@azure/identity 4.14.0-beta.2 → 4.14.0-beta.3

package/dist/commonjs/credentials/deviceCodeCredential.js

@@ -1,109 +1,138 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DeviceCodeCredential = void 0;
-exports.defaultDeviceCodePromptCallback = defaultDeviceCodePromptCallback;
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const logging_js_1 = require("../util/logging.js");
-const scopeUtils_js_1 = require("../util/scopeUtils.js");
-const tracing_js_1 = require("../util/tracing.js");
-const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
-const constants_js_1 = require("../constants.js");
-const logger = (0, logging_js_1.credentialLogger)("DeviceCodeCredential");
-/**
- * Method that logs the user code from the DeviceCodeCredential.
- * @param deviceCodeInfo - The device code.
- */
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var deviceCodeCredential_exports = {};
+__export(deviceCodeCredential_exports, {
+  DeviceCodeCredential: () => DeviceCodeCredential,
+  defaultDeviceCodePromptCallback: () => defaultDeviceCodePromptCallback
+});
+module.exports = __toCommonJS(deviceCodeCredential_exports);
+var import_tenantIdUtils = require("../util/tenantIdUtils.js");
+var import_logging = require("../util/logging.js");
+var import_scopeUtils = require("../util/scopeUtils.js");
+var import_tracing = require("../util/tracing.js");
+var import_msalClient = require("../msal/nodeFlows/msalClient.js");
+var import_constants = require("../constants.js");
+const logger = (0, import_logging.credentialLogger)("DeviceCodeCredential");
 function defaultDeviceCodePromptCallback(deviceCodeInfo) {
-    console.log(deviceCodeInfo.message);
+  console.log(deviceCodeInfo.message);
 }
-/**
- * Enables authentication to Microsoft Entra ID using a device code
- * that the user can enter into https://microsoft.com/devicelogin.
- */
 class DeviceCodeCredential {
-    tenantId;
-    additionallyAllowedTenantIds;
-    disableAutomaticAuthentication;
-    msalClient;
-    userPromptCallback;
-    /**
-     * Creates an instance of DeviceCodeCredential with the details needed
-     * to initiate the device code authorization flow with Microsoft Entra ID.
-     *
-     * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
-     *
-     * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
-     *
-     * ```ts snippet:device_code_credential_example
-     * import { DeviceCodeCredential } from "@azure/identity";
-     *
-     * const credential = new DeviceCodeCredential({
-     *   tenantId: process.env.AZURE_TENANT_ID,
-     *   clientId: process.env.AZURE_CLIENT_ID,
-     *   userPromptCallback: (info) => {
-     *     console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
-     *   },
-     * });
-     * ```
-     *
-     * @param options - Options for configuring the client which makes the authentication requests.
-     */
-    constructor(options) {
-        this.tenantId = options?.tenantId;
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options?.additionallyAllowedTenants);
-        const clientId = options?.clientId ?? constants_js_1.DeveloperSignOnClientId;
-        const tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(logger, options?.tenantId, clientId);
-        this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;
-        this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, {
-            ...options,
-            logger,
+  tenantId;
+  additionallyAllowedTenantIds;
+  disableAutomaticAuthentication;
+  msalClient;
+  userPromptCallback;
+  /**
+   * Creates an instance of DeviceCodeCredential with the details needed
+   * to initiate the device code authorization flow with Microsoft Entra ID.
+   *
+   * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
+   *
+   * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
+   *
+   * ```ts snippet:device_code_credential_example
+   * import { DeviceCodeCredential } from "@azure/identity";
+   *
+   * const credential = new DeviceCodeCredential({
+   *   tenantId: process.env.AZURE_TENANT_ID,
+   *   clientId: process.env.AZURE_CLIENT_ID,
+   *   userPromptCallback: (info) => {
+   *     console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
+   *   },
+   * });
+   * ```
+   *
+   * @param options - Options for configuring the client which makes the authentication requests.
+   */
+  constructor(options) {
+    this.tenantId = options?.tenantId;
+    this.additionallyAllowedTenantIds = (0, import_tenantIdUtils.resolveAdditionallyAllowedTenantIds)(
+      options?.additionallyAllowedTenants
+    );
+    const clientId = options?.clientId ?? import_constants.DeveloperSignOnClientId;
+    const tenantId = (0, import_tenantIdUtils.resolveTenantId)(logger, options?.tenantId, clientId);
+    this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;
+    this.msalClient = (0, import_msalClient.createMsalClient)(clientId, tenantId, {
+      ...options,
+      logger
+    });
+    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
+  }
+  /**
+   * Authenticates with Microsoft Entra ID and returns an access token if successful.
