@azure/identity 4.14.0-beta.2 → 4.14.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/constants.d.ts +1 -1
- package/dist/browser/constants.js +1 -1
- package/dist/browser/constants.js.map +1 -1
- package/dist/browser/credentials/authorizationCodeCredential.d.ts +3 -3
- package/dist/browser/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential.js +2 -2
- package/dist/browser/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/browser/credentials/azureCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureCliCredential.js +3 -3
- package/dist/browser/credentials/azureCliCredential.js.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts +5 -4
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.js +3 -3
- package/dist/browser/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.js +3 -3
- package/dist/browser/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential.d.ts +5 -4
- package/dist/browser/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential.js +3 -3
- package/dist/browser/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential.d.ts +5 -4
- package/dist/browser/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential.js +3 -3
- package/dist/browser/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential.d.ts +6 -4
- package/dist/browser/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential.js +3 -3
- package/dist/browser/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/browser/credentials/clientSecretCredential.d.ts +1 -1
- package/dist/browser/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/browser/credentials/clientSecretCredential.js +1 -1
- package/dist/browser/credentials/clientSecretCredential.js.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential.d.ts +3 -3
- package/dist/browser/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential.js +2 -2
- package/dist/browser/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/browser/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/browser/credentials/deviceCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential.js +3 -3
- package/dist/browser/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/browser/credentials/environmentCredential.d.ts +5 -4
- package/dist/browser/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/browser/credentials/environmentCredential.js +3 -3
- package/dist/browser/credentials/environmentCredential.js.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential.js +1 -1
- package/dist/browser/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts +9 -4
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index.js +3 -3
- package/dist/browser/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential.d.ts +5 -4
- package/dist/browser/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential.js +3 -3
- package/dist/browser/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.d.ts +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.js +1 -1
- package/dist/browser/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts +5 -4
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential.js +3 -3
- package/dist/browser/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.d.ts +5 -4
- package/dist/browser/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.js +3 -3
- package/dist/browser/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/browser/index.d.ts +33 -33
- package/dist/browser/index.d.ts.map +1 -1
- package/dist/browser/index.js.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/browser/msal/msal.d.ts +2 -3
- package/dist/browser/msal/msal.d.ts.map +1 -0
- package/dist/browser/msal/msal.js +2 -3
- package/dist/browser/msal/msal.js.map +1 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts +2 -2
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/browser/msal/nodeFlows/msalClient.js +3 -3
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/browser/msal/utils.d.ts +5 -4
- package/dist/browser/msal/utils.d.ts.map +1 -1
- package/dist/browser/msal/utils.js +10 -10
- package/dist/browser/msal/utils.js.map +1 -1
- package/dist/browser/plugins/consumer.d.ts +1 -1
- package/dist/browser/plugins/consumer.d.ts.map +1 -0
- package/dist/browser/plugins/consumer.js +1 -1
- package/dist/browser/plugins/consumer.js.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.d.ts +3 -2
- package/dist/browser/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.js +2 -2
- package/dist/browser/util/processMultiTenantRequest.js.map +1 -0
- package/dist/commonjs/client/identityClient.js +294 -288
- package/dist/commonjs/client/identityClient.js.map +7 -1
- package/dist/commonjs/constants.d.ts +1 -1
- package/dist/commonjs/constants.js +61 -78
- package/dist/commonjs/constants.js.map +7 -1
- package/dist/commonjs/credentials/authorityValidationOptions.js +16 -5
- package/dist/commonjs/credentials/authorityValidationOptions.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredential.js +98 -74
- package/dist/commonjs/credentials/authorizationCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredential.js +245 -214
- package/dist/commonjs/credentials/azureCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js +237 -225
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +7 -1
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredential.js +173 -135
- package/dist/commonjs/credentials/azurePipelinesCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredential.js +201 -205
- package/dist/commonjs/credentials/azurePowerShellCredential.js.map +7 -1
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerAuthOptions.js +16 -3
- package/dist/commonjs/credentials/brokerAuthOptions.js.map +7 -1
- package/dist/commonjs/credentials/brokerCredential.js +103 -70
- package/dist/commonjs/credentials/brokerCredential.js.map +7 -1
- package/dist/commonjs/credentials/browserCustomizationOptions.js +16 -5
- package/dist/commonjs/credentials/browserCustomizationOptions.js.map +7 -1
- package/dist/commonjs/credentials/chainedTokenCredential.js +113 -93
- package/dist/commonjs/credentials/chainedTokenCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredential.js +101 -63
- package/dist/commonjs/credentials/clientAssertionCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredential.js +129 -123
- package/dist/commonjs/credentials/clientCertificateCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialModels.js.map +7 -1
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredential.js +96 -67
- package/dist/commonjs/credentials/clientSecretCredential.js.map +7 -1
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/credentialPersistenceOptions.js +16 -5
- package/dist/commonjs/credentials/credentialPersistenceOptions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredential.js +121 -159
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js +110 -140
- package/dist/commonjs/credentials/defaultAzureCredentialFunctions.js.map +7 -1
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredential.js +132 -103
- package/dist/commonjs/credentials/deviceCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredential.js +157 -123
- package/dist/commonjs/credentials/environmentCredential.js.map +7 -1
- package/dist/commonjs/credentials/environmentCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/environmentCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredential.js +144 -107
- package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +7 -1
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/interactiveCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/interactiveCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +92 -91
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +51 -44
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +256 -242
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/models.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/models.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/options.js +16 -5
- package/dist/commonjs/credentials/managedIdentityCredential/options.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +56 -39
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +7 -1
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js +79 -75
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js.map +7 -1
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredential.js +168 -126
- package/dist/commonjs/credentials/onBehalfOfCredential.js.map +7 -1
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredential.js +112 -75
- package/dist/commonjs/credentials/usernamePasswordCredential.js.map +7 -1
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredential.js +144 -132
- package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +7 -1
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js +16 -5
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredential.js +284 -274
