@azure/identity 4.14.0-beta.1 → 4.14.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -40
- package/dist/browser/client/identityClient.d.ts +5 -4
- package/dist/browser/client/identityClient.d.ts.map +1 -1
- package/dist/browser/client/identityClient.js +56 -18
- package/dist/browser/client/identityClient.js.map +1 -1
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/browser/credentials/authorizationCodeCredential.d.ts +3 -3
- package/dist/browser/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential.js +2 -2
- package/dist/browser/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/azureCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureCliCredential.js +3 -3
- package/dist/browser/credentials/azureCliCredential.js.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.js +3 -3
- package/dist/browser/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.js +3 -3
- package/dist/browser/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/azurePowerShellCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential.js +3 -3
- package/dist/browser/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/browser/credentials/brokerCredential.d.ts +2 -2
- package/dist/browser/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/browser/credentials/brokerCredential.js +0 -1
- package/dist/browser/credentials/brokerCredential.js.map +1 -1
- package/dist/browser/credentials/clientAssertionCredential.d.ts +5 -4
- package/dist/browser/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential.js +3 -3
- package/dist/browser/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/browser/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/clientCertificateCredential.d.ts +6 -4
- package/dist/browser/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential.js +3 -3
- package/dist/browser/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/browser/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/clientSecretCredential.d.ts +1 -1
- package/dist/browser/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientSecretCredential.js +1 -1
- package/dist/browser/credentials/clientSecretCredential.js.map +1 -0
- package/dist/browser/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/defaultAzureCredential.d.ts +3 -3
- package/dist/browser/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential.js +2 -2
- package/dist/browser/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/deviceCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential.js +3 -3
- package/dist/browser/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/browser/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/environmentCredential.d.ts +5 -4
- package/dist/browser/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/browser/credentials/environmentCredential.js +3 -3
- package/dist/browser/credentials/environmentCredential.js.map +1 -0
- package/dist/browser/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential.js +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts +9 -4
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index.js +3 -3
- package/dist/browser/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/browser/credentials/onBehalfOfCredential.d.ts +5 -4
- package/dist/browser/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential.js +3 -3
- package/dist/browser/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.d.ts +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.js +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential.js +3 -3
- package/dist/browser/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.d.ts +5 -4
- package/dist/browser/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.js +3 -3
- package/dist/browser/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/browser/index.d.ts +33 -33
- package/dist/browser/index.d.ts.map +1 -1
- package/dist/browser/index.js.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/browser/msal/msal.d.ts +2 -3
- package/dist/browser/msal/msal.d.ts.map +1 -0
- package/dist/browser/msal/msal.js +2 -3
- package/dist/browser/msal/msal.js.map +1 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.js +6 -6
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/browser/msal/utils.d.ts +5 -13
- package/dist/browser/msal/utils.d.ts.map +1 -1
- package/dist/browser/msal/utils.js +12 -25
- package/dist/browser/msal/utils.js.map +1 -1
- package/dist/browser/plugins/consumer.d.ts +1 -1
- package/dist/browser/plugins/consumer.d.ts.map +1 -0
- package/dist/browser/plugins/consumer.js +1 -1
- package/dist/browser/plugins/consumer.js.map +1 -0
- package/dist/browser/util/authorityHost.d.ts +10 -0
- package/dist/browser/util/authorityHost.d.ts.map +1 -0
- package/dist/browser/util/authorityHost.js +18 -0
- package/dist/browser/util/authorityHost.js.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.d.ts +3 -2
- package/dist/browser/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.js +2 -2
- package/dist/browser/util/processMultiTenantRequest.js.map +1 -0
- package/dist/commonjs/client/identityClient.d.ts +5 -4
- package/dist/commonjs/client/identityClient.d.ts.map +1 -1
- package/dist/commonjs/client/identityClient.js +295 -252
- package/dist/commonjs/client/identityClient.js.map +7 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.js +61 -78
- package/dist/commonjs/constants.js.map +7 -1
- package/dist/commonjs/credentials/authorityValidationOptions.js +16 -5
- package/dist/commonjs/credentials/authorityValidationOptions.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.js +98 -75
- package/dist/commonjs/credentials/authorizationCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredential.js +245 -214
- package/dist/commonjs/credentials/azureCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js +237 -202
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredential.js +173 -135
- package/dist/commonjs/credentials/azurePipelinesCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredential.js +201 -205
- package/dist/commonjs/credentials/azurePowerShellCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerAuthOptions.js +16 -3
- package/dist/commonjs/credentials/brokerAuthOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerCredential.d.ts +2 -2
- package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/brokerCredential.js +103 -71
- package/dist/commonjs/credentials/brokerCredential.js.map +7 -1
- package/dist/commonjs/credentials/browserCustomizationOptions.js +16 -5
- package/dist/commonjs/credentials/browserCustomizationOptions.js.map +7 -1
- package/dist/commonjs/credentials/chainedTokenCredential.js +113 -93
- package/dist/commonjs/credentials/chainedTokenCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientAssertionCredential.js +101 -64
- package/dist/commonjs/credentials/clientAssertionCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientCertificateCredential.js +129 -124
- package/dist/commonjs/credentials/clientCertificateCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientSecretCredential.js +96 -68
- package/dist/commonjs/credentials/clientSecretCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/credentialPersistenceOptions.js +16 -5
