@azure/identity 4.14.0-beta.1 → 4.14.0-beta.3

package/dist/commonjs/credentials/interactiveBrowserCredential.js

@@ -1,114 +1,150 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.InteractiveBrowserCredential = void 0;
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const logging_js_1 = require("../util/logging.js");
-const scopeUtils_js_1 = require("../util/scopeUtils.js");
-const tracing_js_1 = require("../util/tracing.js");
-const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
-const constants_js_1 = require("../constants.js");
-const logger = (0, logging_js_1.credentialLogger)("InteractiveBrowserCredential");
-/**
- * Enables authentication to Microsoft Entra ID inside of the web browser
- * using the interactive login flow.
- */
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var interactiveBrowserCredential_exports = {};
+__export(interactiveBrowserCredential_exports, {
+  InteractiveBrowserCredential: () => InteractiveBrowserCredential
+});
+module.exports = __toCommonJS(interactiveBrowserCredential_exports);
+var import_tenantIdUtils = require("../util/tenantIdUtils.js");
+var import_logging = require("../util/logging.js");
+var import_scopeUtils = require("../util/scopeUtils.js");
+var import_tracing = require("../util/tracing.js");
+var import_msalClient = require("../msal/nodeFlows/msalClient.js");
+var import_constants = require("../constants.js");
+const logger = (0, import_logging.credentialLogger)("InteractiveBrowserCredential");
 class InteractiveBrowserCredential {
-    tenantId;
-    additionallyAllowedTenantIds;
-    msalClient;
-    disableAutomaticAuthentication;
-    browserCustomizationOptions;
-    loginHint;
-    /**
-     * Creates an instance of InteractiveBrowserCredential with the details needed.
-     *
-     * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow).
-     * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
-     * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
-     *
-     * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
-     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-app-registration#redirect-uris).
-     *
-     * @param options - Options for configuring the client which makes the authentication requests.
-     */
-    constructor(options) {
-        this.tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(logger, options.tenantId, options.clientId);
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options?.additionallyAllowedTenants);
-        const msalClientOptions = {
-            ...options,
-            tokenCredentialOptions: options,
-            logger,
+  tenantId;
+  additionallyAllowedTenantIds;
+  msalClient;
+  disableAutomaticAuthentication;
+  browserCustomizationOptions;
+  loginHint;
+  /**
+   * Creates an instance of InteractiveBrowserCredential with the details needed.
+   *
+   * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow).
+   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
+   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
+   *
+   * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
+   * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-app-registration#redirect-uris).
+   *
+   * @param options - Options for configuring the client which makes the authentication requests.
+   */
+  constructor(options) {
+    this.tenantId = (0, import_tenantIdUtils.resolveTenantId)(logger, options.tenantId, options.clientId);
+    this.additionallyAllowedTenantIds = (0, import_tenantIdUtils.resolveAdditionallyAllowedTenantIds)(
+      options?.additionallyAllowedTenants
+    );
+    const msalClientOptions = {
+      ...options,
+      logger
+    };
+    const ibcNodeOptions = options;
+    this.browserCustomizationOptions = ibcNodeOptions.browserCustomizationOptions;
+    this.loginHint = ibcNodeOptions.loginHint;
+    if (ibcNodeOptions?.brokerOptions?.enabled) {
+      if (!ibcNodeOptions?.brokerOptions?.parentWindowHandle) {
+        throw new Error(
+          "In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter"
+        );
+      } else {
+        msalClientOptions.brokerOptions = {
+          enabled: true,
+          parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,
+          legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions?.legacyEnableMsaPassthrough,
+          useDefaultBrokerAccount: ibcNodeOptions.brokerOptions?.useDefaultBrokerAccount
         };
-        const ibcNodeOptions = options;
-        this.browserCustomizationOptions = ibcNodeOptions.browserCustomizationOptions;
-        this.loginHint = ibcNodeOptions.loginHint;
-        if (ibcNodeOptions?.brokerOptions?.enabled) {
-            if (!ibcNodeOptions?.brokerOptions?.parentWindowHandle) {
-                throw new Error("In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter");
-            }
-            else {
-                msalClientOptions.brokerOptions = {
-                    enabled: true,
-                    parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,
-                    legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions?.legacyEnableMsaPassthrough,
-                    useDefaultBrokerAccount: ibcNodeOptions.brokerOptions?.useDefaultBrokerAccount,
-                };
-            }
-        }
-        this.msalClient = (0, msalClient_js_1.createMsalClient)(options.clientId ?? constants_js_1.DeveloperSignOnClientId, this.tenantId, msalClientOptions);
-        this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
+      }
     }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the user provided the option `disableAutomaticAuthentication`,
-     * once the token can't be retrieved silently,
-     * this method won't attempt to request user interaction to retrieve the token.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
-            newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
-            return this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
-                ...newOptions,
-                disableAutomaticAuthentication: this.disableAutomaticAuthentication,
-                browserCustomizationOptions: this.browserCustomizationOptions,
-                loginHint: this.loginHint,
-            });
+    this.msalClient = (0, import_msalClient.createMsalClient)(
+      options.clientId ?? import_constants.DeveloperSignOnClientId,
+      this.tenantId,
+      msalClientOptions
+    );
+    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
+  }
+  /**
+   * Authenticates with Microsoft Entra ID and returns an access token if successful.
