@azure/identity 4.2.0-alpha.20240425.2 → 4.3.0-alpha.20240426.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -36
- package/dist/index.js +292 -163
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredential.js +129 -0
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredential.js.map +1 -0
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredentialOptions.js +4 -0
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredentialOptions.js.map +1 -0
- package/dist-esm/src/index.js +1 -0
- package/dist-esm/src/index.js.map +1 -1
- package/dist-esm/src/util/logging.js +4 -0
- package/dist-esm/src/util/logging.js.map +1 -1
- package/package.json +1 -1
- package/types/identity.d.ts +45 -0
package/README.md
CHANGED
|
@@ -150,6 +150,7 @@ Due to a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500),
|
|
|
150
150
|
## Plugins
|
|
151
151
|
|
|
152
152
|
Azure Identity for JavaScript provides a plugin API that allows us to provide certain functionality through separate _plugin packages_. The `@azure/identity` package exports a top-level function (`useIdentityPlugin`) that can be used to enable a plugin. We provide two plugin packages:
|
|
153
|
+
|
|
153
154
|
- [`@azure/identity-broker`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-broker), which provides brokered authentication support through a native broker, such as Web Account Manager.
|
|
154
155
|
- [`@azure/identity-cache-persistence`](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-cache-persistence), which provides persistent token caching in Node.js using a native secure storage system provided by your operating system. This plugin allows cached `access_token` values to persist across sessions, meaning that an interactive login flow does not need to be repeated as long as a cached token is available.
|
|
155
156
|
|
|
@@ -236,40 +237,41 @@ Not all credentials require this configuration. Credentials that authenticate th
|
|
|
236
237
|
|
|
237
238
|
### Authenticate Azure-hosted applications
|
|
238
239
|
|
|
239
|
-
| Credential
|
|
240
|
-
|
|
|
241
|
-
| [`DefaultAzureCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/defaultazurecredential?view=azure-node-latest)
|
|
242
|
-
| [`ChainedTokenCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/chainedtokencredential?view=azure-node-latest)
|
|
243
|
-
| [`EnvironmentCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest)
|
|
244
|
-
| [`ManagedIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest)
|
|
245
|
-
| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest)| Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes.
|
|
240
|
+
| Credential | Usage | Example |
|
|
241
|
+
| -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
242
|
+
| [`DefaultAzureCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/defaultazurecredential?view=azure-node-latest) | Provides a simplified authentication experience to quickly start developing applications run in Azure. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-with-defaultazurecredential) |
|
|
243
|
+
| [`ChainedTokenCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/chainedtokencredential?view=azure-node-latest) | Allows users to define custom authentication flows composing multiple credentials. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#chaining-credentials) |
|
|
244
|
+
| [`EnvironmentCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/environmentcredential?view=azure-node-latest) | Authenticates a service principal or user via credential information specified in environment variables. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-environment-credentials) |
|
|
245
|
+
| [`ManagedIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/managedidentitycredential?view=azure-node-latest) | Authenticates the managed identity of an Azure resource. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-managed-identity) |
|
|
246
|
+
| [`WorkloadIdentityCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/workloadidentitycredential?view=azure-node-latest) | Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/aks/workload-identity-overview) on Kubernetes. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-with-workload-identity) |
|
|
247
|
+
| `AzurePipelinesServiceConnectionCredential` | Supports [Microsoft Entra Workload ID](https://learn.microsoft.com/azure/devops/pipelines/release/configure-workload-identity?view=azure-devops) on Azure Pipelines. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-in-azure-pipelines-with-service-connections) |
|
|
246
248
|
|
|
247
249
|
### Authenticate service principals
|
|
248
250
|
|
|
249
|
-
| Credential
|
|
250
|
-
|
|
|
251
|
-
| [`ClientAssertionCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientassertioncredential?view=azure-node-latest)
|
|
252
|
-
| [`ClientCertificateCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientcertificatecredential?view=azure-node-latest) | Authenticates a service principal using a certificate.
|
|
253
|
-
| [`ClientSecretCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest) | Authenticates a service principal using a secret.
