@azure/identity 4.14.0-beta.2 → 4.14.0-beta.4

package/dist/browser/util/certificatesUtils.js

@@ -1,47 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { X509Certificate } from "crypto";
-/**
- * Extracts public keys from PEM certificate content
- * @param pemData - The PEM certificate data to parse
- * @returns Array of base64-encoded public key strings
- */
-export function extractPemCertificateKeys(pemContent) {
-    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
-    const publicKeys = [];
-    // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
-    let match;
-    do {
-        match = certificatePattern.exec(pemContent);
-        if (match) {
-            publicKeys.push(match[3]);
-        }
-    } while (match);
-    if (publicKeys.length === 0) {
-        throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
-    }
-    return publicKeys;
-}
-/**
- * Checks if PEM certificate content can be parsed as X509Certificate
- * @param pemCert - The PEM certificate
- * @returns true if all certificates in the PEM content can be parsed without error
- */
-export function canParseAsX509Certificate(pemCert) {
-    try {
-        const pemContents = extractPemCertificateKeys(pemCert);
-        for (let i = 0; i < pemContents.length; i++) {
-            const pemContent = pemContents[i];
-            // Reconstruct the full PEM format for X509Certificate constructor
-            const fullPemCertificate = `-----BEGIN CERTIFICATE-----\n${pemContent}\n-----END CERTIFICATE-----`;
-            // Attempt to parse as X.509 certificate
-            new X509Certificate(fullPemCertificate);
-        }
-        return true;
-    }
-    catch (extractError) {
-        // Return false for any error (extraction or parsing)
-        return false;
-    }
-}
-//# sourceMappingURL=certificatesUtils.js.map

package/dist/browser/util/certificatesUtils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"certificatesUtils.js","sourceRoot":"","sources":["../../../src/util/certificatesUtils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAEzC;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,UAAkB;IAC1D,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG,CAAC;QACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACvD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAEvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAClC,kEAAkE;YAClE,MAAM,kBAAkB,GAAG,gCAAgC,UAAU,6BAA6B,CAAC;YACnG,wCAAwC;YACxC,IAAI,eAAe,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,YAAY,EAAE,CAAC;QACtB,qDAAqD;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { X509Certificate } from \"crypto\";\n\n/**\n * Extracts public keys from PEM certificate content\n * @param pemData - The PEM certificate data to parse\n * @returns Array of base64-encoded public key strings\n */\nexport function extractPemCertificateKeys(pemContent: string): string[] {\n  const certificatePattern =\n    /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n  const publicKeys: string[] = [];\n\n  // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n  let match;\n  do {\n    match = certificatePattern.exec(pemContent);\n    if (match) {\n      publicKeys.push(match[3]);\n    }\n  } while (match);\n\n  if (publicKeys.length === 0) {\n    throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n  }\n\n  return publicKeys;\n}\n\n/**\n * Checks if PEM certificate content can be parsed as X509Certificate\n * @param pemCert - The PEM certificate\n * @returns true if all certificates in the PEM content can be parsed without error\n */\nexport function canParseAsX509Certificate(pemCert: string): boolean {\n  try {\n    const pemContents = extractPemCertificateKeys(pemCert);\n\n    for (let i = 0; i < pemContents.length; i++) {\n      const pemContent = pemContents[i];\n      // Reconstruct the full PEM format for X509Certificate constructor\n      const fullPemCertificate = `-----BEGIN CERTIFICATE-----\\n${pemContent}\\n-----END CERTIFICATE-----`;\n      // Attempt to parse as X.509 certificate\n      new X509Certificate(fullPemCertificate);\n    }\n    return true;\n  } catch (extractError) {\n    // Return false for any error (extraction or parsing)\n    return false;\n  }\n}\n"]}

package/dist/browser/util/processUtils.d.ts

@@ -1,13 +0,0 @@
-import childProcess from "node:child_process";
-/**
- * Easy to mock childProcess utils.
- * @internal
- */
-export declare const processUtils: {
-    /**
-     * Promisifying childProcess.execFile
-     * @internal
-     */
-    execFile(file: string, params: string[], options?: childProcess.ExecFileOptionsWithStringEncoding): Promise<string | Buffer>;
-};
-//# sourceMappingURL=processUtils.d.ts.map