+   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+   *
+   * If the user provided the option `disableAutomaticAuthentication`,
+   * once the token can't be retrieved silently,
+   * this method won't attempt to request user interaction to retrieve the token.
+   *
+   * @param scopes - The list of scopes for which the token will have access.
+   * @param options - The options used to configure any requests this
+   *                TokenCredential implementation might make.
+   */
+  async getToken(scopes, options = {}) {
+    return import_tracing.tracingClient.withSpan(
+      `${this.constructor.name}.getToken`,
+      options,
+      async (newOptions) => {
+        newOptions.tenantId = (0, import_tenantIdUtils.processMultiTenantRequest)(
+          this.tenantId,
+          newOptions,
+          this.additionallyAllowedTenantIds,
+          logger
+        );
+        const arrayScopes = (0, import_scopeUtils.ensureScopes)(scopes);
+        return this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
+          ...newOptions,
+          disableAutomaticAuthentication: this.disableAutomaticAuthentication,
+          browserCustomizationOptions: this.browserCustomizationOptions,
+          loginHint: this.loginHint
         });
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
-     *
-     * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.
-     * PKCE is a security feature that mitigates authentication code interception attacks.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                  TokenCredential implementation might make.
-     */
-    async authenticate(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
-            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
-            await this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
-                ...newOptions,
-                disableAutomaticAuthentication: false, // this method should always allow user interaction
-                browserCustomizationOptions: this.browserCustomizationOptions,
-                loginHint: this.loginHint,
-            });
-            return this.msalClient.getActiveAccount();
+      }
+    );
+  }
+  /**
+   * Authenticates with Microsoft Entra ID and returns an access token if successful.
+   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+   *
+   * If the token can't be retrieved silently, this method will always generate a challenge for the user.
+   *
+   * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.
+   * PKCE is a security feature that mitigates authentication code interception attacks.
+   *
+   * @param scopes - The list of scopes for which the token will have access.
+   * @param options - The options used to configure any requests this
+   *                  TokenCredential implementation might make.