+   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+   *
+   * If the user provided the option `disableAutomaticAuthentication`,
+   * once the token can't be retrieved silently,
+   * this method won't attempt to request user interaction to retrieve the token.
+   *
+   * @param scopes - The list of scopes for which the token will have access.
+   * @param options - The options used to configure any requests this
+   *                TokenCredential implementation might make.
+   */
+  async getToken(scopes, options = {}) {
+    return import_tracing.tracingClient.withSpan(
+      `${this.constructor.name}.getToken`,
+      options,
+      async (newOptions) => {
+        newOptions.tenantId = (0, import_tenantIdUtils.processMultiTenantRequest)(
+          this.tenantId,
+          newOptions,
+          this.additionallyAllowedTenantIds,
+          logger
+        );
+        const arrayScopes = (0, import_scopeUtils.ensureScopes)(scopes);
+        return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
+          ...newOptions,
+          disableAutomaticAuthentication: this.disableAutomaticAuthentication
         });
-        this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the user provided the option `disableAutomaticAuthentication`,
-     * once the token can't be retrieved silently,
-     * this method won't attempt to request user interaction to retrieve the token.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
-            newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
-            return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
-                ...newOptions,
-                disableAutomaticAuthentication: this.disableAutomaticAuthentication,
-            });
+      }
+    );
+  }
+  /**
+   * Authenticates with Microsoft Entra ID and returns an access token if successful.
+   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+   *
+   * If the token can't be retrieved silently, this method will always generate a challenge for the user.
+   *
+   * @param scopes - The list of scopes for which the token will have access.
+   * @param options - The options used to configure any requests this
+   *                  TokenCredential implementation might make.
+   */
+  async authenticate(scopes, options = {}) {
+    return import_tracing.tracingClient.withSpan(
+      `${this.constructor.name}.authenticate`,
+      options,
+      async (newOptions) => {
+        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
+        await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
+          ...newOptions,
+          disableAutomaticAuthentication: false
+          // this method should always allow user interaction
         });
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                  TokenCredential implementation might make.
-     */
-    async authenticate(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.authenticate`, options, async (newOptions) => {
-            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-            await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {
-                ...newOptions,
-                disableAutomaticAuthentication: false, // this method should always allow user interaction
-            });
-            return this.msalClient.getActiveAccount();
-        });
-    }
+        return this.msalClient.getActiveAccount();
+      }
+    );
+  }
 }
-exports.DeviceCodeCredential = DeviceCodeCredential;
-//# sourceMappingURL=deviceCodeCredential.js.map
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DeviceCodeCredential,
+  defaultDeviceCodePromptCallback
+});
+//# sourceMappingURL=deviceCodeCredential.js.map

package/dist/commonjs/credentials/deviceCodeCredential.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"deviceCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA2BlC,0EAEC;AA1BD,+DAIkC;AAOlC,mDAAsD;AACtD,yDAAqD;AACrD,mDAAmD;AAEnD,mEAAmE;AACnE,kDAA0D;AAE1D,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,sBAAsB,CAAC,CAAC;AAExD;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAa,oBAAoB;IACvB,QAAQ,CAAU;IAClB,4BAA4B,CAAW;IACvC,8BAA8B,CAAW;IACzC,UAAU,CAAa;IACvB,kBAAkB,CAA2B;IAErD;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,YAAY,OAAqC;QAC/C,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;QAClC,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,EAAE,0BAA0B,CACpC,CAAC;QACF,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,sCAAuB,CAAC;QAC9D,MAAM,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,IAAI,+BAA+B,CAAC;QACzF,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,EAAE;YACrD,GAAG,OAAO;YACV,MAAM;SACP,CAAC,CAAC;QACH,IAAI,CAAC,8BAA8B,GAAG,OAAO,EAAE,8BAA8B,CAAC;IAChF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBAChF,GAAG,UAAU;gBACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;aACpE,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe,EACvC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBAC/E,GAAG,UAAU;gBACb,8BAA8B,EAAE,KAAK,EAAE,mDAAmD;aAC3F,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC5C,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AAxGD,oDAwGC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\nimport