npm - @azure/identity - Versions diffs - 4.14.0-beta.1 → 4.14.0-beta.3 - Mend

@azure/identity 4.14.0-beta.1 → 4.14.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (571) hide show

package/dist/esm/util/authorityHost.js ADDED Viewed

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { isNodeLike } from "@azure/core-util";
+import { DefaultAuthorityHost } from "../constants.js";
+/**
+ * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.
+ *
+ * Defaults to {@link DefaultAuthorityHost}.
+ * @internal
+ */
+export function getAuthorityHost(options) {
+    let authorityHost = options?.authorityHost;
+    if (!authorityHost && isNodeLike) {
+        authorityHost = process.env.AZURE_AUTHORITY_HOST;
+    }
+    return authorityHost ?? DefaultAuthorityHost;
+}
+//# sourceMappingURL=authorityHost.js.map

package/dist/esm/util/authorityHost.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorityHost.js","sourceRoot":"","sources":["../../../src/util/authorityHost.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,IAAI,oBAAoB,CAAC;AAC/C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { isNodeLike } from \"@azure/core-util\";\nimport { DefaultAuthorityHost } from \"../constants.js\";\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n let authorityHost = options?.authorityHost;\n\n if (!authorityHost && isNodeLike) {\n authorityHost = process.env.AZURE_AUTHORITY_HOST;\n }\n\n return authorityHost ?? DefaultAuthorityHost;\n}\n"]}

package/dist/workerd/client/identityClient.d.ts CHANGED Viewed

@@ -18,10 +18,6 @@ export interface TokenResponse {
      */
     refreshToken?: string;
 }
-/**
- * @internal
- */
-export declare function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string;
 /**
  * The network module used by the Identity credentials.
  *
@@ -61,5 +57,10 @@ export declare class IdentityClient extends ServiceClient implements INetworkMod
      * - `oid`: Object Identifier of the authenticated user.
      */
     private logIdentifiers;
+    /**
+     * Parses the response body if possible. Add error properties if parsing fails.
+     * This follows MSAL INetworkModule behavior so the response is in expected format.
+     */
+    private parseResponseBody;
 }
 //# sourceMappingURL=identityClient.d.ts.map

package/dist/workerd/client/identityClient.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;~~AAEnD~~,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,2BAA2B,CAAC;AAEnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAM/D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;~~AAS3E~~;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED~~;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,MAAM,CAWvF;AAED~~;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,aAAc,YAAW,cAAc;IAClE,aAAa,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,OAAO,CAAC,EAAE,sBAAsB;IAmCtC,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmCzE,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkEhC,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe;IAe3D,aAAa,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI;IAgB3C,gBAAgB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM;IAUnD,mBAAmB,CAAC,CAAC,EACzB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAqBxB,oBAAoB,CAAC,CAAC,EAC1B,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAsB9B;;;OAGG;IACH,yBAAyB,IAAI,sBAAsB;IAGnD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,cAAc;~~CA6BvB~~"}
1	+ {"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,2BAA2B,CAAC;AAEnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAM/D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAgB3E;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,aAAc,YAAW,cAAc;IAClE,aAAa,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,OAAO,CAAC,EAAE,sBAAsB;IAmCtC,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmCzE,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkEhC,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe;IAe3D,aAAa,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI;IAgB3C,gBAAgB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM;IAUnD,mBAAmB,CAAC,CAAC,EACzB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAqBxB,oBAAoB,CAAC,CAAC,EAC1B,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAsB9B;;;OAGG;IACH,yBAAyB,IAAI,sBAAsB;IAGnD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,cAAc;IA8BtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;CA2C1B"}