- package/dist/commonjs/credentials/workloadIdentityCredential.js.map +7 -1
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js +16 -5
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js.map +7 -1
- package/dist/commonjs/errors.js +131 -132
- package/dist/commonjs/errors.js.map +7 -1
- package/dist/commonjs/index.d.ts +33 -33
- package/dist/commonjs/index.d.ts.map +1 -1
- package/dist/commonjs/index.js +115 -67
- package/dist/commonjs/index.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +226 -249
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +7 -1
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js +16 -5
- package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js.map +7 -1
- package/dist/commonjs/msal/credentials.js +16 -5
- package/dist/commonjs/msal/credentials.js.map +7 -1
- package/dist/commonjs/msal/msal.d.ts +1 -2
- package/dist/commonjs/msal/msal.d.ts.map +1 -1
- package/dist/commonjs/msal/msal.js +30 -9
- package/dist/commonjs/msal/msal.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js +16 -3
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +2 -2
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/commonjs/msal/nodeFlows/msalClient.js +450 -478
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js +140 -147
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +7 -1
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js +16 -5
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js.map +7 -1
- package/dist/commonjs/msal/types.js +16 -5
- package/dist/commonjs/msal/types.js.map +7 -1
- package/dist/commonjs/msal/utils.d.ts +5 -4
- package/dist/commonjs/msal/utils.d.ts.map +1 -1
- package/dist/commonjs/msal/utils.js +171 -211
- package/dist/commonjs/msal/utils.js.map +7 -1
- package/dist/commonjs/plugins/consumer.js +32 -40
- package/dist/commonjs/plugins/consumer.js.map +7 -1
- package/dist/commonjs/plugins/provider.js +16 -5
- package/dist/commonjs/plugins/provider.js.map +7 -1
- package/dist/commonjs/regionalAuthority.js +93 -141
- package/dist/commonjs/regionalAuthority.js.map +7 -1
- package/dist/commonjs/tokenCredentialOptions.js +16 -5
- package/dist/commonjs/tokenCredentialOptions.js.map +7 -1
- package/dist/commonjs/tokenProvider.js +52 -52
- package/dist/commonjs/tokenProvider.js.map +7 -1
- package/dist/commonjs/tsdoc-metadata.json +1 -1
- package/dist/commonjs/util/authorityHost.js +34 -19
- package/dist/commonjs/util/authorityHost.js.map +7 -1
- package/dist/commonjs/util/certificatesUtils.js +54 -45
- package/dist/commonjs/util/certificatesUtils.js.map +7 -1
- package/dist/commonjs/util/identityTokenEndpoint.js +32 -12
- package/dist/commonjs/util/identityTokenEndpoint.js.map +7 -1
- package/dist/commonjs/util/logging.js +91 -97
- package/dist/commonjs/util/logging.js.map +7 -1
- package/dist/commonjs/util/processMultiTenantRequest.js +43 -33
- package/dist/commonjs/util/processMultiTenantRequest.js.map +7 -1
- package/dist/commonjs/util/processUtils.js +60 -35
- package/dist/commonjs/util/processUtils.js.map +7 -1
- package/dist/commonjs/util/scopeUtils.js +39 -28
- package/dist/commonjs/util/scopeUtils.js.map +7 -1
- package/dist/commonjs/util/subscriptionUtils.js +35 -17
- package/dist/commonjs/util/subscriptionUtils.js.map +7 -1
- package/dist/commonjs/util/tenantIdUtils.js +61 -45
- package/dist/commonjs/util/tenantIdUtils.js.map +7 -1
- package/dist/commonjs/util/tracing.js +33 -16
- package/dist/commonjs/util/tracing.js.map +7 -1
- package/dist/esm/constants.d.ts +1 -1
- package/dist/esm/constants.js +1 -1
- package/dist/esm/constants.js.map +1 -1
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/esm/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/esm/index.d.ts +33 -33
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/esm/msal/msal.d.ts +1 -2
- package/dist/esm/msal/msal.d.ts.map +1 -1
- package/dist/esm/msal/msal.js +1 -2
- package/dist/esm/msal/msal.js.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.d.ts +2 -2
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/esm/msal/nodeFlows/msalClient.js +3 -3
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/esm/msal/utils.d.ts +5 -4
- package/dist/esm/msal/utils.d.ts.map +1 -1
- package/dist/esm/msal/utils.js +10 -10
- package/dist/esm/msal/utils.js.map +1 -1
- package/dist/workerd/constants.d.ts +1 -1
- package/dist/workerd/constants.js +1 -1
- package/dist/workerd/constants.js.map +1 -1
- package/dist/workerd/credentials/defaultAzureCredentialOptions.d.ts +2 -2
- package/dist/workerd/credentials/defaultAzureCredentialOptions.js.map +1 -1
- package/dist/workerd/index.d.ts +33 -33
- package/dist/workerd/index.d.ts.map +1 -1
- package/dist/workerd/index.js.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -1
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js +2 -3
- package/dist/workerd/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist/workerd/msal/msal.d.ts +1 -2
- package/dist/workerd/msal/msal.d.ts.map +1 -1
- package/dist/workerd/msal/msal.js +1 -2
- package/dist/workerd/msal/msal.js.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts +2 -2
- package/dist/workerd/msal/nodeFlows/msalClient.d.ts.map +1 -1
- package/dist/workerd/msal/nodeFlows/msalClient.js +3 -3
- package/dist/workerd/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist/workerd/msal/utils.d.ts +5 -4
- package/dist/workerd/msal/utils.d.ts.map +1 -1
- package/dist/workerd/msal/utils.js +10 -10
- package/dist/workerd/msal/utils.js.map +1 -1
- package/package.json +10 -27
- package/dist/browser/credentials/authorizationCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/authorizationCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePipelinesCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/azurePowerShellCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientAssertionCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientCertificateCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/defaultAzureCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/deviceCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/environmentCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.d.mts.map +0 -1
- package/dist/browser/credentials/managedIdentityCredential/index-browser.mjs.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/onBehalfOfCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/visualStudioCodeCredential-browser.mjs.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.d.mts.map +0 -1
- package/dist/browser/credentials/workloadIdentityCredential-browser.mjs.map +0 -1
- package/dist/browser/msal/msal-browser.d.mts.map +0 -1
- package/dist/browser/msal/msal-browser.mjs.map +0 -1
- package/dist/browser/plugins/consumer-browser.d.mts.map +0 -1
- package/dist/browser/plugins/consumer-browser.mjs.map +0 -1
- package/dist/browser/util/authHostEnv-browser.d.mts +0 -4
- package/dist/browser/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/browser/util/authHostEnv-browser.mjs +0 -7
- package/dist/browser/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.d.mts.map +0 -1
- package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +0 -1
- package/dist/esm/util/authHostEnv-browser.d.mts +0 -4
- package/dist/esm/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/esm/util/authHostEnv-browser.mjs +0 -7
- package/dist/esm/util/authHostEnv-browser.mjs.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.d.mts +0 -4
- package/dist/workerd/util/authHostEnv-browser.d.mts.map +0 -1
- package/dist/workerd/util/authHostEnv-browser.mjs +0 -7
- package/dist/workerd/util/authHostEnv-browser.mjs.map +0 -1
