@azure/identity 4.14.0-beta.1 → 4.14.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -40
- package/dist/browser/client/identityClient.d.ts +5 -4
- package/dist/browser/client/identityClient.d.ts.map +1 -1
- package/dist/browser/client/identityClient.js +56 -18
- package/dist/browser/client/identityClient.js.map +1 -1
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/browser/credentials/authorizationCodeCredential.d.ts +3 -3
- package/dist/browser/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential.js +2 -2
- package/dist/browser/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/azureCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureCliCredential.js +3 -3
- package/dist/browser/credentials/azureCliCredential.js.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.js +3 -3
- package/dist/browser/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.js +3 -3
- package/dist/browser/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/azurePowerShellCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential.js +3 -3
- package/dist/browser/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/browser/credentials/brokerCredential.d.ts +2 -2
- package/dist/browser/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/browser/credentials/brokerCredential.js +0 -1
- package/dist/browser/credentials/brokerCredential.js.map +1 -1
- package/dist/browser/credentials/clientAssertionCredential.d.ts +5 -4
- package/dist/browser/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential.js +3 -3
- package/dist/browser/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/browser/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/clientCertificateCredential.d.ts +6 -4
- package/dist/browser/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential.js +3 -3
- package/dist/browser/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/browser/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/clientSecretCredential.d.ts +1 -1
- package/dist/browser/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientSecretCredential.js +1 -1
- package/dist/browser/credentials/clientSecretCredential.js.map +1 -0
- package/dist/browser/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/defaultAzureCredential.d.ts +3 -3
- package/dist/browser/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential.js +2 -2
- package/dist/browser/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/deviceCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential.js +3 -3
- package/dist/browser/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/browser/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/environmentCredential.d.ts +5 -4
- package/dist/browser/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/browser/credentials/environmentCredential.js +3 -3
- package/dist/browser/credentials/environmentCredential.js.map +1 -0
- package/dist/browser/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential.js +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts +9 -4
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index.js +3 -3
- package/dist/browser/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/browser/credentials/onBehalfOfCredential.d.ts +5 -4
- package/dist/browser/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential.js +3 -3
- package/dist/browser/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.d.ts +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.js +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential.js +3 -3
- package/dist/browser/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.d.ts +5 -4
- package/dist/browser/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.js +3 -3
- package/dist/browser/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/browser/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/browser/index.d.ts +33 -33
- package/dist/browser/index.d.ts.map +1 -1
- package/dist/browser/index.js.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/browser/msal/msal.d.ts +2 -3
- package/dist/browser/msal/msal.d.ts.map +1 -0
- package/dist/browser/msal/msal.js +2 -3
- package/dist/browser/msal/msal.js.map +1 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.js +6 -6
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/browser/msal/utils.d.ts +5 -13
- package/dist/browser/msal/utils.d.ts.map +1 -1
- package/dist/browser/msal/utils.js +12 -25
- package/dist/browser/msal/utils.js.map +1 -1
- package/dist/browser/plugins/consumer.d.ts +1 -1
- package/dist/browser/plugins/consumer.d.ts.map +1 -0
- package/dist/browser/plugins/consumer.js +1 -1
- package/dist/browser/plugins/consumer.js.map +1 -0
- package/dist/browser/util/authorityHost.d.ts +10 -0
- package/dist/browser/util/authorityHost.d.ts.map +1 -0
- package/dist/browser/util/authorityHost.js +18 -0
- package/dist/browser/util/authorityHost.js.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.d.ts +3 -2
- package/dist/browser/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.js +2 -2
- package/dist/browser/util/processMultiTenantRequest.js.map +1 -0
- package/dist/commonjs/client/identityClient.d.ts +5 -4
- package/dist/commonjs/client/identityClient.d.ts.map +1 -1
- package/dist/commonjs/client/identityClient.js +295 -252
- package/dist/commonjs/client/identityClient.js.map +7 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.js +61 -78
- package/dist/commonjs/constants.js.map +7 -1
- package/dist/commonjs/credentials/authorityValidationOptions.js +16 -5
- package/dist/commonjs/credentials/authorityValidationOptions.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.js +98 -75
- package/dist/commonjs/credentials/authorizationCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredential.js +245 -214
- package/dist/commonjs/credentials/azureCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js +237 -202
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredential.js +173 -135
- package/dist/commonjs/credentials/azurePipelinesCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredential.js +201 -205
- package/dist/commonjs/credentials/azurePowerShellCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerAuthOptions.js +16 -3
- package/dist/commonjs/credentials/brokerAuthOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerCredential.d.ts +2 -2
- package/dist/commonjs/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/brokerCredential.js +103 -71
- package/dist/commonjs/credentials/brokerCredential.js.map +7 -1
- package/dist/commonjs/credentials/browserCustomizationOptions.js +16 -5
- package/dist/commonjs/credentials/browserCustomizationOptions.js.map +7 -1
- package/dist/commonjs/credentials/chainedTokenCredential.js +113 -93
- package/dist/commonjs/credentials/chainedTokenCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientAssertionCredential.js +101 -64
- package/dist/commonjs/credentials/clientAssertionCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientCertificateCredential.js +129 -124
- package/dist/commonjs/credentials/clientCertificateCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientSecretCredential.js +96 -68
- package/dist/commonjs/credentials/clientSecretCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/credentialPersistenceOptions.js +16 -5
- package/dist/commonjs/credentials/credentialPersistenceOptions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredential.js +121 -159
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +110 -140
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/deviceCodeCredential.js +132 -104
- package/dist/commonjs/credentials/deviceCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredential.js +157 -123
- package/dist/commonjs/credentials/environmentCredential.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/environmentCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/environmentCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.js +144 -108
- package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/interactiveCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +92 -91
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +51 -44
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +256 -242
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/models.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/models.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/options.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/options.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +56 -39
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js +79 -75
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js.map +7 -1
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.js +168 -127
- package/dist/commonjs/credentials/onBehalfOfCredential.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.js +112 -76
- package/dist/commonjs/credentials/usernamePasswordCredential.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredential.js +144 -132
- package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredential.js +284 -274
- package/dist/commonjs/credentials/workloadIdentityCredential.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js.map +7 -1
- package/dist/commonjs/errors.js +131 -132
- package/dist/commonjs/errors.js.map +7 -1
- package/dist/commonjs/index.d.ts +33 -33
- package/dist/commonjs/index.d.ts.map +1 -1
- package/dist/commonjs/index.js +115 -67
- package/dist/commonjs/index.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +226 -249
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js +16 -5
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js.map +7 -1
- package/dist/commonjs/msal/credentials.js +16 -5
- package/dist/commonjs/msal/credentials.js.map +7 -1
- package/dist/commonjs/msal/msal.d.ts +1 -2
- package/dist/commonjs/msal/msal.d.ts.map +1 -1
- package/dist/commonjs/msal/msal.js +30 -9
- package/dist/commonjs/msal/msal.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js +16 -3
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.js +450 -478
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js +140 -147
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js +16 -5
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js.map +7 -1
- package/dist/commonjs/msal/types.js +16 -5
- package/dist/commonjs/msal/types.js.map +7 -1
- package/dist/commonjs/msal/utils.d.ts +5 -13
- package/dist/commonjs/msal/utils.d.ts.map +1 -1
- package/dist/commonjs/msal/utils.js +172 -226
- package/dist/commonjs/msal/utils.js.map +7 -1
- package/dist/commonjs/plugins/consumer.js +32 -40
- package/dist/commonjs/plugins/consumer.js.map +7 -1
- package/dist/commonjs/plugins/provider.js +16 -5
- package/dist/commonjs/plugins/provider.js.map +7 -1
- package/dist/commonjs/regionalAuthority.js +93 -141
- package/dist/commonjs/regionalAuthority.js.map +7 -1
- package/dist/commonjs/tokenCredentialOptions.js +16 -5
- package/dist/commonjs/tokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/tokenProvider.js +52 -52
- package/dist/commonjs/tokenProvider.js.map +7 -1
- package/dist/commonjs/tsdoc-metadata.json +1 -1
- package/dist/commonjs/util/authorityHost.d.ts +10 -0
- package/dist/commonjs/util/authorityHost.d.ts.map +1 -0
- package/dist/commonjs/util/authorityHost.js +36 -0
- package/dist/commonjs/util/authorityHost.js.map +7 -0
- package/dist/commonjs/util/certificatesUtils.js +54 -45
- package/dist/commonjs/util/certificatesUtils.js.map +7 -1
- package/dist/commonjs/util/identityTokenEndpoint.js +32 -12
- package/dist/commonjs/util/identityTokenEndpoint.js.map +7 -1
- package/dist/commonjs/util/logging.js +91 -97
- package/dist/commonjs/util/logging.js.map +7 -1
- package/dist/commonjs/util/processMultiTenantRequest.js +43 -33
- package/dist/commonjs/util/processMultiTenantRequest.js.map +7 -1
- package/dist/commonjs/util/processUtils.js +60 -35
- package/dist/commonjs/util/processUtils.js.map +7 -1
- package/dist/commonjs/util/scopeUtils.js +39 -28
- package/dist/commonjs/util/scopeUtils.js.map +7 -1
- package/dist/commonjs/util/subscriptionUtils.js +35 -17
- package/dist/commonjs/util/subscriptionUtils.js.map +7 -1
- package/dist/commonjs/util/tenantIdUtils.js +61 -45
- package/dist/commonjs/util/tenantIdUtils.js.map +7 -1
- package/dist/commonjs/util/tracing.js +33 -16
- package/dist/commonjs/util/tracing.js.map +7 -1
- package/dist/esm/client/identityClient.d.ts +5 -4
- package/dist/esm/client/identityClient.d.ts.map +1 -1