package/dist/workerd/client/identityClient.js CHANGED Viewed

@@ -1,28 +1,21 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 import { ServiceClient } from "@azure/core-client";
-import { isNode } from "@azure/core-util";
 import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
 import { AuthenticationError, AuthenticationErrorName } from "../errors.js";
 import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
-import { DefaultAuthorityHost, SDK_VERSION } from "../constants.js";
+import { SDK_VERSION } from "../constants.js";
 import { tracingClient } from "../util/tracing.js";
 import { logger } from "../util/logging.js";
 import { parseExpirationTimestamp, parseRefreshTimestamp, } from "../credentials/managedIdentityCredential/utils.js";
+import { getAuthorityHost } from "../util/authorityHost.js";
 const noCorrelationId = "noCorrelationId";
-/**
- * @internal
- */
-export function getIdentityClientAuthorityHost(options) {
-    // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
-    let authorityHost = options?.authorityHost;
-    // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
-    if (isNode) {
-        authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;
-    }
-    // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
-    return authorityHost ?? DefaultAuthorityHost;
-}
+const HttpStatus = {
+    CLIENT_ERROR_RANGE_START: 400,
+    CLIENT_ERROR_RANGE_END: 499,
+    SERVER_ERROR_RANGE_START: 500,
+    SERVER_ERROR_RANGE_END: 599,
+};
 /**
  * The network module used by the Identity credentials.
  *
@@ -42,7 +35,7 @@ export class IdentityClient extends ServiceClient {
         const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix
             ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
             : `${packageDetails}`;
-        const baseUri = getIdentityClientAuthorityHost(options);
+        const baseUri = getAuthorityHost(options);
         if (!baseUri.startsWith("https:")) {
             throw new Error("The authorityHost address must use the 'https' protocol.");
         }
@@ -194,7 +187,7 @@ export class IdentityClient extends ServiceClient {
         const response = await this.sendRequest(request);
         this.logIdentifiers(response);
         return {
-            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            body: this.parseResponseBody(response),
             headers: response.headers.toJSON(),
             status: response.status,
         };
@@ -212,7 +205,7 @@ export class IdentityClient extends ServiceClient {
         const response = await this.sendRequest(request);
         this.logIdentifiers(response);
         return {
-            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            body: this.parseResponseBody(response),
             headers: response.headers.toJSON(),
             status: response.status,
         };
@@ -256,5 +249,50 @@ export class IdentityClient extends ServiceClient {
             logger.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
         }
     }
+    /**
+     * Parses the response body if possible. Add error properties if parsing fails.
+     * This follows MSAL INetworkModule behavior so the response is in expected format.
+     */
+    parseResponseBody(response) {
+        let parsedBody;
+        try {
+            parsedBody = JSON.parse(response.bodyAsText || "");
+        }
+        catch (error) {
+            logger.info(`IdentityClient: Could not parse response body: ${error}`);
+            let errorType;
+            let errorDescriptionHelper;
+            /**
+             * Determine error type based on status code ranges following MSAL patterns:
+             * Client error responses (400 – 499)
+             * Server error responses (500 – 599)
+             */
+            if (response.status >= HttpStatus.CLIENT_ERROR_RANGE_START &&
+                response.status <= HttpStatus.CLIENT_ERROR_RANGE_END) {
+                errorType = "client_error";
+                errorDescriptionHelper = "A client";
+            }
+            else if (response.status >= HttpStatus.SERVER_ERROR_RANGE_START &&
+                response.status <= HttpStatus.SERVER_ERROR_RANGE_END) {
+                errorType = "server_error";
+                errorDescriptionHelper = "A server";
+            }
+            else {
+                errorType = "unknown_error";
+                errorDescriptionHelper = "An unknown";
+            }
+            const errorDescriptionLines = [
+                `${errorDescriptionHelper} error occured.`,
+                `Http status code: ${response.status}`,
+                `Http status message: ${response.bodyAsText || "Unknown"}`,
+                `Headers: ${JSON.stringify(response.headers)}`,
+            ];
+            parsedBody = {
+                error: errorType,
+                error_description: errorDescriptionLines.join("\n"),
+            };
+        }
+        return parsedBody;
+    }
 }
 //# sourceMappingURL=identityClient.js.map