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAwElC,4EAwCC;AA7GD,mDAAsE;AAEtE,iFAA2E;AAC3E,4CAA0D;AAE1D,+DAAyD;AACzD,+CAA4C;AAE5C,kEAAoE;AAEpE,uEAAyE;AACzE,qCAAuC;AAEvC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACU,QAAA,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AAEF,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,cAAc,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,2BAA2B,EAAE,CAAC,QAAgB,EAAE,KAAc,EAAE,EAAE,CAChE,2CAA2C,QAAQ,MAAM,KAAK,EAAE;IAClE,oBAAoB,EAAE,CAAC,QAAgB,EAAE,EAAE,CACzC,qDAAqD,QAAQ,GAAG;IAClE,2BAA2B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC3C,8BAA8B,GAAG,8BAA8B;IACjE,uBAAuB,EAAE,CAAC,GAAW,EAAE,EAAE,CACvC,8BAA8B,GAAG,4BAA4B;IAC/D,0BAA0B,EAAE,CAAC,GAAW,EAAE,EAAE,CAC1C,8BAA8B,GAAG,+BAA+B;IAClE,aAAa,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,iCAAiC,IAAI,EAAE;IACxE,sBAAsB,EAAE,CAAC,IAAY,EAAE,KAAc,EAAE,EAAE,CACvD,uCAAuC,IAAI,KAAK,KAAK,EAAE;IACzD,uBAAuB,EAAE,8DAA8D;IACvF,iBAAiB,EAAE,CAAC,IAAwB,EAAE,EAAE,CAAC,8BAA8B,IAAI,GAAG;IACtF,eAAe,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,0BAA0B,IAAI,GAAG;IACpE,YAAY,EAAE,qCAAqC;IACnD,kBAAkB,EAAE;qIAC+G;IACnI,kBAAkB,EAAE;qIAC+G;IACnI,wBAAwB,EAAE;qIACyG;IACnI,mBAAmB,EAAE,6GAA6G;IAClI,0BAA0B,EAAE,iGAAiG;IAC7H,gBAAgB,EAAE;;;;iKAI6I;CAChK,CAAC;AAEF;;;GAGG;AACH,SAAgB,gCAAgC,CAAC,QAAgB;IAC/D,IAAI,UAAe,CAAC;IACpB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CACnG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,oBAAoB,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAChG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC/C,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,2BAA2B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACrG,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QACvD,+EAA+E;QAC/E,UAAU,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC5B,CAAC;IAED,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAa,0BAA0B;IAC7B,MAAM,CAAwC;IAC9C,8BAA8B,GAAuB,SAAS,CAAC;IAC/D,SAAS,GAAuB,SAAS,CAAC;IAC1C,sBAAsB,CAAqB;IAEnD,wDAAwD;IAChD,iBAAiB,CAAsD;IACvE,YAAY,CAAqB;IACjC,MAAM,CAAqB;IAC3B,MAAM,CAAqB;IAC3B,OAAO,CAAqB;IAEpC;;;;OAIG;IACH,YAAY,OAA2C;QACrD,kDAAkD;QAClD,MAAM,WAAW,GAAG,IAAA,2BAAc,EAAC,6CAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAE5F,IAAI,QAAQ,EAAE,CAAC;YACb,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,wBAAwB,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,IAAI,iCAAiC,CAAC,gBAAgB,EAAE,CAAC;YACvD,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;YACtE,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YAE9D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,mGAAmG;gBACnG,iFAAiF;gBACjF,IAAI,iBAAiB,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBAC9D,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,mBAAmB,EAAE,CAC1E,CAAC;gBACJ,CAAC;gBACD,MAAM,CAAC,IAAI,CACT,wGAAwG,CACzG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,gCAAgC,CAAC,oBAAoB,CAAC,CAAC;gBAE1E,oEAAoE;gBACpE,gFAAgF;gBAChF,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;oBACzC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,0BAA0B,EAAE,CACjF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC;gBAC/B,IAAI,CAAC,OAAO,GAAG,iBAAiB,CAAC;gBAEjC,iDAAiD;gBACjD,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC1D,iCAAiC,CAAC,UAAU,GAAG,WAAW,CAAC;gBAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,yCAAyC,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QAEF,IAAI,CAAC,MAAM,GAAG,IAAI,wDAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,aAAqB;QAChD,MAAM,aAAa,GAAG,IAAA,4CAAuB,GAAE,CAAC;QAChD,iFAAiF;QACjF,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAE/C,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,OAAwB,EAA6B,EAAE;gBACzE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAExC,MAAM,CAAC,IAAI,CACT,GAAG,cAAc,iDAAiD,aAAa,EAAE,CAClF,CAAC;gBAEF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBAExC,kEAAkE;gBAClE,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC3D,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAClD,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,WAAW;oBACjC,CAAC,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,GAAG,WAAW,CAAC;gBAE1C,qEAAqE;gBACrE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM,CAAC,QAAQ,GAAG,YAAY,CAAC;gBAC/B,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;gBAClC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;gBAE9B,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;gBAE5C,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,wBAAwB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;gBACpE,wDAAwD;gBACxD,OAAO,aAAa,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,IAAI,CAAC,IAAA,gDAAyB,EAAC,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC;oBAC7C,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1E,IAAI,CAAC,iBAAiB,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;YAC1C,CAAC;YACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAmB,CAAC;QACxB,IAAI,CAAC;YACH,WAAW,GAAG,IAAA,sBAAY,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAO,EAAE,KAAK,CAAC,EAAE,CAClG,CAAC;QACJ,CAAC;QACD,+CAA+C;QAC/C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,sFAAsF;gBACtF,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACjF,CAAC;YACJ,CAAC;YACD,2DAA2D;YAC3D,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAElD,IAAI,CAAC,IAAA,gDAAyB,EAAC,YAAY,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,uBAAuB,EAAE,CAC9E,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,IAAI,CAAC,iBAAiB,GAAG;gBACvB,EAAE,EAAE,YAAY;gBAChB,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;aAClD,CAAC;YACF,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC,iBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc,qBAAqB,aAAa,CAAC,gBAAgB,EAAE,CAAC;YAC5F,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,sCAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,iBAAiB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACrG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qBAAqB,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,CACnG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAjQD,gEAiQC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport type { PipelineRequest, PipelineResponse, HttpClient } from \"@azure/core-rest-pipeline\";\nimport { createDefaultHttpClient } from \"@azure/core-rest-pipeline\";\nimport type { TlsSettings } from \"@azure/core-rest-pipeline\";\nimport { canParseAsX509Certificate } from \"../util/certificatesUtils.js\";\nimport { readFileSync } from \"node:fs\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\n\nconst logger = credentialLogger(credentialName);\n\n/**\n * Error messages for WorkloadIdentityCredential\n */\nconst ErrorMessages = {\n FAILED_TO_PARSE_TOKEN_PROXY: (endpoint: string, error: unknown) =>\n `Failed to parse custom token proxy URL \"${endpoint}\": ${error}`,\n INVALID_HTTPS_SCHEME: (protocol: string) =>\n `Custom token endpoint must use https scheme, got \"${protocol}\"`,\n TOKEN_ENDPOINT_NO_USER_INFO: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain user info`,\n TOKEN_ENDPOINT_NO_QUERY: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a query`,\n TOKEN_ENDPOINT_NO_FRAGMENT: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a fragment`,\n CA_FILE_EMPTY: (file: string) => `CA certificate file is empty: ${file}`,\n FAILED_TO_READ_CA_FILE: (file: string, error: unknown) =>\n `Failed to read CA certificate file: ${file}. ${error}`,\n INVALID_CA_CERTIFICATES: `Invalid CA certificate data: no valid PEM certificates found`,\n INVALID_FILE_PATH: (path: string | undefined) => `Invalid file path provided ${path}.`,\n NO_FILE_CONTENT: (path: string) => `No content on the file ${path}.`,\n NO_CA_SOURCE: `No CA certificate source specified.`,\n CLIENT_ID_REQUIRED: `clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TENANT_ID_REQUIRED: `tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_FILE_PATH_REQUIRED: `federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_PROXY_NOT_SET: `AZURE_KUBERNETES_TOKEN_PROXY is not set but other custom endpoint-related environment variables are present`,\n CA_FILE_AND_DATA_EXCLUSIVE: `AZURE_KUBERNETES_CA_FILE and AZURE_KUBERNETES_CA_DATA are mutually exclusive. Specify only one.`,\n MISSING_ENV_VARS: `tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n};\n\n/**\n * @internal\n * Parses and validates the custom token proxy endpoint URL\n */\nexport function parseAndValidateCustomTokenProxy(endpoint: string): string {\n let tokenProxy: URL;\n try {\n tokenProxy = new URL(endpoint);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_PARSE_TOKEN_PROXY(endpoint, error)}`,\n );\n }\n\n if (tokenProxy.protocol !== \"https:\") {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_HTTPS_SCHEME(tokenProxy.protocol)}`,\n );\n }\n\n if (tokenProxy.username || tokenProxy.password) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_USER_INFO(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.search) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_QUERY(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.hash) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_FRAGMENT(tokenProxy.toString())}`,\n );\n }\n\n if (!tokenProxy.pathname || tokenProxy.pathname === \"\") {\n // if the path is empty, set it to \"/\" to avoid stripping the path from req.URL\n tokenProxy.pathname = \"/\";\n }\n\n return tokenProxy.toString();\n}\n\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential | undefined;\n private azureFederatedTokenFileContent: string | undefined = undefined;\n private cacheDate: number | undefined = undefined;\n private federatedTokenFilePath: string | undefined;\n\n // AKS proxy CA caching - persists across token requests\n private cachedTlsSettings: (TlsSettings & { servername?: string }) | undefined;\n private cachedCaData: Buffer | undefined;\n private caData: string | undefined;\n private caFile: string | undefined;\n private sniName: string | undefined;\n\n /**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n *\n * @param options - The identity client options to use for authentication.