- package/dist/esm/client/identityClient.js +56 -18
- package/dist/esm/client/identityClient.js.map +1 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredential.js +0 -1
- package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.js +24 -1
- package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/esm/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/brokerCredential.d.ts +2 -2
- package/dist/esm/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/esm/credentials/brokerCredential.js +0 -1
- package/dist/esm/credentials/brokerCredential.js.map +1 -1
- package/dist/esm/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientAssertionCredential.js +1 -2
- package/dist/esm/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientCertificateCredential.js +0 -1
- package/dist/esm/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/esm/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/esm/credentials/clientSecretCredential.js +0 -1
- package/dist/esm/credentials/clientSecretCredential.js.map +1 -1
- package/dist/esm/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/esm/credentials/deviceCodeCredential.js +0 -1
- package/dist/esm/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/esm/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredential.js +0 -1
- package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/esm/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/esm/credentials/onBehalfOfCredential.js +0 -1
- package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredential.js +0 -1
- package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredential.js +3 -3
- package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/esm/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/esm/index.d.ts +33 -33
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/esm/msal/msal.d.ts +1 -2
- package/dist/esm/msal/msal.d.ts.map +1 -1
- package/dist/esm/msal/msal.js +1 -2
- package/dist/esm/msal/msal.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.js +6 -6
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/esm/msal/utils.d.ts +5 -13
- package/dist/esm/msal/utils.d.ts.map +1 -1
- package/dist/esm/msal/utils.js +12 -25
- package/dist/esm/msal/utils.js.map +1 -1
- package/dist/esm/util/authorityHost.d.ts +10 -0
- package/dist/esm/util/authorityHost.d.ts.map +1 -0
- package/dist/esm/util/authorityHost.js +18 -0
- package/dist/esm/util/authorityHost.js.map +1 -0
- package/dist/workerd/client/identityClient.d.ts +5 -4
- package/dist/workerd/client/identityClient.d.ts.map +1 -1
- package/dist/workerd/client/identityClient.js +56 -18
- package/dist/workerd/client/identityClient.js.map +1 -1
- package/dist/workerd/constants.d.ts +1 -1
- package/dist/workerd/constants.js +1 -1
- package/dist/workerd/constants.js.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredential.js +0 -1
- package/dist/workerd/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/authorizationCodeCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts +10 -0
- package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.js +24 -1
- package/dist/workerd/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/azurePipelinesCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/brokerCredential.d.ts +2 -2
- package/dist/workerd/credentials/brokerCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/brokerCredential.js +0 -1
- package/dist/workerd/credentials/brokerCredential.js.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredential.js +1 -2
- package/dist/workerd/credentials/clientAssertionCredential.js.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientAssertionCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredential.js +0 -1
- package/dist/workerd/credentials/clientCertificateCredential.js.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientCertificateCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/clientSecretCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/clientSecretCredential.js +0 -1
- package/dist/workerd/credentials/clientSecretCredential.js.map +1 -1
- package/dist/workerd/credentials/clientSecretCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/clientSecretCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredential.js +0 -1
- package/dist/workerd/credentials/deviceCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/deviceCodeCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/environmentCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/environmentCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.js +0 -1
- package/dist/workerd/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/interactiveCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/interactiveCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist/workerd/credentials/onBehalfOfCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js +0 -1
- package/dist/workerd/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredential.d.ts.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredential.js +0 -1
- package/dist/workerd/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/usernamePasswordCredentialOptions.js.map +1 -1
- package/dist/workerd/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredential.js +3 -3
- package/dist/workerd/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts +2 -2
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -1
- package/dist/workerd/credentials/workloadIdentityCredentialOptions.js.map +1 -1
- package/dist/workerd/index.d.ts +33 -33
- package/dist/workerd/index.d.ts.map +1 -1
- package/dist/workerd/index.js.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/workerd/msal/msal.d.ts +1 -2
- package/dist/workerd/msal/msal.d.ts.map +1 -1
- package/dist/workerd/msal/msal.js +1 -2
- package/dist/workerd/msal/msal.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts +14 -8
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.js +6 -6
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/workerd/msal/utils.d.ts +5 -13
- package/dist/workerd/msal/utils.d.ts.map +1 -1
- package/dist/workerd/msal/utils.js +12 -25
- package/dist/workerd/msal/utils.js.map +1 -1
- package/dist/workerd/util/authorityHost.d.ts +10 -0
- package/dist/workerd/util/authorityHost.d.ts.map +1 -0
- package/dist/workerd/util/authorityHost.js +18 -0
- package/dist/workerd/util/authorityHost.js.map +1 -0
- package/package.json +17 -34
- package/dist/browser/credentials/authorizationCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/authorizationCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.d.mts.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.mjs.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.mjs.map +0 -1
- package/dist/browser/msal/msal-browser.d.mts.map +0 -1
- package/dist/browser/msal/msal-browser.mjs.map +0 -1
- package/dist/browser/plugins/consumer-browser.d.mts.map +0 -1
- package/dist/browser/plugins/consumer-browser.mjs.map +0 -1
- package/dist/browser/util/authHostEnv-browser.d.mts +0 -4
- package/dist/browser/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/browser/util/authHostEnv-browser.mjs +0 -7
- package/dist/browser/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.d.mts.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +0 -1
- package/dist/esm/util/authHostEnv-browser.d.mts +0 -4
- package/dist/esm/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/esm/util/authHostEnv-browser.mjs +0 -7
- package/dist/esm/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.d.mts +0 -4
- package/dist/workerd/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.mjs +0 -7
- package/dist/workerd/util/authHostEnv-browser.mjs.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,OAAO,0BAA0B;IAC7B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,UAAU,CAAa;IACvB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAEzB;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;YAC1D,GAAG,OAAO;
|
|
1
|
+
{"version":3,"file":"usernamePasswordCredential.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,OAAO,0BAA0B;IAC7B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,UAAU,CAAa;IACvB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAEzB;;;;;;;;;;OAUG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA6C,EAAE;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;YAC1D,GAAG,OAAO;SACX,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,yBAAyB,CAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAC/C,WAAW,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { UsernamePasswordCredentialOptions } from \"./usernamePasswordCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport class UsernamePasswordCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient;\n private username: string;\n private password: string;\n\n /**\n * Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Microsoft Entra ID with a username\n * and password.\n *\n * @param tenantId - The Microsoft Entra tenant (directory).\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(\n tenantId: string,\n clientId: string,\n username: string,\n password: string,\n options: UsernamePasswordCredentialOptions = {},\n ) {\n if (!tenantId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!clientId) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!username) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n if (!password) {\n throw new CredentialUnavailableError(\n \"UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.\",\n );\n }\n\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.username = username;\n this.password = password;\n\n this.msalClient = createMsalClient(clientId, this.tenantId, {\n ...options,\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * If the user provided the option `disableAutomaticAuthentication`,\n * once the token can't be retrieved silently,\n * this method won't attempt to request user interaction to retrieve the token.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n newOptions.tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n logger,\n );\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByUsernamePassword(\n arrayScopes,\n this.username,\n this.password,\n newOptions,\n );\n },\n );\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"usernamePasswordCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,iCACf,
|
|
1
|
+
{"version":3,"file":"usernamePasswordCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;;GAGG;AACH,MAAM,WAAW,iCACf,SACE,iCAAiC,EACjC,4BAA4B,EAC5B,0BAA0B;CAAG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"usernamePasswordCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Defines options for the {@link UsernamePasswordCredential} class.\n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport interface UsernamePasswordCredentialOptions\n extends
|
|
1
|
+