package/dist/workerd/client/identityClient.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAErF,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,mDAAmD,CAAC;AAE3D,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAiB1C;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAgC;IAC7E,iGAAiG;IACjG,IAAI,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAE3C,iFAAiF;IACjF,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,GAAG,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACpE,CAAC;IAED,wHAAwH;IACxH,OAAO,aAAa,IAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IACxC,aAAa,CAAS;IACrB,8BAA8B,CAAW;IACzC,gBAAgB,CAA6C;IAC7D,uBAAuB,GAAY,KAAK,CAAC;IACjD,4BAA4B;IACpB,sBAAsB,CAAyB;IAEvD,YAAY,OAAgC;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,OAAO,EAAE,gBAAgB,EAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,KAAK,CAAC;YACJ,kBAAkB,EAAE,iCAAiC;YACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd;YACD,GAAG,OAAO;YACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB;YACD,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,cAAc,EAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,OAAO,EAAE,uBAAuB,EAAE,CAAC;YACrC,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QACjE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,CAAC;YAChF,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;oBACxD,qBAAqB,EAAE,qBAAqB,CAAC,UAAU,CAAC;oBACxD,SAAS,EAAE,QAAQ;iBACL;gBAChB,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD,CAAC;oBACD,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE,CAAC;gBACpB,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;QAC9C,MAAM,SAAS,GAAG,OAAO,EAAE,IAAI;YAC7B,EAAE,KAAK,CAAC,GAAG,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACvE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,uEAAuE;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport { isNode } from \"@azure/core-util\";\nimport type { PipelineRequest, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport type { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { DefaultAuthorityHost, SDK_VERSION } from \"../constants.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { logger } from \"../util/logging.js\";\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions.js\";\nimport type { TokenResponseParsedBody } from \"../credentials/managedIdentityCredential/utils.js\";\nimport {\n parseExpirationTimestamp,\n parseRefreshTimestamp,\n} from \"../credentials/managedIdentityCredential/utils.js\";\n\nconst noCorrelationId = \"noCorrelationId\";\n\n/*\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\n/\n @internal\n /\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/\n The network module used by the Identity credentials.\n \n It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n \n /\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map<string, AbortController[] \| undefined>;\n private allowInsecureConnection: boolean = false;\n // used for WorkloadIdentity\n private tokenCredentialOptions: TokenCredentialOptions;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n // used for WorkloadIdentity\n this.tokenCredentialOptions = { ...options };\n\n // used for ManagedIdentity\n if (options?.allowInsecureConnection) {\n this.allowInsecureConnection = options.allowInsecureConnection;\n }\n }\n\n async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n if (response.bodyAsText && (response.status === 200 \|\| response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),\n tokenType: \"Bearer\",\n } as AccessToken,\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n options: GetTokenOptions = {},\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n );\n throw err;\n }\n }\n },\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) \|\| [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort.apply(controller.signal, params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId \|\| noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) \|\| []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) \|\| []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] \|\| noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n allowInsecureConnection: this.allowInsecureConnection,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n allowInsecureConnection: this.allowInsecureConnection,\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /*\n \n * @internal\n /\n getTokenCredentialOptions(): TokenCredentialOptions {\n return this.tokenCredentialOptions;\n }\n /\n If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n \n The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n */\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers \|\| !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody \|\| JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn \|\| unavailableUpn\n }. Object ID (user): ${oid}`,\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message,\n );\n }\n }\n}\n"]}
1	+ {"version":3,"file":"identityClient.js","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAErF,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE5D,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAC1C,MAAM,UAAU,GAAG;IACjB,wBAAwB,EAAE,GAAG;IAC7B,sBAAsB,EAAE,GAAG;IAC3B,wBAAwB,EAAE,GAAG;IAC7B,sBAAsB,EAAE,GAAG;CAC5B,CAAC;AAiBF;;;;;;GAMG;AACH,MAAM,OAAO,cAAe,SAAQ,aAAa;IACxC,aAAa,CAAS;IACrB,8BAA8B,CAAW;IACzC,gBAAgB,CAA6C;IAC7D,uBAAuB,GAAY,KAAK,CAAC;IACjD,4BAA4B;IACpB,sBAAsB,CAAyB;IAEvD,YAAY,OAAgC;QAC1C,MAAM,cAAc,GAAG,qBAAqB,WAAW,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAG,OAAO,EAAE,gBAAgB,EAAE,eAAe;YAChE,CAAC,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;YACjE,CAAC,CAAC,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,KAAK,CAAC;YACJ,kBAAkB,EAAE,iCAAiC;YACrD,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd;YACD,GAAG,OAAO;YACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB;YACD,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,EAAE,CAAC;QAClC,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,cAAc,EAAE,8BAA8B,CAAC;QAC9F,4BAA4B;QAC5B,IAAI,CAAC,sBAAsB,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,OAAO,EAAE,uBAAuB,EAAE,CAAC;YACrC,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QACjE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,CAAC;YAChF,MAAM,UAAU,GAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAE5E,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,KAAK,GAAG;gBACZ,WAAW,EAAE;oBACX,KAAK,EAAE,UAAU,CAAC,YAAY;oBAC9B,kBAAkB,EAAE,wBAAwB,CAAC,UAAU,CAAC;oBACxD,qBAAqB,EAAE,qBAAqB,CAAC,UAAU,CAAC;oBACxD,SAAS,EAAE,QAAQ;iBACL;gBAChB,YAAY,EAAE,UAAU,CAAC,aAAa;aACvC,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,UAA2B,EAAE;QAE7B,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM;SACd,CAAC;QAEF,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC9B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,aAAa,CAAC,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,qBAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE;oBACtB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,OAAO,EAAE,iBAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE,cAAc,CAAC,cAAc;iBAC9C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD,CAAC;oBACD,qDAAqD;oBACrD,yDAAyD;oBACzD,0CAA0C;oBAC1C,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,OAAO,IAAI,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,mEAAmE;IAEnE,mBAAmB,CAAC,aAAqB;QACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACnE,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QACtD,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAClD,UAAU,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,eAAe,EAAE,CAAC;gBACpB,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,aAAsB;QAClC,MAAM,GAAG,GAAG,aAAa,IAAI,eAAe,CAAC;QAC7C,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACzC,uDAAuD;YACvD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACtD,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,gBAAgB,CAAC,OAA+B;QAC9C,MAAM,SAAS,GAAG,OAAO,EAAE,IAAI;YAC7B,EAAE,KAAK,CAAC,GAAG,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC9B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAChD,OAAO,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;IAC3F,CAAC;IAED,yCAAyC;IAEzC,KAAK,CAAC,mBAAmB,CACvB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAM;YAC3C,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAW,EACX,OAA+B;QAE/B,MAAM,OAAO,GAAG,qBAAqB,CAAC;YACpC,GAAG;YACH,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;YACrD,4DAA4D;YAC5D,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACtE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAM;YAC3C,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,yBAAyB;QACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACrC,CAAC;IACD;;;;;;;;;;;OAWG;IACK,cAAc,CAAC,QAA0B;QAC/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,kCAAkC,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,QAAgB,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,uEAAuE;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CACzC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CACvD,CAAC;YAEF,MAAM,CAAC,IAAI,CACT,sCAAsC,KAAK,gBAAgB,GAAG,0BAC5D,GAAG,IAAI,cACT,uBAAuB,GAAG,EAAE,CAC7B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,OAAO,CACZ,6FAA6F,EAC7F,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,QAA0B;QAClD,IAAI,UAAc,CAAC;QACnB,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,kDAAkD,KAAK,EAAE,CAAC,CAAC;YACvE,IAAI,SAAS,CAAC;YACd,IAAI,sBAAsB,CAAC;YAC3B;;;;eAIG;YACH,IACE,QAAQ,CAAC,MAAM,IAAI,UAAU,CAAC,wBAAwB;gBACtD,QAAQ,CAAC,MAAM,IAAI,UAAU,CAAC,sBAAsB,EACpD,CAAC;gBACD,SAAS,GAAG,cAAc,CAAC;gBAC3B,sBAAsB,GAAG,UAAU,CAAC;YACtC,CAAC;iBAAM,IACL,QAAQ,CAAC,MAAM,IAAI,UAAU,CAAC,wBAAwB;gBACtD,QAAQ,CAAC,MAAM,IAAI,UAAU,CAAC,sBAAsB,EACpD,CAAC;gBACD,SAAS,GAAG,cAAc,CAAC;gBAC3B,sBAAsB,GAAG,UAAU,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,eAAe,CAAC;gBAC5B,sBAAsB,GAAG,YAAY,CAAC;YACxC,CAAC;YAED,MAAM,qBAAqB,GAAG;gBAC5B,GAAG,sBAAsB,iBAAiB;gBAC1C,qBAAqB,QAAQ,CAAC,MAAM,EAAE;gBACtC,wBAAwB,QAAQ,CAAC,UAAU,IAAI,SAAS,EAAE;gBAC1D,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;aAC/C,CAAC;YACF,UAAU,GAAG;gBACX,KAAK,EAAE,SAAS;gBAChB,iBAAiB,EAAE,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;aACpD,CAAC;QACJ,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport type { PipelineRequest, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport type { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationError, AuthenticationErrorName } from \"../errors.js\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint.js\";\nimport { SDK_VERSION } from \"../constants.