommon.LogLevel.Warning;\n    default:\n      // default msal logging level should be Info\n      return msalCommon.LogLevel.Info;\n  }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n  return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n  scopes: string[],\n  error: Error,\n  getTokenOptions?: GetTokenOptions,\n): Error {\n  if (\n    error.name === \"AuthError\" ||\n    error.name === \"ClientAuthError\" ||\n    error.name === \"BrowserAuthError\"\n  ) {\n    const msalError = error as msalCommon.AuthError;\n    switch (msalError.errorCode) {\n      case \"endpoints_resolution_error\":\n        logger.info(formatError(scopes, error.message));\n        return new CredentialUnavailableError(error.message);\n      case \"device_code_polling_cancelled\":\n        return new AbortError(\"The authentication has been aborted by the caller.\");\n      case \"consent_required\":\n      case \"interaction_required\":\n      case \"login_required\":\n        logger.info(\n          formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n        );\n        break;\n      default:\n        logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n        break;\n    }\n  }\n  if (\n    error.name === \"ClientConfigurationError\" ||\n    error.name === \"BrowserConfigurationAuthError\" ||\n    error.name === \"AbortError\" ||\n    error.name === \"AuthenticationError\"\n  ) {\n    return error;\n  }\n  if (error.name === \"NativeAuthError\") {\n    logger.info(\n      formatError(\n        scopes,\n        `Error from the native broker: ${error.message} with status code: ${\n          (error as any).statusCode\n        }`,\n      ),\n    );\n    return error;\n  }\n  return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n  return {\n    localAccountId: account.homeAccountId,\n    environment: account.authority,\n    username: account.username,\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId,\n  };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n  const record = {\n    authority: account.environment ?? DefaultAuthority,\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId || DefaultTenantId,\n    username: account.username,\n    clientId,\n    version: LatestAuthenticationRecordVersion,\n  };\n  return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n  return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n  const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n  if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n    throw Error(\"Unsupported AuthenticationRecord version\");\n  }\n\n  return parsed;\n}\n"]}
         | 
| 1 | 
            +
            {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC1F,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAMvC,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;GAEG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,IAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY;QAC3B,KAAK,CAAC,IAAI,KAAK,qBAAqB,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,kBAAkB;AAClB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,OAAO;QACL,cAAc,EAAE,OAAO,CAAC,aAAa;QACrC,WAAW,EAAE,OAAO,CAAC,SAAS;QAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,OAAO,CAAC,WAAW,IAAI,gBAAgB;QAClD,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors.js\";\nimport type { CredentialLogger } from \"../util/logging.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport { DefaultAuthority, DefaultAuthorityHost, DefaultTenantId } from \"../constants.js\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport type { AzureLogLevel } from \"@azure/logger\";\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal.js\";\n\nexport interface ILoggerCallback {\n  (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n  scopes: string | string[],\n  msalToken?: MsalToken | null,\n  getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n  const error = (message: string): Error => {\n    logger.getToken.info(message);\n    return new AuthenticationRequiredError({\n      scopes: Array.isArray(scopes) ? scopes : [scopes],\n      getTokenOptions,\n      message,\n    });\n  };\n  if (!msalToken) {\n    throw error(\"No response\");\n  }\n  if (!msalToken.expiresOn) {\n    throw error(`Response had no \"expiresOn\" property.`);\n  }\n  if (!msalToken.accessToken) {\n    throw error(`Response had no \"accessToken\" property.`);\n  }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n  let authorityHost = options?.authorityHost;\n\n  if (!authorityHost && isNodeLike) {\n    authorityHost = process.env.AZURE_AUTHORITY_HOST;\n  }\n\n  return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n  if (!host) {\n    host = DefaultAuthorityHost;\n  }\n  if (new RegExp(`${tenantId}/?$`).test(host)) {\n    return host;\n  }\n  if (host.endsWith(\"/\")) {\n    return host + tenantId;\n  } else {\n    return `${host}/${tenantId}`;\n  }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n  tenantId: string,\n  authorityHost: string,\n  disableInstanceDiscovery?: boolean,\n): string[] {\n  if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n    return [authorityHost];\n  }\n  return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n  logger: CredentialLogger,\n  platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n  (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n  (level, message, containsPii): void => {\n    if (containsPii) {\n      return;\n    }\n    switch (level) {\n      case msalCommon.LogLevel.Error:\n        credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n        return;\n      case msalCommon.LogLevel.Info:\n        credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Verbose:\n        credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n        return;\n      case msalCommon.LogLevel.Warning:\n        credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n        return;\n    }\n  };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n  switch (logLevel) {\n    case \"error\":\n      return msalCommon.LogLevel.Error;\n    case \"info\":\n      return msalCommon.LogLevel.Info;\n    case \"verbose\":\n      return msalCommon.LogLevel.Verbose;\n    case \"warning\":\n      return msalCommon.LogLevel.Warning;\n    default:\n      // default msal logging level should be Info\n      return msalCommon.LogLevel.Info;\n  }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n  return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n  scopes: string[],\n  error: Error,\n  getTokenOptions?: GetTokenOptions,\n): Error {\n  if (\n    error.name === \"AuthError\" ||\n    error.name === \"ClientAuthError\" ||\n    error.name === \"BrowserAuthError\"\n  ) {\n    const msalError = error as msalCommon.AuthError;\n    switch (msalError.errorCode) {\n      case \"endpoints_resolution_error\":\n        logger.info(formatError(scopes, error.message));\n        return new CredentialUnavailableError(error.message);\n      case \"device_code_polling_cancelled\":\n        return new AbortError(\"The authentication has been aborted by the caller.\");\n      case \"consent_required\":\n      case \"interaction_required\":\n      case \"login_required\":\n        logger.info(\n          formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n        );\n        break;\n      default:\n        logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n        break;\n    }\n  }\n  if (\n    error.name === \"ClientConfigurationError\" ||\n    error.name === \"BrowserConfigurationAuthError\" ||\n    error.name === \"AbortError\" ||\n    error.name === \"AuthenticationError\"\n  ) {\n    return error;\n  }\n  if (error.name === \"NativeAuthError\") {\n    logger.info(\n      formatError(\n        scopes,\n        `Error from the native broker: ${error.message} with status code: ${\n          (error as any).statusCode\n        }`,\n      ),\n    );\n    return error;\n  }\n  return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n  return {\n    localAccountId: account.homeAccountId,\n    environment: account.authority,\n    username: account.username,\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId,\n  };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n  const record = {\n    authority: account.environment ?? DefaultAuthority,\n    homeAccountId: account.homeAccountId,\n    tenantId: account.tenantId || DefaultTenantId,\n    username: account.username,\n    clientId,\n    version: LatestAuthenticationRecordVersion,\n  };\n  return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n  return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n  const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n  if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n    throw Error(\"Unsupported AuthenticationRecord version\");\n  }\n\n  return parsed;\n}\n"]}
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"consumer.d.ts","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAsB,cAAc,EAAE,MAAM,eAAe,CAAC; | 
| 1 | 
            +
            {"version":3,"file":"consumer.d.ts","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAsB,cAAc,EAAE,MAAM,eAAe,CAAC;AAiBxE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE9D"}
         | 
| @@ -4,7 +4,6 @@ import { msalNodeFlowCacheControl, msalNodeFlowNativeBrokerControl, msalNodeFlow | |
| 4 4 | 
             