{"version":3,"file":"usernamePasswordCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/usernamePasswordCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Defines options for the {@link UsernamePasswordCredential} class.\n * @deprecated UsernamePasswordCredential is deprecated. Use a more secure credential. See https://aka.ms/azsdk/identity/mfa for details.\n */\nexport interface UsernamePasswordCredentialOptions\n extends\n MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAc,MAAM,iCAAiC,CAAC;AAC/E,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACzF,OAAO,EAAE,+BAA+B,EAAE,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,cAAc,GAAG,sCAAsC,CAAC;AAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAC7B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,UAAU,CAAyB;IACnC,OAAO,CAAoC;IAEnD;;;;;;;;OAQG;IACH,YAAY,OAA2C;QACrD,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;QAE7B,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAChC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,OAAO,CAAC,MAAgB;QACpC,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;QAErB,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAChD,MAAM,IAAI,0BAA0B,CAClC,qDAAqD;gBACnD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QAED,wDAAwD;QACxD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAErF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,cAAc,EAAE,QAAQ,EAAE;YAC3D,GAAG,IAAI,CAAC,OAAO;YACf,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE;gBACb,OAAO,EAAE,IAAI;gBACb,kBAAkB,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC;gBACrC,uBAAuB,EAAE,IAAI;aAC9B;YACD,oBAAoB;SACrB,CAAC,CAAC;IACL,CAAC;IACD;;OAEG;IACK,cAAc,CAA4B;IAElD;;OAEG;IACK,WAAW,CAAC,MAAgB;QAClC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,sDAAsD;QACtD,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEnC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,0BAA0B,CAClC,yDAAyD;gBACvD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QACD,kHAAkH;QAClH,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,UAAU,EAAE;YAC9D,GAAG,OAAO;YACV,8BAA8B,EAAE,IAAI;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,cAAc,CAC1B,cAAsB,EACtB,MAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,iBAAiB,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YAC/E,OAAO,+BAA+B,CAAC,iBAAiB,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,IAAI,0BAA0B,CAClC,0DAA0D;gBACxD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { createMsalClient, MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { hasVSCodePlugin, vsCodeAuthRecordPath } from \"../msal/nodeFlows/msalPlugins.js\";\nimport { deserializeAuthenticationRecord } from \"../msal/utils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport { AuthenticationRecord } from \"../msal/types.js\";\n\nconst CommonTenantId = \"common\";\nconst VSCodeClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\";\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailableError(unsupportedTenantError);\n }\n}\n\n/**\n * Connects to Azure using the user account signed in through the Azure Resources extension in Visual Studio Code.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient | undefined;\n private options: VisualStudioCodeCredentialOptions;\n\n /**\n * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed, then authentication using\n * `VisualStudioCodeCredential` will not be available.\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(options?: VisualStudioCodeCredentialOptions) {\n this.options = options || {};\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n checkUnsupportedTenant(this.tenantId);\n }\n\n /**\n * Runs preparations for any further getToken request:\n * - Validates that the plugin is available.\n * - Loads the authentication record from VSCode if available.\n * - Creates the MSAL client with the loaded plugin and authentication record.\n */\n private async prepare(scopes: string[]): Promise<void> {\n const tenantId =\n processMultiTenantRequest(\n this.tenantId,\n this.options,\n this.additionallyAllowedTenantIds,\n logger,\n ) || this.tenantId;\n\n if (!hasVSCodePlugin() || !vsCodeAuthRecordPath) {\n throw new CredentialUnavailableError(\n \"Visual Studio Code Authentication is not available.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n\n // Load the authentication record directly from the path\n const authenticationRecord = await this.loadAuthRecord(vsCodeAuthRecordPath, scopes);\n\n this.msalClient = createMsalClient(VSCodeClientId, tenantId, {\n ...this.options,\n isVSCodeCredential: true,\n brokerOptions: {\n enabled: true,\n parentWindowHandle: new Uint8Array(0),\n useDefaultBrokerAccount: true,\n },\n authenticationRecord,\n });\n }\n /**\n * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n */\n private preparePromise: Promise<void> | undefined;\n\n /**\n * Runs preparations for any further getToken, but only once.\n */\n private prepareOnce(scopes: string[]): Promise<void> | undefined {\n if (!this.preparePromise) {\n this.preparePromise = this.prepare(scopes);\n }\n return this.preparePromise;\n }\n\n /**\n * Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n // Load the plugin and authentication record only once\n const scopeArray = ensureScopes(scopes);\n await this.prepareOnce(scopeArray);\n\n if (!this.msalClient) {\n throw new CredentialUnavailableError(\n \"Visual Studio Code Authentication failed to initialize.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n // Disable automatic authentication to ensure that the user is not prompted interactively if no token is available\n return this.msalClient.getTokenByInteractiveRequest(scopeArray, {\n ...options,\n disableAutomaticAuthentication: true,\n });\n }\n\n /**\n * Loads the authentication record from the specified path.\n * @param authRecordPath - The path to the authentication record file.\n * @param scopes - The list of scopes for which the token will have access.\n * @returns The authentication record or undefined if loading fails.\n */\n private async loadAuthRecord(\n authRecordPath: string,\n scopes: string[],\n ): Promise<AuthenticationRecord> {\n try {\n const authRecordContent = await readFile(authRecordPath, { encoding: \"utf8\" });\n return deserializeAuthenticationRecord(authRecordContent);\n } catch (error: any) {\n logger.getToken.info(formatError(scopes, error));\n throw new CredentialUnavailableError(\n \"Cannot load authentication record in Visual Studio Code.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"visualStudioCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,iCAAiC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACzF,OAAO,EAAE,+BAA+B,EAAE,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,cAAc,GAAG,sCAAsC,CAAC;AAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D,oEAAoE;AACpE,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,8CAA8C;IAC9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE,CAAC;QAC3B,MAAM,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA0B;IAC7B,QAAQ,CAAS;IACjB,4BAA4B,CAAW;IACvC,UAAU,CAAyB;IACnC,OAAO,CAAoC;IAEnD;;;;;;;;OAQG;IACH,YAAY,OAA2C;QACrD,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;QAE7B,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAChC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,OAAO,CAAC,MAAgB;QACpC,MAAM,QAAQ,GACZ,yBAAyB,CACvB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,IAAI,IAAI,CAAC,QAAQ,CAAC;QAErB,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAChD,MAAM,IAAI,0BAA0B,CAClC,qDAAqD;gBACnD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QAED,wDAAwD;QACxD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAErF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,cAAc,EAAE,QAAQ,EAAE;YAC3D,GAAG,IAAI,CAAC,OAAO;YACf,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE;gBACb,OAAO,EAAE,IAAI;gBACb,kBAAkB,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC;gBACrC,uBAAuB,EAAE,IAAI;aAC9B;YACD,oBAAoB;SACrB,CAAC,CAAC;IACL,CAAC;IACD;;OAEG;IACK,cAAc,CAA4B;IAElD;;OAEG;IACK,WAAW,CAAC,MAAgB;QAClC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,sDAAsD;QACtD,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEnC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,0BAA0B,CAClC,yDAAyD;gBACvD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QACD,kHAAkH;QAClH,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B,CAAC,UAAU,EAAE;YAC9D,GAAG,OAAO;YACV,8BAA8B,EAAE,IAAI;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,cAAc,CAC1B,cAAsB,EACtB,MAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,iBAAiB,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YAC/E,OAAO,+BAA+B,CAAC,iBAAiB,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,IAAI,0BAA0B,CAClC,0DAA0D;gBACxD,uEAAuE;gBACvE,+EAA+E;gBAC/E,yCAAyC,CAC5C,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError } from \"../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { VisualStudioCodeCredentialOptions } from \"./visualStudioCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { createMsalClient, type MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { hasVSCodePlugin, vsCodeAuthRecordPath } from \"../msal/nodeFlows/msalPlugins.js\";\nimport { deserializeAuthenticationRecord } from \"../msal/utils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport type { AuthenticationRecord } from \"../msal/types.js\";\n\nconst CommonTenantId = \"common\";\nconst VSCodeClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\";\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\",\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailableError(unsupportedTenantError);\n }\n}\n\n/**\n * Connects to Azure using the user account signed in through the Azure Resources extension in Visual Studio Code.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n */\nexport class VisualStudioCodeCredential implements TokenCredential {\n private tenantId: string;\n private additionallyAllowedTenantIds: string[];\n private msalClient: MsalClient | undefined;\n private options: VisualStudioCodeCredentialOptions;\n\n /**\n * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n *\n * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:\n * `@azure/identity-vscode`. If this package is not installed, then authentication using\n * `VisualStudioCodeCredential` will not be available.\n *\n * @param options - Options for configuring the client which makes the authentication request.\n */\n constructor(options?: VisualStudioCodeCredentialOptions) {\n this.options = options || {};\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n checkUnsupportedTenant(this.tenantId);\n }\n\n /**\n * Runs preparations for any further getToken request:\n * - Validates that the plugin is available.\n * - Loads the authentication record from VSCode if available.\n * - Creates the MSAL client with the loaded plugin and authentication record.\n */\n private async prepare(scopes: string[]): Promise<void> {\n const tenantId =\n processMultiTenantRequest(\n this.tenantId,\n this.options,\n this.additionallyAllowedTenantIds,\n logger,\n ) || this.tenantId;\n\n if (!hasVSCodePlugin() || !vsCodeAuthRecordPath) {\n throw new CredentialUnavailableError(\n \"Visual Studio Code Authentication is not available.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n\n // Load the authentication record directly from the path\n const authenticationRecord = await this.loadAuthRecord(vsCodeAuthRecordPath, scopes);\n\n this.msalClient = createMsalClient(VSCodeClientId, tenantId, {\n ...this.options,\n isVSCodeCredential: true,\n brokerOptions: {\n enabled: true,\n parentWindowHandle: new Uint8Array(0),\n useDefaultBrokerAccount: true,\n },\n authenticationRecord,\n });\n }\n /**\n * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n */\n private preparePromise: Promise<void> | undefined;\n\n /**\n * Runs preparations for any further getToken, but only once.\n */\n private prepareOnce(scopes: string[]): Promise<void> | undefined {\n if (!this.preparePromise) {\n this.preparePromise = this.prepare(scopes);\n }\n return this.preparePromise;\n }\n\n /**\n * Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n // Load the plugin and authentication record only once\n const scopeArray = ensureScopes(scopes);\n await this.prepareOnce(scopeArray);\n\n if (!this.msalClient) {\n throw new CredentialUnavailableError(\n \"Visual Studio Code Authentication failed to initialize.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n // Disable automatic authentication to ensure that the user is not prompted interactively if no token is available\n return this.msalClient.getTokenByInteractiveRequest(scopeArray, {\n ...options,\n disableAutomaticAuthentication: true,\n });\n }\n\n /**\n * Loads the authentication record from the specified path.\n * @param authRecordPath - The path to the authentication record file.\n * @param scopes - The list of scopes for which the token will have access.\n * @returns The authentication record or undefined if loading fails.\n */\n private async loadAuthRecord(\n authRecordPath: string,\n scopes: string[],\n ): Promise<AuthenticationRecord> {\n try {\n const authRecordContent = await readFile(authRecordPath, { encoding: \"utf8\" });\n return deserializeAuthenticationRecord(authRecordContent);\n } catch (error: any) {\n logger.getToken.info(formatError(scopes, error));\n throw new CredentialUnavailableError(\n \"Cannot load authentication record in Visual Studio Code.\" +\n \" Ensure you have have Azure Resources Extension installed in VS Code,\" +\n \" signed into Azure via VS Code, installed the @azure/identity-vscode package,\" +\n \" and properly configured the extension.\",\n );\n }\n }\n}\n"]}
|
|
@@ -132,8 +132,8 @@ export class WorkloadIdentityCredential {
|
|
|
132
132
|
if (!this.federatedTokenFilePath) {
|
|
133
133
|
throw new CredentialUnavailableError(`${credentialName}: is unavailable. ${ErrorMessages.TOKEN_FILE_PATH_REQUIRED}`);
|
|
134
134
|
}
|
|
135
|
-
// Use identity binding mode only when
|
|
136
|
-
if (workloadIdentityCredentialOptions.