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { logger } from \"../util/logging.js\";\nimport type { TokenCredentialOptions } from \"../tokenCredentialOptions.js\";\nimport type { TokenResponseParsedBody } from \"../credentials/managedIdentityCredential/utils.js\";\nimport {\n parseExpirationTimestamp,\n parseRefreshTimestamp,\n} from \"../credentials/managedIdentityCredential/utils.js\";\nimport { getAuthorityHost } from \"../util/authorityHost.js\";\n\nconst noCorrelationId = \"noCorrelationId\";\nconst HttpStatus = {\n CLIENT_ERROR_RANGE_START: 400,\n CLIENT_ERROR_RANGE_END: 499,\n SERVER_ERROR_RANGE_START: 500,\n SERVER_ERROR_RANGE_END: 599,\n};\n\n/*\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\n/\n The network module used by the Identity credentials.\n \n It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n \n /\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n private allowLoggingAccountIdentifiers?: boolean;\n private abortControllers: Map<string, AbortController[] \| undefined>;\n private allowInsecureConnection: boolean = false;\n // used for WorkloadIdentity\n private tokenCredentialOptions: TokenCredentialOptions;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n retryOptions: {\n maxRetries: 3,\n },\n ...options,\n userAgentOptions: {\n userAgentPrefix,\n },\n baseUri,\n });\n\n this.authorityHost = baseUri;\n this.abortControllers = new Map();\n this.allowLoggingAccountIdentifiers = options?.loggingOptions?.allowLoggingAccountIdentifiers;\n // used for WorkloadIdentity\n this.tokenCredentialOptions = { ...options };\n\n // used for ManagedIdentity\n if (options?.allowInsecureConnection) {\n this.allowInsecureConnection = options.allowInsecureConnection;\n }\n }\n\n async sendTokenRequest(request: PipelineRequest): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n if (response.bodyAsText && (response.status === 200 \|\| response.status === 201)) {\n const parsedBody: TokenResponseParsedBody = JSON.parse(response.bodyAsText);\n\n if (!parsedBody.access_token) {\n return null;\n }\n\n this.logIdentifiers(response);\n\n const token = {\n accessToken: {\n token: parsedBody.access_token,\n expiresOnTimestamp: parseExpirationTimestamp(parsedBody),\n refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),\n tokenType: \"Bearer\",\n } as AccessToken,\n refreshToken: parsedBody.refresh_token,\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`,\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`,\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n options: GetTokenOptions = {},\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`,\n );\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes,\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n const query = new URLSearchParams(refreshParams);\n\n return tracingClient.withSpan(\n \"IdentityClient.refreshAccessToken\",\n options,\n async (updatedOptions) => {\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const request = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: query.toString(),\n abortSignal: options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }),\n tracingOptions: updatedOptions.tracingOptions,\n });\n\n const response = await this.sendTokenRequest(request);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err: any) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`,\n );\n throw err;\n }\n }\n },\n );\n }\n\n // Here is a custom layer that allows us to abort requests that go through MSAL,\n // since MSAL doesn't allow us to pass options all the way through.\n\n generateAbortSignal(correlationId: string): AbortSignalLike {\n const controller = new AbortController();\n const controllers = this.abortControllers.get(correlationId) \|\| [];\n controllers.push(controller);\n this.abortControllers.set(correlationId, controllers);\n const existingOnAbort = controller.signal.onabort;\n controller.signal.onabort = (...params) => {\n this.abortControllers.set(correlationId, undefined);\n if (existingOnAbort) {\n existingOnAbort.apply(controller.signal, params);\n }\n };\n return controller.signal;\n }\n\n abortRequests(correlationId?: string): void {\n const key = correlationId \|\| noCorrelationId;\n const controllers = [\n ...(this.abortControllers.get(key) \|\| []),\n // MSAL passes no correlation ID to the get requests...\n ...(this.abortControllers.get(noCorrelationId) \|\| []),\n ];\n if (!controllers.length) {\n return;\n }\n for (const controller of controllers) {\n controller.abort();\n }\n this.abortControllers.set(key, undefined);\n }\n\n getCorrelationId(options?: NetworkRequestOptions): string {\n const parameter = options?.body\n ?.split(\"&\")\n .map((part) => part.split(\"=\"))\n .find(([key]) => key === \"client-request-id\");\n return parameter && parameter.length ? parameter[1] \|\| noCorrelationId : noCorrelationId;\n }\n\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n allowInsecureConnection: this.allowInsecureConnection,\n headers: createHttpHeaders(options?.headers),\n abortSignal: this.generateAbortSignal(noCorrelationId),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: this.parseResponseBody(response) as T,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers),\n allowInsecureConnection: this.allowInsecureConnection,\n // MSAL doesn't send the correlation ID on the get requests.\n abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),\n });\n\n const response = await this.sendRequest(request);\n\n this.logIdentifiers(response);\n\n return {\n body: this.parseResponseBody(response) as T,\n headers: response.headers.toJSON(),\n status: response.status,\n };\n }\n\n /*\n \n * @internal\n /\n getTokenCredentialOptions(): TokenCredentialOptions {\n return this.tokenCredentialOptions;\n }\n /\n If allowLoggingAccountIdentifiers was set on the constructor options\n * we try to log the account identifiers by parsing the received access token.\n \n The account identifiers we try to log are:\n * - `appid`: The application or Client Identifier.\n * - `upn`: User Principal Name.\n * - It might not be available in some authentication scenarios.\n * - If it's not available, we put a placeholder: \"No User Principal Name available\".\n * - `tid`: Tenant Identifier.\n * - `oid`: Object Identifier of the authenticated user.\n /\n private logIdentifiers(response: PipelineResponse): void {\n if (!this.allowLoggingAccountIdentifiers \|\| !response.bodyAsText) {\n return;\n }\n const unavailableUpn = \"No User Principal Name available\";\n try {\n const parsed = (response as any).parsedBody \|\| JSON.parse(response.bodyAsText);\n const accessToken = parsed.access_token;\n if (!accessToken) {\n // Without an access token allowLoggingAccountIdentifiers isn't useful.\n return;\n }\n const base64Metadata = accessToken.split(\".\")[1];\n const { appid, upn, tid, oid } = JSON.parse(\n Buffer.from(base64Metadata, \"base64\").toString(\"utf8\"),\n );\n\n logger.info(\n `[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${\n upn \|\| unavailableUpn\n }. Object ID (user): ${oid}`,\n );\n } catch (e: any) {\n logger.warning(\n \"allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:\",\n e.message,\n );\n }\n }\n\n /\n Parses the response body if possible. Add error properties if parsing fails.\n * This follows MSAL INetworkModule behavior so the response is in expected format.\n /\n private parseResponseBody(response: PipelineResponse) {\n let parsedBody: {};\n try {\n parsedBody = JSON.parse(response.bodyAsText \|\| \"\");\n } catch (error) {\n logger.info(`IdentityClient: Could not parse response body: ${error}`);\n let errorType;\n let errorDescriptionHelper;\n /\n Determine error type based on status code ranges following MSAL patterns:\n * Client error responses (400 – 499)\n * Server error responses (500 – 599)\n */\n if (\n response.status >= HttpStatus.CLIENT_ERROR_RANGE_START &&\n response.status <= HttpStatus.CLIENT_ERROR_RANGE_END\n ) {\n errorType = \"client_error\";\n errorDescriptionHelper = \"A client\";\n } else if (\n response.status >= HttpStatus.SERVER_ERROR_RANGE_START &&\n response.status <= HttpStatus.SERVER_ERROR_RANGE_END\n ) {\n errorType = \"server_error\";\n errorDescriptionHelper = \"A server\";\n } else {\n errorType = \"unknown_error\";\n errorDescriptionHelper = \"An unknown\";\n }\n\n const errorDescriptionLines = [\n `${errorDescriptionHelper} error occured.`,\n `Http status code: ${response.status}`,\n `Http status message: ${response.bodyAsText \|\| \"Unknown\"}`,\n `Headers: ${JSON.stringify(response.headers)}`,\n ];\n parsedBody = {\n error: errorType,\n error_description: errorDescriptionLines.join(\"\\n\"),\n };\n }\n return parsedBody;\n }\n}\n"]}