\n */\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CLIENT_ID_REQUIRED}`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TENANT_ID_REQUIRED}`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_FILE_PATH_REQUIRED}`,\n );\n }\n\n // Use identity binding mode only when enableAzureProxy is set\n if (workloadIdentityCredentialOptions.enableAzureProxy) {\n const kubernetesTokenProxy = process.env.AZURE_KUBERNETES_TOKEN_PROXY;\n const kubernetesSNIName = process.env.AZURE_KUBERNETES_SNI_NAME;\n const kubernetesCAFile = process.env.AZURE_KUBERNETES_CA_FILE;\n const kubernetesCAData = process.env.AZURE_KUBERNETES_CA_DATA;\n\n if (!kubernetesTokenProxy) {\n // Custom token proxy is not set, while other Kubernetes-related environment variables are present,\n // this is likely a configuration issue so erroring out to avoid misconfiguration\n if (kubernetesSNIName || kubernetesCAFile || kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_PROXY_NOT_SET}`,\n );\n }\n logger.info(\n `enableAzureProxy is true but AZURE_KUBERNETES_TOKEN_PROXY is not set, using normal authentication flow`,\n );\n } else {\n const tokenProxy = parseAndValidateCustomTokenProxy(kubernetesTokenProxy);\n\n // CAFile and CAData are mutually exclusive, at most one can be set.\n // If none of CAFile or CAData are set, the default system CA pool will be used.\n if (kubernetesCAFile && kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_AND_DATA_EXCLUSIVE}`,\n );\n }\n\n this.caData = kubernetesCAData;\n this.caFile = kubernetesCAFile;\n this.sniName = kubernetesSNIName;\n\n // Configure client options with AKS proxy client\n const proxyClient = this.createAksProxyClient(tokenProxy);\n workloadIdentityCredentialOptions.httpClient = proxyClient;\n logger.info(`${credentialName}: Using proxy client for token requests`);\n }\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n workloadIdentityCredentialOptions,\n );\n }\n\n /**\n * Creates a proxy HttpClient that intercepts token requests and redirects them to the Kubernetes endpoint\n * Caching is handled at the credential level to persist across token requests\n */\n private createAksProxyClient(tokenEndpoint: string): HttpClient {\n const defaultClient = createDefaultHttpClient();\n // Init cached TLS settings at construction time to fail fast on misconfiguration\n this.cachedTlsSettings = this.getTlsSettings();\n\n return {\n sendRequest: async (request: PipelineRequest): Promise<PipelineResponse> => {\n const requestUrl = new URL(request.url);\n\n logger.info(\n `${credentialName}: Redirecting request to Kubernetes endpoint: ${tokenEndpoint}`,\n );\n\n const proxyUrl = new URL(tokenEndpoint);\n\n // Remove leading slash from request path and join with proxy path\n const requestPath = requestUrl.pathname.replace(/^\\//, \"\");\n const combinedPath = proxyUrl.pathname.endsWith(\"/\")\n ? proxyUrl.pathname + requestPath\n : proxyUrl.pathname + \"/\" + requestPath;\n\n // Create new URL preserving query and fragment from original request\n const newUrl = new URL(proxyUrl.origin);\n newUrl.pathname = combinedPath;\n newUrl.search = requestUrl.search;\n newUrl.hash = requestUrl.hash;\n\n request.url = newUrl.toString();\n request.tlsSettings = this.getTlsSettings();\n\n logger.info(`${credentialName}: Sending request to ${request.url}`);\n // Forward the modified request with custom TLS settings\n return defaultClient.sendRequest(request);\n },\n };\n }\n\n /**\n * Gets TLS settings for the request.\n * Handles a few scenarios with CA data or CA file provided.\n */\n private getTlsSettings(): TlsSettings & { servername?: string } {\n // No CA overrides, use default transport\n if (!this.caData && !this.caFile) {\n if (!this.cachedTlsSettings) {\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided CA bytes in AZURE_KUBERNETES_CA_DATA and can't change now\n if (!this.caFile) {\n if (!this.cachedTlsSettings) {\n if (!canParseAsX509Certificate(this.caData!)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n this.cachedTlsSettings.ca = this.caData;\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided the CA bytes in a file whose contents it can change,\n let fileContent: Buffer;\n try {\n fileContent = readFileSync(this.caFile);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_READ_CA_FILE(this.caFile!, error)}`,\n );\n }\n // This can happen in the middle of CA rotation\n if (fileContent.length === 0) {\n if (!this.cachedTlsSettings) {\n // If the transport was never created, error out here to force retrying the call later\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_EMPTY(this.caFile)}`,\n );\n }\n // If the transport was already created, just keep using it\n return this.cachedTlsSettings;\n }\n\n // Check if CA has changed\n if (!this.cachedCaData || !fileContent.equals(this.cachedCaData)) {\n const caDataString = fileContent.toString(\"utf8\");\n\n if (!canParseAsX509Certificate(caDataString)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n\n // CA has changed, rebuild the TLS settings with new CA pool\n this.cachedTlsSettings = {\n ca: caDataString,\n ...(this.sniName && { servername: this.sniName }),\n };\n this.cachedCaData = fileContent;\n }\n\n return this.cachedTlsSettings!;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. ${ErrorMessages.MISSING_ENV_VARS}`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_FILE_PATH(this.federatedTokenFilePath)}`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.NO_FILE_CONTENT(this.federatedTokenFilePath)}`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../src/credentials/workloadIdentityCredential.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\nimport type { PipelineRequest, PipelineResponse, HttpClient } from \"@azure/core-rest-pipeline\";\nimport { createDefaultHttpClient } from \"@azure/core-rest-pipeline\";\nimport type { TlsSettings } from \"@azure/core-rest-pipeline\";\nimport { canParseAsX509Certificate } from \"../util/certificatesUtils.js\";\nimport { readFileSync } from \"node:fs\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\n\nconst logger = credentialLogger(credentialName);\n\n/**\n * Error messages for WorkloadIdentityCredential\n */\nconst ErrorMessages = {\n FAILED_TO_PARSE_TOKEN_PROXY: (endpoint: string, error: unknown) =>\n `Failed to parse custom token proxy URL \"${endpoint}\": ${error}`,\n INVALID_HTTPS_SCHEME: (protocol: string) =>\n `Custom token endpoint must use https scheme, got \"${protocol}\"`,\n TOKEN_ENDPOINT_NO_USER_INFO: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain user info`,\n TOKEN_ENDPOINT_NO_QUERY: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a query`,\n TOKEN_ENDPOINT_NO_FRAGMENT: (url: string) =>\n `Custom token endpoint URL \"${url}\" must not contain a fragment`,\n CA_FILE_EMPTY: (file: string) => `CA certificate file is empty: ${file}`,\n FAILED_TO_READ_CA_FILE: (file: string, error: unknown) =>\n `Failed to read CA certificate file: ${file}. ${error}`,\n INVALID_CA_CERTIFICATES: `Invalid CA certificate data: no valid PEM certificates found`,\n INVALID_FILE_PATH: (path: string | undefined) => `Invalid file path provided ${path}.`,\n NO_FILE_CONTENT: (path: string) => `No content on the file ${path}.`,\n NO_CA_SOURCE: `No CA certificate source specified.`,\n CLIENT_ID_REQUIRED: `clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TENANT_ID_REQUIRED: `tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_FILE_PATH_REQUIRED: `federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n TOKEN_PROXY_NOT_SET: `AZURE_KUBERNETES_TOKEN_PROXY is not set but other custom endpoint-related environment variables are present`,\n CA_FILE_AND_DATA_EXCLUSIVE: `AZURE_KUBERNETES_CA_FILE and AZURE_KUBERNETES_CA_DATA are mutually exclusive. Specify only one.`,\n MISSING_ENV_VARS: `tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n};\n\n/**\n * @internal\n * Parses and validates the custom token proxy endpoint URL\n */\nexport function parseAndValidateCustomTokenProxy(endpoint: string): string {\n let tokenProxy: URL;\n try {\n tokenProxy = new URL(endpoint);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_PARSE_TOKEN_PROXY(endpoint, error)}`,\n );\n }\n\n if (tokenProxy.protocol !== \"https:\") {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_HTTPS_SCHEME(tokenProxy.protocol)}`,\n );\n }\n\n if (tokenProxy.username || tokenProxy.password) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_USER_INFO(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.search) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_QUERY(tokenProxy.toString())}`,\n );\n }\n\n if (tokenProxy.hash) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_ENDPOINT_NO_FRAGMENT(tokenProxy.toString())}`,\n );\n }\n\n if (!tokenProxy.pathname || tokenProxy.pathname === \"\") {\n // if the path is empty, set it to \"/\" to avoid stripping the path from req.URL\n tokenProxy.pathname = \"/\";\n }\n\n return tokenProxy.toString();\n}\n\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential | undefined;\n private azureFederatedTokenFileContent: string | undefined = undefined;\n private cacheDate: number | undefined = undefined;\n private federatedTokenFilePath: string | undefined;\n\n // AKS proxy CA caching - persists across token requests\n private cachedTlsSettings: (TlsSettings & { servername?: string }) | undefined;\n private cachedCaData: Buffer | undefined;\n private caData: string | undefined;\n private caFile: string | undefined;\n private sniName: string | undefined;\n\n /**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n *\n * @param options - The identity client options to use for authentication.