|
|
135
|
+
// Use identity binding mode only when enableAzureProxy is set
|
|
136
|
+
if (workloadIdentityCredentialOptions.enableAzureProxy) {
|
|
137
137
|
const kubernetesTokenProxy = process.env.AZURE_KUBERNETES_TOKEN_PROXY;
|
|
138
138
|
const kubernetesSNIName = process.env.AZURE_KUBERNETES_SNI_NAME;
|
|
139
139
|
const kubernetesCAFile = process.env.AZURE_KUBERNETES_CA_FILE;
|
|
@@ -144,7 +144,7 @@ export class WorkloadIdentityCredential {
|
|
|
144
144
|
if (kubernetesSNIName || kubernetesCAFile || kubernetesCAData) {
|
|
145
145
|
throw new CredentialUnavailableError(`${credentialName}: is unavailable. ${ErrorMessages.TOKEN_PROXY_NOT_SET}`);
|
|
146
146
|
}
|
|
147
|
-
logger.info(`
|
|
147
|
+
logger.info(`enableAzureProxy is true but AZURE_KUBERNETES_TOKEN_PROXY is not set, using normal authentication flow`);
|
|
148
148
|
}
|
|
149
149
|
else {
|
|
150
150
|
const tokenProxy = parseAndValidateCustomTokenProxy(kubernetesTokenProxy);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,2BAA2B,EAAE,CAAC,QAAgB,EAAE,KAAc,EAAE,EAAE,CAChE,2CAA2C,QAAQ,MAAM,KAAK,EAAE;IAClE,oBAAoB,EAAE,CAAC,QAAgB,EAAE,EAAE,CACzC,qDAAqD,QAAQ,GAAG;IAClE,2BAA2B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC3C,8BAA8B,GAAG,8BAA8B;IACjE,uBAAuB,EAAE,CAAC,GAAW,EAAE,EAAE,CACvC,8BAA8B,GAAG,4BAA4B;IAC/D,0BAA0B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC1C,8BAA8B,GAAG,+BAA+B;IAClE,aAAa,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,iCAAiC,IAAI,EAAE;IACxE,sBAAsB,EAAE,CAAC,IAAY,EAAE,KAAc,EAAE,EAAE,CACvD,uCAAuC,IAAI,KAAK,KAAK,EAAE;IACzD,uBAAuB,EAAE,8DAA8D;IACvF,iBAAiB,EAAE,CAAC,IAAwB,EAAE,EAAE,CAAC,8BAA8B,IAAI,GAAG;IACtF,eAAe,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,0BAA0B,IAAI,GAAG;IACpE,YAAY,EAAE,qCAAqC;IACnD,kBAAkB,EAAE;qIAC+G;IACnI,kBAAkB,EAAE;qIAC+G;IACnI,wBAAwB,EAAE;qIACyG;IACnI,mBAAmB,EAAE,6GAA6G;IAClI,0BAA0B,EAAE,iGAAiG;IAC7H,gBAAgB,EAAE;;;;iKAI6I;CAChK,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAAC,QAAgB;IAC/D,IAAI,UAAe,CAAC;IACpB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CACnG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAChG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC/C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACrG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QACvD,+EAA+E;QAC/E,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC5B,CAAC;IAED,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAC7B,MAAM,CAAwC;IAC9C,8BAA8B,GAAuB,SAAS,CAAC;IAC/D,SAAS,GAAuB,SAAS,CAAC;IAC1C,sBAAsB,CAAqB;IAEnD,wDAAwD;IAChD,iBAAiB,CAAsD;IACvE,YAAY,CAAqB;IACjC,MAAM,CAAqB;IAC3B,MAAM,CAAqB;IAC3B,OAAO,CAAqB;IAEpC;;;;OAIG;IACH,YAAY,OAA2C;QACrD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAE5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,wBAAwB,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,IAAI,iCAAiC,CAAC,+BAA+B,EAAE,CAAC;YACtE,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;YACtE,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAE9D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,mGAAmG;gBACnG,iFAAiF;gBACjF,IAAI,iBAAiB,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBAC9D,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,mBAAmB,EAAE,CAC1E,CAAC;gBACJ,CAAC;gBACD,MAAM,CAAC,IAAI,CACT,uHAAuH,CACxH,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,gCAAgC,CAAC,oBAAoB,CAAC,CAAC;gBAE1E,oEAAoE;gBACpE,gFAAgF;gBAChF,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBACzC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,EAAE,CACjF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAEjC,iDAAiD;gBACjD,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC1D,iCAAiC,CAAC,UAAU,GAAG,WAAW,CAAC;gBAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,yCAAyC,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QAEF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,aAAqB;QAChD,MAAM,aAAa,GAAG,uBAAuB,EAAE,CAAC;QAChD,iFAAiF;QACjF,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAE/C,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,OAAwB,EAA6B,EAAE;gBACzE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAExC,MAAM,CAAC,IAAI,CACT,GAAG,cAAc,iDAAiD,aAAa,EAAE,CAClF,CAAC;gBAEF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBAExC,kEAAkE;gBAClE,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC3D,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAClD,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,WAAW;oBACjC,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,GAAG,WAAW,CAAC;gBAE1C,qEAAqE;gBACrE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM,CAAC,QAAQ,GAAG,YAAY,CAAC;gBAC/B,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;gBAClC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;gBAE9B,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;gBAE5C,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,wBAAwB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBACpE,wDAAwD;gBACxD,OAAO,aAAa,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC;oBAC7C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1E,IAAI,CAAC,iBAAiB,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;YAC1C,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAmB,CAAC;QACxB,IAAI,CAAC;YACH,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAO,EAAE,KAAK,CAAC,EAAE,CAClG,CAAC;QACJ,CAAC;QACD,+CAA+C;QAC/C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,sFAAsF;gBACtF,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACjF,CAAC;YACJ,CAAC;YACD,2DAA2D;YAC3D,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAElD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,IAAI,CAAC,iBAAiB,GAAG;gBACvB,EAAE,EAAE,YAAY;gBAChB,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;aAClD,CAAC;YACF,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC,iBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc,qBAAqB,aAAa,CAAC,gBAAgB,EAAE,CAAC;YAC5F,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,iBAAiB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACrG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACnG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport type { PipelineRequest, PipelineResponse, HttpClient } from \"@azure/core-rest-pipeline\";\nimport { createDefaultHttpClient } from \"@azure/core-rest-pipeline\";\nimport type { TlsSettings } from \"@azure/core-rest-pipeline\";\nimport { canParseAsX509Certificate } from \"../util/certificatesUtils.js\";\nimport { readFileSync } from \"node:fs\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\n\nconst logger = credentialLogger(credentialName);\n\n/**\n * Error messages for WorkloadIdentityCredential\n */\nconst ErrorMessages = {\n FAILED_TO_PARSE_TOKEN_PROXY: (endpoint: string, error: unknown) =>\n `Failed to parse custom token proxy URL \"${endpoint}\": ${error}`,\n INVALID_HTTPS_SCHEME: (protocol: string) =>\n `Custom token endpoint must use https scheme, got \"${protocol}\"`,\n TOKEN_ENDPOINT_NO_USER_INFO: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain user info`,\n TOKEN_ENDPOINT_NO_QUERY: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a query`,\n TOKEN_ENDPOINT_NO_FRAGMENT: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a fragment`,\n CA_FILE_EMPTY: (file: string) => `CA certificate file is empty: ${file}`,\n FAILED_TO_READ_CA_FILE: (file: string, error: unknown) =>\n `Failed to read CA certificate file: ${file}. ${error}`,\n INVALID_CA_CERTIFICATES: `Invalid CA certificate data: no valid PEM certificates found`,\n INVALID_FILE_PATH: (path: string | undefined) => `Invalid file path provided ${path}.`,\n NO_FILE_CONTENT: (path: string) => `No content on the file ${path}.`,\n NO_CA_SOURCE: `No CA certificate source specified.`,\n CLIENT_ID_REQUIRED: `clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TENANT_ID_REQUIRED: `tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_FILE_PATH_REQUIRED: `federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_PROXY_NOT_SET: `AZURE_KUBERNETES_TOKEN_PROXY is not set but other custom endpoint-related environment variables are present`,\n CA_FILE_AND_DATA_EXCLUSIVE: `AZURE_KUBERNETES_CA_FILE and AZURE_KUBERNETES_CA_DATA are mutually exclusive. Specify only one.`,\n MISSING_ENV_VARS: `tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n};\n\n/**\n * @internal\n * Parses and validates the custom token proxy endpoint URL\n */\nexport function parseAndValidateCustomTokenProxy(endpoint: string): string {\n let tokenProxy: URL;\n try {\n tokenProxy = new URL(endpoint);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_PARSE_TOKEN_PROXY(endpoint, error)}`,\n );\n }\n\n if (tokenProxy.protocol !== \"https:\") {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_HTTPS_SCHEME(tokenProxy.protocol)}`,\n );\n }\n\n if (tokenProxy.username || tokenProxy.password) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_USER_INFO(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.search) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_QUERY(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.hash) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_FRAGMENT(tokenProxy.toString())}`,\n );\n }\n\n if (!tokenProxy.pathname || tokenProxy.pathname === \"\") {\n // if the path is empty, set it to \"/\" to avoid stripping the path from req.URL\n tokenProxy.pathname = \"/\";\n }\n\n return tokenProxy.toString();\n}\n\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential | undefined;\n private azureFederatedTokenFileContent: string | undefined = undefined;\n private cacheDate: number | undefined = undefined;\n private federatedTokenFilePath: string | undefined;\n\n // AKS proxy CA caching - persists across token requests\n private cachedTlsSettings: (TlsSettings & { servername?: string }) | undefined;\n private cachedCaData: Buffer | undefined;\n private caData: string | undefined;\n private caFile: string | undefined;\n private sniName: string | undefined;\n\n /**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n *\n * @param options - The identity client options to use for authentication.\n */\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CLIENT_ID_REQUIRED}`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TENANT_ID_REQUIRED}`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_FILE_PATH_REQUIRED}`,\n );\n }\n\n // Use identity binding mode only when enableAzureKubernetesTokenProxy is set\n if (workloadIdentityCredentialOptions.enableAzureKubernetesTokenProxy) {\n const kubernetesTokenProxy = process.env.AZURE_KUBERNETES_TOKEN_PROXY;\n const kubernetesSNIName = process.env.AZURE_KUBERNETES_SNI_NAME;\n const kubernetesCAFile = process.env.AZURE_KUBERNETES_CA_FILE;\n const kubernetesCAData = process.env.AZURE_KUBERNETES_CA_DATA;\n\n if (!kubernetesTokenProxy) {\n // Custom token proxy is not set, while other Kubernetes-related environment variables are present,\n // this is likely a configuration issue so erroring out to avoid misconfiguration\n if (kubernetesSNIName || kubernetesCAFile || kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_PROXY_NOT_SET}`,\n );\n }\n logger.info(\n `enableAzureKubernetesTokenProxy is true but AZURE_KUBERNETES_TOKEN_PROXY is not set, using normal authentication flow`,\n );\n } else {\n const tokenProxy = parseAndValidateCustomTokenProxy(kubernetesTokenProxy);\n\n // CAFile and CAData are mutually exclusive, at most one can be set.\n // If none of CAFile or CAData are set, the default system CA pool will be used.\n if (kubernetesCAFile && kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_AND_DATA_EXCLUSIVE}`,\n );\n }\n\n this.caData = kubernetesCAData;\n this.caFile = kubernetesCAFile;\n this.sniName = kubernetesSNIName;\n\n // Configure client options with AKS proxy client\n const proxyClient = this.createAksProxyClient(tokenProxy);\n workloadIdentityCredentialOptions.httpClient = proxyClient;\n logger.info(`${credentialName}: Using proxy client for token requests`);\n }\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n workloadIdentityCredentialOptions,\n );\n }\n\n /**\n * Creates a proxy HttpClient that intercepts token requests and redirects them to the Kubernetes endpoint\n * Caching is handled at the credential level to persist across token requests\n */\n private createAksProxyClient(tokenEndpoint: string): HttpClient {\n const defaultClient = createDefaultHttpClient();\n // Init cached TLS settings at construction time to fail fast on misconfiguration\n this.cachedTlsSettings = this.getTlsSettings();\n\n return {\n sendRequest: async (request: PipelineRequest): Promise<PipelineResponse> => {\n const requestUrl = new URL(request.url);\n\n logger.info(\n `${credentialName}: Redirecting request to Kubernetes endpoint: ${tokenEndpoint}`,\n );\n\n const proxyUrl = new URL(tokenEndpoint);\n\n // Remove leading slash from request path and join with proxy path\n const requestPath = requestUrl.pathname.replace(/^\\//, \"\");\n const combinedPath = proxyUrl.pathname.endsWith(\"/\")\n ? proxyUrl.pathname + requestPath\n : proxyUrl.pathname + \"/\" + requestPath;\n\n // Create new URL preserving query and fragment from original request\n const newUrl = new URL(proxyUrl.origin);\n newUrl.pathname = combinedPath;\n newUrl.search = requestUrl.search;\n newUrl.hash = requestUrl.hash;\n\n request.url = newUrl.toString();\n request.tlsSettings = this.getTlsSettings();\n\n logger.info(`${credentialName}: Sending request to ${request.url}`);\n // Forward the modified request with custom TLS settings\n return defaultClient.sendRequest(request);\n },\n };\n }\n\n /**\n * Gets TLS settings for the request.