            /**
         | 
| 5 5 | 
             
             * The context passed to an Identity plugin. This contains objects that
         | 
| 6 6 | 
             
             * plugins can use to set backend implementations.
         | 
| 7 | 
            -
             * @internal
         | 
| 8 7 | 
             
             */
         | 
| 9 8 | 
             
            const pluginContext = {
         | 
| 10 9 | 
             
                cachePluginControl: msalNodeFlowCacheControl,
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,EAC/B,mCAAmC,GACpC,MAAM,kCAAkC,CAAC;AAE1C | 
| 1 | 
            +
            {"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,EAC/B,mCAAmC,GACpC,MAAM,kCAAkC,CAAC;AAE1C;;;GAGG;AACH,MAAM,aAAa,GAAuB;IACxC,kBAAkB,EAAE,wBAAwB;IAC5C,yBAAyB,EAAE,+BAA+B;IAC1D,uBAAuB,EAAE,mCAAmC;CAC7D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,MAAM,CAAC,aAAa,CAAC,CAAC;AACxB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AzurePluginContext, IdentityPlugin } from \"./provider.js\";\nimport {\n  msalNodeFlowCacheControl,\n  msalNodeFlowNativeBrokerControl,\n  msalNodeFlowVSCodeCredentialControl,\n} from \"../msal/nodeFlows/msalPlugins.js\";\n\n/**\n * The context passed to an Identity plugin. This contains objects that\n * plugins can use to set backend implementations.\n */\nconst pluginContext: AzurePluginContext = {\n  cachePluginControl: msalNodeFlowCacheControl,\n  nativeBrokerPluginControl: msalNodeFlowNativeBrokerControl,\n  vsCodeCredentialControl: msalNodeFlowVSCodeCredentialControl,\n};\n\n/**\n * Extend Azure Identity with additional functionality. Pass a plugin from\n * a plugin package, such as:\n *\n * - `@azure/identity-cache-persistence`: provides persistent token caching\n * - `@azure/identity-vscode`: provides the dependencies of\n *   `VisualStudioCodeCredential` and enables it\n *\n * Example:\n *\n * ```ts snippet:consumer_example\n * import { useIdentityPlugin, DeviceCodeCredential } from \"@azure/identity\";\n *\n * useIdentityPlugin(cachePersistencePlugin);\n * // The plugin has the capability to extend `DeviceCodeCredential` and to\n * // add middleware to the underlying credentials, such as persistence.\n * const credential = new DeviceCodeCredential({\n *   tokenCachePersistenceOptions: {\n *     enabled: true,\n *   },\n * });\n * ```\n *\n * @param plugin - the plugin to register\n */\nexport function useIdentityPlugin(plugin: IdentityPlugin): void {\n  plugin(pluginContext);\n}\n"]}
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4. | 
| 1 | 
            +
            {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.13.0`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n  /**\n   * China-based Azure Authority Host\n   */\n  AzureChina = \"https://login.chinacloudapi.cn\",\n  /**\n   * Germany-based Azure Authority Host\n   *\n   * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n   *\n   * */\n  AzureGermany = \"https://login.microsoftonline.de\",\n  /**\n   * US Government Azure Authority Host\n   */\n  AzureGovernment = \"https://login.microsoftonline.us\",\n  /**\n   * Public Cloud Azure Authority Host\n   */\n  AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
         | 
| @@ -25,7 +25,7 @@ export declare class UnavailableDefaultCredential implements TokenCredential { | |
| 25 25 | 
             
             * - {@link AzureCliCredential}
         | 
| 26 26 | 
             
             * - {@link AzurePowerShellCredential}
         | 
| 27 27 | 
             
             * - {@link AzureDeveloperCliCredential}
         | 
| 28 | 
            -
             * -  | 
| 28 | 
            +
             * - BrokerCredential (a broker-enabled credential that requires \@azure/identity-broker is installed)
         | 
| 29 29 | 
             
             *
         | 
| 30 30 | 
             
             * Consult the documentation of these credential types for more information
         | 
| 31 31 | 
             
             * on how they attempt authentication.
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAO5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAgBxD;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B; | 
| 1 | 
            +
            {"version":3,"file":"defaultAzureCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAO5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAgBxD;;;GAGG;AACH,qBAAa,4BAA6B,YAAW,eAAe;IAClE,iCAAiC,EAAE,MAAM,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;gBAEX,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAKnD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAM1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,qBAAa,sBAAuB,SAAQ,sBAAsB;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,qCAAqC;IAE3D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,uCAAuC;IAE7D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,6BAA6B;CAyFpD"}
         | 
| @@ -34,7 +34,7 @@ export class UnavailableDefaultCredential { | |
| 34 34 | 
             
             * - {@link AzureCliCredential}
         | 
| 35 35 | 
             
             * - {@link AzurePowerShellCredential}
         | 
| 36 36 | 
             
             * - {@link AzureDeveloperCliCredential}
         | 
| 37 | 
            -
             * -  | 
| 37 | 
            +
             * - BrokerCredential (a broker-enabled credential that requires \@azure/identity-broker is installed)
         | 
| 38 38 | 
             
             *
         | 
| 39 39 | 
             
             * Consult the documentation of these credential types for more information
         | 
| 40 40 | 
             
             * on how they attempt authentication.
         | 
| @@ -94,7 +94,11 @@ export class DefaultAzureCredential extends ChainedTokenCredential { | |
| 94 94 | 
             
                                credentialFunctions = [createDefaultWorkloadIdentityCredential];
         | 
| 95 95 | 
             
                                break;
         | 
| 96 96 | 
             
                            case "managedidentitycredential":
         | 
| 97 | 
            -
                                 | 
| 97 | 
            +
                                // Setting `sendProbeRequest` to false to ensure ManagedIdentityCredential behavior
         | 
| 98 | 
            +
                                // is consistent when used standalone in DAC chain or used directly.
         | 
| 99 | 
            +
                                credentialFunctions = [
         | 
| 100 | 
            +
                                    () => createDefaultManagedIdentityCredential({ sendProbeRequest: false }),
         | 
| 101 | 
            +
                                ];
         | 
| 98 102 | 
             