|
|
251
|
+
| Credential | Usage | Example | Reference |
|
|
252
|
+
| ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
|
|
253
|
+
| [`ClientAssertionCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientassertioncredential?view=azure-node-latest) | Authenticates a service principal using a signed client assertion. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-assertion) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
|
|
254
|
+
| [`ClientCertificateCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientcertificatecredential?view=azure-node-latest) | Authenticates a service principal using a certificate. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-certificate) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
|
|
255
|
+
| [`ClientSecretCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest) | Authenticates a service principal using a secret. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-service-principal-with-a-client-secret) | [Service principal authentication](https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals) |
|
|
254
256
|
|
|
255
257
|
### Authenticate users
|
|
256
258
|
|
|
257
|
-
| Credential
|
|
258
|
-
|
|
|
259
|
-
| [`AuthorizationCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/authorizationcodecredential?view=azure-node-latest) | Authenticates a user with a previously obtained authorization code. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-auth-code-flow) | [OAuth2 authentication code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow)
|
|
260
|
-
| [`DeviceCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/devicecodecredential?view=azure-node-latest) | Interactively authenticates a user on devices with limited UI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-device-code-flow) | [Device code authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-device-code)
|
|
261
|
-
| [`InteractiveBrowserCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/interactivebrowsercredential?view=azure-node-latest) | Interactively authenticates a user with the default system browser. Read more about how this happens [here](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/interactive-browser-credential.md). | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-interactively-in-the-browser) | [OAuth2 authentication code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow)
|
|
262
|
-
| [`OnBehalfOfCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/onbehalfofcredential?view=azure-node-latest) | Propagates the delegated user identity and permissions through the request chain |
|
|
263
|
-
| [`UsernamePasswordCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/usernamepasswordcredential?view=azure-node-latest) | Authenticates a user with a username and password. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-username-and-password) | [Username + password authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth-ropc)
|
|
259
|
+
| Credential | Usage | Example | Reference |
|
|
260
|
+
| ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
|
|
261
|
+
| [`AuthorizationCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/authorizationcodecredential?view=azure-node-latest) | Authenticates a user with a previously obtained authorization code. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-auth-code-flow) | [OAuth2 authentication code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow) |
|
|
262
|
+
| [`DeviceCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/devicecodecredential?view=azure-node-latest) | Interactively authenticates a user on devices with limited UI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-device-code-flow) | [Device code authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-device-code) |
|
|
263
|
+
| [`InteractiveBrowserCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/interactivebrowsercredential?view=azure-node-latest) | Interactively authenticates a user with the default system browser. Read more about how this happens [here](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/interactive-browser-credential.md). | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-interactively-in-the-browser) | [OAuth2 authentication code](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow) |
|
|
264
|
+
| [`OnBehalfOfCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/onbehalfofcredential?view=azure-node-latest) | Propagates the delegated user identity and permissions through the request chain | | [On-behalf-of authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow) |
|
|
265
|
+
| [`UsernamePasswordCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/usernamepasswordcredential?view=azure-node-latest) | Authenticates a user with a username and password. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-username-and-password) | [Username + password authentication](https://learn.microsoft.com/entra/identity-platform/v2-oauth-ropc) |
|
|
264
266
|
|
|
265
267
|
### Authenticate via development tools
|
|
266
268
|
|
|
267
|
-
| Credential
|
|
268
|
-
|
|
|
269
|
-
| [`AzureCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest)
|
|
270
|
-
| [`AzureDeveloperCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azuredeveloperclicredential?view=azure-node-latest)
|
|
271
|
-
| [`AzurePowerShellCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest)
|
|
272
|
-