\n * Handles a few scenarios with CA data or CA file provided.\n */\n private getTlsSettings(): TlsSettings & { servername?: string } {\n // No CA overrides, use default transport\n if (!this.caData && !this.caFile) {\n if (!this.cachedTlsSettings) {\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided CA bytes in AZURE_KUBERNETES_CA_DATA and can't change now\n if (!this.caFile) {\n if (!this.cachedTlsSettings) {\n if (!canParseAsX509Certificate(this.caData!)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n this.cachedTlsSettings.ca = this.caData;\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided the CA bytes in a file whose contents it can change,\n let fileContent: Buffer;\n try {\n fileContent = readFileSync(this.caFile);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_READ_CA_FILE(this.caFile!, error)}`,\n );\n }\n // This can happen in the middle of CA rotation\n if (fileContent.length === 0) {\n if (!this.cachedTlsSettings) {\n // If the transport was never created, error out here to force retrying the call later\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_EMPTY(this.caFile)}`,\n );\n }\n // If the transport was already created, just keep using it\n return this.cachedTlsSettings;\n }\n\n // Check if CA has changed\n if (!this.cachedCaData || !fileContent.equals(this.cachedCaData)) {\n const caDataString = fileContent.toString(\"utf8\");\n\n if (!canParseAsX509Certificate(caDataString)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n\n // CA has changed, rebuild the TLS settings with new CA pool\n this.cachedTlsSettings = {\n ca: caDataString,\n ...(this.sniName && { servername: this.sniName }),\n };\n this.cachedCaData = fileContent;\n }\n\n return this.cachedTlsSettings!;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. ${ErrorMessages.MISSING_ENV_VARS}`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_FILE_PATH(this.federatedTokenFilePath)}`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.NO_FILE_CONTENT(this.federatedTokenFilePath)}`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AAEF,MAAM,MAAM,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,2BAA2B,EAAE,CAAC,QAAgB,EAAE,KAAc,EAAE,EAAE,CAChE,2CAA2C,QAAQ,MAAM,KAAK,EAAE;IAClE,oBAAoB,EAAE,CAAC,QAAgB,EAAE,EAAE,CACzC,qDAAqD,QAAQ,GAAG;IAClE,2BAA2B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC3C,8BAA8B,GAAG,8BAA8B;IACjE,uBAAuB,EAAE,CAAC,GAAW,EAAE,EAAE,CACvC,8BAA8B,GAAG,4BAA4B;IAC/D,0BAA0B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC1C,8BAA8B,GAAG,+BAA+B;IAClE,aAAa,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,iCAAiC,IAAI,EAAE;IACxE,sBAAsB,EAAE,CAAC,IAAY,EAAE,KAAc,EAAE,EAAE,CACvD,uCAAuC,IAAI,KAAK,KAAK,EAAE;IACzD,uBAAuB,EAAE,8DAA8D;IACvF,iBAAiB,EAAE,CAAC,IAAwB,EAAE,EAAE,CAAC,8BAA8B,IAAI,GAAG;IACtF,eAAe,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,0BAA0B,IAAI,GAAG;IACpE,YAAY,EAAE,qCAAqC;IACnD,kBAAkB,EAAE;qIAC+G;IACnI,kBAAkB,EAAE;qIAC+G;IACnI,wBAAwB,EAAE;qIACyG;IACnI,mBAAmB,EAAE,6GAA6G;IAClI,0BAA0B,EAAE,iGAAiG;IAC7H,gBAAgB,EAAE;;;;iKAI6I;CAChK,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAAC,QAAgB;IAC/D,IAAI,UAAe,CAAC;IACpB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CACnG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAChG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC/C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACrG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QACvD,+EAA+E;QAC/E,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC5B,CAAC;IAED,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,0BAA0B;IAC7B,MAAM,CAAwC;IAC9C,8BAA8B,GAAuB,SAAS,CAAC;IAC/D,SAAS,GAAuB,SAAS,CAAC;IAC1C,sBAAsB,CAAqB;IAEnD,wDAAwD;IAChD,iBAAiB,CAAsD;IACvE,YAAY,CAAqB;IACjC,MAAM,CAAqB;IAC3B,MAAM,CAAqB;IAC3B,OAAO,CAAqB;IAEpC;;;;OAIG;IACH,YAAY,OAA2C;QACrD,kDAAkD;QAClD,MAAM,WAAW,GAAG,cAAc,CAAC,qCAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAE5F,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,wBAAwB,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,IAAI,iCAAiC,CAAC,gBAAgB,EAAE,CAAC;YACvD,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;YACtE,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAE9D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,mGAAmG;gBACnG,iFAAiF;gBACjF,IAAI,iBAAiB,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBAC9D,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,mBAAmB,EAAE,CAC1E,CAAC;gBACJ,CAAC;gBACD,MAAM,CAAC,IAAI,CACT,wGAAwG,CACzG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,gCAAgC,CAAC,oBAAoB,CAAC,CAAC;gBAE1E,oEAAoE;gBACpE,gFAAgF;gBAChF,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBACzC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,EAAE,CACjF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAEjC,iDAAiD;gBACjD,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC1D,iCAAiC,CAAC,UAAU,GAAG,WAAW,CAAC;gBAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,yCAAyC,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QAEF,IAAI,CAAC,MAAM,GAAG,IAAI,yBAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,aAAqB;QAChD,MAAM,aAAa,GAAG,uBAAuB,EAAE,CAAC;QAChD,iFAAiF;QACjF,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAE/C,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,OAAwB,EAA6B,EAAE;gBACzE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAExC,MAAM,CAAC,IAAI,CACT,GAAG,cAAc,iDAAiD,aAAa,EAAE,CAClF,CAAC;gBAEF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBAExC,kEAAkE;gBAClE,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC3D,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAClD,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,WAAW;oBACjC,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,GAAG,WAAW,CAAC;gBAE1C,qEAAqE;gBACrE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM,CAAC,QAAQ,GAAG,YAAY,CAAC;gBAC/B,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;gBAClC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;gBAE9B,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;gBAE5C,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,wBAAwB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBACpE,wDAAwD;gBACxD,OAAO,aAAa,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC;oBAC7C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1E,IAAI,CAAC,iBAAiB,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;YAC1C,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAmB,CAAC;QACxB,IAAI,CAAC;YACH,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAO,EAAE,KAAK,CAAC,EAAE,CAClG,CAAC;QACJ,CAAC;QACD,+CAA+C;QAC/C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,sFAAsF;gBACtF,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACjF,CAAC;YACJ,CAAC;YACD,2DAA2D;YAC3D,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAElD,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,IAAI,CAAC,iBAAiB,GAAG;gBACvB,EAAE,EAAE,YAAY;gBAChB,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;aAClD,CAAC;YACF,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC,iBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc,qBAAqB,aAAa,CAAC,gBAAgB,EAAE,CAAC;YAC5F,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,iBAAiB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACrG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACnG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport type { PipelineRequest, PipelineResponse, HttpClient } from \"@azure/core-rest-pipeline\";\nimport { createDefaultHttpClient } from \"@azure/core-rest-pipeline\";\nimport type { TlsSettings } from \"@azure/core-rest-pipeline\";\nimport { canParseAsX509Certificate } from \"../util/certificatesUtils.js\";\nimport { readFileSync } from \"node:fs\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\n\nconst logger = credentialLogger(credentialName);\n\n/**\n * Error messages for WorkloadIdentityCredential\n */\nconst ErrorMessages = {\n FAILED_TO_PARSE_TOKEN_PROXY: (endpoint: string, error: unknown) =>\n `Failed to parse custom token proxy URL \"${endpoint}\": ${error}`,\n INVALID_HTTPS_SCHEME: (protocol: string) =>\n `Custom token endpoint must use https scheme, got \"${protocol}\"`,\n TOKEN_ENDPOINT_NO_USER_INFO: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain user info`,\n TOKEN_ENDPOINT_NO_QUERY: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a query`,\n TOKEN_ENDPOINT_NO_FRAGMENT: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a fragment`,\n CA_FILE_EMPTY: (file: string) => `CA certificate file is empty: ${file}`,\n FAILED_TO_READ_CA_FILE: (file: string, error: unknown) =>\n `Failed to read CA certificate file: ${file}. ${error}`,\n INVALID_CA_CERTIFICATES: `Invalid CA certificate data: no valid PEM certificates found`,\n INVALID_FILE_PATH: (path: string | undefined) => `Invalid file path provided ${path}.`,\n NO_FILE_CONTENT: (path: string) => `No content on the file ${path}.`,\n NO_CA_SOURCE: `No CA certificate source specified.`,\n CLIENT_ID_REQUIRED: `clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TENANT_ID_REQUIRED: `tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_FILE_PATH_REQUIRED: `federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_PROXY_NOT_SET: `AZURE_KUBERNETES_TOKEN_PROXY is not set but other custom endpoint-related environment variables are present`,\n CA_FILE_AND_DATA_EXCLUSIVE: `AZURE_KUBERNETES_CA_FILE and AZURE_KUBERNETES_CA_DATA are mutually exclusive. Specify only one.`,\n MISSING_ENV_VARS: `tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n};\n\n/**\n * @internal\n * Parses and validates the custom token proxy endpoint URL\n */\nexport function parseAndValidateCustomTokenProxy(endpoint: string): string {\n let tokenProxy: URL;\n try {\n tokenProxy = new URL(endpoint);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_PARSE_TOKEN_PROXY(endpoint, error)}`,\n );\n }\n\n if (tokenProxy.protocol !== \"https:\") {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_HTTPS_SCHEME(tokenProxy.protocol)}`,\n );\n }\n\n if (tokenProxy.username || tokenProxy.password) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_USER_INFO(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.search) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_QUERY(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.hash) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_FRAGMENT(tokenProxy.toString())}`,\n );\n }\n\n if (!tokenProxy.pathname || tokenProxy.pathname === \"\") {\n // if the path is empty, set it to \"/\" to avoid stripping the path from req.URL\n tokenProxy.pathname = \"/\";\n }\n\n return tokenProxy.toString();\n}\n\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential | undefined;\n private azureFederatedTokenFileContent: string | undefined = undefined;\n private cacheDate: number | undefined = undefined;\n private federatedTokenFilePath: string | undefined;\n\n // AKS proxy CA caching - persists across token requests\n private cachedTlsSettings: (TlsSettings & { servername?: string }) | undefined;\n private cachedCaData: Buffer | undefined;\n private caData: string | undefined;\n private caFile: string | undefined;\n private sniName: string | undefined;\n\n /**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n *\n * @param options - The identity client options to use for authentication.\n */\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CLIENT_ID_REQUIRED}`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TENANT_ID_REQUIRED}`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_FILE_PATH_REQUIRED}`,\n );\n }\n\n // Use identity binding mode only when enableAzureProxy is set\n if (workloadIdentityCredentialOptions.enableAzureProxy) {\n const kubernetesTokenProxy = process.env.AZURE_KUBERNETES_TOKEN_PROXY;\n const kubernetesSNIName = process.env.AZURE_KUBERNETES_SNI_NAME;\n const kubernetesCAFile = process.env.AZURE_KUBERNETES_CA_FILE;\n const kubernetesCAData = process.env.AZURE_KUBERNETES_CA_DATA;\n\n if (!kubernetesTokenProxy) {\n // Custom token proxy is not set, while other Kubernetes-related environment variables are present,\n // this is likely a configuration issue so erroring out to avoid misconfiguration\n if (kubernetesSNIName || kubernetesCAFile || kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_PROXY_NOT_SET}`,\n );\n }\n logger.info(\n `enableAzureProxy is true but AZURE_KUBERNETES_TOKEN_PROXY is not set, using normal authentication flow`,\n );\n } else {\n const tokenProxy = parseAndValidateCustomTokenProxy(kubernetesTokenProxy);\n\n // CAFile and CAData are mutually exclusive, at most one can be set.