package/dist/workerd/constants.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export declare const SDK_VERSION = "4.14.0-beta.1";
+export declare const SDK_VERSION = "4.14.0-beta.3";
 /**
  * The default client ID for authentication
  * @internal

package/dist/workerd/constants.js CHANGED Viewed

@@ -3,7 +3,7 @@
 /**
  * Current version of the `@azure/identity` package.
  */
-export const SDK_VERSION = `4.14.0-beta.1`;
+export const SDK_VERSION = `4.14.0-beta.3`;
 /**
  * The default client ID for authentication
  * @internal

package/dist/workerd/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,CAAC;AAE3C;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/*\n Current version of the `@azure/identity` package.\n /\nexport const SDK_VERSION = `4.14.0-beta.1`;\n\n/\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n \n @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n \n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/\n @internal\n * The default authority host.\n /\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/\n @internal\n * The default environment host for Azure Public Cloud\n /\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/\n @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n /\nexport const ALL_TENANTS: string[] = [\"\"];\n\n/*\n @internal\n /\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/\n @internal\n /\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/\n @internal\n \n The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}
1	+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,CAAC;AAE3C;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AACvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,MAAM,CAAN,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,KAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/*\n Current version of the `@azure/identity` package.\n /\nexport const SDK_VERSION = `4.14.0-beta.3`;\n\n/\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n \n @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n \n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/\n @internal\n * The default authority host.\n /\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/\n @internal\n * The default environment host for Azure Public Cloud\n /\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/\n @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n /\nexport const ALL_TENANTS: string[] = [\"\"];\n\n/*\n @internal\n /\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/\n @internal\n /\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/\n @internal\n \n The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/workerd/credentials/authorizationCodeCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;~~IA2C9C~~;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}
1	+ {"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IA0C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}