+   */
+  async authenticate(scopes, options = {}) {
+    return import_tracing.tracingClient.withSpan(
+      `${this.constructor.name}.authenticate`,
+      options,
+      async (newOptions) => {
+        const arrayScopes = (0, import_scopeUtils.ensureScopes)(scopes);
+        await this.msalClient.getTokenByInteractiveRequest(arrayScopes, {
+          ...newOptions,
+          disableAutomaticAuthentication: false,
+          // this method should always allow user interaction
+          browserCustomizationOptions: this.browserCustomizationOptions,
+          loginHint: this.loginHint
         });
-    }
+        return this.msalClient.getActiveAccount();
+      }
+    );
+  }
 }
-exports.InteractiveBrowserCredential = InteractiveBrowserCredential;
-//# sourceMappingURL=interactiveBrowserCredential.js.map
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  InteractiveBrowserCredential
+});
+//# sourceMappingURL=interactiveBrowserCredential.js.map

package/dist/commonjs/credentials/interactiveBrowserCredential.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"interactiveBrowserCredential.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAOlC,+DAIkC;AAGlC,mDAAsD;AACtD,yDAAqD;AACrD,mDAAmD;AAEnD,mEAAmE;AACnE,kDAA0D;AAE1D,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,8BAA8B,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAa,4BAA4B;IAC/B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,UAAU,CAAa;IACvB,8BAA8B,CAAW;IACzC,2BAA2B,CAAyE;IACpG,SAAS,CAAU;IAE3B;;;;;;;;;;;OAWG;IACH,YACE,OAA+F;QAE/F,IAAI,CAAC,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5E,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,MAAM,iBAAiB,GAAsB;YAC3C,GAAG,OAAO;YACV,sBAAsB,EAAE,OAAO;YAC/B,MAAM;SACP,CAAC;QACF,MAAM,cAAc,GAAG,OAAkD,CAAC;QAC1E,IAAI,CAAC,2BAA2B,GAAG,cAAc,CAAC,2BAA2B,CAAC;QAC9E,IAAI,CAAC,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;QAC1C,IAAI,cAAc,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;YAC3C,IAAI,CAAC,cAAc,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iBAAiB,CAAC,aAAa,GAAG;oBAChC,OAAO,EAAE,IAAI;oBACb,kBAAkB,EAAE,cAAc,CAAC,aAAa,CAAC,kBAAkB;oBACnE,0BAA0B,EAAE,cAAc,CAAC,aAAa,EAAE,0BAA0B;oBACpF,uBAAuB,EAAE,cAAc,CAAC,aAAa,EAAE,uBAAuB;iBAC/E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAChC,OAAO,CAAC,QAAQ,IAAI,sCAAuB,EAC3C,IAAI,CAAC,QAAQ,EACb,iBAAiB,CAClB,CAAC;QACF,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,WAAW,EAAE;gBAC/D,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;gBACnE,2BAA2B,EAAE,IAAI,CAAC,2BAA2B;gBAC7D,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,MAAM,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,WAAW,EAAE;gBAC9D,GAAG,UAAU;gBACb,8BAA8B,EAAE,KAAK,EAAE,mDAAmD;gBAC1F,2BAA2B,EAAE,IAAI,CAAC,2BAA2B;gBAC7D,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA7HD,oEA6HC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient, MsalClientOptions } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private tenantId?: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalClient: MsalClient;\n  private disableAutomaticAuthentication?: boolean;\n  private browserCustomizationOptions: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  private loginHint?: string;\n\n  /**\n   * Creates an instance of InteractiveBrowserCredential with the details needed.\n   *\n   * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n   * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-app-registration#redirect-uris).\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(\n    options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions,\n  ) {\n    this.tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    const msalClientOptions: MsalClientOptions = {\n      ...options,\n      tokenCredentialOptions: options,\n      logger,\n    };\n    const ibcNodeOptions = options as InteractiveBrowserCredentialNodeOptions;\n    this.browserCustomizationOptions = ibcNodeOptions.browserCustomizationOptions;\n    this.loginHint = ibcNodeOptions.loginHint;\n    if (ibcNodeOptions?.brokerOptions?.enabled) {\n      if (!ibcNodeOptions?.brokerOptions?.parentWindowHandle) {\n        throw new Error(\n          \"In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter\",\n        );\n      } else {\n        msalClientOptions.brokerOptions = {\n          enabled: true,\n          parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,\n          legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions?.legacyEnableMsaPassthrough,\n          useDefaultBrokerAccount: ibcNodeOptions.brokerOptions?.useDefaultBrokerAccount,\n        };\n      }\n    }\n    this.msalClient = createMsalClient(\n      options.clientId ?? DeveloperSignOnClientId,\n      this.tenantId,\n      msalClientOptions,\n    );\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByInteractiveRequest(arrayScopes, {\n          ...newOptions,\n          disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n          browserCustomizationOptions: this.browserCustomizationOptions,\n          loginHint: this.loginHint,\n        });\n      },\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n   *\n   * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n   * PKCE is a security feature that mitigates authentication code interception attacks.