type {\n  DeviceCodeCredentialOptions,\n  DeviceCodeInfo,\n  DeviceCodePromptCallback,\n} from \"./deviceCodeCredentialOptions.js\";\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n  console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Microsoft Entra ID using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n  private tenantId?: string;\n  private additionallyAllowedTenantIds: string[];\n  private disableAutomaticAuthentication?: boolean;\n  private msalClient: MsalClient;\n  private userPromptCallback: DeviceCodePromptCallback;\n\n  /**\n   * Creates an instance of DeviceCodeCredential with the details needed\n   * to initiate the device code authorization flow with Microsoft Entra ID.\n   *\n   * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n   *\n   * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n   *\n   * ```ts snippet:device_code_credential_example\n   * import { DeviceCodeCredential } from \"@azure/identity\";\n   *\n   * const credential = new DeviceCodeCredential({\n   *   tenantId: process.env.AZURE_TENANT_ID,\n   *   clientId: process.env.AZURE_CLIENT_ID,\n   *   userPromptCallback: (info) => {\n   *     console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n   *   },\n   * });\n   * ```\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(options?: DeviceCodeCredentialOptions) {\n    this.tenantId = options?.tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n    const clientId = options?.clientId ?? DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(logger, options?.tenantId, clientId);\n    this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n          ...newOptions,\n          disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n        });\n      },\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<AuthenticationRecord | undefined> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.authenticate`,\n      options,\n      async (newOptions) => {\n        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n        await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n          ...newOptions,\n          disableAutomaticAuthentication: false, // this method should always allow user interaction\n        });\n        return this.msalClient.getActiveAccount();\n      },\n    );\n  }\n}\n"]}
+{
+  "version": 3,
+  "sources": ["../../../src/credentials/deviceCodeCredential.ts"],
+  "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../util/tenantIdUtils.js\";\nimport type {\n  DeviceCodeCredentialOptions,\n  DeviceCodeInfo,\n  DeviceCodePromptCallback,\n} from \"./deviceCodeCredentialOptions.js\";\nimport type { AuthenticationRecord } from \"../msal/types.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { DeveloperSignOnClientId } from \"../constants.js\";\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/**\n * Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n */\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n  console.log(deviceCodeInfo.message);\n}\n\n/**\n * Enables authentication to Microsoft Entra ID using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n */\nexport class DeviceCodeCredential implements TokenCredential {\n  private tenantId?: string;\n  private additionallyAllowedTenantIds: string[];\n  private disableAutomaticAuthentication?: boolean;\n  private msalClient: MsalClient;\n  private userPromptCallback: DeviceCodePromptCallback;\n\n  /**\n   * Creates an instance of DeviceCodeCredential with the details needed\n   * to initiate the device code authorization flow with Microsoft Entra ID.\n   *\n   * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin\n   *\n   * Developers can configure how this message is shown by passing a custom `userPromptCallback`:\n   *\n   * ```ts snippet:device_code_credential_example\n   * import { DeviceCodeCredential } from \"@azure/identity\";\n   *\n   * const credential = new DeviceCodeCredential({\n   *   tenantId: process.env.AZURE_TENANT_ID,\n   *   clientId: process.env.AZURE_CLIENT_ID,\n   *   userPromptCallback: (info) => {\n   *     console.log(\"CUSTOMIZED PROMPT CALLBACK\", info.message);\n   *   },\n   * });\n   * ```\n   *\n   * @param options - Options for configuring the client which makes the authentication requests.\n   */\n  constructor(options?: DeviceCodeCredentialOptions) {\n    this.tenantId = options?.tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n    const clientId = options?.clientId ?? DeveloperSignOnClientId;\n    const tenantId = resolveTenantId(logger, options?.tenantId, clientId);\n    this.userPromptCallback = options?.userPromptCallback ?? defaultDeviceCodePromptCallback;\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n    });\n    this.disableAutomaticAuthentication = options?.disableAutomaticAuthentication;\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the user provided the option `disableAutomaticAuthentication`,\n   * once the token can't be retrieved silently,\n   * this method won't attempt to request user interaction to retrieve the token.