package/dist/workerd/credentials/authorizationCodeCredential.js CHANGED Viewed

@@ -48,7 +48,6 @@ export class AuthorizationCodeCredential {
         this.msalClient = createMsalClient(clientId, tenantId, {
             ...options,
             logger,
-            tokenCredentialOptions: options ?? {},
         });
     }
     /**

package/dist/workerd/credentials/authorizationCodeCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAC9B,UAAU,CAAa;IACvB,8BAA8B,CAAW;IACzC,iBAAiB,CAAS;IAC1B,WAAW,CAAS;IACpB,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,YAAY,CAAU;IA4D9B;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE;YACrD,GAAG,OAAO;YACV,MAAM;~~YACN~~,~~sBAAsB,EAAE,OAAO,IAAI,EAAE;SACtC,~~CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,EACjB;gBACE,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;aACpE,CACF,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n \n https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| AuthorizationCodeCredentialOptions \| undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n ~~tokenCredentialOptions: options ?? {},\n~~ });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}
1	+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,OAAO,2BAA2B;IAC9B,UAAU,CAAa;IACvB,8BAA8B,CAAW;IACzC,iBAAiB,CAAS;IAC1B,WAAW,CAAS;IACpB,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,YAAY,CAAU;IA4D9B;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE;YACrD,GAAG,OAAO;YACV,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,EACjB;gBACE,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;aACpE,CACF,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/*\n Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n \n https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n \n @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| AuthorizationCodeCredentialOptions \| undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n });\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string \| string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}

package/dist/workerd/credentials/authorizationCodeCredentialOptions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,~~EACvC~~,0BAA0B;CAAG"}
1	+ {"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EAAE,0BAA0B;CAAG"}

package/dist/workerd/credentials/authorizationCodeCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions~~,\n~~ AuthorityValidationOptions {}\n"]}
1	+ {"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {}\n"]}

package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts CHANGED Viewed

@@ -15,6 +15,16 @@ export declare const azureDeveloperCliPublicErrorMessages: {
  * @internal
  */
 export declare const developerCliCredentialInternals: {
+    /**
+     * Parses azd stderr JSON output to extract the error message.
+     * azd outputs JSON like: \{"type":"consoleMessage","timestamp":"...","data":\{"message":"ERROR: ..."\}\}
+     * If parsing succeeds and .data.message exists, returns the trimmed message.
+     * Otherwise, returns the raw stderr.
+     * @param stderr - The stderr output from azd command
+     * @returns The parsed error message or raw stderr
+     * @internal
+     */
+    parseAzdStderr(stderr: string): string;
     /**
      * @internal
      */

package/dist/workerd/credentials/azureDeveloperCliCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureDeveloperCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAalG;;;GAGG;AACH,eAAO,MAAM,oCAAoC;;;;;CAQhD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B;IAC1C;;OAEG;yBACkB,MAAM;IAiB3B;;;;OAIG;8BAEO,MAAM,EAAE,aACL,MAAM,YACP,MAAM,WACP,MAAM,GACd,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CA0CpE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,kCAAkC;IAWxD;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;~~CAwFxB~~"}
1	+ {"version":3,"file":"azureDeveloperCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAalG;;;GAGG;AACH,eAAO,MAAM,oCAAoC;;;;;CAQhD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B;IAC1C;;;;;;;;OAQG;2BACoB,MAAM,GAAG,MAAM;IAatC;;OAEG;yBACkB,MAAM;IAiB3B;;;;OAIG;8BAEO,MAAM,EAAE,aACL,MAAM,YACP,MAAM,WACP,MAAM,GACd,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CA0CpE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,kCAAkC;IAWxD;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;CAyFxB"}

package/dist/workerd/credentials/azureDeveloperCliCredential.js CHANGED Viewed

@@ -22,6 +22,28 @@ export const azureDeveloperCliPublicErrorMessages = {
  * @internal
  */
 export const developerCliCredentialInternals = {
+    /**
+     * Parses azd stderr JSON output to extract the error message.
+     * azd outputs JSON like: \{"type":"consoleMessage","timestamp":"...","data":\{"message":"ERROR: ..."\}\}
+     * If parsing succeeds and .data.message exists, returns the trimmed message.
+     * Otherwise, returns the raw stderr.
+     * @param stderr - The stderr output from azd command
+     * @returns The parsed error message or raw stderr
+     * @internal
+     */
+    parseAzdStderr(stderr) {
+        try {
+            const parsed = JSON.parse(stderr);
+            const message = parsed?.data?.message;
+            if (typeof message === "string" && message.trim().length > 0) {
+                return message.trim();
+            }
+        }
+        catch {
+            // If JSON parsing fails, fall through to return raw stderr
+        }
+        return stderr;
+    },
     /**
      * @internal
      */
@@ -187,7 +209,8 @@ export class AzureDeveloperCliCredential {
                 }
                 catch (e) {
                     if (obj.stderr) {
-                        throw new CredentialUnavailableError(obj.stderr);
+                        const errorMessage = developerCliCredentialInternals.parseAzdStderr(obj.stderr);
+                        throw new CredentialUnavailableError(errorMessage);
                     }
                     throw e;
                 }