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<AuthenticationRecord | undefined> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.authenticate`,\n      options,\n      async (newOptions) => {\n        const arrayScopes = ensureScopes(scopes);\n        await this.msalClient.getTokenByInteractiveRequest(arrayScopes, {\n          ...newOptions,\n          disableAutomaticAuthentication: false, // this method should always allow user interaction\n          browserCustomizationOptions: this.browserCustomizationOptions,\n          loginHint: this.loginHint,\n        });\n        return this.msalClient.getActiveAccount();\n      },\n    );\n  }\n}\n"]}
+{
+  "version": 3,
+  "sources": ["../../../src/credentials/interactiveBrowserCredential.ts"],
+  "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type {\n  InteractiveBrowserCredentialInBrowserOptions,\n  InteractiveBrowserCredentialNodeOptions,\n} from \"./interactiveBrowserCredentialOptions.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient, MsalClientOptions } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID inside of the web browser\n * using the interactive login flow.\n */\nexport class InteractiveBrowserCredential implements TokenCredential {\n  private tenantId?: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalClient: MsalClient;\n  private disableAutomaticAuthentication?: boolean;\n  private browserCustomizationOptions: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  private loginHint?: string;\n\n  /**\n   * Creates an instance of InteractiveBrowserCredential with the details needed.\n   *\n   * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow).\n   * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.\n   * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.\n   *\n   * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a \"Mobile and desktop applications\" redirect endpoint.\n   * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-app-registration#redirect-uris).\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(\n    options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions,\n  ) {\n    this.tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    const msalClientOptions: MsalClientOptions = {\n      ...options,\n      logger,\n    };\n    const ibcNodeOptions = options as InteractiveBrowserCredentialNodeOptions;\n    this.browserCustomizationOptions = ibcNodeOptions.browserCustomizationOptions;\n    this.loginHint = ibcNodeOptions.loginHint;\n    if (ibcNodeOptions?.brokerOptions?.enabled) {\n      if (!ibcNodeOptions?.brokerOptions?.parentWindowHandle) {\n        throw new Error(\n          \"In order to do WAM authentication, `parentWindowHandle` under `brokerOptions` is a required parameter\",\n        );\n      } else {\n        msalClientOptions.brokerOptions = {\n          enabled: true,\n          parentWindowHandle: ibcNodeOptions.brokerOptions.parentWindowHandle,\n          legacyEnableMsaPassthrough: ibcNodeOptions.brokerOptions?.legacyEnableMsaPassthrough,\n          useDefaultBrokerAccount: ibcNodeOptions.brokerOptions?.useDefaultBrokerAccount,\n        };\n      }\n    }\n    this.msalClient = createMsalClient(\n      options.clientId ?? DeveloperSignOnClientId,\n      this.tenantId,\n      msalClientOptions,\n    );\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByInteractiveRequest(arrayScopes, {\n          ...newOptions,\n          disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n          browserCustomizationOptions: this.browserCustomizationOptions,\n          loginHint: this.loginHint,\n        });\n      },\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n   *\n   * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.\n   * PKCE is a security feature that mitigates authentication code interception attacks.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<AuthenticationRecord | undefined> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.authenticate`,\n      options,\n      async (newOptions) => {\n        const arrayScopes = ensureScopes(scopes);\n        await this.msalClient.getTokenByInteractiveRequest(arrayScopes, {\n          ...newOptions,\n          disableAutomaticAuthentication: false, // this method should always allow user interaction\n          browserCustomizationOptions: this.browserCustomizationOptions,\n          loginHint: this.loginHint,\n        });\n        return this.msalClient.getActiveAccount();\n      },\n    );\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,2BAIO;AAGP,qBAAiC;AACjC,wBAA6B;AAC7B,qBAA8B;AAE9B,wBAAiC;AACjC,uBAAwC;AAExC,MAAM,aAAS,iCAAiB,8BAA8B;AAMvD,MAAM,6BAAwD;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcR,YACE,SACA;AACA,SAAK,eAAW,sCAAgB,QAAQ,QAAQ,UAAU,QAAQ,QAAQ;AAC1E,SAAK,mCAA+B;AAAA,MAClC,SAAS;AAAA,IACX;AAEA,UAAM,oBAAuC;AAAA,MAC3C,GAAG;AAAA,MACH;AAAA,IACF;AACA,UAAM,iBAAiB;AACvB,SAAK,8BAA8B,eAAe;AAClD,SAAK,YAAY,eAAe;AAChC,QAAI,gBAAgB,eAAe,SAAS;AAC1C,UAAI,CAAC,gBAAgB,eAAe,oBAAoB;AACtD,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF,OAAO;AACL,0BAAkB,gBAAgB;AAAA,UAChC,SAAS;AAAA,UACT,oBAAoB,eAAe,cAAc;AAAA,UACjD,4BAA4B,eAAe,eAAe;AAAA,UAC1D,yBAAyB,eAAe,eAAe;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AACA,SAAK,iBAAa;AAAA,MAChB,QAAQ,YAAY;AAAA,MACpB,KAAK;AAAA,MACL;AAAA,IACF;AACA,SAAK,iCAAiC,SAAS;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,SAAS,QAA2B,UAA2B,CAAC,GAAyB;AAC7F,WAAO,6BAAc;AAAA,MACnB,GAAG,KAAK,YAAY,IAAI;AAAA,MACxB;AAAA,MACA,OAAO,eAAe;AACpB,mBAAW,eAAW;AAAA,UACpB,KAAK;AAAA,UACL;AAAA,UACA,KAAK;AAAA,UACL;AAAA,QACF;AAEA,cAAM,kBAAc,gCAAa,MAAM;AACvC,eAAO,KAAK,WAAW,6BAA6B,aAAa;AAAA,UAC/D,GAAG;AAAA,UACH,gCAAgC,KAAK;AAAA,UACrC,6BAA6B,KAAK;AAAA,UAClC,WAAW,KAAK;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,aACJ,QACA,UAA2B,CAAC,GACe;AAC3C,WAAO,6BAAc;AAAA,MACnB,GAAG,KAAK,YAAY,IAAI;AAAA,MACxB;AAAA,MACA,OAAO,eAAe;AACpB,cAAM,kBAAc,gCAAa,MAAM;AACvC,cAAM,KAAK,WAAW,6BAA6B,aAAa;AAAA,UAC9D,GAAG;AAAA,UACH,gCAAgC;AAAA;AAAA,UAChC,6BAA6B,KAAK;AAAA,UAClC,WAAW,KAAK;AAAA,QAClB,CAAC;AACD,eAAO,KAAK,WAAW,iBAAiB;AAAA,MAC1C;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interactiveBrowserCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEtF;;;;;;;;GAQG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,OAAO,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,uCACf,SAAQ,4BAA4B,EAClC,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB;IACnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,4CAA6C,SAAQ,4BAA4B;IAChG;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAE/B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
+{"version":3,"file":"interactiveBrowserCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AACpF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEtF;;;;;;;;GAQG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,OAAO,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,uCACf,SACE,4BAA4B,EAC5B,4BAA4B,EAC5B,2BAA2B,EAC3B,iBAAiB;IACnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,4CAA6C,SAAQ,4BAA4B;IAChG;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAE/B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}

package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js

@@ -1,5 +1,16 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=interactiveBrowserCredentialOptions.js.map
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var interactiveBrowserCredentialOptions_exports = {};
+module.exports = __toCommonJS(interactiveBrowserCredentialOptions_exports);
+//# sourceMappingURL=interactiveBrowserCredentialOptions.js.map

package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"interactiveBrowserCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/interactiveBrowserCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { BrowserCustomizationOptions } from \"./browserCustomizationOptions.js\";\nimport type { BrokerAuthOptions } from \"./brokerAuthOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { InteractiveCredentialOptions } from \"./interactiveCredentialOptions.js\";\n\n/**\n * (Browser-only feature)\n * The \"login style\" to use in the authentication flow:\n * - \"redirect\" redirects the user to the authentication page and then\n *   redirects them back to the page once authentication is completed.\n * - \"popup\" opens a new browser window through with the redirect flow\n *   is initiated.  The user's existing browser window does not leave\n *   the current page\n */\nexport type BrowserLoginStyle = \"redirect\" | \"popup\";\n\n/**\n * Defines the common options for the InteractiveBrowserCredential class.\n */\nexport interface InteractiveBrowserCredentialNodeOptions\n  extends InteractiveCredentialOptions,\n    CredentialPersistenceOptions,\n    BrowserCustomizationOptions,\n    BrokerAuthOptions {\n  /**\n   * Gets the redirect URI of the application. This should be same as the value\n   * in the application registration portal.  Defaults to `window.location.href`.\n   * This field is no longer required for Node.js.\n   */\n  redirectUri?: string | (() => string);\n\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n\n  /**\n   * The Client ID of the Microsoft Entra application that users will sign into.\n   * It is recommended that developers register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   * If not specified, users will authenticate to an Azure development application,\n   * which is not recommended for production scenarios.\n   */\n  clientId?: string;\n\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Defines the common options for the InteractiveBrowserCredential class.