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n          ...newOptions,\n          disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n        });\n      },\n    );\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * If the token can't be retrieved silently, this method will always generate a challenge for the user.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                  TokenCredential implementation might make.\n   */\n  async authenticate(\n    scopes: string | string[],\n    options: GetTokenOptions = {},\n  ): Promise<AuthenticationRecord | undefined> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.authenticate`,\n      options,\n      async (newOptions) => {\n        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n        await this.msalClient.getTokenByDeviceCode(arrayScopes, this.userPromptCallback, {\n          ...newOptions,\n          disableAutomaticAuthentication: false, // this method should always allow user interaction\n        });\n        return this.msalClient.getActiveAccount();\n      },\n    );\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,2BAIO;AAOP,qBAAiC;AACjC,wBAA6B;AAC7B,qBAA8B;AAE9B,wBAAiC;AACjC,uBAAwC;AAExC,MAAM,aAAS,iCAAiB,sBAAsB;AAM/C,SAAS,gCAAgC,gBAAsC;AACpF,UAAQ,IAAI,eAAe,OAAO;AACpC;AAMO,MAAM,qBAAgD;AAAA,EACnD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBR,YAAY,SAAuC;AACjD,SAAK,WAAW,SAAS;AACzB,SAAK,mCAA+B;AAAA,MAClC,SAAS;AAAA,IACX;AACA,UAAM,WAAW,SAAS,YAAY;AACtC,UAAM,eAAW,sCAAgB,QAAQ,SAAS,UAAU,QAAQ;AACpE,SAAK,qBAAqB,SAAS,sBAAsB;AACzD,SAAK,iBAAa,oCAAiB,UAAU,UAAU;AAAA,MACrD,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AACD,SAAK,iCAAiC,SAAS;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,SAAS,QAA2B,UAA2B,CAAC,GAAyB;AAC7F,WAAO,6BAAc;AAAA,MACnB,GAAG,KAAK,YAAY,IAAI;AAAA,MACxB;AAAA,MACA,OAAO,eAAe;AACpB,mBAAW,eAAW;AAAA,UACpB,KAAK;AAAA,UACL;AAAA,UACA,KAAK;AAAA,UACL;AAAA,QACF;AAEA,cAAM,kBAAc,gCAAa,MAAM;AACvC,eAAO,KAAK,WAAW,qBAAqB,aAAa,KAAK,oBAAoB;AAAA,UAChF,GAAG;AAAA,UACH,gCAAgC,KAAK;AAAA,QACvC,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,aACJ,QACA,UAA2B,CAAC,GACe;AAC3C,WAAO,6BAAc;AAAA,MACnB,GAAG,KAAK,YAAY,IAAI;AAAA,MACxB;AAAA,MACA,OAAO,eAAe;AACpB,cAAM,cAAc,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC,MAAM;AAC5D,cAAM,KAAK,WAAW,qBAAqB,aAAa,KAAK,oBAAoB;AAAA,UAC/E,GAAG;AAAA,UACH,gCAAgC;AAAA;AAAA,QAClC,CAAC;AACD,eAAO,KAAK,WAAW,iBAAiB;AAAA,MAC1C;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/commonjs/credentials/deviceCodeCredentialOptions.js

@@ -1,5 +1,16 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=deviceCodeCredentialOptions.js.map
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var deviceCodeCredentialOptions_exports = {};
+module.exports = __toCommonJS(deviceCodeCredentialOptions_exports);
+//# sourceMappingURL=deviceCodeCredentialOptions.js.map

package/dist/commonjs/credentials/deviceCodeCredentialOptions.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"deviceCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/deviceCodeCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { InteractiveCredentialOptions } from \"./interactiveCredentialOptions.js\";\n\n/**\n * Provides the user code and verification URI where the code must be\n * entered.  Also provides a message to display to the user which\n * contains an instruction with these details.\n */\nexport interface DeviceCodeInfo {\n  /**\n   * The device code that the user must enter into the verification page.\n   */\n  userCode: string;\n\n  /**\n   * The verification URI to which the user must navigate to enter the device\n   * code.\n   */\n  verificationUri: string;\n\n  /**\n   * A message that may be shown to the user to instruct them on how to enter\n   * the device code in the page specified by the verification URI.\n   */\n  message: string;\n}\n\n/**\n * Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n */\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\n/**\n * Defines options for the InteractiveBrowserCredential class for Node.js.\n */\nexport interface DeviceCodeCredentialOptions\n  extends InteractiveCredentialOptions, CredentialPersistenceOptions {\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n  /**\n   * Client ID of the Microsoft Entra application that users will sign into.\n   * It is recommended that developers register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   * If not specified, users will authenticate to an Azure development application,\n   * which is not recommended for production scenarios.\n   */\n  clientId?: string;\n  /**\n   * A callback function that will be invoked to show {@link DeviceCodeInfo} to the user.\n   * If left unassigned, we will automatically log the device code information\n   * and the authentication instructions in the console.\n   */\n  userPromptCallback?: DeviceCodePromptCallback;\n}\n"]}
+{
+  "version": 3,
+  "sources": ["../../../src/credentials/deviceCodeCredentialOptions.ts"],