package/dist/browser/util/processUtils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,YAAY,MAAM,oBAAoB,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}

package/dist/browser/util/processUtils.js

@@ -1,32 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import childProcess from "node:child_process";
-/**
- * Easy to mock childProcess utils.
- * @internal
- */
-export const processUtils = {
-    /**
-     * Promisifying childProcess.execFile
-     * @internal
-     */
-    execFile(file, params, options) {
-        return new Promise((resolve, reject) => {
-            childProcess.execFile(file, params, options, (error, stdout, stderr) => {
-                if (Buffer.isBuffer(stdout)) {
-                    stdout = stdout.toString("utf8");
-                }
-                if (Buffer.isBuffer(stderr)) {
-                    stderr = stderr.toString("utf8");
-                }
-                if (stderr || error) {
-                    reject(stderr ? new Error(stderr) : error);
-                }
-                else {
-                    resolve(stdout);
-                }
-            });
-        });
-    },
-};
-//# sourceMappingURL=processUtils.js.map

package/dist/browser/util/processUtils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,YAAY,MAAM,oBAAoB,CAAC;AAE9C;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport childProcess from \"node:child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n  /**\n   * Promisifying childProcess.execFile\n   * @internal\n   */\n  execFile(\n    file: string,\n    params: string[],\n    options?: childProcess.ExecFileOptionsWithStringEncoding,\n  ): Promise<string | Buffer> {\n    return new Promise((resolve, reject) => {\n      childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n        if (Buffer.isBuffer(stdout)) {\n          stdout = stdout.toString(\"utf8\");\n        }\n        if (Buffer.isBuffer(stderr)) {\n          stderr = stderr.toString(\"utf8\");\n        }\n        if (stderr || error) {\n          reject(stderr ? new Error(stderr) : error);\n        } else {\n          resolve(stdout);\n        }\n      });\n    });\n  },\n};\n"]}

package/dist/browser/util/subscriptionUtils.d.ts

@@ -1,6 +0,0 @@
-import type { CredentialLogger } from "./logging.js";
-/**
- * @internal
- */
-export declare function checkSubscription(logger: CredentialLogger, subscription: string): void;
-//# sourceMappingURL=subscriptionUtils.d.ts.map

package/dist/browser/util/subscriptionUtils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"subscriptionUtils.d.ts","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAUtF"}

package/dist/browser/util/subscriptionUtils.js

@@ -1,16 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-import { formatError } from "./logging.js";
-/**
- * @internal
- */
-export function checkSubscription(logger, subscription) {
-    if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
-        const error = new Error(`Subscription '${subscription}' contains invalid characters. If this is the name of a subscription, use ` +
-            `its ID instead. You can locate your subscription by following the instructions listed here: ` +
-            `https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id`);
-        logger.info(formatError("", error));
-        throw error;
-    }
-}
-//# sourceMappingURL=subscriptionUtils.js.map

package/dist/browser/util/subscriptionUtils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"subscriptionUtils.js","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAwB,EAAE,YAAoB;IAC9E,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,iBAAiB,YAAY,4EAA4E;YACvG,8FAA8F;YAC9F,2EAA2E,CAC9E,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/**\n * @internal\n */\nexport function checkSubscription(logger: CredentialLogger, subscription: string): void {\n  if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {\n    const error = new Error(\n      `Subscription '${subscription}' contains invalid characters. If this is the name of a subscription, use ` +\n        `its ID instead. You can locate your subscription by following the instructions listed here: ` +\n        `https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id`,\n    );\n    logger.info(formatError(\"\", error));\n    throw error;\n  }\n}\n"]}

package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts

@@ -1,12 +0,0 @@
-/**
- * A function that searches for credentials in the Visual Studio Code credential store.
- *
- * @returns an array of credentials (username and password)
- * @internal
- *
- */
-export type VSCodeCredentialFinder = () => Promise<Array<{
-    account: string;
-    password: string;
-}>>;
-//# sourceMappingURL=visualStudioCodeCredentialPlugin.d.ts.map

package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"visualStudioCodeCredentialPlugin.d.ts","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC"}

package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=visualStudioCodeCredentialPlugin.js.map

package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"visualStudioCodeCredentialPlugin.js","sourceRoot":"","sources":["../../../src/credentials/visualStudioCodeCredentialPlugin.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * A function that searches for credentials in the Visual Studio Code credential store.\n *\n * @returns an array of credentials (username and password)\n * @internal\n *\n */\nexport type VSCodeCredentialFinder = () => Promise<Array<{ account: string; password: string }>>;\n"]}