\n */\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CLIENT_ID_REQUIRED}`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TENANT_ID_REQUIRED}`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_FILE_PATH_REQUIRED}`,\n );\n }\n\n // Use identity binding mode only when enableAzureProxy is set\n if (workloadIdentityCredentialOptions.enableAzureProxy) {\n const kubernetesTokenProxy = process.env.AZURE_KUBERNETES_TOKEN_PROXY;\n const kubernetesSNIName = process.env.AZURE_KUBERNETES_SNI_NAME;\n const kubernetesCAFile = process.env.AZURE_KUBERNETES_CA_FILE;\n const kubernetesCAData = process.env.AZURE_KUBERNETES_CA_DATA;\n\n if (!kubernetesTokenProxy) {\n // Custom token proxy is not set, while other Kubernetes-related environment variables are present,\n // this is likely a configuration issue so erroring out to avoid misconfiguration\n if (kubernetesSNIName || kubernetesCAFile || kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.TOKEN_PROXY_NOT_SET}`,\n );\n }\n logger.info(\n `enableAzureProxy is true but AZURE_KUBERNETES_TOKEN_PROXY is not set, using normal authentication flow`,\n );\n } else {\n const tokenProxy = parseAndValidateCustomTokenProxy(kubernetesTokenProxy);\n\n // CAFile and CAData are mutually exclusive, at most one can be set.\n // If none of CAFile or CAData are set, the default system CA pool will be used.\n if (kubernetesCAFile && kubernetesCAData) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_AND_DATA_EXCLUSIVE}`,\n );\n }\n\n this.caData = kubernetesCAData;\n this.caFile = kubernetesCAFile;\n this.sniName = kubernetesSNIName;\n\n // Configure client options with AKS proxy client\n const proxyClient = this.createAksProxyClient(tokenProxy);\n workloadIdentityCredentialOptions.httpClient = proxyClient;\n logger.info(`${credentialName}: Using proxy client for token requests`);\n }\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n workloadIdentityCredentialOptions,\n );\n }\n\n /**\n * Creates a proxy HttpClient that intercepts token requests and redirects them to the Kubernetes endpoint\n * Caching is handled at the credential level to persist across token requests\n */\n private createAksProxyClient(tokenEndpoint: string): HttpClient {\n const defaultClient = createDefaultHttpClient();\n // Init cached TLS settings at construction time to fail fast on misconfiguration\n this.cachedTlsSettings = this.getTlsSettings();\n\n return {\n sendRequest: async (request: PipelineRequest): Promise<PipelineResponse> => {\n const requestUrl = new URL(request.url);\n\n logger.info(\n `${credentialName}: Redirecting request to Kubernetes endpoint: ${tokenEndpoint}`,\n );\n\n const proxyUrl = new URL(tokenEndpoint);\n\n // Remove leading slash from request path and join with proxy path\n const requestPath = requestUrl.pathname.replace(/^\\//, \"\");\n const combinedPath = proxyUrl.pathname.endsWith(\"/\")\n ? proxyUrl.pathname + requestPath\n : proxyUrl.pathname + \"/\" + requestPath;\n\n // Create new URL preserving query and fragment from original request\n const newUrl = new URL(proxyUrl.origin);\n newUrl.pathname = combinedPath;\n newUrl.search = requestUrl.search;\n newUrl.hash = requestUrl.hash;\n\n request.url = newUrl.toString();\n request.tlsSettings = this.getTlsSettings();\n\n logger.info(`${credentialName}: Sending request to ${request.url}`);\n // Forward the modified request with custom TLS settings\n return defaultClient.sendRequest(request);\n },\n };\n }\n\n /**\n * Gets TLS settings for the request.\n * Handles a few scenarios with CA data or CA file provided.\n */\n private getTlsSettings(): TlsSettings & { servername?: string } {\n // No CA overrides, use default transport\n if (!this.caData && !this.caFile) {\n if (!this.cachedTlsSettings) {\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided CA bytes in AZURE_KUBERNETES_CA_DATA and can't change now\n if (!this.caFile) {\n if (!this.cachedTlsSettings) {\n if (!canParseAsX509Certificate(this.caData!)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n this.cachedTlsSettings = this.sniName ? { servername: this.sniName } : {};\n this.cachedTlsSettings.ca = this.caData;\n }\n return this.cachedTlsSettings;\n }\n\n // Host provided the CA bytes in a file whose contents it can change,\n let fileContent: Buffer;\n try {\n fileContent = readFileSync(this.caFile);\n } catch (error) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.FAILED_TO_READ_CA_FILE(this.caFile!, error)}`,\n );\n }\n // This can happen in the middle of CA rotation\n if (fileContent.length === 0) {\n if (!this.cachedTlsSettings) {\n // If the transport was never created, error out here to force retrying the call later\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.CA_FILE_EMPTY(this.caFile)}`,\n );\n }\n // If the transport was already created, just keep using it\n return this.cachedTlsSettings;\n }\n\n // Check if CA has changed\n if (!this.cachedCaData || !fileContent.equals(this.cachedCaData)) {\n const caDataString = fileContent.toString(\"utf8\");\n\n if (!canParseAsX509Certificate(caDataString)) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_CA_CERTIFICATES}`,\n );\n }\n\n // CA has changed, rebuild the TLS settings with new CA pool\n this.cachedTlsSettings = {\n ca: caDataString,\n ...(this.sniName && { servername: this.sniName }),\n };\n this.cachedCaData = fileContent;\n }\n\n return this.cachedTlsSettings!;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. ${ErrorMessages.MISSING_ENV_VARS}`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.INVALID_FILE_PATH(this.federatedTokenFilePath)}`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. ${ErrorMessages.NO_FILE_CONTENT(this.federatedTokenFilePath)}`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,qBAAiD;AAEjD,uCAA0C;AAC1C,oBAA2C;AAE3C,2BAA8B;AAC9B,sBAAyB;AAEzB,gCAAwC;AAExC,+BAA0C;AAC1C,qBAA6B;AAE7B,MAAM,iBAAiB;AAQhB,MAAM,wCAAwC;AAAA,EACnD;AAAA,EACA;AAAA,EACA;AACF;AAEA,MAAM,aAAS,iCAAiB,cAAc;AAK9C,MAAM,gBAAgB;AAAA,EACpB,6BAA6B,CAAC,UAAkB,UAC9C,2CAA2C,QAAQ,MAAM,KAAK;AAAA,EAChE,sBAAsB,CAAC,aACrB,qDAAqD,QAAQ;AAAA,EAC/D,6BAA6B,CAAC,QAC5B,8BAA8B,GAAG;AAAA,EACnC,yBAAyB,CAAC,QACxB,8BAA8B,GAAG;AAAA,EACnC,4BAA4B,CAAC,QAC3B,8BAA8B,GAAG;AAAA,EACnC,eAAe,CAAC,SAAiB,iCAAiC,IAAI;AAAA,EACtE,wBAAwB,CAAC,MAAc,UACrC,uCAAuC,IAAI,KAAK,KAAK;AAAA,EACvD,yBAAyB;AAAA,EACzB,mBAAmB,CAAC,SAA6B,8BAA8B,IAAI;AAAA,EACnF,iBAAiB,CAAC,SAAiB,0BAA0B,IAAI;AAAA,EACjE,cAAc;AAAA,EACd,oBAAoB;AAAA;AAAA,EAEpB,oBAAoB;AAAA;AAAA,EAEpB,0BAA0B;AAAA;AAAA,EAE1B,qBAAqB;AAAA,EACrB,4BAA4B;AAAA,EAC5B,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAKpB;AAMO,SAAS,iCAAiC,UAA0B;AACzE,MAAI;AACJ,MAAI;AACF,iBAAa,IAAI,IAAI,QAAQ;AAAA,EAC/B,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,GAAG,cAAc,qBAAqB,cAAc,4BAA4B,UAAU,KAAK,CAAC;AAAA,IAClG;AAAA,EACF;AAEA,MAAI,WAAW,aAAa,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,GAAG,cAAc,qBAAqB,cAAc,qBAAqB,WAAW,QAAQ,CAAC;AAAA,IAC/F;AAAA,EACF;AAEA,MAAI,WAAW,YAAY,WAAW,UAAU;AAC9C,UAAM,IAAI;AAAA,MACR,GAAG,cAAc,qBAAqB,cAAc,4BAA4B,WAAW,SAAS,CAAC,CAAC;AAAA,IACxG;AAAA,EACF;AAEA,MAAI,WAAW,QAAQ;AACrB,UAAM,IAAI;AAAA,MACR,GAAG,cAAc,qBAAqB,cAAc,wBAAwB,WAAW,SAAS,CAAC,CAAC;AAAA,IACpG;AAAA,EACF;AAEA,MAAI,WAAW,MAAM;AACnB,UAAM,IAAI;AAAA,MACR,GAAG,cAAc,qBAAqB,cAAc,2BAA2B,WAAW,SAAS,CAAC,CAAC;AAAA,IACvG;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,YAAY,WAAW,aAAa,IAAI;AAEtD,eAAW,WAAW;AAAA,EACxB;AAEA,SAAO,WAAW,SAAS;AAC7B;AAgBO,MAAM,2BAAsD;AAAA,EACzD;AAAA,EACA,iCAAqD;AAAA,EACrD,YAAgC;AAAA,EAChC;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOR,YAAY,SAA6C;AAEvD,UAAM,kBAAc,+BAAe,qCAAqC,EAAE,SAAS,KAAK,IAAI;AAC5F,WAAO,KAAK,8CAA8C,WAAW,EAAE;AAEvE,UAAM,oCAAoC,WAAW,CAAC;AACtD,UAAM,WAAW,kCAAkC,YAAY,QAAQ,IAAI;AAC3E,UAAM,WAAW,kCAAkC,YAAY,QAAQ,IAAI;AAC3E,SAAK,yBACH,kCAAkC,iBAAiB,QAAQ,IAAI;AAEjE,QAAI,UAAU;AACZ,8CAAc,QAAQ,QAAQ;AAAA,IAChC;AACA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR,GAAG,cAAc,qBAAqB,cAAc,kBAAkB;AAAA,MACxE;AAAA,IACF;AAEA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR,GAAG,cAAc,qBAAqB,cAAc,kBAAkB;AAAA,MACxE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,wBAAwB;AAChC,YAAM,IAAI;AAAA,QACR,GAAG,cAAc,qBAAqB,cAAc,wBAAwB;AAAA,MAC9E;AAAA,IACF;AAGA,QAAI,kCAAkC,kBAAkB;AACtD,YAAM,uBAAuB,QAAQ,IAAI;AACzC,YAAM,oBAAoB,QAAQ,IAAI;AACtC,YAAM,mBAAmB,QAAQ,IAAI;AACrC,YAAM,mBAAmB,QAAQ,IAAI;AAErC,