                                break;
         | 
| 99 103 | 
             
                            case "visualstudiocodecredential":
         | 
| 100 104 | 
             
                                credentialFunctions = [createDefaultVisualStudioCodeCredential];
         | 
| @@ -128,7 +132,7 @@ export class DefaultAzureCredential extends ChainedTokenCredential { | |
| 128 132 | 
             
                    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason
         | 
| 129 133 | 
             
                    const credentials = credentialFunctions.map((createCredentialFn) => {
         | 
| 130 134 | 
             
                        try {
         | 
| 131 | 
            -
                            return createCredentialFn(options);
         | 
| 135 | 
            +
                            return createCredentialFn(options ?? {});
         | 
| 132 136 | 
             
                        }
         | 
| 133 137 | 
             
                        catch (err) {
         | 
| 134 138 | 
             
                            logger.warning(`Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`);
         | 
| @@ -139,7 +143,7 @@ export class DefaultAzureCredential extends ChainedTokenCredential { | |
| 139 143 | 
             
                }
         | 
| 140 144 | 
             
            }
         | 
| 141 145 | 
             
            /**
         | 
| 142 | 
            -
             *  | 
| 146 | 
            +
             * This function checks that all environment variables in `options.requiredEnvVars` are set and non-empty.
         | 
| 143 147 | 
             