\n */\nexport interface InteractiveBrowserCredentialInBrowserOptions extends InteractiveCredentialOptions {\n  /**\n   * Gets the redirect URI of the application. This should be same as the value\n   * in the application registration portal.  Defaults to `window.location.href`.\n   * This field is no longer required for Node.js.\n   */\n  redirectUri?: string | (() => string);\n\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n\n  /**\n   * The Client ID of the Microsoft Entra application that users will sign into.\n   * This parameter is required on the browser.\n   * Developers need to register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   */\n  clientId: string;\n\n  /**\n   * Specifies whether a redirect or a popup window should be used to\n   * initiate the user authentication flow. Possible values are \"redirect\"\n   * or \"popup\" (default) for browser and \"popup\" (default) for node.\n   *\n   */\n  loginStyle?: BrowserLoginStyle;\n\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n"]}
+{
+  "version": 3,
+  "sources": ["../../../src/credentials/interactiveBrowserCredentialOptions.ts"],
+  "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { BrowserCustomizationOptions } from \"./browserCustomizationOptions.js\";\nimport type { BrokerAuthOptions } from \"./brokerAuthOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { InteractiveCredentialOptions } from \"./interactiveCredentialOptions.js\";\n\n/**\n * (Browser-only feature)\n * The \"login style\" to use in the authentication flow:\n * - \"redirect\" redirects the user to the authentication page and then\n *   redirects them back to the page once authentication is completed.\n * - \"popup\" opens a new browser window through with the redirect flow\n *   is initiated.  The user's existing browser window does not leave\n *   the current page\n */\nexport type BrowserLoginStyle = \"redirect\" | \"popup\";\n\n/**\n * Defines the common options for the InteractiveBrowserCredential class.\n */\nexport interface InteractiveBrowserCredentialNodeOptions\n  extends\n    InteractiveCredentialOptions,\n    CredentialPersistenceOptions,\n    BrowserCustomizationOptions,\n    BrokerAuthOptions {\n  /**\n   * Gets the redirect URI of the application. This should be same as the value\n   * in the application registration portal.  Defaults to `window.location.href`.\n   * This field is no longer required for Node.js.\n   */\n  redirectUri?: string | (() => string);\n\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n\n  /**\n   * The Client ID of the Microsoft Entra application that users will sign into.\n   * It is recommended that developers register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   * If not specified, users will authenticate to an Azure development application,\n   * which is not recommended for production scenarios.\n   */\n  clientId?: string;\n\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Defines the common options for the InteractiveBrowserCredential class.\n */\nexport interface InteractiveBrowserCredentialInBrowserOptions extends InteractiveCredentialOptions {\n  /**\n   * Gets the redirect URI of the application. This should be same as the value\n   * in the application registration portal.  Defaults to `window.location.href`.\n   * This field is no longer required for Node.js.\n   */\n  redirectUri?: string | (() => string);\n\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n\n  /**\n   * The Client ID of the Microsoft Entra application that users will sign into.\n   * This parameter is required on the browser.\n   * Developers need to register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   */\n  clientId: string;\n\n  /**\n   * Specifies whether a redirect or a popup window should be used to\n   * initiate the user authentication flow. Possible values are \"redirect\"\n   * or \"popup\" (default) for browser and \"popup\" (default) for node.\n   *\n   */\n  loginStyle?: BrowserLoginStyle;\n\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;AAAA;AAAA;",
+  "names": []
+}

package/dist/commonjs/credentials/interactiveCredentialOptions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interactiveCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/interactiveCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,4BACf,SAAQ,iCAAiC,EACvC,0BAA0B;IAC5B;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAE5C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C"}
+{"version":3,"file":"interactiveCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/interactiveCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,4BACf,SAAQ,iCAAiC,EAAE,0BAA0B;IACrE;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAE5C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C"}

package/dist/commonjs/credentials/interactiveCredentialOptions.js