- package/dist/commonjs/credentials/credentialPersistenceOptions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredential.js +121 -159
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +110 -140
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/deviceCodeCredential.js +132 -104
- package/dist/commonjs/credentials/deviceCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredential.js +157 -123
- package/dist/commonjs/credentials/environmentCredential.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/environmentCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/environmentCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.js +144 -108
- package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +92 -91
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +51 -44
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +256 -242
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/models.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/models.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/options.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/options.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +56 -39
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js +79 -75
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js.map +7 -1
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.js +168 -127
- package/dist/commonjs/credentials/onBehalfOfCredential.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.js +112 -76
- package/dist/commonjs/credentials/usernamePasswordCredential.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredential.js +144 -132
- package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredential.js +284 -274
- package/dist/commonjs/credentials/workloadIdentityCredential.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js.map +7 -1
- package/dist/commonjs/errors.js +131 -132
- package/dist/commonjs/errors.js.map +7 -1
- package/dist/commonjs/index.d.ts +33 -33
- package/dist/commonjs/index.d.ts.map +1 -1
- package/dist/commonjs/index.js +115 -67
- package/dist/commonjs/index.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +226 -249
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js +16 -5
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js.map +7 -1
- package/dist/commonjs/msal/credentials.js +16 -5
- package/dist/commonjs/msal/credentials.js.map +7 -1
- package/dist/commonjs/msal/msal.d.ts +1 -2
- package/dist/commonjs/msal/msal.d.ts.map +1 -1
- package/dist/commonjs/msal/msal.js +30 -9
- package/dist/commonjs/msal/msal.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js +16 -3
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.js +450 -478
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js +140 -147
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js +16 -5
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js.map +7 -1
- package/dist/commonjs/msal/types.js +16 -5
- package/dist/commonjs/msal/types.js.map +7 -1
- package/dist/commonjs/msal/utils.d.ts +5 -13
- package/dist/commonjs/msal/utils.d.ts.map +1 -1
- package/dist/commonjs/msal/utils.js +172 -226
- package/dist/commonjs/msal/utils.js.map +7 -1
- package/dist/commonjs/plugins/consumer.js +32 -40
- package/dist/commonjs/plugins/consumer.js.map +7 -1
- package/dist/commonjs/plugins/provider.js +16 -5
- package/dist/commonjs/plugins/provider.js.map +7 -1
- package/dist/commonjs/regionalAuthority.js +93 -141
- package/dist/commonjs/regionalAuthority.js.map +7 -1
- package/dist/commonjs/tokenCredentialOptions.js +16 -5
- package/dist/commonjs/tokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/tokenProvider.js +52 -52
- package/dist/commonjs/tokenProvider.js.map +7 -1
- package/dist/commonjs/tsdoc-metadata.json +1 -1
- package/dist/commonjs/util/authorityHost.d.ts +10 -0
- package/dist/commonjs/util/authorityHost.d.ts.map +1 -0
- package/dist/commonjs/util/authorityHost.js +36 -0
- package/dist/commonjs/util/authorityHost.js.map +7 -0
- package/dist/commonjs/util/certificatesUtils.js +54 -45
- package/dist/commonjs/util/certificatesUtils.js.map +7 -1
- package/dist/commonjs/util/identityTokenEndpoint.js +32 -12
- package/dist/commonjs/util/identityTokenEndpoint.js.map +7 -1
- package/dist/commonjs/util/logging.js +91 -97
- package/dist/commonjs/util/logging.js.map +7 -1
- package/dist/commonjs/util/processMultiTenantRequest.js +43 -33
- package/dist/commonjs/util/processMultiTenantRequest.js.map +7 -1
- package/dist/commonjs/util/processUtils.js +60 -35
- package/dist/commonjs/util/processUtils.js.map +7 -1
- package/dist/commonjs/util/scopeUtils.js +39 -28
- package/dist/commonjs/util/scopeUtils.js.map +7 -1
- package/dist/commonjs/util/subscriptionUtils.js +35 -17
- package/dist/commonjs/util/subscriptionUtils.js.map +7 -1
- package/dist/commonjs/util/tenantIdUtils.js +61 -45
- package/dist/commonjs/util/tenantIdUtils.js.map +7 -1
- package/dist/commonjs/util/tracing.js +33 -16
- package/dist/commonjs/util/tracing.js.map +7 -1
- package/dist/esm/client/identityClient.d.ts +5 -4
- package/dist/esm/client/identityClient.d.ts.map +1 -1
- package/dist/esm/client/identityClient.js +56 -18
- package/dist/esm/client/identityClient.js.map +1 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredential.js +0 -1
- package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.js +24 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/esm/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/brokerCredential.d.ts +2 -2
- package/dist/esm/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/esm/credentials/brokerCredential.js +0 -1
- package/dist/esm/credentials/brokerCredential.js.map +1 -1
- package/dist/esm/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientAssertionCredential.js +1 -2
- package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientCertificateCredential.js +0 -1
- package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/esm/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientSecretCredential.js +0 -1
- package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
- package/dist/esm/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/esm/credentials/deviceCodeCredential.js +0 -1
- package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/esm/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredential.js +0 -1
- package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/esm/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/esm/credentials/onBehalfOfCredential.js +0 -1
- package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredential.js +0 -1
- package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredential.js +3 -3
- package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/esm/index.d.ts +33 -33
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/esm/msal/msal.d.ts +1 -2
- package/dist/esm/msal/msal.d.ts.map +1 -1
- package/dist/esm/msal/msal.js +1 -2
- package/dist/esm/msal/msal.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.js +6 -6
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/esm/msal/utils.d.ts +5 -13
- package/dist/esm/msal/utils.d.ts.map +1 -1
- package/dist/esm/msal/utils.js +12 -25
- package/dist/esm/msal/utils.js.map +1 -1
- package/dist/esm/util/authorityHost.d.ts +10 -0
- package/dist/esm/util/authorityHost.d.ts.map +1 -0