             * If any are missing or empty, it throws an error.
         | 
| 144 148 | 
             
             */
         | 
| 145 149 | 
             
            function validateRequiredEnvVars(options) {
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAalC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAIrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,+BAA+B,EAC/B,wCAAwC,EACxC,sCAAsC,EACtC,6BAA6B,EAC7B,sCAAsC,EACtC,uCAAuC,EACvC,uCAAuC,EACvC,kCAAkC,GACnC,MAAM,sCAAsC,CAAC;AAE9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC,iCAAiC,CAAS;IAC1C,cAAc,CAAS;IAEvB,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,uCAAuC;YACvC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;YACxC,6BAA6B;SAC9B,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,kCAAkC;YAClC,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,MAAM,oBAAoB,GACxB,sLAAsL,CAAC;QACzL,mFAAmF;QACnF,kIAAkI;QAClI,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,KAAK,uBAAuB;oBAC1B,mBAAmB,GAAG,CAAC,kCAAkC,CAAC,CAAC;oBAC3D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,oBAAoB;oBACvB,mBAAmB,GAAG,CAAC,+BAA+B,CAAC,CAAC;oBACxD,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,6BAA6B;oBAChC,mBAAmB,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACjE,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,gEAAgE;oBAChE,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,oEAAoE,oBAAoB,GAAG,CAAC;oBACnM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,OAAuC;IACtE,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;YACzD,CAAC,CAAC,OAAO,CAAC,eAAe;YACzB,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,wBAAwB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,oBAAoB,CAAC;YAC3M,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\n\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport {\n  createDefaultAzureCliCredential,\n  createDefaultAzureDeveloperCliCredential,\n  createDefaultAzurePowershellCredential,\n  createDefaultBrokerCredential,\n  createDefaultManagedIdentityCredential,\n  createDefaultVisualStudioCodeCredential,\n  createDefaultWorkloadIdentityCredential,\n  createDefaultEnvironmentCredential,\n} from \"./defaultAzureCredentialFunctions.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n * - {@link BrokerCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * The following example demonstrates how to use the `requiredEnvVars` option to ensure that certain environment variables are set before the `DefaultAzureCredential` is instantiated.\n * If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.\n * It also demonstrates how to set the `AZURE_TOKEN_CREDENTIALS` environment variable to control which credentials are included in the chain.\n \n * ```ts snippet:defaultazurecredential_requiredEnvVars\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const credential = new DefaultAzureCredential({\n *   requiredEnvVars: [\n *     \"AZURE_CLIENT_ID\",\n *     \"AZURE_TENANT_ID\",\n *     \"AZURE_CLIENT_SECRET\",\n *     \"AZURE_TOKEN_CREDENTIALS\",\n *   ],\n * });\n * ```\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    validateRequiredEnvVars(options);\n    // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n    const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n      ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n      : undefined;\n    const devCredentialFunctions = [\n      createDefaultVisualStudioCodeCredential,\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n      createDefaultBrokerCredential,\n    ];\n    const prodCredentialFunctions = [\n      createDefaultEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n    ];\n    let credentialFunctions = [];\n    const validCredentialNames =\n      \"EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential\";\n    // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n    // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\" or any one of these credentials - {validCredentialNames}.