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts

@@ -1,19 +0,0 @@
-import type { MsalBrowserFlowOptions } from "./msalBrowserOptions.js";
-import type { AccessToken } from "@azure/core-auth";
-import type { AuthenticationRecord } from "../types.js";
-import type { CredentialFlowGetTokenOptions } from "../credentials.js";
-/**
- * Methods that are used by InteractiveBrowserCredential
- * @internal
- */
-export interface MsalBrowserClient {
-    getActiveAccount(): Promise<AuthenticationRecord | undefined>;
-    getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Uses MSAL Browser 2.X for browser authentication,
- * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
- * @internal
- */
-export declare function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient;
-//# sourceMappingURL=msalBrowserCommon.d.ts.map

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"msalBrowserCommon.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAYtE,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,aAAa,CAAC;AAEpE,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AA8CvE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,IAAI,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAC;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC1F;AAKD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,sBAAsB,GAAG,iBAAiB,CAyP1F"}

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js

@@ -1,265 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createMsalBrowserClient = createMsalBrowserClient;
-const tslib_1 = require("tslib");
-const msalBrowser = tslib_1.__importStar(require("@azure/msal-browser"));
-const utils_js_1 = require("../utils.js");
-const errors_js_1 = require("../../errors.js");
-const logger_1 = require("@azure/logger");
-const logging_js_1 = require("../../util/logging.js");
-const tenantIdUtils_js_1 = require("../../util/tenantIdUtils.js");
-const constants_js_1 = require("../../constants.js");
-// We keep a copy of the redirect hash.
-// Check if self and location object is defined.
-const isLocationDefined = typeof self !== "undefined" && self.location !== undefined;
-/**
- * Generates a MSAL configuration that generally works for browsers
- */
-function generateMsalBrowserConfiguration(options) {
-    const tenantId = options.tenantId || constants_js_1.DefaultTenantId;
-    const authority = (0, utils_js_1.getAuthority)(tenantId, options.authorityHost);
-    return {
-        auth: {
-            clientId: options.clientId,
-            authority,
-            knownAuthorities: (0, utils_js_1.getKnownAuthorities)(tenantId, authority, options.disableInstanceDiscovery),
-            // If the users picked redirect as their login style,
-            // but they didn't provide a redirectUri,
-            // we can try to use the current page we're in as a default value.
-            redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),
-        },
-        cache: {
-            cacheLocation: "sessionStorage",
-            storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.
-        },
-        system: {
-            loggerOptions: {
-                loggerCallback: (0, utils_js_1.defaultLoggerCallback)(options.logger, "Browser"),
-                logLevel: (0, utils_js_1.getMSALLogLevel)((0, logger_1.getLogLevel)()),
-                piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,
-            },
-        },
-    };
-}
-// We keep a copy of the redirect hash.
-const redirectHash = isLocationDefined ? self.location.hash : undefined;
-/**
- * Uses MSAL Browser 2.X for browser authentication,
- * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
- * @internal
- */
-function createMsalBrowserClient(options) {
-    const loginStyle = options.loginStyle;
-    if (!options.clientId) {
-        throw new errors_js_1.CredentialUnavailableError("A client ID is required in browsers");
-    }
-    const clientId = options.clientId;
-    const logger = options.logger;
-    const tenantId = (0, tenantIdUtils_js_1.resolveTenantId)(logger, options.tenantId, options.clientId);
-    const additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options?.tokenCredentialOptions?.additionallyAllowedTenants);
-    const authorityHost = options.authorityHost;
-    const msalConfig = generateMsalBrowserConfiguration(options);
-    const disableAutomaticAuthentication = options.disableAutomaticAuthentication;
-    const loginHint = options.loginHint;
-    let account;
-    if (options.authenticationRecord) {
-        account = {
-            ...options.authenticationRecord,
-            tenantId,
-        };
-    }
-    // This variable should only be used through calling `getApp` function
-    let app;
-    /**
-     * Return the MSAL account if not set yet
-     * @returns MSAL application
-     */
-    async function getApp() {
-        if (!app) {
-            // Prepare the MSAL application
-            app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);
-            // setting the account right after the app is created.
-            if (account) {
-                app.setActiveAccount((0, utils_js_1.publicToMsal)(account));
-            }
-        }
-        return app;
-    }
-    /**
-     * Loads the account based on the result of the authentication.
-     * If no result was received, tries to load the account from the cache.
-     * @param result - Result object received from MSAL.
-     */
-    async function handleBrowserResult(result) {
-        try {
-            const msalApp = await getApp();
-            if (result && result.account) {
-                logger.info(`MSAL Browser V2 authentication successful.`);
-                msalApp.setActiveAccount(result.account);
-                return (0, utils_js_1.msalToPublic)(clientId, result.account);
-            }
-        }
-        catch (e) {
-            logger.info(`Failed to acquire token through MSAL. ${e.message}`);
-        }
-        return;
-    }
-    /**
-     * Handles the MSAL authentication result.
-     * If the result has an account, we update the local account reference.