- package/dist/esm/util/authorityHost.js +18 -0
- package/dist/esm/util/authorityHost.js.map +1 -0
- package/dist/workerd/client/identityClient.d.ts +5 -4
- package/dist/workerd/client/identityClient.d.ts.map +1 -1
- package/dist/workerd/client/identityClient.js +56 -18
- package/dist/workerd/client/identityClient.js.map +1 -1
- package/dist/workerd/constants.d.ts +1 -1
- package/dist/workerd/constants.js +1 -1
- package/dist/workerd/constants.js.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredential.js +0 -1
- package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.js +24 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/brokerCredential.d.ts +2 -2
- package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/brokerCredential.js +0 -1
- package/dist/workerd/credentials/brokerCredential.js.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredential.js +1 -2
- package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredential.js +0 -1
- package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientSecretCredential.js +0 -1
- package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
- package/dist/workerd/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredential.js +0 -1
- package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.js +0 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/workerd/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js +0 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredential.js +0 -1
- package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredential.js +3 -3
- package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/workerd/index.d.ts +33 -33
- package/dist/workerd/index.d.ts.map +1 -1
- package/dist/workerd/index.js.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/workerd/msal/msal.d.ts +1 -2
- package/dist/workerd/msal/msal.d.ts.map +1 -1
- package/dist/workerd/msal/msal.js +1 -2
- package/dist/workerd/msal/msal.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.js +6 -6
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/workerd/msal/utils.d.ts +5 -13
- package/dist/workerd/msal/utils.d.ts.map +1 -1
- package/dist/workerd/msal/utils.js +12 -25
- package/dist/workerd/msal/utils.js.map +1 -1
- package/dist/workerd/util/authorityHost.d.ts +10 -0
- package/dist/workerd/util/authorityHost.d.ts.map +1 -0
- package/dist/workerd/util/authorityHost.js +18 -0
- package/dist/workerd/util/authorityHost.js.map +1 -0
- package/package.json +17 -34
- package/dist/browser/credentials/authorizationCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/authorizationCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.d.mts.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.mjs.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.mjs.map +0 -1
- package/dist/browser/msal/msal-browser.d.mts.map +0 -1
- package/dist/browser/msal/msal-browser.mjs.map +0 -1
- package/dist/browser/plugins/consumer-browser.d.mts.map +0 -1
- package/dist/browser/plugins/consumer-browser.mjs.map +0 -1
- package/dist/browser/util/authHostEnv-browser.d.mts +0 -4
- package/dist/browser/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/browser/util/authHostEnv-browser.mjs +0 -7
- package/dist/browser/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.d.mts.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +0 -1
- package/dist/esm/util/authHostEnv-browser.d.mts +0 -4
- package/dist/esm/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/esm/util/authHostEnv-browser.mjs +0 -7
- package/dist/esm/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.d.mts +0 -4
- package/dist/workerd/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.mjs +0 -7
- package/dist/workerd/util/authHostEnv-browser.mjs.map +0 -1
|
@@ -1,134 +1,175 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __export = (target, all) => {
|
|
6
|
+
for (var name in all)
|
|
7
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
8
|
+
};
|
|
9
|
+
var __copyProps = (to, from, except, desc) => {
|
|
10
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
11
|
+
for (let key of __getOwnPropNames(from))
|
|
12
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
13
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
14
|
+
}
|
|
15
|
+
return to;
|
|
16
|
+
};
|
|
17
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
18
|
+
var onBehalfOfCredential_exports = {};
|
|
19
|
+
__export(onBehalfOfCredential_exports, {
|
|
20
|
+
OnBehalfOfCredential: () => OnBehalfOfCredential
|
|
21
|
+
});
|
|
22
|
+
module.exports = __toCommonJS(onBehalfOfCredential_exports);
|
|
23
|
+
var import_msalClient = require("../msal/nodeFlows/msalClient.js");
|
|
24
|
+
var import_logging = require("../util/logging.js");
|
|
25
|
+
var import_tenantIdUtils = require("../util/tenantIdUtils.js");
|
|
26
|
+
var import_errors = require("../errors.js");
|
|
27
|
+
var import_node_crypto = require("node:crypto");
|
|
28
|
+
var import_scopeUtils = require("../util/scopeUtils.js");
|
|
29
|
+
var import_promises = require("node:fs/promises");
|
|
30
|
+
var import_tracing = require("../util/tracing.js");
|
|
14
31
|
const credentialName = "OnBehalfOfCredential";
|
|
15
|
-
const logger = (0,
|
|
16
|
-
/**
|
|
17
|
-
* Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).
|
|
18
|
-
*/
|
|
32
|
+
const logger = (0, import_logging.credentialLogger)(credentialName);
|
|
19
33
|
class OnBehalfOfCredential {
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
if (!userAssertionToken) {
|
|
43
|
-
throw new errors_js_1.CredentialUnavailableError(`${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
|
|
44
|
-
}
|
|
45
|
-
this.certificatePath = certificatePath;
|
|
46
|
-
this.clientSecret = clientSecret;
|
|
47
|
-
this.userAssertionToken = userAssertionToken;
|
|
48
|
-
this.sendCertificateChain = sendCertificateChain;
|
|
49
|
-
this.clientAssertion = getAssertion;
|
|
50
|
-
this.tenantId = tenantId;
|
|
51
|
-
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(additionallyAllowedTenantIds);
|
|
52
|
-
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, this.tenantId, {
|
|
53
|
-
...options,
|
|
54
|
-
logger,
|
|
55
|
-
tokenCredentialOptions: options,
|
|
56
|
-
});
|
|
34
|
+
tenantId;
|
|
35
|
+
additionallyAllowedTenantIds;
|
|
36
|
+
msalClient;
|
|
37
|
+
sendCertificateChain;
|
|
38
|
+
certificatePath;
|
|
39
|
+
clientSecret;
|
|
40
|
+
userAssertionToken;
|
|
41
|
+
clientAssertion;
|
|
42
|
+
constructor(options) {
|
|
43
|
+
const { clientSecret } = options;
|
|
44
|
+
const { certificatePath, sendCertificateChain } = options;
|
|
45
|
+
const { getAssertion } = options;
|
|
46
|
+
const {
|
|
47
|
+
tenantId,
|
|
48
|
+
clientId,
|
|
49
|
+
userAssertionToken,
|
|
50
|
+
additionallyAllowedTenants: additionallyAllowedTenantIds
|
|
51
|
+
} = options;
|
|
52
|
+
if (!tenantId) {
|
|
53
|
+
throw new import_errors.CredentialUnavailableError(
|
|
54
|
+
`${credentialName}: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
|
|
55
|
+
);
|
|
57
56
|
}
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
* @param scopes - The list of scopes for which the token will have access.
|
|
63
|
-
* @param options - The options used to configure the underlying network requests.