\n    if (azureTokenCredentials) {\n      switch (azureTokenCredentials) {\n        case \"dev\":\n          credentialFunctions = devCredentialFunctions;\n          break;\n        case \"prod\":\n          credentialFunctions = prodCredentialFunctions;\n          break;\n        case \"environmentcredential\":\n          credentialFunctions = [createDefaultEnvironmentCredential];\n          break;\n        case \"workloadidentitycredential\":\n          credentialFunctions = [createDefaultWorkloadIdentityCredential];\n          break;\n        case \"managedidentitycredential\":\n          credentialFunctions = [createDefaultManagedIdentityCredential];\n          break;\n        case \"visualstudiocodecredential\":\n          credentialFunctions = [createDefaultVisualStudioCodeCredential];\n          break;\n        case \"azureclicredential\":\n          credentialFunctions = [createDefaultAzureCliCredential];\n          break;\n        case \"azurepowershellcredential\":\n          credentialFunctions = [createDefaultAzurePowershellCredential];\n          break;\n        case \"azuredeveloperclicredential\":\n          credentialFunctions = [createDefaultAzureDeveloperCliCredential];\n          break;\n        default: {\n          // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n          // This will prevent the creation of the DefaultAzureCredential.\n          const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;\n          logger.warning(errorMessage);\n          throw new Error(errorMessage);\n        }\n      }\n    } else {\n      // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n      credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n    }\n\n    // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options);\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n\n/**\n * @internal This function checks that all environment variables in `options.requiredEnvVars` are set and non-empty.\n * If any are missing or empty, it throws an error.\n */\nfunction validateRequiredEnvVars(options?: DefaultAzureCredentialOptions) {\n  if (options?.requiredEnvVars) {\n    const requiredVars = Array.isArray(options.requiredEnvVars)\n      ? options.requiredEnvVars\n      : [options.requiredEnvVars];\n    const missing = requiredVars.filter((envVar) => !process.env[envVar]);\n    if (missing.length > 0) {\n      const errorMessage = `Required environment ${missing.length === 1 ? \"variable\" : \"variables\"} '${missing.join(\", \")}' for DefaultAzureCredential ${missing.length === 1 ? \"is\" : \"are\"} not set or empty.`;\n      logger.warning(errorMessage);\n      throw new Error(errorMessage);\n    }\n  }\n}\n"]}
         | 
| 1 | 
            +
            {"version":3,"file":"defaultAzureCredential.js","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAalC,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAIrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,+BAA+B,EAC/B,wCAAwC,EACxC,sCAAsC,EACtC,6BAA6B,EAC7B,sCAAsC,EACtC,uCAAuC,EACvC,uCAAuC,EACvC,kCAAkC,GACnC,MAAM,sCAAsC,CAAC;AAE9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC,iCAAiC,CAAS;IAC1C,cAAc,CAAS;IAEvB,YAAY,cAAsB,EAAE,OAAe;QACjD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iCAAiC,GAAG,OAAO,CAAC;IACnD,CAAC;IAED,QAAQ;QACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,YAAY,IAAI,CAAC,cAAc,aAAa,IAAI,CAAC,iCAAiC,EAAE,CACrF,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAsBhE,YAAY,OAAuC;QACjD,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB;YAC/D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,sBAAsB,GAAG;YAC7B,uCAAuC;YACvC,+BAA+B;YAC/B,sCAAsC;YACtC,wCAAwC;YACxC,6BAA6B;SAC9B,CAAC;QACF,MAAM,uBAAuB,GAAG;YAC9B,kCAAkC;YAClC,uCAAuC;YACvC,sCAAsC;SACvC,CAAC;QACF,IAAI,mBAAmB,GAAG,EAAE,CAAC;QAC7B,MAAM,oBAAoB,GACxB,sLAAsL,CAAC;QACzL,mFAAmF;QACnF,kIAAkI;QAClI,IAAI,qBAAqB,EAAE,CAAC;YAC1B,QAAQ,qBAAqB,EAAE,CAAC;gBAC9B,KAAK,KAAK;oBACR,mBAAmB,GAAG,sBAAsB,CAAC;oBAC7C,MAAM;gBACR,KAAK,MAAM;oBACT,mBAAmB,GAAG,uBAAuB,CAAC;oBAC9C,MAAM;gBACR,KAAK,uBAAuB;oBAC1B,mBAAmB,GAAG,CAAC,kCAAkC,CAAC,CAAC;oBAC3D,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mFAAmF;oBACnF,oEAAoE;oBACpE,mBAAmB,GAAG;wBACpB,GAAG,EAAE,CAAC,sCAAsC,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;qBAC1E,CAAC;oBACF,MAAM;gBACR,KAAK,4BAA4B;oBAC/B,mBAAmB,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBAChE,MAAM;gBACR,KAAK,oBAAoB;oBACvB,mBAAmB,GAAG,CAAC,+BAA+B,CAAC,CAAC;oBACxD,MAAM;gBACR,KAAK,2BAA2B;oBAC9B,mBAAmB,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,6BAA6B;oBAChC,mBAAmB,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACjE,MAAM;gBACR,OAAO,CAAC,CAAC,CAAC;oBACR,6EAA6E;oBAC7E,gEAAgE;oBAChE,MAAM,YAAY,GAAG,+CAA+C,OAAO,CAAC,GAAG,CAAC,uBAAuB,oEAAoE,oBAAoB,GAAG,CAAC;oBACnM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2EAA2E;YAC3E,mBAAmB,GAAG,CAAC,GAAG,uBAAuB,EAAE,GAAG,sBAAsB,CAAC,CAAC;QAChF,CAAC;QAED,gLAAgL;QAChL,8DAA8D;QAC9D,6DAA6D;QAC7D,gEAAgE;QAChE,sHAAsH;QACtH,MAAM,WAAW,GAAsB,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YACpF,IAAI,CAAC;gBACH,OAAO,kBAAkB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CACZ,WAAW,kBAAkB,CAAC,IAAI,iDAAiD,GAAG,EAAE,CACzF,CAAC;gBACF,OAAO,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAChF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;IACxB,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,OAAuC;IACtE,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;YACzD,CAAC,CAAC,OAAO,CAAC,eAAe;YACzB,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,wBAAwB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,oBAAoB,CAAC;YAC3M,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type {\n  DefaultAzureCredentialClientIdOptions,\n  DefaultAzureCredentialOptions,\n  DefaultAzureCredentialResourceIdOptions,\n} from \"./defaultAzureCredentialOptions.js\";\n\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential/index.js\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential.js\";\nimport { AzureCliCredential } from \"./azureCliCredential.js\";\nimport { AzureDeveloperCliCredential } from \"./azureDeveloperCliCredential.js\";\nimport { AzurePowerShellCredential } from \"./azurePowerShellCredential.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\nimport { EnvironmentCredential } from \"./environmentCredential.js\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { WorkloadIdentityCredential } from \"./workloadIdentityCredential.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport {\n  createDefaultAzureCliCredential,\n  createDefaultAzureDeveloperCliCredential,\n  createDefaultAzurePowershellCredential,\n  createDefaultBrokerCredential,\n  createDefaultManagedIdentityCredential,\n  createDefaultVisualStudioCodeCredential,\n  createDefaultWorkloadIdentityCredential,\n  createDefaultEnvironmentCredential,\n} from \"./defaultAzureCredentialFunctions.js\";\n\nconst logger = credentialLogger(\"DefaultAzureCredential\");\n\n/**\n * A no-op credential that logs the reason it was skipped if getToken is called.\n * @internal\n */\nexport class UnavailableDefaultCredential implements TokenCredential {\n  credentialUnavailableErrorMessage: string;\n  credentialName: string;\n\n  constructor(credentialName: string, message: string) {\n    this.credentialName = credentialName;\n    this.credentialUnavailableErrorMessage = message;\n  }\n\n  getToken(): Promise<null> {\n    logger.getToken.info(\n      `Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`,\n    );\n    return Promise.resolve(null);\n  }\n}\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that works for most\n * applications that use Azure SDK client libraries. For more information, see\n * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).\n *\n * The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link WorkloadIdentityCredential}\n * - {@link ManagedIdentityCredential}\n * - {@link VisualStudioCodeCredential}\n * - {@link AzureCliCredential}\n * - {@link AzurePowerShellCredential}\n * - {@link AzureDeveloperCliCredential}\n * - BrokerCredential (a broker-enabled credential that requires \\@azure/identity-broker is installed)\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * The following example demonstrates how to use the `requiredEnvVars` option to ensure that certain environment variables are set before the `DefaultAzureCredential` is instantiated.\n * If any of the specified environment variables are missing or empty, an error will be thrown, preventing the application from continuing execution without the necessary configuration.\n * It also demonstrates how to set the `AZURE_TOKEN_CREDENTIALS` environment variable to control which credentials are included in the chain.\n \n * ```ts snippet:defaultazurecredential_requiredEnvVars\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const credential = new DefaultAzureCredential({\n *   requiredEnvVars: [\n *     \"AZURE_CLIENT_ID\",\n *     \"AZURE_TENANT_ID\",\n *     \"AZURE_CLIENT_SECRET\",\n *     \"AZURE_TOKEN_CREDENTIALS\",\n *   ],\n * });\n * ```\n */\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialClientIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialResourceIdOptions);\n\n  /**\n   * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.\n   *\n   * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.\n   */\n  constructor(options?: DefaultAzureCredentialOptions);\n\n  constructor(options?: DefaultAzureCredentialOptions) {\n    validateRequiredEnvVars(options);\n    // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n    const azureTokenCredentials = process.env.AZURE_TOKEN_CREDENTIALS\n      ? process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase()\n      : undefined;\n    const devCredentialFunctions = [\n      createDefaultVisualStudioCodeCredential,\n      createDefaultAzureCliCredential,\n      createDefaultAzurePowershellCredential,\n      createDefaultAzureDeveloperCliCredential,\n      createDefaultBrokerCredential,\n    ];\n    const prodCredentialFunctions = [\n      createDefaultEnvironmentCredential,\n      createDefaultWorkloadIdentityCredential,\n      createDefaultManagedIdentityCredential,\n    ];\n    let credentialFunctions = [];\n    const validCredentialNames =\n      \"EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential\";\n    // If AZURE_TOKEN_CREDENTIALS is set, use it to determine which credentials to use.