\n // If none of CAFile or CAData are set, the default system CA pool will be used.\n if (kubernetesCAFile && kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_AND_DATA_EXCLUSIVE}`,\n );\n }\n\n this.caData = kubernetesCAData;\n this.caFile = kubernetesCAFile;\n this.sniName = kubernetesSNIName;\n\n // Configure client options with AKS proxy client\n const proxyClient = this.createAksProxyClient(tokenProxy);\n workloadIdentityCredentialOptions.httpClient = proxyClient;\n logger.info(`${credentialName}: Using proxy client for token requests`);\n }\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n workloadIdentityCredentialOptions,\n );\n }\n\n /**\n * Creates a proxy HttpClient that intercepts token requests and redirects them to the Kubernetes endpoint\n * Caching is handled at the credential level to persist across token requests\n */\n private createAksProxyClient(tokenEndpoint: string): HttpClient {\n const defaultClient = createDefaultHttpClient();\n // Init cached TLS settings at construction time to fail fast on misconfiguration\n this.cachedTlsSettings = this.getTlsSettings();\n\n return {\n sendRequest: async (request: PipelineRequest): Promise<PipelineResponse> => {\n const requestUrl = new URL(request.url);\n\n logger.info(\n `${credentialName}: Redirecting request to Kubernetes endpoint: ${tokenEndpoint}`,\n );\n\n const proxyUrl = new URL(tokenEndpoint);\n\n // Remove leading slash from request path and join with proxy path\n const requestPath = requestUrl.pathname.replace(/^\\//, \"\");\n const combinedPath = proxyUrl.pathname.endsWith(\"/\")\n ? proxyUrl.pathname + requestPath\n : proxyUrl.pathname + \"/\" + requestPath;\n\n // Create new URL preserving query and fragment from original request\n const newUrl = new URL(proxyUrl.origin);\n newUrl.pathname = combinedPath;\n newUrl.search = requestUrl.search;\n newUrl.hash = requestUrl.hash;\n\n request.url = newUrl.toString();\n request.tlsSettings = this.getTlsSettings();\n\n logger.info(`${credentialName}: Sending request to ${request.url}`);\n // Forward the modified request with custom TLS settings\n return defaultClient.sendRequest(request);\n },\n };\n }\n\n /**\n * Gets TLS settings for the request.\n * Handles a few scenarios with CA data or CA file provided.\n */\n private getTlsSettings(): TlsSettings & { servername?: string } {\n // No CA overrides, use default transport\n if (!this.caData && !this.caFile) {\n if (!this.cachedTlsSettings) {\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided CA bytes in AZURE_KUBERNETES_CA_DATA and can't change now\n if (!this.caFile) {\n if (!this.cachedTlsSettings) {\n if (!canParseAsX509Certificate(this.caData!)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n this.cachedTlsSettings.ca = this.caData;\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided the CA bytes in a file whose contents it can change,\n let fileContent: Buffer;\n try {\n fileContent = readFileSync(this.caFile);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_READ_CA_FILE(this.caFile!, error)}`,\n );\n }\n // This can happen in the middle of CA rotation\n if (fileContent.length === 0) {\n if (!this.cachedTlsSettings) {\n // If the transport was never created, error out here to force retrying the call later\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_EMPTY(this.caFile)}`,\n );\n }\n // If the transport was already created, just keep using it\n return this.cachedTlsSettings;\n }\n\n // Check if CA has changed\n if (!this.cachedCaData || !fileContent.equals(this.cachedCaData)) {\n const caDataString = fileContent.toString(\"utf8\");\n\n if (!canParseAsX509Certificate(caDataString)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n\n // CA has changed, rebuild the TLS settings with new CA pool\n this.cachedTlsSettings = {\n ca: caDataString,\n ...(this.sniName && { servername: this.sniName }),\n };\n this.cachedCaData = fileContent;\n }\n\n return this.cachedTlsSettings!;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. ${ErrorMessages.MISSING_ENV_VARS}`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_FILE_PATH(this.federatedTokenFilePath)}`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.NO_FILE_CONTENT(this.federatedTokenFilePath)}`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}
|
|
@@ -17,8 +17,8 @@ export interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCrede
|
|
|
17
17
|
*/
|
|
18
18
|
tokenFilePath?: string;
|
|
19
19
|
/**
|
|
20
|
-
* Enables the identity binding feature.
|
|
20
|
+
* Enables the {@link https://learn.microsoft.com/azure/aks/identity-bindings-concepts | identity binding feature}.
|
|
21
21
|
*/
|
|
22
|
-
|
|
22
|
+
enableAzureProxy?: boolean;
|
|
23
23
|
}
|
|
24
24
|
//# sourceMappingURL=workloadIdentityCredentialOptions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workloadIdentityCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,
|
|
1
|
+
{"version":3,"file":"workloadIdentityCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EAAE,0BAA0B;IACrE;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions
|
|
1
|
+
{"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {\n /**\n * ID of the application's Microsoft Entra tenant. Also called its directory ID.\n */\n tenantId?: string;\n /**\n * The client ID of a Microsoft Entra app registration.\n */\n clientId?: string;\n /**\n * The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n tokenFilePath?: string;\n /**\n * Enables the {@link https://learn.microsoft.com/azure/aks/identity-bindings-concepts | identity binding feature}.\n */\n enableAzureProxy?: boolean;\n}\n"]}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,61 +1,61 @@
|
|
|
1
1
|
export * from "./plugins/consumer.js";
|
|
2
|
-
export { IdentityPlugin } from "./plugins/provider.js";
|
|
2
|
+
export type { IdentityPlugin } from "./plugins/provider.js";
|
|
3
3
|
import type { TokenCredential } from "@azure/core-auth";
|
|
4
|
-
export { AuthenticationError, ErrorResponse, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError, AuthenticationRequiredErrorOptions, } from "./errors.js";
|
|
5
|
-
export { AuthenticationRecord } from "./msal/types.js";
|
|
4
|
+
export { AuthenticationError, type ErrorResponse, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError, type AuthenticationRequiredErrorOptions, } from "./errors.js";
|
|
5
|
+
export type { AuthenticationRecord } from "./msal/types.js";
|
|
6
6
|
export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils.js";
|
|
7
|
-
export { TokenCredentialOptions } from "./tokenCredentialOptions.js";
|
|
8
|
-
export { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
|
|
9
|
-
export { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
|
|
10
|
-
export { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
|
|
11
|
-
export { BrokerOptions, BrokerEnabledOptions, BrokerDisabledOptions, } from "./msal/nodeFlows/brokerOptions.js";
|
|
12
|
-
export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
|
|
7
|
+
export type { TokenCredentialOptions } from "./tokenCredentialOptions.js";
|
|
8
|
+
export type { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
|
|
9
|
+
export type { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
|
|
10
|
+
export type { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
|
|
11
|
+
export type { BrokerOptions, BrokerEnabledOptions, BrokerDisabledOptions, } from "./msal/nodeFlows/brokerOptions.js";
|
|
12
|
+
export type { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
|
|
13
13
|
export { ChainedTokenCredential } from "./credentials/chainedTokenCredential.js";
|
|
14
14
|
export { ClientSecretCredential } from "./credentials/clientSecretCredential.js";
|
|
15
|
-
export { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
|
|
15
|
+
export type { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
|
|
16
16
|
export { DefaultAzureCredential } from "./credentials/defaultAzureCredential.js";
|
|
17
|
-
export { DefaultAzureCredentialOptions, DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialResourceIdOptions, DefaultAzureCredentialEnvVars, } from "./credentials/defaultAzureCredentialOptions.js";
|
|
17
|
+
export type { DefaultAzureCredentialOptions, DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialResourceIdOptions, DefaultAzureCredentialEnvVars, } from "./credentials/defaultAzureCredentialOptions.js";
|
|
18
18
|
export { EnvironmentCredential } from "./credentials/environmentCredential.js";
|
|
19
|
-
export { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
|
|
19
|
+
export type { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
|
|
20
20
|
export { ClientCertificateCredential } from "./credentials/clientCertificateCredential.js";
|
|
21
|
-
export { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificatePath, ClientCertificatePEMCertificate, } from "./credentials/clientCertificateCredentialModels.js";
|
|
22
|
-
export { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
|
|
21
|
+
export type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificatePath, ClientCertificatePEMCertificate, } from "./credentials/clientCertificateCredentialModels.js";
|
|
22
|
+
export type { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
|
|
23
23
|
export { ClientAssertionCredential } from "./credentials/clientAssertionCredential.js";
|
|
24
|
-
export { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
|
|
25
|
-
export { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
|
|
24
|
+
export type { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
|
|
25
|
+
export type { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
|
|
26
26
|
export { AzureCliCredential } from "./credentials/azureCliCredential.js";
|
|
27
|
-
export { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
|
|
27
|
+
export type { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
|
|
28
28
|
export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential.js";
|
|
29
|
-
export { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
|
|
29
|
+
export type { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
|
|
30
30
|
export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential.js";
|
|
31
|
-
export { InteractiveBrowserCredentialNodeOptions, InteractiveBrowserCredentialInBrowserOptions, BrowserLoginStyle, } from "./credentials/interactiveBrowserCredentialOptions.js";
|
|
31
|
+
export type { InteractiveBrowserCredentialNodeOptions, InteractiveBrowserCredentialInBrowserOptions, BrowserLoginStyle, } from "./credentials/interactiveBrowserCredentialOptions.js";
|
|
32
32
|
export { ManagedIdentityCredential } from "./credentials/managedIdentityCredential/index.js";
|
|
33
|
-
export { ManagedIdentityCredentialClientIdOptions, ManagedIdentityCredentialResourceIdOptions, ManagedIdentityCredentialObjectIdOptions, } from "./credentials/managedIdentityCredential/options.js";
|
|
33
|
+
export type { ManagedIdentityCredentialClientIdOptions, ManagedIdentityCredentialResourceIdOptions, ManagedIdentityCredentialObjectIdOptions, } from "./credentials/managedIdentityCredential/options.js";
|
|
34
34
|
export { DeviceCodeCredential } from "./credentials/deviceCodeCredential.js";
|
|
35
|
-
export { DeviceCodePromptCallback, DeviceCodeInfo, } from "./credentials/deviceCodeCredentialOptions.js";
|
|
36
|
-
export { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
|
|
35
|
+
export type { DeviceCodePromptCallback, DeviceCodeInfo, } from "./credentials/deviceCodeCredentialOptions.js";
|
|
36
|
+
export type { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
|
|
37
37
|
export { AzurePipelinesCredential as AzurePipelinesCredential } from "./credentials/azurePipelinesCredential.js";
|
|
38
|
-
export { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
|
|
38
|
+
export type { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
|
|
39
39
|
export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential.js";
|
|
40
|
-
export { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
|
|
40
|
+
export type { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
|
|
41
41
|
export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential.js";
|
|
42
|
-
export { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
|
|
43
|
-
export { OnBehalfOfCredentialOptions, OnBehalfOfCredentialSecretOptions, OnBehalfOfCredentialCertificateOptions, OnBehalfOfCredentialAssertionOptions, } from "./credentials/onBehalfOfCredentialOptions.js";
|
|
42
|
+
export type { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
|
|
43
|
+
export type { OnBehalfOfCredentialOptions, OnBehalfOfCredentialSecretOptions, OnBehalfOfCredentialCertificateOptions, OnBehalfOfCredentialAssertionOptions, } from "./credentials/onBehalfOfCredentialOptions.js";