|
|
64
|
-
*/
|
|
65
|
-
async getToken(scopes, options = {}) {
|
|
66
|
-
return tracing_js_1.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
67
|
-
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
|
|
68
|
-
const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
|
|
69
|
-
if (this.certificatePath) {
|
|
70
|
-
const clientCertificate = await this.buildClientCertificate(this.certificatePath);
|
|
71
|
-
return this.msalClient.getTokenOnBehalfOf(arrayScopes, this.userAssertionToken, clientCertificate, newOptions);
|
|
72
|
-
}
|
|
73
|
-
else if (this.clientSecret) {
|
|
74
|
-
return this.msalClient.getTokenOnBehalfOf(arrayScopes, this.userAssertionToken, this.clientSecret, options);
|
|
75
|
-
}
|
|
76
|
-
else if (this.clientAssertion) {
|
|
77
|
-
return this.msalClient.getTokenOnBehalfOf(arrayScopes, this.userAssertionToken, this.clientAssertion, options);
|
|
78
|
-
}
|
|
79
|
-
else {
|
|
80
|
-
// this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided
|
|
81
|
-
throw new Error("Expected either clientSecret or certificatePath or clientAssertion to be defined.");
|
|
82
|
-
}
|
|
83
|
-
});
|
|
57
|
+
if (!clientId) {
|
|
58
|
+
throw new import_errors.CredentialUnavailableError(
|
|
59
|
+
`${credentialName}: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
|
|
60
|
+
);
|
|
84
61
|
}
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
thumbprint: parts.thumbprint,
|
|
90
|
-
thumbprintSha256: parts.thumbprintSha256,
|
|
91
|
-
privateKey: parts.certificateContents,
|
|
92
|
-
x5c: parts.x5c,
|
|
93
|
-
};
|
|
94
|
-
}
|
|
95
|
-
catch (error) {
|
|
96
|
-
logger.info((0, logging_js_1.formatError)("", error));
|
|
97
|
-
throw error;
|
|
98
|
-
}
|
|
62
|
+
if (!clientSecret && !certificatePath && !getAssertion) {
|
|
63
|
+
throw new import_errors.CredentialUnavailableError(
|
|
64
|
+
`${credentialName}: You must provide one of clientSecret, certificatePath, or a getAssertion callback but none were provided. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
|
|
65
|
+
);
|
|
99
66
|
}
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
|
|
105
|
-
const publicKeys = [];
|
|
106
|
-
// Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
|
|
107
|
-
let match;
|
|
108
|
-
do {
|
|
109
|
-
match = certificatePattern.exec(certificateContents);
|
|
110
|
-
if (match) {
|
|
111
|
-
publicKeys.push(match[3]);
|
|
112
|
-
}
|
|
113
|
-
} while (match);
|
|
114
|
-
if (publicKeys.length === 0) {
|
|
115
|
-
throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
|
|
116
|
-
}
|
|
117
|
-
const thumbprint = (0, node_crypto_1.createHash)("sha1") // CodeQL [SM04514] Needed for backward compatibility reason
|
|
118
|
-
.update(Buffer.from(publicKeys[0], "base64"))
|
|
119
|
-
.digest("hex")
|
|
120
|
-
.toUpperCase();
|
|
121
|
-
const thumbprintSha256 = (0, node_crypto_1.createHash)("sha256")
|
|
122
|
-
.update(Buffer.from(publicKeys[0], "base64"))
|
|
123
|
-
.digest("hex")
|
|
124
|
-
.toUpperCase();
|
|
125
|
-
return {
|
|
126
|
-
certificateContents,
|
|
127
|
-
thumbprintSha256,
|
|
128
|
-
thumbprint,
|
|
129
|
-
x5c,
|
|
130
|
-
};
|
|
67
|
+
if (!userAssertionToken) {
|
|
68
|
+
throw new import_errors.CredentialUnavailableError(
|
|
69
|
+
`${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`
|
|
70
|
+
);
|
|
131
71
|
}
|
|
72
|
+
this.certificatePath = certificatePath;
|
|
73
|
+
this.clientSecret = clientSecret;
|
|
74
|
+
this.userAssertionToken = userAssertionToken;
|
|
75
|
+
this.sendCertificateChain = sendCertificateChain;
|
|
76
|
+
this.clientAssertion = getAssertion;
|
|
77
|
+
this.tenantId = tenantId;
|
|
78
|
+
this.additionallyAllowedTenantIds = (0, import_tenantIdUtils.resolveAdditionallyAllowedTenantIds)(
|
|
79
|
+
additionallyAllowedTenantIds
|
|
80
|
+
);
|
|
81
|
+
this.msalClient = (0, import_msalClient.createMsalClient)(clientId, this.tenantId, {
|
|
82
|
+
...options,
|
|
83
|
+
logger
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
88
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
|
89
|
+
*
|
|
90
|
+
* @param scopes - The list of scopes for which the token will have access.
|
|
91
|
+
* @param options - The options used to configure the underlying network requests.
|
|
92
|
+
*/
|
|
93
|
+
async getToken(scopes, options = {}) {
|
|
94
|
+
return import_tracing.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
|
|
95
|
+
newOptions.tenantId = (0, import_tenantIdUtils.processMultiTenantRequest)(
|
|
96
|
+
this.tenantId,
|
|
97
|
+
newOptions,
|
|
98
|
+
this.additionallyAllowedTenantIds,
|
|
99
|
+
logger
|
|
100
|
+
);
|
|
101
|
+
const arrayScopes = (0, import_scopeUtils.ensureScopes)(scopes);
|
|
102
|
+
if (this.certificatePath) {
|
|
103
|
+
const clientCertificate = await this.buildClientCertificate(this.certificatePath);
|
|
104
|
+
return this.msalClient.getTokenOnBehalfOf(
|
|
105
|
+
arrayScopes,
|
|
106
|
+
this.userAssertionToken,
|
|
107
|
+
clientCertificate,
|
|
108
|
+
newOptions
|
|
109
|
+
);
|
|
110
|
+
} else if (this.clientSecret) {
|
|
111
|
+
return this.msalClient.getTokenOnBehalfOf(
|
|
112
|
+
arrayScopes,
|
|
113
|
+
this.userAssertionToken,
|
|
114
|
+
this.clientSecret,
|
|
115
|
+
options
|
|
116
|
+
);
|
|
117
|
+
} else if (this.clientAssertion) {
|
|
118
|
+
return this.msalClient.getTokenOnBehalfOf(
|
|
119
|
+
arrayScopes,
|
|
120
|
+
this.userAssertionToken,
|
|
121
|
+
this.clientAssertion,
|
|
122
|
+
options
|
|
123
|
+
);
|
|
124
|
+
} else {
|
|
125
|
+
throw new Error(
|
|
126
|
+
"Expected either clientSecret or certificatePath or clientAssertion to be defined."