-     * If the token received is invalid, an error will be thrown depending on what's missing.
-     */
-    function handleResult(scopes, result, getTokenOptions) {
-        if (result?.account) {
-            account = (0, utils_js_1.msalToPublic)(clientId, result.account);
-        }
-        (0, utils_js_1.ensureValidMsalToken)(scopes, result, getTokenOptions);
-        logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
-        return {
-            token: result.accessToken,
-            expiresOnTimestamp: result.expiresOn.getTime(),
-            refreshAfterTimestamp: result.refreshOn?.getTime(),
-            tokenType: "Bearer",
-        };
-    }
-    /**
-     * Uses MSAL to handle the redirect.
-     */
-    async function handleRedirect() {
-        const msalApp = await getApp();
-        return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);
-    }
-    /**
-     * Uses MSAL to retrieve the active account.
-     */
-    async function getActiveAccount() {
-        const msalApp = await getApp();
-        const activeAccount = msalApp.getActiveAccount();
-        if (!activeAccount) {
-            return;
-        }
-        return (0, utils_js_1.msalToPublic)(clientId, activeAccount);
-    }
-    /**
-     * Uses MSAL to trigger a redirect or a popup login.
-     */
-    async function login(scopes = []) {
-        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-        const loginRequest = {
-            scopes: arrayScopes,
-            loginHint: loginHint,
-        };
-        const msalApp = await getApp();
-        switch (loginStyle) {
-            case "redirect": {
-                await app.loginRedirect(loginRequest);
-                return;
-            }
-            case "popup":
-                return handleBrowserResult(await msalApp.loginPopup(loginRequest));
-        }
-    }
-    /**
-     * Tries to retrieve the token silently using MSAL.
-     */
-    async function getTokenSilent(scopes, getTokenOptions) {
-        const activeAccount = await getActiveAccount();
-        if (!activeAccount) {
-            throw new errors_js_1.AuthenticationRequiredError({
-                scopes,
-                getTokenOptions,
-                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
-            });
-        }
-        const parameters = {
-            authority: getTokenOptions?.authority || msalConfig.auth.authority,
-            correlationId: getTokenOptions?.correlationId,
-            claims: getTokenOptions?.claims,
-            account: (0, utils_js_1.publicToMsal)(activeAccount),
-            forceRefresh: false,
-            scopes,
-        };
-        try {
-            logger.info("Attempting to acquire token silently");
-            const msalApp = await getApp();
-            const response = await msalApp.acquireTokenSilent(parameters);
-            return handleResult(scopes, response);
-        }
-        catch (err) {
-            throw (0, utils_js_1.handleMsalError)(scopes, err, options);
-        }
-    }
-    /**
-     * Attempts to retrieve the token in the browser through interactive methods.
-     */
-    async function getTokenInteractive(scopes, getTokenOptions) {
-        const activeAccount = await getActiveAccount();
-        if (!activeAccount) {
-            throw new errors_js_1.AuthenticationRequiredError({
-                scopes,
-                getTokenOptions,
-                message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
-            });
-        }
-        const parameters = {
-            authority: getTokenOptions?.authority || msalConfig.auth.authority,
-            correlationId: getTokenOptions?.correlationId,
-            claims: getTokenOptions?.claims,
-            account: (0, utils_js_1.publicToMsal)(activeAccount),
-            loginHint: loginHint,
-            scopes,
-        };
-        const msalApp = await getApp();
-        switch (loginStyle) {
-            case "redirect":
-                // This will go out of the page.
-                // Once the InteractiveBrowserCredential is initialized again,
-                // we'll load the MSAL account in the constructor.
-                await msalApp.acquireTokenRedirect(parameters);
-                return { token: "", expiresOnTimestamp: 0, tokenType: "Bearer" };
-            case "popup":
-                return handleResult(scopes, await app.acquireTokenPopup(parameters));
-        }
-    }
-    /**
-     * Attempts to get token through the silent flow.
-     * If failed, get token through interactive method with `doGetToken` method.
-     */
-    async function getToken(scopes, getTokenOptions = {}) {
-        const getTokenTenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||
-            tenantId;
-        if (!getTokenOptions.authority) {
-            getTokenOptions.authority = (0, utils_js_1.getAuthority)(getTokenTenantId, authorityHost);
-        }
-        // We ensure that redirection is handled at this point.
-        await handleRedirect();
-        if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {
-            await login(scopes);
-        }
-        // Attempts to get the token silently; else, falls back to interactive method.
-        try {
-            return await getTokenSilent(scopes, getTokenOptions);
-        }
-        catch (err) {
-            if (err.name !== "AuthenticationRequiredError") {
-                throw err;
-            }
-            if (getTokenOptions?.disableAutomaticAuthentication) {
-                throw new errors_js_1.AuthenticationRequiredError({
-                    scopes,
-                    getTokenOptions,
-                    message: "Automatic authentication has been disabled. You may call the authenticate() method.",
-                });
-            }
-            logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);
-            return getTokenInteractive(scopes, getTokenOptions);
-        }
-    }
-    return {
-        getActiveAccount,
-        getToken,
-    };
-}
-//# sourceMappingURL=msalBrowserCommon.js.map