package/dist/workerd/credentials/azureDeveloperCliCredential.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAElF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG;IAClD,YAAY,EACV,wKAAwK;IAC1K,KAAK,EACH,+NAA+N;IACjO,OAAO,EAAE,yDAAyD;IAClE,KAAK,EACH,gIAAgI;CACnI,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CACrB,sHAAsH,CACvH,CAAC;gBAEF,UAAU,GAAG,aAAa,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB,EAChB,MAAe;QAEf,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,cAAc,GAAa,EAAE,CAAC;QAClC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,cAAc,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG;oBACX,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,aAAa;oBACb,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;oBAChB,GAAG,cAAc;iBAClB,CAAC;gBACF,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC3C,aAAa,CAAC,IAAI,CAChB,OAAO,EACP;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAC9B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;gBACF,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,sCAAsC,CAAC;oBACzD,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,2BAA2B,CAAC,CAAC;gBACjD,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,yCAAyC,CAAC;oBAC5D,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBACpE,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,yBAAyB,CAAC,CAAC;gBACpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;oBAC7E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,oCAAoC,CAAC,YAAY,CAClD,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,oCAAoC,CAAC,KAAK,CAAC,CAAC;oBACzF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,SAAS;yBACpB,MAAM,CAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;yBAChF,IAAI,CAAC,GAAG,CAAC,CAAC;oBACb,MAAM,QAAQ,GAAG,kBAAkB,KAAK,EAAE,CAAC;oBAC3C,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,oCAAoC,CAAC,KAAK,IAAI,QAAQ,EAAE,CAC5D,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBACtD,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,IAAI,0BAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,oCAAoC,CAAC,OAAO,CACvE,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport type { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils.js\";\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const azureDeveloperCliPublicErrorMessages = {\n notInstalled:\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n login:\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n unknown: \"Unknown error while trying to retrieve the access token\",\n claim:\n \"This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:\",\n};\n\n/\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n let systemRoot = process.env.SystemRoot \|\| process.env[\"SYSTEMROOT\"];\n if (!systemRoot) {\n logger.getToken.warning(\n \"The SystemRoot environment variable is not set. This may cause issues when using the Azure Developer CLI credential.\",\n );\n\n systemRoot = \"C:\\\\Windows\";\n }\n\n return systemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n claims?: string,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n\n let claimsSections: string[] = [];\n if (claims) {\n const encodedClaims = btoa(claims);\n claimsSections = [\"--claims\", encodedClaims];\n }\n return new Promise((resolve, reject) => {\n try {\n const args = [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n \"--no-prompt\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ...claimsSections,\n ];\n const command = [\"azd\", ...args].join(\" \");\n child_process.exec(\n command,\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/entra/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n options.claims,\n );\n const isMFARequiredError =\n obj.stderr?.match(\"must use multi-factor authentication\") \|\|\n obj.stderr?.match(\"reauthentication required\");\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n azureDeveloperCliPublicErrorMessages.notInstalled,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(azureDeveloperCliPublicErrorMessages.login);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isMFARequiredError) {\n const scope = scopeList\n .reduce<string[]>((previous, current) => previous.concat(\"--scope\", current), [])\n .join(\" \");\n const loginCmd = `azd auth login ${scope}`;\n const error = new CredentialUnavailableError(\n `${azureDeveloperCliPublicErrorMessages.claim} ${loginCmd}`,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| azureDeveloperCliPublicErrorMessages.unknown,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}
1	+ {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAElF,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,aAAa,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,yBAAyB,EACzB,mCAAmC,GACpC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,+BAA+B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;GAGG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG;IAClD,YAAY,EACV,wKAAwK;IAC1K,KAAK,EACH,+NAA+N;IACjO,OAAO,EAAE,yDAAyD;IAClE,KAAK,EACH,gIAAgI;CACnI,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C;;;;;;;;OAQG;IACH,cAAc,CAAC,MAAc;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC;YACtC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7D,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,CAAC,QAAQ,CAAC,OAAO,CACrB,sHAAsH,CACvH,CAAC;gBAEF,UAAU,GAAG,aAAa,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB,EAChB,MAAe;QAEf,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,cAAc,GAAa,EAAE,CAAC;QAClC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,cAAc,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG;oBACX,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,aAAa;oBACb,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;oBAChB,GAAG,cAAc;iBAClB,CAAC;gBACF,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC3C,aAAa,CAAC,IAAI,CAChB,OAAO,EACP;oBACE,GAAG,EAAE,+BAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,OAAO,2BAA2B;IAC9B,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,OAAO,CAAU;IAEzB;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,yBAAyB,CACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YACrF,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,+BAA+B,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;gBACF,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,sCAAsC,CAAC;oBACzD,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,2BAA2B,CAAC,CAAC;gBACjD,MAAM,kBAAkB,GACtB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,yCAAyC,CAAC;oBAC5D,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBACpE,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;oBACtC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,yBAAyB,CAAC,CAAC;gBACpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;oBAC7E,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,oCAAoC,CAAC,YAAY,CAClD,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAAC,oCAAoC,CAAC,KAAK,CAAC,CAAC;oBACzF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,SAAS;yBACpB,MAAM,CAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;yBAChF,IAAI,CAAC,GAAG,CAAC,CAAC;oBACb,MAAM,QAAQ,GAAG,kBAAkB,KAAK,EAAE,CAAC;oBAC3C,MAAM,KAAK,GAAG,IAAI,0BAA0B,CAC1C,GAAG,oCAAoC,CAAC,KAAK,IAAI,QAAQ,EAAE,CAC5D,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBACtD,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,YAAY,GAAG,+BAA+B,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBAChF,MAAM,IAAI,0BAA0B,CAAC,YAAY,CAAC,CAAC;oBACrD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,0BAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,oCAAoC,CAAC,OAAO,CACvE,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport type { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils.js\";\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/*\n Messages to use when throwing in this credential.\n * @internal\n /\nexport const azureDeveloperCliPublicErrorMessages = {\n notInstalled:\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n login:\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n unknown: \"Unknown error while trying to retrieve the access token\",\n claim:\n \"This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:\",\n};\n\n/\n Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n /\nexport const developerCliCredentialInternals = {\n /\n Parses azd stderr JSON output to extract the error message.\n * azd outputs JSON like: \\{\"type\":\"consoleMessage\",\"timestamp\":\"...\",\"data\":\\{\"message\":\"ERROR: ...\"\\}\\}\n * If parsing succeeds and .data.message exists, returns the trimmed message.\n * Otherwise, returns the raw stderr.\n * @param stderr - The stderr output from azd command\n * @returns The parsed error message or raw stderr\n * @internal\n /\n parseAzdStderr(stderr: string): string {\n try {\n const parsed = JSON.parse(stderr);\n const message = parsed?.data?.message;\n if (typeof message === \"string\" && message.trim().length > 0) {\n return message.trim();\n }\n } catch {\n // If JSON parsing fails, fall through to return raw stderr\n }\n return stderr;\n },\n\n /\n @internal\n /\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n let systemRoot = process.env.SystemRoot \|\| process.env[\"SYSTEMROOT\"];\n if (!systemRoot) {\n logger.getToken.warning(\n \"The SystemRoot environment variable is not set. This may cause issues when using the Azure Developer CLI credential.\",\n );\n\n systemRoot = \"C:\\\\Windows\";\n }\n\n return systemRoot;\n } else {\n return \"/bin\";\n }\n },\n\n /\n Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n /\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n claims?: string,\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n\n let claimsSections: string[] = [];\n if (claims) {\n const encodedClaims = btoa(claims);\n claimsSections = [\"--claims\", encodedClaims];\n }\n return new Promise((resolve, reject) => {\n try {\n const args = [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n \"--no-prompt\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ...claimsSections,\n ];\n const command = [\"azd\", ...args].join(\" \");\n child_process.exec(\n command,\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\n/\n Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/entra/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n \n <h2> Configure AzureDeveloperCliCredential </h2>\n \n To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n \n <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n \n You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n /\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /\n Creates an instance of the {@link AzureDeveloperCliCredential}.\n \n To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n \n @param options - Options, to optionally allow multi-tenant requests.\n /\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /\n Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n options.claims,\n );\n const isMFARequiredError =\n obj.stderr?.match(\"must use multi-factor authentication\") \|\|\n obj.stderr?.match(\"reauthentication required\");\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") \|\|\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.)not found\") \|\|\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n if (isNotInstallError \|\| (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n azureDeveloperCliPublicErrorMessages.notInstalled,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(azureDeveloperCliPublicErrorMessages.login);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n if (isMFARequiredError) {\n const scope = scopeList\n .reduce<string[]>((previous, current) => previous.concat(\"--scope\", current), [])\n .join(\" \");\n const loginCmd = `azd auth login ${scope}`;\n const error = new CredentialUnavailableError(\n `${azureDeveloperCliPublicErrorMessages.claim} ${loginCmd}`,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (e: any) {\n if (obj.stderr) {\n const errorMessage = developerCliCredentialInternals.parseAzdStderr(obj.stderr);\n throw new CredentialUnavailableError(errorMessage);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message \|\| azureDeveloperCliPublicErrorMessages.unknown,\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist/workerd/credentials/azurePipelinesCredentialOptions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePipelinesCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,+BACf,~~SAAQ~~,iCAAiC,~~EACvC~~,4BAA4B,EAC5B,0BAA0B;CAAG"}
1	+ {"version":3,"file":"azurePipelinesCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,+BACf,SACE,iCAAiC,EACjC,4BAA4B,EAC5B,0BAA0B;CAAG"}