UAAI,CAAC,sBAAsB;AAGzB,YAAI,qBAAqB,oBAAoB,kBAAkB;AAC7D,gBAAM,IAAI;AAAA,YACR,GAAG,cAAc,qBAAqB,cAAc,mBAAmB;AAAA,UACzE;AAAA,QACF;AACA,eAAO;AAAA,UACL;AAAA,QACF;AAAA,MACF,OAAO;AACL,cAAM,aAAa,iCAAiC,oBAAoB;AAIxE,YAAI,oBAAoB,kBAAkB;AACxC,gBAAM,IAAI;AAAA,YACR,GAAG,cAAc,qBAAqB,cAAc,0BAA0B;AAAA,UAChF;AAAA,QACF;AAEA,aAAK,SAAS;AACd,aAAK,SAAS;AACd,aAAK,UAAU;AAGf,cAAM,cAAc,KAAK,qBAAqB,UAAU;AACxD,0CAAkC,aAAa;AAC/C,eAAO,KAAK,GAAG,cAAc,yCAAyC;AAAA,MACxE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,sDAAsD,QAAQ,eAAe,kCAAkC,QAAQ;AAAA,IACzH;AAEA,SAAK,SAAS,IAAI;AAAA,MAChB;AAAA,MACA;AAAA,MACA,KAAK,iBAAiB,KAAK,IAAI;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,qBAAqB,eAAmC;AAC9D,UAAM,oBAAgB,mDAAwB;AAE9C,SAAK,oBAAoB,KAAK,eAAe;AAE7C,WAAO;AAAA,MACL,aAAa,OAAO,YAAwD;AAC1E,cAAM,aAAa,IAAI,IAAI,QAAQ,GAAG;AAEtC,eAAO;AAAA,UACL,GAAG,cAAc,iDAAiD,aAAa;AAAA,QACjF;AAEA,cAAM,WAAW,IAAI,IAAI,aAAa;AAGtC,cAAM,cAAc,WAAW,SAAS,QAAQ,OAAO,EAAE;AACzD,cAAM,eAAe,SAAS,SAAS,SAAS,GAAG,IAC/C,SAAS,WAAW,cACpB,SAAS,WAAW,MAAM;AAG9B,cAAM,SAAS,IAAI,IAAI,SAAS,MAAM;AACtC,eAAO,WAAW;AAClB,eAAO,SAAS,WAAW;AAC3B,eAAO,OAAO,WAAW;AAEzB,gBAAQ,MAAM,OAAO,SAAS;AAC9B,gBAAQ,cAAc,KAAK,eAAe;AAE1C,eAAO,KAAK,GAAG,cAAc,wBAAwB,QAAQ,GAAG,EAAE;AAElE,eAAO,cAAc,YAAY,OAAO;AAAA,MAC1C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAwD;AAE9D,QAAI,CAAC,KAAK,UAAU,CAAC,KAAK,QAAQ;AAChC,UAAI,CAAC,KAAK,mBAAmB;AAC3B,aAAK,oBAAoB,KAAK,UAAU,EAAE,YAAY,KAAK,QAAQ,IAAI,CAAC;AAAA,MAC1E;AACA,aAAO,KAAK;AAAA,IACd;AAGA,QAAI,CAAC,KAAK,QAAQ;AAChB,UAAI,CAAC,KAAK,mBAAmB;AAC3B,YAAI,KAAC,oDAA0B,KAAK,MAAO,GAAG;AAC5C,gBAAM,IAAI;AAAA,YACR,GAAG,cAAc,qBAAqB,cAAc,uBAAuB;AAAA,UAC7E;AAAA,QACF;AACA,aAAK,oBAAoB,KAAK,UAAU,EAAE,YAAY,KAAK,QAAQ,IAAI,CAAC;AACxE,aAAK,kBAAkB,KAAK,KAAK;AAAA,MACnC;AACA,aAAO,KAAK;AAAA,IACd;AAGA,QAAI;AACJ,QAAI;AACF,wBAAc,6BAAa,KAAK,MAAM;AAAA,IACxC,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,GAAG,cAAc,qBAAqB,cAAc,uBAAuB,KAAK,QAAS,KAAK,CAAC;AAAA,MACjG;AAAA,IACF;AAEA,QAAI,YAAY,WAAW,GAAG;AAC5B,UAAI,CAAC,KAAK,mBAAmB;AAE3B,cAAM,IAAI;AAAA,UACR,GAAG,cAAc,qBAAqB,cAAc,cAAc,KAAK,MAAM,CAAC;AAAA,QAChF;AAAA,MACF;AAEA,aAAO,KAAK;AAAA,IACd;AAGA,QAAI,CAAC,KAAK,gBAAgB,CAAC,YAAY,OAAO,KAAK,YAAY,GAAG;AAChE,YAAM,eAAe,YAAY,SAAS,MAAM;AAEhD,UAAI,KAAC,oDAA0B,YAAY,GAAG;AAC5C,cAAM,IAAI;AAAA,UACR,GAAG,cAAc,qBAAqB,cAAc,uBAAuB;AAAA,QAC7E;AAAA,MACF;AAGA,WAAK,oBAAoB;AAAA,QACvB,IAAI;AAAA,QACJ,GAAI,KAAK,WAAW,EAAE,YAAY,KAAK,QAAQ;AAAA,MACjD;AACA,WAAK,eAAe;AAAA,IACtB;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAa,SACX,QACA,SACsB;AACtB,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,eAAe,GAAG,cAAc,qBAAqB,cAAc,gBAAgB;AACzF,aAAO,KAAK,YAAY;AACxB,YAAM,IAAI,yCAA2B,YAAY;AAAA,IACnD;AACA,WAAO,KAAK,oDAAoD;AAChE,WAAO,KAAK,OAAO,SAAS,QAAQ,OAAO;AAAA,EAC7C;AAAA,EAEA,MAAc,mBAAoC;AAEhD,QAAI,KAAK,cAAc,UAAa,KAAK,IAAI,IAAI,KAAK,aAAa,MAAO,KAAK,GAAG;AAChF,WAAK,iCAAiC;AAAA,IACxC;AACA,QAAI,CAAC,KAAK,wBAAwB;AAChC,YAAM,IAAI;AAAA,QACR,GAAG,cAAc,qBAAqB,cAAc,kBAAkB,KAAK,sBAAsB,CAAC;AAAA,MACpG;AAAA,IACF;AACA,QAAI,CAAC,KAAK,gCAAgC;AACxC,YAAM,OAAO,UAAM,0BAAS,KAAK,wBAAwB,MAAM;AAC/D,YAAM,QAAQ,KAAK,KAAK;AACxB,UAAI,CAAC,OAAO;AACV,cAAM,IAAI;AAAA,UACR,GAAG,cAAc,qBAAqB,cAAc,gBAAgB,KAAK,sBAAsB,CAAC;AAAA,QAClG;AAAA,MACF,OAAO;AACL,aAAK,iCAAiC;AACtC,aAAK,YAAY,KAAK,IAAI;AAAA,MAC5B;AAAA,IACF;AACA,WAAO,KAAK;AAAA,EACd;AACF;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -1,5 +1,16 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __copyProps = (to, from, except, desc) => {
|
|
6
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
7
|
+
for (let key of __getOwnPropNames(from))
|
|
8
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
9
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
10
|
+
}
|
|
11
|
+
return to;
|
|
12
|
+
};
|
|
13
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
14
|
+
var workloadIdentityCredentialOptions_exports = {};
|
|
15
|
+
module.exports = __toCommonJS(workloadIdentityCredentialOptions_exports);
|
|
16
|
+
//# sourceMappingURL=workloadIdentityCredentialOptions.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../src/credentials/workloadIdentityCredentialOptions.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {\n /**\n * ID of the application's Microsoft Entra tenant. Also called its directory ID.\n */\n tenantId?: string;\n /**\n * The client ID of a Microsoft Entra app registration.\n */\n clientId?: string;\n /**\n * The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n tokenFilePath?: string;\n /**\n * Enables the {@link https://learn.microsoft.com/azure/aks/identity-bindings-concepts | identity binding feature}.\n */\n enableAzureProxy?: boolean;\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;AAAA;AAAA;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
package/dist/commonjs/errors.js
CHANGED
|
@@ -1,146 +1,145 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __export = (target, all) => {
|
|
6
|
+
for (var name in all)
|
|
7
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
8
|
+
};
|
|
9
|
+
var __copyProps = (to, from, except, desc) => {
|
|
10
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
11
|
+
for (let key of __getOwnPropNames(from))
|
|
12
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
13
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
14
|
+
}
|
|
15
|
+
return to;
|
|
16
|
+
};
|
|
17
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
18
|
+
var errors_exports = {};
|
|
19
|
+
__export(errors_exports, {
|
|
20
|
+
AggregateAuthenticationError: () => AggregateAuthenticationError,
|
|
21
|
+
AggregateAuthenticationErrorName: () => AggregateAuthenticationErrorName,
|
|
22
|
+
AuthenticationError: () => AuthenticationError,
|
|
23
|
+
AuthenticationErrorName: () => AuthenticationErrorName,
|
|
24
|
+
AuthenticationRequiredError: () => AuthenticationRequiredError,
|
|
25
|
+
CredentialUnavailableError: () => CredentialUnavailableError,
|
|
26
|
+
CredentialUnavailableErrorName: () => CredentialUnavailableErrorName
|
|
27
|
+
});
|
|
28
|
+
module.exports = __toCommonJS(errors_exports);
|
|
6
29
|
function isErrorResponse(errorResponse) {
|
|
7
|
-
|
|
8
|
-
typeof errorResponse.error === "string" &&
|
|
9
|
-
typeof errorResponse.error_description === "string");
|
|
30
|
+
return errorResponse && typeof errorResponse.error === "string" && typeof errorResponse.error_description === "string";
|
|
10
31
|
}
|
|
11
|
-
|
|
12
|
-
* The Error.name value of an CredentialUnavailable
|
|
13
|
-
*/
|
|
14
|
-
exports.CredentialUnavailableErrorName = "CredentialUnavailableError";
|
|
15
|
-
/**
|
|
16
|
-
* This signifies that the credential that was tried in a chained credential
|
|
17
|
-
* was not available to be used as the credential. Rather than treating this as
|
|
18
|
-
* an error that should halt the chain, it's caught and the chain continues
|
|
19
|
-
*/
|
|
32
|
+
const CredentialUnavailableErrorName = "CredentialUnavailableError";
|
|
20
33
|
class CredentialUnavailableError extends Error {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
34
|
+
constructor(message, options) {
|
|
35
|
+
super(message, options);
|
|
36
|
+
this.name = CredentialUnavailableErrorName;
|
|
37
|
+
}
|
|
25
38
|
}
|
|
26
|
-
|
|
27
|
-
/**
|
|
28
|
-
* The Error.name value of an AuthenticationError
|
|
29
|
-
*/
|
|
30
|
-
exports.AuthenticationErrorName = "AuthenticationError";
|
|
31
|
-
/**
|
|
32
|
-
* Provides details about a failure to authenticate with Azure Active
|
|
33
|
-
* Directory. The `errorResponse` field contains more details about
|
|
34
|
-
* the specific failure.
|
|
35
|
-
*/
|
|
39
|
+
const AuthenticationErrorName = "AuthenticationError";
|
|
36
40
|
class AuthenticationError extends Error {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
};
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
else {
|
|
76
|
-
errorResponse = {
|
|
77
|
-
error: "unknown_error",
|
|
78
|
-
errorDescription: "An unknown error occurred and no additional details are available.",
|
|
79
|
-
};
|
|
41
|
+
/**
|
|
42
|
+
* The HTTP status code returned from the authentication request.
|
|
43
|
+
*/
|
|
44
|
+
statusCode;
|
|
45
|
+
/**
|
|
46
|
+
* The error response details.
|
|
47
|
+
*/
|
|
48
|
+
errorResponse;
|
|
49
|
+
constructor(statusCode, errorBody, options) {
|
|
50
|
+
let errorResponse = {
|
|
51
|
+
error: "unknown",
|
|
52
|
+
errorDescription: "An unknown error occurred and no additional details are available."
|
|
53
|
+
};
|
|
54
|
+
if (isErrorResponse(errorBody)) {
|
|
55
|
+
errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);
|
|
56
|
+
} else if (typeof errorBody === "string") {
|
|
57
|
+
try {
|
|
58
|
+
const oauthErrorResponse = JSON.parse(errorBody);
|
|
59
|
+
errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);
|
|
60
|
+
} catch (e) {
|
|
61
|
+
if (statusCode === 400) {
|
|
62
|
+
errorResponse = {
|
|
63
|
+
error: "invalid_request",
|
|
64
|
+
errorDescription: `The service indicated that the request was invalid.