|
|
127
|
+
);
|
|
128
|
+
}
|
|
129
|
+
});
|
|
130
|
+
}
|
|
131
|
+
async buildClientCertificate(certificatePath) {
|
|
132
|
+
try {
|
|
133
|
+
const parts = await this.parseCertificate({ certificatePath }, this.sendCertificateChain);
|
|
134
|
+
return {
|
|
135
|
+
thumbprint: parts.thumbprint,
|
|
136
|
+
thumbprintSha256: parts.thumbprintSha256,
|
|
137
|
+
privateKey: parts.certificateContents,
|
|
138
|
+
x5c: parts.x5c
|
|
139
|
+
};
|
|
140
|
+
} catch (error) {
|
|
141
|
+
logger.info((0, import_logging.formatError)("", error));
|
|
142
|
+
throw error;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
async parseCertificate(configuration, sendCertificateChain) {
|
|
146
|
+
const certificatePath = configuration.certificatePath;
|
|
147
|
+
const certificateContents = await (0, import_promises.readFile)(certificatePath, "utf8");
|
|
148
|
+
const x5c = sendCertificateChain ? certificateContents : void 0;
|
|
149
|
+
const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
|
|
150
|
+
const publicKeys = [];
|
|
151
|
+
let match;
|
|
152
|
+
do {
|
|
153
|
+
match = certificatePattern.exec(certificateContents);
|
|
154
|
+
if (match) {
|
|
155
|
+
publicKeys.push(match[3]);
|
|
156
|
+
}
|
|
157
|
+
} while (match);
|
|
158
|
+
if (publicKeys.length === 0) {
|
|
159
|
+
throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
|
|
160
|
+
}
|
|
161
|
+
const thumbprint = (0, import_node_crypto.createHash)("sha1").update(Buffer.from(publicKeys[0], "base64")).digest("hex").toUpperCase();
|
|
162
|
+
const thumbprintSha256 = (0, import_node_crypto.createHash)("sha256").update(Buffer.from(publicKeys[0], "base64")).digest("hex").toUpperCase();
|
|
163
|
+
return {
|
|
164
|
+
certificateContents,
|
|
165
|
+
thumbprintSha256,
|
|
166
|
+
thumbprint,
|
|
167
|
+
x5c
|
|
168
|
+
};
|
|
169
|
+
}
|
|
132
170
|
}
|
|
133
|
-
|
|
134
|
-
|
|
171
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
172
|
+
0 && (module.exports = {
|
|
173
|
+
OnBehalfOfCredential
|
|
174
|
+
});
|
|
175
|
+
//# sourceMappingURL=onBehalfOfCredential.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{"version":3,"file":"onBehalfOfCredential.js","sourceRoot":"","sources":["../../../src/credentials/onBehalfOfCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAIlC,mEAAmE;AAOnE,mDAAmE;AACnE,+DAGkC;AAKlC,4CAA0D;AAE1D,6CAAyC;AACzC,yDAAqD;AACrD,+CAA4C;AAC5C,mDAAmD;AAEnD,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAa,oBAAoB;IACvB,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,UAAU,CAAa;IACvB,oBAAoB,CAAW;IAC/B,eAAe,CAAU;IACzB,YAAY,CAAU;IACtB,kBAAkB,CAAS;IAC3B,eAAe,CAAyB;IA6FhD,YAAY,OAAoC;QAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,OAA4C,CAAC;QACtE,MAAM,EAAE,eAAe,EAAE,oBAAoB,EAAE,GAC7C,OAAiD,CAAC;QACpD,MAAM,EAAE,YAAY,EAAE,GAAG,OAA+C,CAAC;QACzE,MAAM,EACJ,QAAQ,EACR,QAAQ,EACR,kBAAkB,EAClB,0BAA0B,EAAE,4BAA4B,GACzD,GAAG,OAAO,CAAC;QACZ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,0IAA0I,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY,EAAE,CAAC;YACvD,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,kNAAkN,CACpO,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,oJAAoJ,CACtK,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,eAAe,GAAG,YAAY,CAAC;QAEpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,4BAA4B,CAC7B,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;YAC1D,GAAG,OAAO;YACV,MAAM;YACN,sBAAsB,EAAE,OAAO;SAChC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACxF,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACzB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAElF,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,iBAAiB,EACjB,UAAU,CACX,CAAC;YACJ,CAAC;iBAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,YAAY,EACjB,OAAO,CACR,CAAC;YACJ,CAAC;iBAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACvC,WAAW,EACX,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,eAAe,EACpB,OAAO,CACR,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,yKAAyK;gBACzK,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAAC,eAAuB;QAC1D,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,eAAe,EAAE,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC1F,OAAO;gBACL,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;gBACxC,UAAU,EAAE,KAAK,CAAC,mBAAmB;gBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;QACJ,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,aAAkD,EAClD,oBAA8B;QAE9B,MAAM,eAAe,GAAG,aAAa,CAAC,eAAe,CAAC;QACtD,MAAM,mBAAmB,GAAG,MAAM,IAAA,mBAAQ,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnE,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;QAClG,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,qHAAqH;QACrH,IAAI,KAAK,CAAC;QACV,GAAG,CAAC;YACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACrD,IAAI,KAAK,EAAE,CAAC;gBACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC,QAAQ,KAAK,EAAE;QAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAChG,CAAC;QACD,MAAM,UAAU,GAAG,IAAA,wBAAU,EAAC,MAAM,CAAC,CAAC,4DAA4D;aAC/F,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,MAAM,gBAAgB,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;aAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,OAAO;YACL,mBAAmB;YACnB,gBAAgB;YAChB,UAAU;YACV,GAAG;SACJ,CAAC;IACJ,CAAC;CACF;AAlQD,oDAkQC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport type {\n OnBehalfOfCredentialAssertionOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n} from \"./onBehalfOfCredentialOptions.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { CertificateParts } from \"../msal/types.js\";\nimport type { ClientCertificatePEMCertificatePath } from \"./clientCertificateCredentialModels.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\nimport { createHash } from \"node:crypto\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).\n */\nexport class OnBehalfOfCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private sendCertificateChain?: boolean;\n private certificatePath?: string;\n private clientSecret?: string;\n private userAssertionToken: string;\n private clientAssertion?: () => Promise<string>;\n\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,\n * and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_pem_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * certificatePath: \"/path/to/certificate.pem\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialCertificateOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * secret and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_secret_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * clientSecret: \"client-secret\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialSecretOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client `getAssertion`\n * and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_assertion_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * getAssertion: () => {\n * return Promise.resolve(\"my-jwt\");\n * },\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialAssertionOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n constructor(options: OnBehalfOfCredentialOptions) {\n const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n const { certificatePath, sendCertificateChain } =\n options as OnBehalfOfCredentialCertificateOptions;\n const { getAssertion } = options as OnBehalfOfCredentialAssertionOptions;\n const {\n tenantId,\n clientId,\n userAssertionToken,\n additionallyAllowedTenants: additionallyAllowedTenantIds,\n } = options;\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientSecret && !certificatePath && !getAssertion) {\n throw new CredentialUnavailableError(\n `${credentialName}: You must provide one of clientSecret, certificatePath, or a getAssertion callback but none were provided. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!userAssertionToken) {\n throw new CredentialUnavailableError(\n `${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n this.certificatePath = certificatePath;\n this.clientSecret = clientSecret;\n this.userAssertionToken = userAssertionToken;\n this.sendCertificateChain = sendCertificateChain;\n this.clientAssertion = getAssertion;\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n additionallyAllowedTenantIds,\n );\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options,\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the underlying network requests.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n if (this.certificatePath) {\n const clientCertificate = await this.buildClientCertificate(this.certificatePath);\n\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n clientCertificate,\n newOptions,\n );\n } else if (this.clientSecret) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientSecret,\n options,\n );\n } else if (this.clientAssertion) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientAssertion,\n options,\n );\n } else {\n // this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided\n throw new Error(\n \"Expected either clientSecret or certificatePath or clientAssertion to be defined.\",\n );\n }\n });\n }\n\n private async buildClientCertificate(certificatePath: string): Promise<CertificateParts> {\n try {\n const parts = await this.parseCertificate({ certificatePath }, this.sendCertificateChain);\n return {\n thumbprint: parts.thumbprint,\n thumbprintSha256: parts.thumbprintSha256,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n logger.info(formatError(\"\", error));\n throw error;\n }\n }\n\n private async parseCertificate(\n configuration: ClientCertificatePEMCertificatePath,\n sendCertificateChain?: boolean,\n ): Promise<Omit<CertificateParts, \"privateKey\"> & { certificateContents: string }> {\n const certificatePath = configuration.certificatePath;\n const certificateContents = await readFile(certificatePath, \"utf8\");\n const x5c = sendCertificateChain ? certificateContents : undefined;\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n const thumbprint = createHash(\"sha1\") // CodeQL [SM04514] Needed for backward compatibility reason\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n const thumbprintSha256 = createHash(\"sha256\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return {\n certificateContents,\n thumbprintSha256,\n thumbprint,\n x5c,\n };\n }\n}\n"]}
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../src/credentials/onBehalfOfCredential.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport type {\n OnBehalfOfCredentialAssertionOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n} from \"./onBehalfOfCredentialOptions.js\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { CertificateParts } from \"../msal/types.js\";\nimport type { ClientCertificatePEMCertificatePath } from \"./clientCertificateCredentialModels.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\nimport { createHash } from \"node:crypto\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst credentialName = \"OnBehalfOfCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).\n */\nexport class OnBehalfOfCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private sendCertificateChain?: boolean;\n private certificatePath?: string;\n private clientSecret?: string;\n private userAssertionToken: string;\n private clientAssertion?: () => Promise<string>;\n\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,\n * and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_pem_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * certificatePath: \"/path/to/certificate.pem\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialCertificateOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client\n * secret and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_secret_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * clientSecret: \"client-secret\",\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialSecretOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n /**\n * Creates an instance of the {@link OnBehalfOfCredential} with the details\n * needed to authenticate against Microsoft Entra ID with a client `getAssertion`\n * and an user assertion.\n *\n * Example using the `KeyClient` from [\\@azure/keyvault-keys](https://www.npmjs.com/package/\\@azure/keyvault-keys):\n *\n * ```ts snippet:on_behalf_of_credential_assertion_example\n * import { OnBehalfOfCredential } from \"@azure/identity\";\n * import { KeyClient } from \"@azure/keyvault-keys\";\n *\n * const tokenCredential = new OnBehalfOfCredential({\n * tenantId: \"tenant-id\",\n * clientId: \"client-id\",\n * getAssertion: () => {\n * return Promise.resolve(\"my-jwt\");\n * },\n * userAssertionToken: \"access-token\",\n * });\n * const client = new KeyClient(\"vault-url\", tokenCredential);\n *\n * await client.getKey(\"key-name\");\n * ```\n *\n * @param options - Optional parameters, generally common across credentials.\n */\n constructor(\n options: OnBehalfOfCredentialAssertionOptions &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions,\n );\n\n constructor(options: OnBehalfOfCredentialOptions) {\n const { clientSecret } = options as OnBehalfOfCredentialSecretOptions;\n const { certificatePath, sendCertificateChain } =\n options as OnBehalfOfCredentialCertificateOptions;\n const { getAssertion } = options as OnBehalfOfCredentialAssertionOptions;\n const {\n tenantId,\n clientId,\n userAssertionToken,\n additionallyAllowedTenants: additionallyAllowedTenantIds,\n } = options;\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!clientSecret && !certificatePath && !getAssertion) {\n throw new CredentialUnavailableError(\n `${credentialName}: You must provide one of clientSecret, certificatePath, or a getAssertion callback but none were provided. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n\n if (!userAssertionToken) {\n throw new CredentialUnavailableError(\n `${credentialName}: userAssertionToken is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n );\n }\n this.certificatePath = certificatePath;\n this.clientSecret = clientSecret;\n this.userAssertionToken = userAssertionToken;\n this.sendCertificateChain = sendCertificateChain;\n this.clientAssertion = getAssertion;\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n additionallyAllowedTenantIds,\n );\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n logger,\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure the underlying network requests.