@@ -1,5 +1,16 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=interactiveCredentialOptions.js.map
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var interactiveCredentialOptions_exports = {};
+module.exports = __toCommonJS(interactiveCredentialOptions_exports);
+//# sourceMappingURL=interactiveCredentialOptions.js.map

package/dist/commonjs/credentials/interactiveCredentialOptions.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"interactiveCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/interactiveCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Common constructor options for the Identity credentials that requires user interaction.\n */\nexport interface InteractiveCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    AuthorityValidationOptions {\n  /**\n   * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.\n   * This is necessary to provide in case the application wants to work with more than one account per\n   * Client ID and Tenant ID pair.\n   *\n   * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:\n   *\n   *     const authenticationRecord = await credential.authenticate();\n   *\n   */\n  authenticationRecord?: AuthenticationRecord;\n\n  /**\n   * Makes getToken throw if a manual authentication is necessary.\n   * Developers will need to call to `authenticate()` to control when to manually authenticate.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n"]}
+{
+  "version": 3,
+  "sources": ["../../../src/credentials/interactiveCredentialOptions.ts"],
+  "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Common constructor options for the Identity credentials that requires user interaction.\n */\nexport interface InteractiveCredentialOptions\n  extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {\n  /**\n   * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.\n   * This is necessary to provide in case the application wants to work with more than one account per\n   * Client ID and Tenant ID pair.\n   *\n   * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:\n   *\n   *     const authenticationRecord = await credential.authenticate();\n   *\n   */\n  authenticationRecord?: AuthenticationRecord;\n\n  /**\n   * Makes getToken throw if a manual authentication is necessary.\n   * Developers will need to call to `authenticate()` to control when to manually authenticate.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;AAAA;AAAA;",
+  "names": []
+}

package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js

@@ -1,100 +1,101 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.imdsMsi = void 0;
-const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
-const core_util_1 = require("@azure/core-util");
-const logging_js_1 = require("../../util/logging.js");
-const utils_js_1 = require("./utils.js");
-const tracing_js_1 = require("../../util/tracing.js");
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var imdsMsi_exports = {};
+__export(imdsMsi_exports, {
+  imdsMsi: () => imdsMsi
+});
+module.exports = __toCommonJS(imdsMsi_exports);
+var import_core_rest_pipeline = require("@azure/core-rest-pipeline");
+var import_core_util = require("@azure/core-util");
+var import_logging = require("../../util/logging.js");
+var import_utils = require("./utils.js");
+var import_tracing = require("../../util/tracing.js");
 const msiName = "ManagedIdentityCredential - IMDS";
-const logger = (0, logging_js_1.credentialLogger)(msiName);
+const logger = (0, import_logging.credentialLogger)(msiName);
 const imdsHost = "http://169.254.169.254";
 const imdsEndpointPath = "/metadata/identity/oauth2/token";
-/**
- * Generates an invalid request options to get a response quickly from IMDS endpoint.
- * The response indicates the availability of IMSD service; otherwise the request would time out.
- */
 function prepareInvalidRequestOptions(scopes) {
-    const resource = (0, utils_js_1.mapScopesToResource)(scopes);
+  const resource = (0, import_utils.mapScopesToResource)(scopes);
+  if (!resource) {
+    throw new Error(`${msiName}: Multiple scopes are not supported.`);
+  }
+  const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);
+  const rawHeaders = {
+    Accept: "application/json"
+    // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.
+  };
+  return {
+    // intentionally not including any query
+    url: `${url}`,
+    method: "GET",
+    headers: (0, import_core_rest_pipeline.createHttpHeaders)(rawHeaders)
+  };
+}
+const imdsMsi = {
+  name: "imdsMsi",
+  async isAvailable(options) {
+    const { scopes, identityClient, getTokenOptions } = options;
+    const resource = (0, import_utils.mapScopesToResource)(scopes);
     if (!resource) {
-        throw new Error(`${msiName}: Multiple scopes are not supported.`);
+      logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
+      return false;
     }
-    // Pod Identity will try to process this request even if the Metadata header is missing.