package/dist/workerd/credentials/azurePipelinesCredentialOptions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}
1	+ {"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/*\n Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n extends\n MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

package/dist/workerd/credentials/brokerCredential.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import { TokenCredentialOptions } from "../tokenCredentialOptions.js";
-import { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
 /**
  * Enables authentication to Microsoft Entra ID using WAM (Web Account Manager) broker.
  * This credential uses the default account logged into the OS via a broker.

package/dist/workerd/credentials/brokerCredential.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"brokerCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAatF,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;~~AACtE~~,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;~~AAK3F~~;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,eAAe;IACtD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,cAAc,CAAC,CAAS;IAChC,OAAO,CAAC,kCAAkC,CAAW;IAErD;;;;;;;OAOG;gBAED,OAAO,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,sBAAsB,GAAG,iCAAiC;~~IAwB7F~~;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA4B/F"}
1	+ {"version":3,"file":"brokerCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/brokerCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAatF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAKhG;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,eAAe;IACtD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,cAAc,CAAC,CAAS;IAChC,OAAO,CAAC,kCAAkC,CAAW;IAErD;;;;;;;OAOG;gBAED,OAAO,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,sBAAsB,GAAG,iCAAiC;IAuB7F;;;;;;;;;OASG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA4B/F"}

package/dist/workerd/credentials/brokerCredential.js CHANGED Viewed

@@ -29,7 +29,6 @@ export class BrokerCredential {
         this.brokerAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options?.additionallyAllowedTenants);
         const msalClientOptions = {
             ...options,
-            tokenCredentialOptions: options,
             logger,
             brokerOptions: {
                 enabled: true,