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAkFlC,0DAyPC;;AAzUD,yEAAmD;AAGnD,0CASqB;AAIrB,+CAA0F;AAE1F,0CAA4C;AAC5C,sDAAsD;AACtD,kEAIqC;AACrC,qDAAqD;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;GAEG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,8BAAe,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,IAAA,sDAAmC,EAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,IAAA,uBAAY,EAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,IAAA,+BAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,IAAA,4CAAyB,EAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,IAAA,uBAAY,EAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n */\nfunction generateMsalBrowserConfiguration(\n  options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n    },\n    cache: {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    },\n    system: {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n  getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n  getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n  const loginStyle = options.loginStyle;\n  if (!options.clientId) {\n    throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n  }\n  const clientId = options.clientId;\n  const logger = options.logger;\n  const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n  const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n    options?.tokenCredentialOptions?.additionallyAllowedTenants,\n  );\n  const authorityHost = options.authorityHost;\n  const msalConfig = generateMsalBrowserConfiguration(options);\n  const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n  const loginHint = options.loginHint;\n\n  let account: AuthenticationRecord | undefined;\n  if (options.authenticationRecord) {\n    account = {\n      ...options.authenticationRecord,\n      tenantId,\n    };\n  }\n\n  // This variable should only be used through calling `getApp` function\n  let app: msalBrowser.IPublicClientApplication;\n  /**\n   * Return the MSAL account if not set yet\n   * @returns MSAL application\n   */\n  async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n    if (!app) {\n      // Prepare the MSAL application\n      app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n      // setting the account right after the app is created.\n      if (account) {\n        app.setActiveAccount(publicToMsal(account));\n      }\n    }\n\n    return app;\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  async function handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult,\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      const msalApp = await getApp();\n      if (result && result.account) {\n        logger.info(`MSAL Browser V2 authentication successful.`);\n        msalApp.setActiveAccount(result.account);\n        return msalToPublic(clientId, result.account);\n      }\n    } catch (e: any) {\n      logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  function handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      account = msalToPublic(clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n      refreshAfterTimestamp: result.refreshOn?.getTime(),\n      tokenType: \"Bearer\",\n    };\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    const activeAccount = msalApp.getActiveAccount();\n    if (!activeAccount) {\n      return;\n    }\n    return msalToPublic(clientId, activeAccount);\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: loginHint,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\": {\n        await app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Tries to retrieve the token silently using MSAL.\n   */\n  async function getTokenSilent(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      logger.info(\"Attempting to acquire token silently\");\n      const msalApp = await getApp();\n      const response = await msalApp.acquireTokenSilent(parameters);\n      return handleResult(scopes, response);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser through interactive methods.\n   */\n  async function getTokenInteractive(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      loginHint: loginHint,\n      scopes,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n\n        await msalApp.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n      case \"popup\":\n        return handleResult(scopes, await app.acquireTokenPopup(parameters));\n    }\n  }\n\n  /**\n   * Attempts to get token through the silent flow.\n   * If failed, get token through interactive method with `doGetToken` method.\n   */\n  async function getToken(\n    scopes: string[],\n    getTokenOptions: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const getTokenTenantId =\n      processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n      tenantId;\n\n    if (!getTokenOptions.authority) {\n      getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await handleRedirect();\n\n    if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n      await login(scopes);\n    }\n\n    // Attempts to get the token silently; else, falls back to interactive method.\n    try {\n      return await getTokenSilent(scopes, getTokenOptions);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (getTokenOptions?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions,\n          message:\n            \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n        });\n      }\n      logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n      return getTokenInteractive(scopes, getTokenOptions);\n    }\n  }\n  return {\n    getActiveAccount,\n    getToken,\n  };\n}\n"]}