|
|
65
|
+
|
|
66
|
+
${errorBody}`
|
|
67
|
+
};
|
|
68
|
+
} else {
|
|
69
|
+
errorResponse = {
|
|
70
|
+
error: "unknown_error",
|
|
71
|
+
errorDescription: `An unknown error has occurred. Response body:
|
|
72
|
+
|
|
73
|
+
${errorBody}`
|
|
74
|
+
};
|
|
80
75
|
}
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
76
|
+
}
|
|
77
|
+
} else {
|
|
78
|
+
errorResponse = {
|
|
79
|
+
error: "unknown_error",
|
|
80
|
+
errorDescription: "An unknown error occurred and no additional details are available."
|
|
81
|
+
};
|
|
86
82
|
}
|
|
83
|
+
super(
|
|
84
|
+
`${errorResponse.error} Status code: ${statusCode}
|
|
85
|
+
More details:
|
|
86
|
+
${errorResponse.errorDescription},`,
|
|
87
|
+
options
|
|
88
|
+
);
|
|
89
|
+
this.statusCode = statusCode;
|
|
90
|
+
this.errorResponse = errorResponse;
|
|
91
|
+
this.name = AuthenticationErrorName;
|
|
92
|
+
}
|
|
87
93
|
}
|
|
88
|
-
|
|
89
|
-
/**
|
|
90
|
-
* The Error.name value of an AggregateAuthenticationError
|
|
91
|
-
*/
|
|
92
|
-
exports.AggregateAuthenticationErrorName = "AggregateAuthenticationError";
|
|
93
|
-
/**
|
|
94
|
-
* Provides an `errors` array containing {@link AuthenticationError} instance
|
|
95
|
-
* for authentication failures from credentials in a {@link ChainedTokenCredential}.
|
|
96
|
-
*/
|
|
94
|
+
const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
|
|
97
95
|
class AggregateAuthenticationError extends Error {
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
96
|
+
/**
|
|
97
|
+
* The array of error objects that were thrown while trying to authenticate
|
|
98
|
+
* with the credentials in a {@link ChainedTokenCredential}.
|
|
99
|
+
*/
|
|
100
|
+
errors;
|
|
101
|
+
constructor(errors, errorMessage) {
|
|
102
|
+
const errorDetail = errors.join("\n");
|
|
103
|
+
super(`${errorMessage}
|
|
104
|
+
${errorDetail}`);
|
|
105
|
+
this.errors = errors;
|
|
106
|
+
this.name = AggregateAuthenticationErrorName;
|
|
107
|
+
}
|
|
110
108
|
}
|
|
111
|
-
exports.AggregateAuthenticationError = AggregateAuthenticationError;
|
|
112
109
|
function convertOAuthErrorResponseToErrorResponse(errorBody) {
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
110
|
+
return {
|
|
111
|
+
error: errorBody.error,
|
|
112
|
+
errorDescription: errorBody.error_description,
|
|
113
|
+
correlationId: errorBody.correlation_id,
|
|
114
|
+
errorCodes: errorBody.error_codes,
|
|
115
|
+
timestamp: errorBody.timestamp,
|
|
116
|
+
traceId: errorBody.trace_id
|
|
117
|
+
};
|
|
121
118
|
}
|
|
122
|
-
/**
|
|
123
|
-
* Error used to enforce authentication after trying to retrieve a token silently.
|
|
124
|
-
*/
|
|
125
119
|
class AuthenticationRequiredError extends Error {
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
this.scopes = options.scopes;
|
|
141
|
-
this.getTokenOptions = options.getTokenOptions;
|
|
142
|
-
this.name = "AuthenticationRequiredError";
|
|
143
|
-
}
|
|
120
|
+
/**
|
|
121
|
+
* The list of scopes for which the token will have access.
|
|
122
|
+
*/
|
|
123
|
+
scopes;
|
|
124
|
+
/**
|
|
125
|
+
* The options passed to the getToken request.
|
|
126
|
+
*/
|
|
127
|
+
getTokenOptions;
|
|
128
|
+
constructor(options) {
|
|
129
|
+
super(options.message, options.cause ? { cause: options.cause } : void 0);
|
|
130
|
+
this.scopes = options.scopes;
|
|
131
|
+
this.getTokenOptions = options.getTokenOptions;
|
|
132
|
+
this.name = "AuthenticationRequiredError";
|
|
133
|
+
}
|
|
144
134
|
}
|
|
145
|
-
|
|
146
|
-
|
|
135
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
136
|
+
0 && (module.exports = {
|
|
137
|
+
AggregateAuthenticationError,
|
|
138
|
+
AggregateAuthenticationErrorName,
|
|
139
|
+
AuthenticationError,
|
|
140
|
+
AuthenticationErrorName,
|
|
141
|
+
AuthenticationRequiredError,
|
|
142
|
+
CredentialUnavailableError,
|
|
143
|
+
CredentialUnavailableErrorName
|
|
144
|
+
});
|
|
145
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1,7 @@
|
|
|
1
|
-
{
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../src/errors.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object | string | undefined | null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n /**\n * The list of scopes for which the token will have access.\n */\n scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n getTokenOptions?: GetTokenOptions;\n /**\n * The message of the error.\n */\n message?: string;\n /**\n * The underlying cause, if any, that caused the authentication to fail.\n */\n cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /**\n * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(options.message, options.cause ? { cause: options.cause } : undefined);\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA0DA,SAAS,gBAAgB,eAAyD;AAChF,SACE,iBACA,OAAO,cAAc,UAAU,YAC/B,OAAO,cAAc,sBAAsB;AAE/C;AAKO,MAAM,iCAAiC;AAOvC,MAAM,mCAAmC,MAAM;AAAA,EACpD,YAAY,SAAkB,SAA+B;AAC3D,UAAM,SAAS,OAAO;AACtB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,MAAM,0BAA0B;AAOhC,MAAM,4BAA4B,MAAM;AAAA;AAAA;AAAA;AAAA,EAI7B;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEhB,YACE,YACA,WACA,SACA;AACA,QAAI,gBAA+B;AAAA,MACjC,OAAO;AAAA,MACP,kBAAkB;AAAA,IACpB;AAEA,QAAI,gBAAgB,SAAS,GAAG;AAC9B,sBAAgB,yCAAyC,SAAS;AAAA,IACpE,WAAW,OAAO,cAAc,UAAU;AACxC,UAAI;AAGF,cAAM,qBAAyC,KAAK,MAAM,SAAS;AACnE,wBAAgB,yCAAyC,kBAAkB;AAAA,MAC7E,SAAS,GAAQ;AACf,YAAI,eAAe,KAAK;AACtB,0BAAgB;AAAA,YACd,OAAO;AAAA,YACP,kBAAkB;AAAA;AAAA,EAA0D,SAAS;AAAA,UACvF;AAAA,QACF,OAAO;AACL,0BAAgB;AAAA,YACd,OAAO;AAAA,YACP,kBAAkB;AAAA;AAAA,EAAoD,SAAS;AAAA,UACjF;AAAA,QACF;AAAA,MACF;AAAA,IACF,OAAO;AACL,sBAAgB;AAAA,QACd,OAAO;AAAA,QACP,kBAAkB;AAAA,MACpB;AAAA,IACF;AAEA;AAAA,MACE,GAAG,cAAc,KAAK,iBAAiB,UAAU;AAAA;AAAA,EAAoB,cAAc,gBAAgB;AAAA,MACnG;AAAA,IACF;AACA,SAAK,aAAa;AAClB,SAAK,gBAAgB;AAGrB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,MAAM,mCAAmC;AAMzC,MAAM,qCAAqC,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA,EAK/C;AAAA,EAEP,YAAY,QAAe,cAAuB;AAChD,UAAM,cAAc,OAAO,KAAK,IAAI;AACpC,UAAM,GAAG,YAAY;AAAA,EAAK,WAAW,EAAE;AACvC,SAAK,SAAS;AAGd,SAAK,OAAO;AAAA,EACd;AACF;AAEA,SAAS,yCAAyC,WAA8C;AAC9F,SAAO;AAAA,IACL,OAAO,UAAU;AAAA,IACjB,kBAAkB,UAAU;AAAA,IAC5B,eAAe,UAAU;AAAA,IACzB,YAAY,UAAU;AAAA,IACtB,WAAW,UAAU;AAAA,IACrB,SAAS,UAAU;AAAA,EACrB;AACF;AA2BO,MAAM,oCAAoC,MAAM;AAAA;AAAA;AAAA;AAAA,EAI9C;AAAA;AAAA;AAAA;AAAA,EAIA;AAAA,EAEP,YAIE,SACA;AACA,UAAM,QAAQ,SAAS,QAAQ,QAAQ,EAAE,OAAO,QAAQ,MAAM,IAAI,MAAS;AAC3E,SAAK,SAAS,QAAQ;AACtB,SAAK,kBAAkB,QAAQ;AAC/B,SAAK,OAAO;AAAA,EACd;AACF;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
package/dist/commonjs/index.d.ts
CHANGED
|
@@ -1,61 +1,61 @@
|
|
|
1
1
|
export * from "./plugins/consumer.js";
|
|
2
|
-
export { IdentityPlugin } from "./plugins/provider.js";
|
|
2
|
+
export type { IdentityPlugin } from "./plugins/provider.js";
|
|
3
3
|
import type { TokenCredential } from "@azure/core-auth";
|
|
4
|
-
export { AuthenticationError, ErrorResponse, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError, AuthenticationRequiredErrorOptions, } from "./errors.js";
|
|
5
|
-
export { AuthenticationRecord } from "./msal/types.js";
|
|
4
|
+
export { AuthenticationError, type ErrorResponse, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError, type AuthenticationRequiredErrorOptions, } from "./errors.js";
|
|
5
|
+
export type { AuthenticationRecord } from "./msal/types.js";
|
|
6
6
|
export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils.js";
|
|
7
|
-
export { TokenCredentialOptions } from "./tokenCredentialOptions.js";
|
|
8
|
-
export { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
|
|
9
|
-
export { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
|
|
10
|
-
export { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
|
|
11
|
-
export { BrokerOptions, BrokerEnabledOptions, BrokerDisabledOptions, } from "./msal/nodeFlows/brokerOptions.js";
|
|
12
|
-
export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
|
|
7
|
+
export type { TokenCredentialOptions } from "./tokenCredentialOptions.js";
|
|
8
|
+
export type { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
|
|
9
|
+
export type { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
|
|
10
|
+
export type { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
|
|
11
|
+
export type { BrokerOptions, BrokerEnabledOptions, BrokerDisabledOptions, } from "./msal/nodeFlows/brokerOptions.js";
|
|
12
|
+
export type { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
|
|
13
13
|
export { ChainedTokenCredential } from "./credentials/chainedTokenCredential.js";
|
|
14
14
|
export { ClientSecretCredential } from "./credentials/clientSecretCredential.js";
|
|
15
|
-
export { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
|
|
15
|
+
export type { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
|
|
16
16
|
export { DefaultAzureCredential } from "./credentials/defaultAzureCredential.js";
|
|
17
|
-
export { DefaultAzureCredentialOptions, DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialResourceIdOptions, DefaultAzureCredentialEnvVars, } from "./credentials/defaultAzureCredentialOptions.js";