| [`VisualStudioCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/visualstudiocodecredential?view=azure-node-latest)
|
|
269
|
+
| Credential | Usage | Example | Reference |
|
|
270
|
+
| ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
|
|
271
|
+
| [`AzureCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azureclicredential?view=azure-node-latest) | Authenticate in a development environment with the Azure CLI. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-cli) | [Azure CLI authentication](https://learn.microsoft.com/cli/azure/authenticate-azure-cli) |
|
|
272
|
+
| [`AzureDeveloperCliCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azuredeveloperclicredential?view=azure-node-latest) | Authenticate in a development environment with the enabled user or service principal in Azure Developer CLI. | | [Azure Developer CLI Reference](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference) |
|
|
273
|
+
| [`AzurePowerShellCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/azurepowershellcredential?view=azure-node-latest) | Authenticate in a development environment using Azure PowerShell. | [example](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-a-user-account-with-azure-powershell) | [Azure PowerShell authentication](https://learn.microsoft.com/powershell/azure/authenticate-azureps) |
|
|
274
|
+
| [`VisualStudioCodeCredential`](https://learn.microsoft.com/javascript/api/@azure/identity/visualstudiocodecredential?view=azure-node-latest) | Authenticates as the user signed in to the Visual Studio Code Azure Account extension. | | [VS Code Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) |
|
|
273
275
|
|
|
274
276
|
## Environment variables
|
|
275
277
|
|
|
@@ -277,29 +279,29 @@ Not all credentials require this configuration. Credentials that authenticate th
|
|
|
277
279
|
|
|
278
280
|
#### Service principal with secret
|
|
279
281
|
|
|
280
|
-
| Variable name | Value
|
|
281
|
-
| --------------------- |
|
|
282
|
-
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application
|
|
282
|
+
| Variable name | Value |
|
|
283
|
+
| --------------------- | ---------------------------------------------- |
|
|
284
|
+
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
|
|
283
285
|
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
|
|
284
|
-
| `AZURE_CLIENT_SECRET` | one of the application's client secrets
|
|
286
|
+
| `AZURE_CLIENT_SECRET` | one of the application's client secrets |
|
|
285
287
|
|
|
286
288
|
#### Service principal with certificate
|
|
287
289
|
|
|
288
290
|
| Variable name | Value |
|
|
289
291
|
| ----------------------------------- | ------------------------------------------------------------ |
|
|
290
|
-
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application
|
|
291
|
-
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant
|
|
292
|
+
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
|
|
293
|
+
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
|
|
292
294
|
| `AZURE_CLIENT_CERTIFICATE_PATH` | path to a PEM-encoded certificate file including private key |
|
|
293
295
|
| `AZURE_CLIENT_CERTIFICATE_PASSWORD` | password of the certificate file, if any |
|
|
294
296
|
|
|
295
297
|
#### Username and password
|
|
296
298
|
|
|
297
|
-
| Variable name | Value
|
|
298
|
-
| ----------------- |
|
|
299
|
-
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application
|
|
299
|
+
| Variable name | Value |
|
|
300
|
+
| ----------------- | ---------------------------------------------- |
|
|
301
|
+
| `AZURE_CLIENT_ID` | ID of a Microsoft Entra application |
|
|
300
302
|
| `AZURE_TENANT_ID` | ID of the application's Microsoft Entra tenant |
|
|
301
|
-
| `AZURE_USERNAME` | a username (usually an email address)
|
|
302
|
-
| `AZURE_PASSWORD` | that user's password
|
|
303
|
+
| `AZURE_USERNAME` | a username (usually an email address) |
|
|
304
|
+
| `AZURE_PASSWORD` | that user's password |
|
|
303
305
|
|
|
304
306
|
Configuration is attempted in the above order. For example, if values for a client secret and certificate are both present, the client secret will be used.
|
|
305
307
|
|
|
@@ -361,6 +363,7 @@ If you'd like to contribute to this library, please read the [contributing guide
|
|
|
361
363
|
[8]: https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-identity/1.0.0/classes/interactivebrowsercredential.html
|
|
362
364
|
[9]: https://azuresdkdocs.blob.core.windows.net/$web/javascript/azure-identity/1.0.0/classes/usernamepasswordcredential.html
|
|
363
365
|
[azure_cli]: https://learn.microsoft.com/cli/azure
|
|
366
|
+
[azure_developer_cli]: https://learn.microsoft.com/azure/developer/azure-developer-cli
|
|
364
367
|
[azure_powershell]: https://learn.microsoft.com/powershell/azure/
|
|
365
368
|
[azureclilogin_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLogin.png
|
|
366
369
|
[azureclilogindevicecode_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/AzureCliLoginDeviceCode.png
|
|
@@ -368,4 +371,5 @@ If you'd like to contribute to this library, please read the [contributing guide
|
|
|
368
371
|
[defaultauthflow_image]: https://raw.githubusercontent.com/Azure/azure-sdk-for-js/main/sdk/identity/identity/images/mermaidjs/DefaultAzureCredentialAuthFlow.svg
|
|
369
372
|
[azure_identity_broker]: https://www.npmjs.com/package/@azure/identity-broker
|
|
370
373
|
[azure_identity_broker_readme]: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity-broker
|
|
374
|
+
|
|
371
375
|
|