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.d.ts

@@ -1,87 +0,0 @@
-import type { AuthenticationRecord } from "../types.js";
-import type { BrowserLoginStyle } from "../../credentials/interactiveBrowserCredentialOptions.js";
-import type { LogPolicyOptions } from "@azure/core-rest-pipeline";
-import type { MultiTenantTokenCredentialOptions } from "../../credentials/multiTenantTokenCredentialOptions.js";
-import type { CredentialLogger } from "../../util/logging.js";
-/**
- * Options for the MSAL browser flows.
- * @internal
- */
-export interface MsalBrowserFlowOptions {
-    logger: CredentialLogger;
-    /**
-     * The Client ID of the Microsoft Entra application that users will sign into.
-     * This parameter is required on the browser.
-     */
-    clientId?: string;
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId?: string;
-    /**
-     * The authority host to use for authentication requests.
-     * Possible values are available through {@link AzureAuthorityHosts}.
-     * The default is "https://login.microsoftonline.com".
-     */
-    authorityHost?: string;
-    /**
-     * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
-     * This is necessary to provide in case the application wants to work with more than one account per
-     * Client ID and Tenant ID pair.
-     *
-     * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:
-     *
-     *     const authenticationRecord = await credential.authenticate();
-     *
-     */
-    authenticationRecord?: AuthenticationRecord;
-    /**
-     * Makes getToken throw if a manual authentication is necessary.
-     * Developers will need to call to `authenticate()` to control when to manually authenticate.
-     */
-    disableAutomaticAuthentication?: boolean;
-    /**
-     * The field determines whether instance discovery is performed when attempting to authenticate.
-     * Setting this to `true` will completely disable both instance discovery and authority validation.
-     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
-     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
-     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
-     */
-    disableInstanceDiscovery?: boolean;
-    /**
-     * Options for multi-tenant applications which allows for additionally allowed tenants.
-     */
-    tokenCredentialOptions: MultiTenantTokenCredentialOptions;
-    /**
-     * Gets the redirect URI of the application. This should be same as the value
-     * in the application registration portal.  Defaults to `window.location.href`.
-     * This field is no longer required for Node.js.
-     */
-    redirectUri?: string;
-    /**
-     * Specifies whether a redirect or a popup window should be used to
-     * initiate the user authentication flow. Possible values are "redirect"
-     * or "popup" (default) for browser and "popup" (default) for node.
-     *
-     */
-    loginStyle: BrowserLoginStyle;
-    /**
-     * loginHint allows a user name to be pre-selected for interactive logins.
-     * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
-     */
-    loginHint?: string;
-    /**
-     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
-     */
-    loggingOptions?: LogPolicyOptions & {
-        /**
-         * Allows logging account information once the authentication flow succeeds.
-         */
-        allowLoggingAccountIdentifiers?: boolean;
-        /**
-         * Allows logging personally identifiable information for customer support.
-         */
-        enableUnsafeSupportLogging?: boolean;
-    };
-}
-//# sourceMappingURL=msalBrowserOptions.d.ts.map