|
|
44
44
|
export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential.js";
|
|
45
|
-
export { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
|
|
45
|
+
export type { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
|
|
46
46
|
export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential.js";
|
|
47
|
-
export { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
|
|
47
|
+
export type { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
|
|
48
48
|
export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential.js";
|
|
49
49
|
export { WorkloadIdentityCredential } from "./credentials/workloadIdentityCredential.js";
|
|
50
|
-
export { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
|
|
51
|
-
export { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
|
|
52
|
-
export { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
|
|
53
|
-
export { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
|
|
50
|
+
export type { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
|
|
51
|
+
export type { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
|
|
52
|
+
export type { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
|
|
53
|
+
export type { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
|
|
54
54
|
export { logger } from "./util/logging.js";
|
|
55
55
|
export { AzureAuthorityHosts } from "./constants.js";
|
|
56
56
|
/**
|
|
57
57
|
* Returns a new instance of the {@link DefaultAzureCredential}.
|
|
58
58
|
*/
|
|
59
59
|
export declare function getDefaultAzureCredential(): TokenCredential;
|
|
60
|
-
export { getBearerTokenProvider, GetBearerTokenProviderOptions } from "./tokenProvider.js";
|
|
60
|
+
export { getBearerTokenProvider, type GetBearerTokenProviderOptions } from "./tokenProvider.js";
|
|
61
61
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAEtC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAEtC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,OAAO,EACL,mBAAmB,EACnB,KAAK,aAAa,EAClB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,EAC3B,KAAK,kCAAkC,GACxC,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AACjG,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1E,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,YAAY,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAI9F,YAAY,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5E,YAAY,EACV,aAAa,EACb,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,mCAAmC,CAAC;AAC3C,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAElG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,YAAY,EAAE,6BAA6B,EAAE,MAAM,gDAAgD,CAAC;AAEpG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,YAAY,EACV,6BAA6B,EAC7B,qCAAqC,EACrC,uCAAuC,EACvC,6BAA6B,GAC9B,MAAM,gDAAgD,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAElG,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EACV,2CAA2C,EAC3C,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,oDAAoD,CAAC;AAC5D,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,YAAY,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AAC1G,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,YAAY,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAC5F,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,YAAY,EACV,uCAAuC,EACvC,4CAA4C,EAC5C,iBAAiB,GAClB,MAAM,sDAAsD,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAC7F,YAAY,EACV,wCAAwC,EACxC,0CAA0C,EAC1C,wCAAwC,GACzC,MAAM,oDAAoD,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,YAAY,EACV,wBAAwB,EACxB,cAAc,GACf,MAAM,8CAA8C,CAAC;AACtD,YAAY,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACjH,YAAY,EAAE,+BAA+B,IAAI,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AAC3I,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,YAAY,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AAC1G,YAAY,EACV,2BAA2B,EAC3B,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,GACrC,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,YAAY,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAChG,YAAY,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAErG,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,eAAe,CAE3D;AAED,OAAO,EAAE,sBAAsB,EAAE,KAAK,6BAA6B,EAAE,MAAM,oBAAoB,CAAC"}
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AAejG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAGjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAQjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAG/E,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAO3F,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAGvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AAEzE,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAE3F,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAM7F,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAM7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAM7E,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AAEjH,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAE3F,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAQvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAEzF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAEzF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAMzF,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;AAED,OAAO,EAAE,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,GAE5B,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AAejG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAGjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAQjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAG/E,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAO3F,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAGvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AAEzE,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAE3F,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAM7F,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAM7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAM7E,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AAEjH,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAE3F,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAQvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAEzF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAEzF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAMzF,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;AAED,OAAO,EAAE,sBAAsB,EAAsC,MAAM,oBAAoB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nexport * from \"./plugins/consumer.js\";\n\nexport type { IdentityPlugin } from \"./plugins/provider.js\";\n\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential.js\";\n\nexport {\n AuthenticationError,\n type ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailableError,\n CredentialUnavailableErrorName,\n AuthenticationRequiredError,\n type AuthenticationRequiredErrorOptions,\n} from \"./errors.js\";\n\nexport type { AuthenticationRecord } from \"./msal/types.js\";\nexport { serializeAuthenticationRecord, deserializeAuthenticationRecord } from \"./msal/utils.js\";\nexport type { TokenCredentialOptions } from \"./tokenCredentialOptions.js\";\nexport type { MultiTenantTokenCredentialOptions } from \"./credentials/multiTenantTokenCredentialOptions.js\";\nexport type { AuthorityValidationOptions } from \"./credentials/authorityValidationOptions.js\";\n// TODO: Export again once we're ready to release this feature.\n// export { RegionalAuthority } from \"./regionalAuthority\";\n\nexport type { BrokerAuthOptions } from \"./credentials/brokerAuthOptions.js\";\nexport type {\n BrokerOptions,\n BrokerEnabledOptions,\n BrokerDisabledOptions,\n} from \"./msal/nodeFlows/brokerOptions.js\";\nexport type { InteractiveCredentialOptions } from \"./credentials/interactiveCredentialOptions.js\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential.js\";\n\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential.js\";\nexport type { ClientSecretCredentialOptions } from \"./credentials/clientSecretCredentialOptions.js\";\n\nexport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential.js\";\nexport type {\n DefaultAzureCredentialOptions,\n DefaultAzureCredentialClientIdOptions,\n DefaultAzureCredentialResourceIdOptions,\n DefaultAzureCredentialEnvVars,\n} from \"./credentials/defaultAzureCredentialOptions.js\";\n\nexport { EnvironmentCredential } from \"./credentials/environmentCredential.js\";\nexport type { EnvironmentCredentialOptions } from \"./credentials/environmentCredentialOptions.js\";\n\nexport { ClientCertificateCredential } from \"./credentials/clientCertificateCredential.js\";\nexport type {\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificatePath,\n ClientCertificatePEMCertificate,\n} from \"./credentials/clientCertificateCredentialModels.js\";\nexport type { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions.js\";\nexport { ClientAssertionCredential } from \"./credentials/clientAssertionCredential.js\";\nexport type { ClientAssertionCredentialOptions } from \"./credentials/clientAssertionCredentialOptions.js\";\nexport type { CredentialPersistenceOptions } from \"./credentials/credentialPersistenceOptions.js\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential.js\";\nexport type { AzureCliCredentialOptions } from \"./credentials/azureCliCredentialOptions.js\";\nexport { AzureDeveloperCliCredential } from \"./credentials/azureDeveloperCliCredential.js\";\nexport type { AzureDeveloperCliCredentialOptions } from \"./credentials/azureDeveloperCliCredentialOptions.js\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential.js\";\nexport type {\n InteractiveBrowserCredentialNodeOptions,\n InteractiveBrowserCredentialInBrowserOptions,\n BrowserLoginStyle,\n} from \"./credentials/interactiveBrowserCredentialOptions.js\";\nexport { ManagedIdentityCredential } from \"./credentials/managedIdentityCredential/index.js\";\nexport type {\n ManagedIdentityCredentialClientIdOptions,\n ManagedIdentityCredentialResourceIdOptions,\n ManagedIdentityCredentialObjectIdOptions,\n} from \"./credentials/managedIdentityCredential/options.js\";\nexport { DeviceCodeCredential } from \"./credentials/deviceCodeCredential.js\";\nexport type {\n DeviceCodePromptCallback,\n DeviceCodeInfo,\n} from \"./credentials/deviceCodeCredentialOptions.js\";\nexport type { DeviceCodeCredentialOptions } from \"./credentials/deviceCodeCredentialOptions.js\";\nexport { AzurePipelinesCredential as AzurePipelinesCredential } from \"./credentials/azurePipelinesCredential.js\";\nexport type { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from \"./credentials/azurePipelinesCredentialOptions.js\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential.js\";\nexport type { AuthorizationCodeCredentialOptions } from \"./credentials/authorizationCodeCredentialOptions.js\";\nexport { AzurePowerShellCredential } from \"./credentials/azurePowerShellCredential.js\";\nexport type { AzurePowerShellCredentialOptions } from \"./credentials/azurePowerShellCredentialOptions.js\";\nexport type {\n OnBehalfOfCredentialOptions,\n OnBehalfOfCredentialSecretOptions,\n OnBehalfOfCredentialCertificateOptions,\n OnBehalfOfCredentialAssertionOptions,\n} from \"./credentials/onBehalfOfCredentialOptions.js\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential.js\";\nexport type { UsernamePasswordCredentialOptions } from \"./credentials/usernamePasswordCredentialOptions.js\";\nexport { VisualStudioCodeCredential } from \"./credentials/visualStudioCodeCredential.js\";\nexport type { VisualStudioCodeCredentialOptions } from \"./credentials/visualStudioCodeCredentialOptions.js\";\nexport { OnBehalfOfCredential } from \"./credentials/onBehalfOfCredential.js\";\nexport { WorkloadIdentityCredential } from \"./credentials/workloadIdentityCredential.js\";\nexport type { WorkloadIdentityCredentialOptions } from \"./credentials/workloadIdentityCredentialOptions.js\";\nexport type { BrowserCustomizationOptions } from \"./credentials/browserCustomizationOptions.js\";\nexport type { TokenCachePersistenceOptions } from \"./msal/nodeFlows/tokenCachePersistenceOptions.js\";\n\nexport type { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging.js\";\n\nexport { AzureAuthorityHosts } from \"./constants.js\";\n\n/**\n * Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n\nexport { getBearerTokenProvider, type GetBearerTokenProviderOptions } from \"./tokenProvider.js\";\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAYtE,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAYtE,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AA6CvE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC1F;AAKD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,sBAAsB,GAAG,iBAAiB,CA2P1F"}
|
|
@@ -28,7 +28,6 @@ function generateMsalBrowserConfiguration(options) {
|
|
|
28
28
|
},
|
|
29
29
|
cache: {
|
|
30
30
|
cacheLocation: "sessionStorage",
|
|
31
|
-
storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.