+  "sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { InteractiveCredentialOptions } from \"./interactiveCredentialOptions.js\";\n\n/**\n * Provides the user code and verification URI where the code must be\n * entered.  Also provides a message to display to the user which\n * contains an instruction with these details.\n */\nexport interface DeviceCodeInfo {\n  /**\n   * The device code that the user must enter into the verification page.\n   */\n  userCode: string;\n\n  /**\n   * The verification URI to which the user must navigate to enter the device\n   * code.\n   */\n  verificationUri: string;\n\n  /**\n   * A message that may be shown to the user to instruct them on how to enter\n   * the device code in the page specified by the verification URI.\n   */\n  message: string;\n}\n\n/**\n * Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n */\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\n/**\n * Defines options for the InteractiveBrowserCredential class for Node.js.\n */\nexport interface DeviceCodeCredentialOptions\n  extends InteractiveCredentialOptions, CredentialPersistenceOptions {\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n  /**\n   * Client ID of the Microsoft Entra application that users will sign into.\n   * It is recommended that developers register their applications and assign appropriate roles.\n   * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.\n   * If not specified, users will authenticate to an Azure development application,\n   * which is not recommended for production scenarios.\n   */\n  clientId?: string;\n  /**\n   * A callback function that will be invoked to show {@link DeviceCodeInfo} to the user.\n   * If left unassigned, we will automatically log the device code information\n   * and the authentication instructions in the console.\n   */\n  userPromptCallback?: DeviceCodePromptCallback;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;AAAA;AAAA;",
+  "names": []
+}

package/dist/commonjs/credentials/environmentCredential.js

@@ -1,133 +1,167 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.EnvironmentCredential = exports.AllSupportedEnvironmentVariables = void 0;
-exports.getSendCertificateChain = getSendCertificateChain;
-const errors_js_1 = require("../errors.js");
-const logging_js_1 = require("../util/logging.js");
-const clientCertificateCredential_js_1 = require("./clientCertificateCredential.js");
-const clientSecretCredential_js_1 = require("./clientSecretCredential.js");
-const usernamePasswordCredential_js_1 = require("./usernamePasswordCredential.js");
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const tracing_js_1 = require("../util/tracing.js");
-/**
- * Contains the list of all supported environment variable names so that an
- * appropriate error message can be generated when no credentials can be
- * configured.
- *
- * @internal
- */
-exports.AllSupportedEnvironmentVariables = [
-    "AZURE_TENANT_ID",
-    "AZURE_CLIENT_ID",
-    "AZURE_CLIENT_SECRET",
-    "AZURE_CLIENT_CERTIFICATE_PATH",
-    "AZURE_CLIENT_CERTIFICATE_PASSWORD",
-    "AZURE_USERNAME",
-    "AZURE_PASSWORD",
-    "AZURE_ADDITIONALLY_ALLOWED_TENANTS",
-    "AZURE_CLIENT_SEND_CERTIFICATE_CHAIN",
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var environmentCredential_exports = {};
+__export(environmentCredential_exports, {
+  AllSupportedEnvironmentVariables: () => AllSupportedEnvironmentVariables,
+  EnvironmentCredential: () => EnvironmentCredential,
+  getSendCertificateChain: () => getSendCertificateChain
+});
+module.exports = __toCommonJS(environmentCredential_exports);
+var import_errors = require("../errors.js");
+var import_logging = require("../util/logging.js");
+var import_clientCertificateCredential = require("./clientCertificateCredential.js");
+var import_clientSecretCredential = require("./clientSecretCredential.js");
+var import_usernamePasswordCredential = require("./usernamePasswordCredential.js");
+var import_tenantIdUtils = require("../util/tenantIdUtils.js");
+var import_tracing = require("../util/tracing.js");
+const AllSupportedEnvironmentVariables = [
+  "AZURE_TENANT_ID",
+  "AZURE_CLIENT_ID",
+  "AZURE_CLIENT_SECRET",
+  "AZURE_CLIENT_CERTIFICATE_PATH",
+  "AZURE_CLIENT_CERTIFICATE_PASSWORD",
+  "AZURE_USERNAME",
+  "AZURE_PASSWORD",
+  "AZURE_ADDITIONALLY_ALLOWED_TENANTS",
+  "AZURE_CLIENT_SEND_CERTIFICATE_CHAIN"
 ];
 function getAdditionallyAllowedTenants() {
-    const additionallyAllowedValues = process.env.AZURE_ADDITIONALLY_ALLOWED_TENANTS ?? "";
-    return additionallyAllowedValues.split(";");
+  const additionallyAllowedValues = process.env.AZURE_ADDITIONALLY_ALLOWED_TENANTS ?? "";
+  return additionallyAllowedValues.split(";");
 }
 const credentialName = "EnvironmentCredential";
-const logger = (0, logging_js_1.credentialLogger)(credentialName);
+const logger = (0, import_logging.credentialLogger)(credentialName);
 function getSendCertificateChain() {
-    const sendCertificateChain = (process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN ?? "").toLowerCase();