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n if (this.certificatePath) {\n const clientCertificate = await this.buildClientCertificate(this.certificatePath);\n\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n clientCertificate,\n newOptions,\n );\n } else if (this.clientSecret) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientSecret,\n options,\n );\n } else if (this.clientAssertion) {\n return this.msalClient.getTokenOnBehalfOf(\n arrayScopes,\n this.userAssertionToken,\n this.clientAssertion,\n options,\n );\n } else {\n // this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided\n throw new Error(\n \"Expected either clientSecret or certificatePath or clientAssertion to be defined.\",\n );\n }\n });\n }\n\n private async buildClientCertificate(certificatePath: string): Promise<CertificateParts> {\n try {\n const parts = await this.parseCertificate({ certificatePath }, this.sendCertificateChain);\n return {\n thumbprint: parts.thumbprint,\n thumbprintSha256: parts.thumbprintSha256,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n logger.info(formatError(\"\", error));\n throw error;\n }\n }\n\n private async parseCertificate(\n configuration: ClientCertificatePEMCertificatePath,\n sendCertificateChain?: boolean,\n ): Promise<Omit<CertificateParts, \"privateKey\"> & { certificateContents: string }> {\n const certificatePath = configuration.certificatePath;\n const certificateContents = await readFile(certificatePath, \"utf8\");\n const x5c = sendCertificateChain ? certificateContents : undefined;\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n const thumbprint = createHash(\"sha1\") // CodeQL [SM04514] Needed for backward compatibility reason\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n const thumbprintSha256 = createHash(\"sha256\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return {\n certificateContents,\n thumbprintSha256,\n thumbprint,\n x5c,\n };\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,wBAAiC;AAOjC,qBAA8C;AAC9C,2BAGO;AAKP,oBAA2C;AAE3C,yBAA2B;AAC3B,wBAA6B;AAC7B,sBAAyB;AACzB,qBAA8B;AAE9B,MAAM,iBAAiB;AACvB,MAAM,aAAS,iCAAiB,cAAc;AAKvC,MAAM,qBAAgD;AAAA,EACnD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EA6FR,YAAY,SAAsC;AAChD,UAAM,EAAE,aAAa,IAAI;AACzB,UAAM,EAAE,iBAAiB,qBAAqB,IAC5C;AACF,UAAM,EAAE,aAAa,IAAI;AACzB,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA,4BAA4B;AAAA,IAC9B,IAAI;AACJ,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR,GAAG,cAAc;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR,GAAG,cAAc;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,cAAc;AACtD,YAAM,IAAI;AAAA,QACR,GAAG,cAAc;AAAA,MACnB;AAAA,IACF;AAEA,QAAI,CAAC,oBAAoB;AACvB,YAAM,IAAI;AAAA,QACR,GAAG,cAAc;AAAA,MACnB;AAAA,IACF;AACA,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAC1B,SAAK,uBAAuB;AAC5B,SAAK,kBAAkB;AAEvB,SAAK,WAAW;AAChB,SAAK,mCAA+B;AAAA,MAClC;AAAA,IACF;AAEA,SAAK,iBAAa,oCAAiB,UAAU,KAAK,UAAU;AAAA,MAC1D,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,SAAS,QAA2B,UAA2B,CAAC,GAAyB;AAC7F,WAAO,6BAAc,SAAS,GAAG,cAAc,aAAa,SAAS,OAAO,eAAe;AACzF,iBAAW,eAAW;AAAA,QACpB,KAAK;AAAA,QACL;AAAA,QACA,KAAK;AAAA,QACL;AAAA,MACF;AAEA,YAAM,kBAAc,gCAAa,MAAM;AACvC,UAAI,KAAK,iBAAiB;AACxB,cAAM,oBAAoB,MAAM,KAAK,uBAAuB,KAAK,eAAe;AAEhF,eAAO,KAAK,WAAW;AAAA,UACrB;AAAA,UACA,KAAK;AAAA,UACL;AAAA,UACA;AAAA,QACF;AAAA,MACF,WAAW,KAAK,cAAc;AAC5B,eAAO,KAAK,WAAW;AAAA,UACrB;AAAA,UACA,KAAK;AAAA,UACL,KAAK;AAAA,UACL;AAAA,QACF;AAAA,MACF,WAAW,KAAK,iBAAiB;AAC/B,eAAO,KAAK,WAAW;AAAA,UACrB;AAAA,UACA,KAAK;AAAA,UACL,KAAK;AAAA,UACL;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,uBAAuB,iBAAoD;AACvF,QAAI;AACF,YAAM,QAAQ,MAAM,KAAK,iBAAiB,EAAE,gBAAgB,GAAG,KAAK,oBAAoB;AACxF,aAAO;AAAA,QACL,YAAY,MAAM;AAAA,QAClB,kBAAkB,MAAM;AAAA,QACxB,YAAY,MAAM;AAAA,QAClB,KAAK,MAAM;AAAA,MACb;AAAA,IACF,SAAS,OAAY;AACnB,aAAO,SAAK,4BAAY,IAAI,KAAK,CAAC;AAClC,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAc,iBACZ,eACA,sBACiF;AACjF,UAAM,kBAAkB,cAAc;AACtC,UAAM,sBAAsB,UAAM,0BAAS,iBAAiB,MAAM;AAClE,UAAM,MAAM,uBAAuB,sBAAsB;AAEzD,UAAM,qBACJ;AACF,UAAM,aAAuB,CAAC;AAG9B,QAAI;AACJ,OAAG;AACD,cAAQ,mBAAmB,KAAK,mBAAmB;AACnD,UAAI,OAAO;AACT,mBAAW,KAAK,MAAM,CAAC,CAAC;AAAA,MAC1B;AAAA,IACF,SAAS;AAET,QAAI,WAAW,WAAW,GAAG;AAC3B,YAAM,IAAI,MAAM,4EAA4E;AAAA,IAC9F;AACA,UAAM,iBAAa,+BAAW,MAAM,EACjC,OAAO,OAAO,KAAK,WAAW,CAAC,GAAG,QAAQ,CAAC,EAC3C,OAAO,KAAK,EACZ,YAAY;AAEf,UAAM,uBAAmB,+BAAW,QAAQ,EACzC,OAAO,OAAO,KAAK,WAAW,CAAC,GAAG,QAAQ,CAAC,EAC3C,OAAO,KAAK,EACZ,YAAY;AAEf,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -1,5 +1,16 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __copyProps = (to, from, except, desc) => {
|
|
6
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
7
|
+
for (let key of __getOwnPropNames(from))
|
|
8
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
9
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
10
|
+
}
|
|
11
|
+
return to;
|
|
12
|
+
};
|
|
13
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
14
|
+
var onBehalfOfCredentialOptions_exports = {};
|
|
15
|
+
module.exports = __toCommonJS(onBehalfOfCredentialOptions_exports);
|
|
16
|
+
//# sourceMappingURL=onBehalfOfCredentialOptions.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../src/credentials/onBehalfOfCredentialOptions.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.\n */\nexport interface OnBehalfOfCredentialSecretOptions {\n /**\n * The Microsoft Entra tenant (directory) ID.\n */\n tenantId: string;\n /**\n * The client (application) ID of an App Registration in the tenant.\n */\n clientId: string;\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.\n */\nexport interface OnBehalfOfCredentialCertificateOptions {\n /**\n * The Microsoft Entra tenant (directory) ID.\n */\n tenantId: string;\n /**\n * The client (application) ID of an App Registration in the tenant.\n */\n clientId: string;\n /**\n * The path to a PEM-encoded public/private key certificate on the filesystem.\n */\n certificatePath: string;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n\n/**\n * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with an assertion.\n */\nexport interface OnBehalfOfCredentialAssertionOptions {\n /**\n * The Microsoft Entra tenant (directory) ID.\n */\n tenantId: string;\n /**\n * The client (application) ID of an App Registration in the tenant.\n */\n clientId: string;\n /**\n * A function that retrieves the client assertion for the credential to use\n */\n getAssertion: () => Promise<string>;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n/**\n * Optional parameters for the {@link OnBehalfOfCredential} class.\n */\nexport type OnBehalfOfCredentialOptions = (\n | OnBehalfOfCredentialSecretOptions\n | OnBehalfOfCredentialCertificateOptions\n | OnBehalfOfCredentialAssertionOptions\n) &\n MultiTenantTokenCredentialOptions &\n CredentialPersistenceOptions &\n AuthorityValidationOptions;\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;AAAA;AAAA;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"usernamePasswordCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAOhG;;;;;;GAMG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IAEzB;;;;;;;;;;OAUG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iCAAsC;