|
|
32
31
|
},
|
|
33
32
|
system: {
|
|
34
33
|
loggerOptions: {
|
|
@@ -75,7 +74,7 @@ export function createMsalBrowserClient(options) {
|
|
|
75
74
|
async function getApp() {
|
|
76
75
|
if (!app) {
|
|
77
76
|
// Prepare the MSAL application
|
|
78
|
-
app = await msalBrowser.
|
|
77
|
+
app = await msalBrowser.createStandardPublicClientApplication(msalConfig);
|
|
79
78
|
// setting the account right after the app is created.
|
|
80
79
|
if (account) {
|
|
81
80
|
app.setActiveAccount(publicToMsal(account));
|
|
@@ -125,7 +124,7 @@ export function createMsalBrowserClient(options) {
|
|
|
125
124
|
*/
|
|
126
125
|
async function handleRedirect() {
|
|
127
126
|
const msalApp = await getApp();
|
|
128
|
-
return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);
|
|
127
|
+
return handleBrowserResult((await msalApp.handleRedirectPromise({ hash: redirectHash })) || undefined);
|
|
129
128
|
}
|
|
130
129
|
/**
|
|
131
130
|
* Uses MSAL to retrieve the active account.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;GAEG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n */\nfunction generateMsalBrowserConfiguration(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId || DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n },\n cache: {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n },\n system: {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n const loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n const clientId = options.clientId;\n const logger = options.logger;\n const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n const authorityHost = options.authorityHost;\n const msalConfig = generateMsalBrowserConfiguration(options);\n const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n const loginHint = options.loginHint;\n\n let account: AuthenticationRecord | undefined;\n if (options.authenticationRecord) {\n account = {\n ...options.authenticationRecord,\n tenantId,\n };\n }\n\n // This variable should only be used through calling `getApp` function\n let app: msalBrowser.IPublicClientApplication;\n /**\n * Return the MSAL account if not set yet\n * @returns MSAL application\n */\n async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!app) {\n // Prepare the MSAL application\n app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n // setting the account right after the app is created.\n if (account) {\n app.setActiveAccount(publicToMsal(account));\n }\n }\n\n return app;\n }\n\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n async function handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n const msalApp = await getApp();\n if (result && result.account) {\n logger.info(`MSAL Browser V2 authentication successful.`);\n msalApp.setActiveAccount(result.account);\n return msalToPublic(clientId, result.account);\n }\n } catch (e: any) {\n logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n function handleResult(\n scopes: string | string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n };\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n const activeAccount = msalApp.getActiveAccount();\n if (!activeAccount) {\n return;\n }\n return msalToPublic(clientId, activeAccount);\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: loginHint,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n }\n }\n\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n async function getTokenSilent(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n forceRefresh: false,\n scopes,\n };\n\n try {\n logger.info(\"Attempting to acquire token silently\");\n const msalApp = await getApp();\n const response = await msalApp.acquireTokenSilent(parameters);\n return handleResult(scopes, response);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser through interactive methods.\n */\n async function getTokenInteractive(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n loginHint: loginHint,\n scopes,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await msalApp.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n case \"popup\":\n return handleResult(scopes, await app.acquireTokenPopup(parameters));\n }\n }\n\n /**\n * Attempts to get token through the silent flow.\n * If failed, get token through interactive method with `doGetToken` method.\n */\n async function getToken(\n scopes: string[],\n getTokenOptions: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const getTokenTenantId =\n processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n tenantId;\n\n if (!getTokenOptions.authority) {\n getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await handleRedirect();\n\n if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n await login(scopes);\n }\n\n // Attempts to get the token silently; else, falls back to interactive method.\n try {\n return await getTokenSilent(scopes, getTokenOptions);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (getTokenOptions?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n });\n }\n logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n return getTokenInteractive(scopes, getTokenOptions);\n }\n }\n return {\n getActiveAccount,\n getToken,\n };\n}\n"]}
|
|
1
|
+
{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AAGnD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;GAEG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;SAChC;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,mCAAmC,CAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,qCAAqC,CAAC,UAAU,CAAC,CAAC;YAE1E,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CACxB,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,IAAI,SAAS,CAC3E,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,YAAY,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n */\nfunction generateMsalBrowserConfiguration(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId || DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n },\n cache: {\n cacheLocation: \"sessionStorage\",\n },\n system: {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n const loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n const clientId = options.clientId;\n const logger = options.logger;\n const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n const authorityHost = options.authorityHost;\n const msalConfig = generateMsalBrowserConfiguration(options);\n const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n const loginHint = options.loginHint;\n\n let account: AuthenticationRecord | undefined;\n if (options.authenticationRecord) {\n account = {\n ...options.authenticationRecord,\n tenantId,\n };\n }\n\n // This variable should only be used through calling `getApp` function\n let app: msalBrowser.IPublicClientApplication;\n /**\n * Return the MSAL account if not set yet\n * @returns MSAL application\n */\n async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!app) {\n // Prepare the MSAL application\n app = await msalBrowser.createStandardPublicClientApplication(msalConfig);\n\n // setting the account right after the app is created.\n if (account) {\n app.setActiveAccount(publicToMsal(account));\n }\n }\n\n return app;\n }\n\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n async function handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n const msalApp = await getApp();\n if (result && result.account) {\n logger.info(`MSAL Browser V2 authentication successful.`);\n msalApp.setActiveAccount(result.account);\n return msalToPublic(clientId, result.account);\n }\n } catch (e: any) {\n logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n function handleResult(\n scopes: string | string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n account = msalToPublic(clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n refreshAfterTimestamp: result.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n };\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n return handleBrowserResult(\n (await msalApp.handleRedirectPromise({ hash: redirectHash })) || undefined,\n );\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const msalApp = await getApp();\n const activeAccount = msalApp.getActiveAccount();\n if (!activeAccount) {\n return;\n }\n return msalToPublic(clientId, activeAccount);\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: loginHint,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n }\n }\n\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n async function getTokenSilent(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n forceRefresh: false,\n scopes,\n };\n\n try {\n logger.info(\"Attempting to acquire token silently\");\n const msalApp = await getApp();\n const response = await msalApp.acquireTokenSilent(parameters);\n return handleResult(scopes, response);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser through interactive methods.\n */\n async function getTokenInteractive(\n scopes: string[],\n getTokenOptions?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const activeAccount = await getActiveAccount();\n if (!activeAccount) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n correlationId: getTokenOptions?.correlationId,\n claims: getTokenOptions?.claims,\n account: publicToMsal(activeAccount),\n loginHint: loginHint,\n scopes,\n };\n const msalApp = await getApp();\n switch (loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await msalApp.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n case \"popup\":\n return handleResult(scopes, await app.acquireTokenPopup(parameters));\n }\n }\n\n /**\n * Attempts to get token through the silent flow.\n * If failed, get token through interactive method with `doGetToken` method.\n */\n async function getToken(\n scopes: string[],\n getTokenOptions: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const getTokenTenantId =\n processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n tenantId;\n\n if (!getTokenOptions.authority) {\n getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await handleRedirect();\n\n if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n await login(scopes);\n }\n\n // Attempts to get the token silently; else, falls back to interactive method.\n try {\n return await getTokenSilent(scopes, getTokenOptions);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (getTokenOptions?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions,\n message:\n \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n });\n }\n logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n return getTokenInteractive(scopes, getTokenOptions);\n }\n }\n return {\n getActiveAccount,\n getToken,\n };\n}\n"]}
|