-    const result = sendCertificateChain === "true" || sendCertificateChain === "1";
-    logger.verbose(`AZURE_CLIENT_SEND_CERTIFICATE_CHAIN: ${process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN}; sendCertificateChain: ${result}`);
-    return result;
+  const sendCertificateChain = (process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN ?? "").toLowerCase();
+  const result = sendCertificateChain === "true" || sendCertificateChain === "1";
+  logger.verbose(
+    `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN: ${process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN}; sendCertificateChain: ${result}`
+  );
+  return result;
 }
-/**
- * Enables authentication to Microsoft Entra ID using a client secret or certificate.
- */
 class EnvironmentCredential {
-    _credential = undefined;
-    /**
-     * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
-     *
-     * Required environment variables:
-     * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
-     * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
-     *
-     * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
-     * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
-     *
-     * Environment variables used for client credential authentication:
-     * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
-     * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
-     * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
-     * - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.
-     *
-     * Username and password authentication is deprecated, since it doesn't support multifactor authentication (MFA). See https://aka.ms/azsdk/identity/mfa for more details. Users can still provide environment variables for this authentication method:
-     * - `AZURE_USERNAME`: Username to authenticate with.
-     * - `AZURE_PASSWORD`: Password to authenticate with.
-     *
-     * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.
-     * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.
-     *
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(options) {
-        // Keep track of any missing environment variables for error details
-        const assigned = (0, logging_js_1.processEnvVars)(exports.AllSupportedEnvironmentVariables).assigned.join(", ");
-        logger.info(`Found the following environment variables: ${assigned}`);
-        const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
-        const additionallyAllowedTenantIds = getAdditionallyAllowedTenants();
-        const sendCertificateChain = getSendCertificateChain();
-        const newOptions = { ...options, additionallyAllowedTenantIds, sendCertificateChain };
-        if (tenantId) {
-            (0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
-        }
-        if (tenantId && clientId && clientSecret) {
-            logger.info(`Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`);
-            this._credential = new clientSecretCredential_js_1.ClientSecretCredential(tenantId, clientId, clientSecret, newOptions);
-            return;
-        }
-        const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
-        const certificatePassword = process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD;
-        if (tenantId && clientId && certificatePath) {
-            logger.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
-            this._credential = new clientCertificateCredential_js_1.ClientCertificateCredential(tenantId, clientId, { certificatePath, certificatePassword }, newOptions);
-            return;
-        }
-        const username = process.env.AZURE_USERNAME;
-        const password = process.env.AZURE_PASSWORD;
-        if (tenantId && clientId && username && password) {
-            logger.info(`Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`);
-            logger.warning("Environment is configured to use username and password authentication. This authentication method is deprecated, as it doesn't support multifactor authentication (MFA). Use a more secure credential. For more details, see https://aka.ms/azsdk/identity/mfa.");
-            this._credential = new usernamePasswordCredential_js_1.UsernamePasswordCredential(tenantId, clientId, username, password, newOptions);
-        }
+  _credential = void 0;
+  /**
+   * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
+   *
+   * Required environment variables:
+   * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
+   * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
+   *
+   * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
+   * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
+   *
+   * Environment variables used for client credential authentication:
+   * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
+   * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
+   * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+   * - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.