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"msalBrowserOptions.d.ts","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAChH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,gBAAgB,CAAC;IAEzB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAE5C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;IAEzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,sBAAsB,EAAE,iCAAiC,CAAC;IAE1D;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,cAAc,CAAC,EAAE,gBAAgB,GAAG;QAClC;;WAEG;QACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;QACzC;;WAEG;QACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH"}

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=msalBrowserOptions.js.map

package/dist/commonjs/msal/browserFlows/msalBrowserOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"msalBrowserOptions.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthenticationRecord } from \"../types.js\";\nimport type { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport type { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\n\n/**\n * Options for the MSAL browser flows.\n * @internal\n */\nexport interface MsalBrowserFlowOptions {\n  logger: CredentialLogger;\n\n  /**\n   * The Client ID of the Microsoft Entra application that users will sign into.\n   * This parameter is required on the browser.\n   */\n  clientId?: string;\n\n  /**\n   * The Microsoft Entra tenant (directory) ID.\n   */\n  tenantId?: string;\n\n  /**\n   * The authority host to use for authentication requests.\n   * Possible values are available through {@link AzureAuthorityHosts}.\n   * The default is \"https://login.microsoftonline.com\".\n   */\n  authorityHost?: string;\n\n  /**\n   * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.\n   * This is necessary to provide in case the application wants to work with more than one account per\n   * Client ID and Tenant ID pair.\n   *\n   * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:\n   *\n   *     const authenticationRecord = await credential.authenticate();\n   *\n   */\n  authenticationRecord?: AuthenticationRecord;\n\n  /**\n   * Makes getToken throw if a manual authentication is necessary.\n   * Developers will need to call to `authenticate()` to control when to manually authenticate.\n   */\n  disableAutomaticAuthentication?: boolean;\n\n  /**\n   * The field determines whether instance discovery is performed when attempting to authenticate.\n   * Setting this to `true` will completely disable both instance discovery and authority validation.\n   * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n   * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n   * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n   */\n  disableInstanceDiscovery?: boolean;\n\n  /**\n   * Options for multi-tenant applications which allows for additionally allowed tenants.\n   */\n  tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n\n  /**\n   * Gets the redirect URI of the application. This should be same as the value\n   * in the application registration portal.  Defaults to `window.location.href`.\n   * This field is no longer required for Node.js.\n   */\n  redirectUri?: string;\n\n  /**\n   * Specifies whether a redirect or a popup window should be used to\n   * initiate the user authentication flow. Possible values are \"redirect\"\n   * or \"popup\" (default) for browser and \"popup\" (default) for node.\n   *\n   */\n  loginStyle: BrowserLoginStyle;\n\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: LogPolicyOptions & {\n    /**\n     * Allows logging account information once the authentication flow succeeds.\n     */\n    allowLoggingAccountIdentifiers?: boolean;\n    /**\n     * Allows logging personally identifiable information for customer support.\n     */\n    enableUnsafeSupportLogging?: boolean;\n  };\n}\n"]}