|
|
17
|
+
export type { DefaultAzureCredentialOptions, DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialResourceIdOptions, DefaultAzureCredentialEnvVars, } from "./credentials/defaultAzureCredentialOptions.js";
|
|
18
18
|
export { EnvironmentCredential } from "./credentials/environmentCredential.js";
|
|
19
|
-
export { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
|
|
19
|
+
export type { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
|
|
20
20
|
export { ClientCertificateCredential } from "./credentials/clientCertificateCredential.js";
|
|
21
|
-
export { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificatePath, ClientCertificatePEMCertificate, } from "./credentials/clientCertificateCredentialModels.js";
|
|
22
|
-
export { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
|
|
21
|
+
export type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificatePath, ClientCertificatePEMCertificate, } from "./credentials/clientCertificateCredentialModels.js";
|
|
22
|
+
export type { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
|
|
23
23
|
export { ClientAssertionCredential } from "./credentials/clientAssertionCredential.js";
|
|
24
|
-
export { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
|
|
25
|
-
export { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
|
|
24
|
+
export type { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
|
|
25
|
+
export type { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
|
|
26
26
|
export { AzureCliCredential } from "./credentials/azureCliCredential.js";
|
|
27
|
-
export { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
|
|
27
|
+
export type { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
|
|
28
28
|
export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential.js";
|
|
29
|
-
export { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
|
|
29
|
+
export type { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
|
|
30
30
|
export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential.js";
|
|
31
|
-
export { InteractiveBrowserCredentialNodeOptions, InteractiveBrowserCredentialInBrowserOptions, BrowserLoginStyle, } from "./credentials/interactiveBrowserCredentialOptions.js";
|
|
31
|
+
export type { InteractiveBrowserCredentialNodeOptions, InteractiveBrowserCredentialInBrowserOptions, BrowserLoginStyle, } from "./credentials/interactiveBrowserCredentialOptions.js";
|
|
32
32
|
export { ManagedIdentityCredential } from "./credentials/managedIdentityCredential/index.js";
|
|
33
|
-
export { ManagedIdentityCredentialClientIdOptions, ManagedIdentityCredentialResourceIdOptions, ManagedIdentityCredentialObjectIdOptions, } from "./credentials/managedIdentityCredential/options.js";
|
|
33
|
+
export type { ManagedIdentityCredentialClientIdOptions, ManagedIdentityCredentialResourceIdOptions, ManagedIdentityCredentialObjectIdOptions, } from "./credentials/managedIdentityCredential/options.js";
|
|
34
34
|
export { DeviceCodeCredential } from "./credentials/deviceCodeCredential.js";
|
|
35
|
-
export { DeviceCodePromptCallback, DeviceCodeInfo, } from "./credentials/deviceCodeCredentialOptions.js";
|
|
36
|
-
export { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
|
|
35
|
+
export type { DeviceCodePromptCallback, DeviceCodeInfo, } from "./credentials/deviceCodeCredentialOptions.js";
|
|
36
|
+
export type { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
|
|
37
37
|
export { AzurePipelinesCredential as AzurePipelinesCredential } from "./credentials/azurePipelinesCredential.js";
|
|
38
|
-
export { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
|
|
38
|
+
export type { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
|
|
39
39
|
export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential.js";
|
|
40
|
-
export { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
|
|
40
|
+
export type { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
|
|
41
41
|
export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential.js";
|
|
42
|
-
export { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
|
|
43
|
-
export { OnBehalfOfCredentialOptions, OnBehalfOfCredentialSecretOptions, OnBehalfOfCredentialCertificateOptions, OnBehalfOfCredentialAssertionOptions, } from "./credentials/onBehalfOfCredentialOptions.js";
|
|
42
|
+
export type { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
|
|
43
|
+
export type { OnBehalfOfCredentialOptions, OnBehalfOfCredentialSecretOptions, OnBehalfOfCredentialCertificateOptions, OnBehalfOfCredentialAssertionOptions, } from "./credentials/onBehalfOfCredentialOptions.js";
|
|
44
44
|
export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential.js";
|
|
45
|
-
export { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
|
|
45
|
+
export type { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
|
|
46
46
|
export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential.js";
|
|
47
|
-
export { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
|
|
47
|
+
export type { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
|
|
48
48
|
export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential.js";
|
|
49
49
|
export { WorkloadIdentityCredential } from "./credentials/workloadIdentityCredential.js";
|
|
50
|
-
export { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
|
|
51
|
-
export { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
|
|
52
|
-
export { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
|
|
53
|
-
export { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
|
|
50
|
+
export type { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
|
|
51
|
+
export type { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
|
|
52
|
+
export type { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
|
|
53
|
+
export type { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
|
|
54
54
|
export { logger } from "./util/logging.js";
|
|
55
55
|
export { AzureAuthorityHosts } from "./constants.js";
|
|
56
56
|
/**
|
|
57
57
|
* Returns a new instance of the {@link DefaultAzureCredential}.
|
|
58
58
|
*/
|
|
59
59
|
export declare function getDefaultAzureCredential(): TokenCredential;
|
|
60
|
-
export { getBearerTokenProvider, GetBearerTokenProviderOptions } from "./tokenProvider.js";
|
|
60
|
+
export { getBearerTokenProvider, type GetBearerTokenProviderOptions } from "./tokenProvider.js";
|
|
61
61
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAEtC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAEtC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,OAAO,EACL,mBAAmB,EACnB,KAAK,aAAa,EAClB,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,EAC3B,KAAK,kCAAkC,GACxC,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AACjG,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC1E,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,YAAY,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAI9F,YAAY,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5E,YAAY,EACV,aAAa,EACb,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,mCAAmC,CAAC;AAC3C,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAElG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,YAAY,EAAE,6BAA6B,EAAE,MAAM,gDAAgD,CAAC;AAEpG,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,YAAY,EACV,6BAA6B,EAC7B,qCAAqC,EACrC,uCAAuC,EACvC,6BAA6B,GAC9B,MAAM,gDAAgD,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAElG,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EACV,2CAA2C,EAC3C,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,oDAAoD,CAAC;AAC5D,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,YAAY,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AAC1G,YAAY,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,YAAY,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAC5F,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,YAAY,EACV,uCAAuC,EACvC,4CAA4C,EAC5C,iBAAiB,GAClB,MAAM,sDAAsD,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAC7F,YAAY,EACV,wCAAwC,EACxC,0CAA0C,EAC1C,wCAAwC,GACzC,MAAM,oDAAoD,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,YAAY,EACV,wBAAwB,EACxB,cAAc,GACf,MAAM,8CAA8C,CAAC;AACtD,YAAY,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACjH,YAAY,EAAE,+BAA+B,IAAI,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AAC3I,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,YAAY,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,YAAY,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AAC1G,YAAY,EACV,2BAA2B,EAC3B,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,GACrC,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,YAAY,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AAC5G,YAAY,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAChG,YAAY,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAErG,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,eAAe,CAE3D;AAED,OAAO,EAAE,sBAAsB,EAAE,KAAK,6BAA6B,EAAE,MAAM,oBAAoB,CAAC"}
|