+   *
+   * Username and password authentication is deprecated, since it doesn't support multifactor authentication (MFA). See https://aka.ms/azsdk/identity/mfa for more details. Users can still provide environment variables for this authentication method:
+   * - `AZURE_USERNAME`: Username to authenticate with.
+   * - `AZURE_PASSWORD`: Password to authenticate with.
+   *
+   * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.
+   * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.
+   *
+   * @param options - Options for configuring the client which makes the authentication request.
+   */
+  constructor(options) {
+    const assigned = (0, import_logging.processEnvVars)(AllSupportedEnvironmentVariables).assigned.join(", ");
+    logger.info(`Found the following environment variables: ${assigned}`);
+    const tenantId = process.env.AZURE_TENANT_ID, clientId = process.env.AZURE_CLIENT_ID, clientSecret = process.env.AZURE_CLIENT_SECRET;
+    const additionallyAllowedTenantIds = getAdditionallyAllowedTenants();
+    const sendCertificateChain = getSendCertificateChain();
+    const newOptions = { ...options, additionallyAllowedTenantIds, sendCertificateChain };
+    if (tenantId) {
+      (0, import_tenantIdUtils.checkTenantId)(logger, tenantId);
     }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - Optional parameters. See {@link GetTokenOptions}.
-     */
-    async getToken(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
-            if (this._credential) {
-                try {
-                    const result = await this._credential.getToken(scopes, newOptions);
-                    logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
-                    return result;
-                }
-                catch (err) {
-                    const authenticationError = new errors_js_1.AuthenticationError(400, {
-                        error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
-                        error_description: err.message.toString().split("More details:").join(""),
-                    });
-                    logger.getToken.info((0, logging_js_1.formatError)(scopes, authenticationError));
-                    throw authenticationError;
-                }
-            }
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`);
-        });
+    if (tenantId && clientId && clientSecret) {
+      logger.info(
+        `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`
+      );
+      this._credential = new import_clientSecretCredential.ClientSecretCredential(tenantId, clientId, clientSecret, newOptions);
+      return;
     }
+    const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
+    const certificatePassword = process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD;
+    if (tenantId && clientId && certificatePath) {
+      logger.info(
+        `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`
+      );
+      this._credential = new import_clientCertificateCredential.ClientCertificateCredential(
+        tenantId,
+        clientId,
+        { certificatePath, certificatePassword },
+        newOptions
+      );
+      return;
+    }
+    const username = process.env.AZURE_USERNAME;
+    const password = process.env.AZURE_PASSWORD;
+    if (tenantId && clientId && username && password) {
+      logger.info(
+        `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`
+      );
+      logger.warning(
+        "Environment is configured to use username and password authentication. This authentication method is deprecated, as it doesn't support multifactor authentication (MFA). Use a more secure credential. For more details, see https://aka.ms/azsdk/identity/mfa."
+      );
+      this._credential = new import_usernamePasswordCredential.UsernamePasswordCredential(
+        tenantId,
+        clientId,
+        username,
+        password,
+        newOptions
+      );
+    }
+  }
+  /**
+   * Authenticates with Microsoft Entra ID and returns an access token if successful.
+   *
+   * @param scopes - The list of scopes for which the token will have access.
+   * @param options - Optional parameters. See {@link GetTokenOptions}.
+   */
+  async getToken(scopes, options = {}) {
+    return import_tracing.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
+      if (this._credential) {
+        try {
+          const result = await this._credential.getToken(scopes, newOptions);
+          logger.getToken.info((0, import_logging.formatSuccess)(scopes));
+          return result;
+        } catch (err) {
+          const authenticationError = new import_errors.AuthenticationError(400, {
+            error: `${credentialName} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,
+            error_description: err.message.toString().split("More details:").join("")
+          });
+          logger.getToken.info((0, import_logging.formatError)(scopes, authenticationError));
+          throw authenticationError;
+        }
+      }
+      throw new import_errors.CredentialUnavailableError(
+        `${credentialName} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`
+      );
+    });
+  }
 }
-exports.EnvironmentCredential = EnvironmentCredential;
-//# sourceMappingURL=environmentCredential.js.map
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AllSupportedEnvironmentVariables,
+  EnvironmentCredential,
+  getSendCertificateChain
+});
+//# sourceMappingURL=environmentCredential.js.map