\n    // The value of AZURE_TOKEN_CREDENTIALS should be either \"dev\" or \"prod\" or any one of these credentials - {validCredentialNames}.\n    if (azureTokenCredentials) {\n      switch (azureTokenCredentials) {\n        case \"dev\":\n          credentialFunctions = devCredentialFunctions;\n          break;\n        case \"prod\":\n          credentialFunctions = prodCredentialFunctions;\n          break;\n        case \"environmentcredential\":\n          credentialFunctions = [createDefaultEnvironmentCredential];\n          break;\n        case \"workloadidentitycredential\":\n          credentialFunctions = [createDefaultWorkloadIdentityCredential];\n          break;\n        case \"managedidentitycredential\":\n          // Setting `sendProbeRequest` to false to ensure ManagedIdentityCredential behavior\n          // is consistent when used standalone in DAC chain or used directly.\n          credentialFunctions = [\n            () => createDefaultManagedIdentityCredential({ sendProbeRequest: false }),\n          ];\n          break;\n        case \"visualstudiocodecredential\":\n          credentialFunctions = [createDefaultVisualStudioCodeCredential];\n          break;\n        case \"azureclicredential\":\n          credentialFunctions = [createDefaultAzureCliCredential];\n          break;\n        case \"azurepowershellcredential\":\n          credentialFunctions = [createDefaultAzurePowershellCredential];\n          break;\n        case \"azuredeveloperclicredential\":\n          credentialFunctions = [createDefaultAzureDeveloperCliCredential];\n          break;\n        default: {\n          // If AZURE_TOKEN_CREDENTIALS is set to an unsupported value, throw an error.\n          // This will prevent the creation of the DefaultAzureCredential.\n          const errorMessage = `Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - ${validCredentialNames}.`;\n          logger.warning(errorMessage);\n          throw new Error(errorMessage);\n        }\n      }\n    } else {\n      // If AZURE_TOKEN_CREDENTIALS is not set, use the default credential chain.\n      credentialFunctions = [...prodCredentialFunctions, ...devCredentialFunctions];\n    }\n\n    // Errors from individual credentials should not be thrown in the DefaultAzureCredential constructor, instead throwing on getToken() which is handled by ChainedTokenCredential.\n    // When adding new credentials to the default chain, consider:\n    // 1. Making the constructor parameters required and explicit\n    // 2. Validating any required parameters in the factory function\n    // 3. Returning a UnavailableDefaultCredential from the factory function if a credential is unavailable for any reason\n    const credentials: TokenCredential[] = credentialFunctions.map((createCredentialFn) => {\n      try {\n        return createCredentialFn(options ?? {});\n      } catch (err: any) {\n        logger.warning(\n          `Skipped ${createCredentialFn.name} because of an error creating the credential: ${err}`,\n        );\n        return new UnavailableDefaultCredential(createCredentialFn.name, err.message);\n      }\n    });\n\n    super(...credentials);\n  }\n}\n\n/**\n * This function checks that all environment variables in `options.requiredEnvVars` are set and non-empty.\n * If any are missing or empty, it throws an error.\n */\nfunction validateRequiredEnvVars(options?: DefaultAzureCredentialOptions) {\n  if (options?.requiredEnvVars) {\n    const requiredVars = Array.isArray(options.requiredEnvVars)\n      ? options.requiredEnvVars\n      : [options.requiredEnvVars];\n    const missing = requiredVars.filter((envVar) => !process.env[envVar]);\n    if (missing.length > 0) {\n      const errorMessage = `Required environment ${missing.length === 1 ? \"variable\" : \"variables\"} '${missing.join(\", \")}' for DefaultAzureCredential ${missing.length === 1 ? \"is\" : \"are\"} not set or empty.`;\n      logger.warning(errorMessage);\n      throw new Error(errorMessage);\n    }\n  }\n}\n"]}
         | 
| @@ -23,7 +23,9 @@ export declare function createDefaultVisualStudioCodeCredential(options?: Defaul | |
| 23 23 | 
             