|
|
1
|
+
{"version":3,"file":"usernamePasswordCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAOhG;;;;;;GAMG;AACH,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IAEzB;;;;;;;;;;OAUG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iCAAsC;IAuCjD;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAsB/F"}
|
|
@@ -1,80 +1,116 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __export = (target, all) => {
|
|
6
|
+
for (var name in all)
|
|
7
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
8
|
+
};
|
|
9
|
+
var __copyProps = (to, from, except, desc) => {
|
|
10
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
11
|
+
for (let key of __getOwnPropNames(from))
|
|
12
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
13
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
14
|
+
}
|
|
15
|
+
return to;
|
|
16
|
+
};
|
|
17
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
18
|
+
var usernamePasswordCredential_exports = {};
|
|
19
|
+
__export(usernamePasswordCredential_exports, {
|
|
20
|
+
UsernamePasswordCredential: () => UsernamePasswordCredential
|
|
21
|
+
});
|
|
22
|
+
module.exports = __toCommonJS(usernamePasswordCredential_exports);
|
|
23
|
+
var import_msalClient = require("../msal/nodeFlows/msalClient.js");
|
|
24
|
+
var import_tenantIdUtils = require("../util/tenantIdUtils.js");
|
|
25
|
+
var import_errors = require("../errors.js");
|
|
26
|
+
var import_logging = require("../util/logging.js");
|
|
27
|
+
var import_scopeUtils = require("../util/scopeUtils.js");
|
|
28
|
+
var import_tracing = require("../util/tracing.js");
|
|
29
|
+
const logger = (0, import_logging.credentialLogger)("UsernamePasswordCredential");
|
|
20
30
|
class UsernamePasswordCredential {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
throw new errors_js_1.CredentialUnavailableError("UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
43
|
-
}
|
|
44
|
-
if (!username) {
|
|
45
|
-
throw new errors_js_1.CredentialUnavailableError("UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
46
|
-
}
|
|
47
|
-
if (!password) {
|
|
48
|
-
throw new errors_js_1.CredentialUnavailableError("UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.");
|
|
49
|
-
}
|
|
50
|
-
this.tenantId = tenantId;
|
|
51
|
-
this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options?.additionallyAllowedTenants);
|
|
52
|
-
this.username = username;
|
|
53
|
-
this.password = password;
|
|
54
|
-
this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, this.tenantId, {
|
|
55
|
-
...options,
|
|
56
|
-
tokenCredentialOptions: options ?? {},
|
|
57
|
-
});
|
|
31
|
+
tenantId;
|
|
32
|
+
additionallyAllowedTenantIds;
|
|
33
|
+
msalClient;
|
|
34
|
+
username;
|
|
35
|
+
password;
|
|
36
|
+
/**
|
|
37
|
+
* Creates an instance of the UsernamePasswordCredential with the details
|
|
38
|
+
* needed to authenticate against Microsoft Entra ID with a username
|
|
39
|
+
* and password.
|
|
40
|
+
*
|
|
41
|
+
* @param tenantId - The Microsoft Entra tenant (directory).
|
|
42
|
+
* @param clientId - The client (application) ID of an App Registration in the tenant.
|
|
43
|
+
* @param username - The user account's e-mail address (user name).
|
|
44
|
+
* @param password - The user account's account password
|
|
45
|
+
* @param options - Options for configuring the client which makes the authentication request.
|
|
46
|
+
*/
|
|
47
|
+
constructor(tenantId, clientId, username, password, options = {}) {
|
|
48
|
+
if (!tenantId) {
|
|
49
|
+
throw new import_errors.CredentialUnavailableError(
|
|
50
|
+
"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
|
|
51
|
+
);
|
|
58
52
|
}
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
* If the user provided the option `disableAutomaticAuthentication`,
|
|
64
|
-
* once the token can't be retrieved silently,
|
|
65
|
-
* this method won't attempt to request user interaction to retrieve the token.
|
|
66
|
-
*
|
|
67
|
-
* @param scopes - The list of scopes for which the token will have access.
|
|
68
|
-
* @param options - The options used to configure any requests this
|
|
69
|
-
* TokenCredential implementation might make.
|
|
70
|
-
*/
|
|
71
|
-
async getToken(scopes, options = {}) {
|
|
72
|
-
return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
73
|
-
newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
|
|
74
|
-
const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
|
|
75
|
-
return this.msalClient.getTokenByUsernamePassword(arrayScopes, this.username, this.password, newOptions);
|
|
76
|
-
});
|
|
53
|
+
if (!clientId) {
|
|
54
|
+
throw new import_errors.CredentialUnavailableError(
|
|
55
|
+
"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
|
|
56
|
+
);
|
|
77
57
|
}
|
|
58
|
+
if (!username) {
|
|
59
|
+
throw new import_errors.CredentialUnavailableError(
|
|
60
|
+
"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
|
|
61
|
+
);
|
|
62
|
+
}
|
|
63
|
+
if (!password) {
|
|
64
|
+
throw new import_errors.CredentialUnavailableError(
|
|
65
|
+
"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot."
|
|
66
|
+
);
|
|
67
|
+
}
|
|
68
|
+
this.tenantId = tenantId;
|
|
69
|
+
this.additionallyAllowedTenantIds = (0, import_tenantIdUtils.resolveAdditionallyAllowedTenantIds)(
|
|
70
|
+
options?.additionallyAllowedTenants
|
|
71
|
+
);
|
|
72
|
+
this.username = username;
|
|
73
|
+
this.password = password;
|
|
74
|
+
this.msalClient = (0, import_msalClient.createMsalClient)(clientId, this.tenantId, {
|
|
75
|
+
...options
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
|
80
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
|
81
|
+
*
|
|
82
|
+
* If the user provided the option `disableAutomaticAuthentication`,
|
|
83
|
+
* once the token can't be retrieved silently,
|
|
84
|
+
* this method won't attempt to request user interaction to retrieve the token.
|
|
85
|
+
*
|
|
86
|
+
* @param scopes - The list of scopes for which the token will have access.
|
|
87
|
+
* @param options - The options used to configure any requests this
|
|
88
|
+
* TokenCredential implementation might make.
|
|
89
|
+
*/
|
|
90
|
+
async getToken(scopes, options = {}) {
|
|
91
|
+
return import_tracing.tracingClient.withSpan(
|
|
92
|
+
`${this.constructor.name}.getToken`,
|
|
93
|
+
options,
|
|
94
|
+
async (newOptions) => {
|
|
95
|
+
newOptions.tenantId = (0, import_tenantIdUtils.processMultiTenantRequest)(
|
|
96
|
+
this.tenantId,
|
|
97
|
+
newOptions,
|
|
98
|
+
this.additionallyAllowedTenantIds,
|
|
99
|
+
logger
|
|
100
|
+
);
|
|
101
|
+
const arrayScopes = (0, import_scopeUtils.ensureScopes)(scopes);
|
|
102
|
+
return this.msalClient.getTokenByUsernamePassword(
|
|
103
|
+
arrayScopes,
|
|
104
|
+
this.username,
|
|
105
|
+
this.password,
|
|
106
|
+
newOptions
|
|
107
|
+
);
|
|
108
|
+
}
|
|
109
|
+
);
|
|
110
|
+
}
|
|
78
111
|
}
|
|
79
|
-
|
|
80
|
-
|
|
112
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
113
|
+
0 && (module.exports = {
|
|
114
|
+
UsernamePasswordCredential
|
|
115
|
+
});
|
|
116
|
+
//# sourceMappingURL=usernamePasswordCredential.js.map
|