-    // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.
-    const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);
-    const rawHeaders = {
-        Accept: "application/json",
-        // intentionally leave out the Metadata header to invoke an error from IMDS endpoint.
-    };
-    return {
-        // intentionally not including any query
-        url: `${url}`,
-        method: "GET",
-        headers: (0, core_rest_pipeline_1.createHttpHeaders)(rawHeaders),
-    };
-}
-/**
- * Defines how to determine whether the Azure IMDS MSI is available.
- *
- * Actually getting the token once we determine IMDS is available is handled by MSAL.
- */
-exports.imdsMsi = {
-    name: "imdsMsi",
-    async isAvailable(options) {
-        const { scopes, identityClient, getTokenOptions } = options;
-        const resource = (0, utils_js_1.mapScopesToResource)(scopes);
-        if (!resource) {
-            logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
-            return false;
-        }
-        // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist
-        if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
-            return true;
+    if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
+      return true;
+    }
+    if (!identityClient) {
+      throw new Error("Missing IdentityClient");
+    }
+    const requestOptions = prepareInvalidRequestOptions(resource);
+    return import_tracing.tracingClient.withSpan(
+      "ManagedIdentityCredential-pingImdsEndpoint",
+      getTokenOptions ?? {},
+      async (updatedOptions) => {
+        requestOptions.tracingOptions = updatedOptions.tracingOptions;
+        const request = (0, import_core_rest_pipeline.createPipelineRequest)(requestOptions);
+        request.timeout = updatedOptions.requestOptions?.timeout || 1e3;
+        request.allowInsecureConnection = true;
+        let response;
+        try {
+          logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);
+          response = await identityClient.sendRequest(request);
+        } catch (err) {
+          if ((0, import_core_util.isError)(err)) {
+            logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);
+          }
+          logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
+          return false;
         }
-        if (!identityClient) {
-            throw new Error("Missing IdentityClient");
+        if (response.status === 403) {
+          if (response.bodyAsText?.includes("unreachable")) {
+            logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
+            logger.info(`${msiName}: ${response.bodyAsText}`);
+            return false;
+          }
         }
-        const requestOptions = prepareInvalidRequestOptions(resource);
-        return tracing_js_1.tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions ?? {}, async (updatedOptions) => {
-            requestOptions.tracingOptions = updatedOptions.tracingOptions;
-            // Create a request with a timeout since we expect that
-            // not having a "Metadata" header should cause an error to be
-            // returned quickly from the endpoint, proving its availability.
-            const request = (0, core_rest_pipeline_1.createPipelineRequest)(requestOptions);
-            // Default to 1000 if the default of 0 is used.
-            // Negative values can still be used to disable the timeout.
-            request.timeout = updatedOptions.requestOptions?.timeout || 1000;
-            // This MSI uses the imdsEndpoint to get the token, which only uses http://
-            request.allowInsecureConnection = true;
-            let response;
-            try {
-                logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);
-                response = await identityClient.sendRequest(request);
-            }
-            catch (err) {
-                // If the request failed, or Node.js was unable to establish a connection,
-                // or the host was down, we'll assume the IMDS endpoint isn't available.
-                if ((0, core_util_1.isError)(err)) {
-                    logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);
-                }
-                // This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host"
-                // rather than just timing out, as expected.
-                logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
-                return false;
-            }
-            if (response.status === 403) {
-                if (response.bodyAsText?.includes("unreachable")) {
-                    logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
-                    logger.info(`${msiName}: ${response.bodyAsText}`);
-                    return false;
-                }
-            }
-            // If we received any response, the endpoint is available
-            logger.info(`${msiName}: The Azure IMDS endpoint is available`);
-            return true;
-        });
-    },
+        logger.info(`${msiName}: The Azure IMDS endpoint is available`);
+        return true;
+      }
+    );
+  }
 };
-//# sourceMappingURL=imdsMsi.js.map
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  imdsMsi
+});
+//# sourceMappingURL=imdsMsi.js.map