             *
         | 
| 24 24 | 
             
             * @internal
         | 
| 25 25 | 
             
             */
         | 
| 26 | 
            -
            export declare function createDefaultManagedIdentityCredential(options?: DefaultAzureCredentialOptions | DefaultAzureCredentialResourceIdOptions | DefaultAzureCredentialClientIdOptions) | 
| 26 | 
            +
            export declare function createDefaultManagedIdentityCredential(options?: (DefaultAzureCredentialOptions | DefaultAzureCredentialResourceIdOptions | DefaultAzureCredentialClientIdOptions) & {
         | 
| 27 | 
            +
                sendProbeRequest?: boolean;
         | 
| 28 | 
            +
            }): TokenCredential;
         | 
| 27 29 | 
             
            /**
         | 
| 28 30 | 
             
             * Creates a {@link WorkloadIdentityCredential} from the provided options.
         | 
| 29 31 | 
             
             * @param options - Options to configure the credential.
         | 
| @@ -1 +1 @@ | |
| 1 | 
            -
            {"version":3,"file":"defaultAzureCredentialFunctions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAe5C;;;;;;;;GAQG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO, | 
| 1 | 
            +
            {"version":3,"file":"defaultAzureCredentialFunctions.d.ts","sourceRoot":"","sources":["../../../src/credentials/defaultAzureCredentialFunctions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,KAAK,EACV,qCAAqC,EACrC,6BAA6B,EAC7B,uCAAuC,EACxC,MAAM,oCAAoC,CAAC;AAe5C;;;;;;;;GAQG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,CACL,6BAA6B,GAC7B,uCAAuC,GACvC,qCAAqC,CACxC,GAAG;IAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAAO,GACtC,eAAe,CAkDjB;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CACrD,OAAO,CAAC,EAAE,6BAA6B,GAAG,qCAAqC,GAC9E,eAAe,CA4BjB;AAED;;;;;GAKG;AACH,wBAAgB,wCAAwC,CACtD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,sCAAsC,CACpD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB;AAED;;;;;GAKG;AACH,wBAAgB,kCAAkC,CAChD,OAAO,GAAE,6BAAkC,GAC1C,eAAe,CAEjB"}
         | 
| @@ -40,6 +40,10 @@ export function createDefaultManagedIdentityCredential(options = {}) { | |
| 40 40 | 
             
                    maxRetries: 5,
         | 
| 41 41 | 
             
                    retryDelayInMs: 800,
         | 
| 42 42 | 
             
                };
         | 
| 43 | 
            +
                // ManagedIdentityCredential inside DAC chain should send a probe request by default.
         | 
| 44 | 
            +
                // This is different from standalone ManagedIdentityCredential behavior
         | 
| 45 | 
            +
                // or when AZURE_TOKEN_CREDENTIALS is set to only ManagedIdentityCredential.
         | 
| 46 | 
            +
                options.sendProbeRequest ??= true;
         | 
| 43 47 | 
             
                const managedIdentityClientId = options?.managedIdentityClientId ??
         | 
| 44 48 | 
             
                    process.env.AZURE_CLIENT_ID;
         | 
| 45 49 | 
             
                const workloadIdentityClientId = options?.workloadIdentityClientId ??
         |