@azure/identity 4.3.0-alpha.20240426.2 → 4.3.0-alpha.20240502.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +10 -9
- package/dist/index.js.map +1 -1
- package/dist-esm/src/constants.js +1 -1
- package/dist-esm/src/constants.js.map +1 -1
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredential.js +10 -9
- package/dist-esm/src/credentials/azurePipelinesServiceConnectionCredential.js.map +1 -1
- package/package.json +2 -2
- package/types/identity.d.ts +2 -3
package/dist/index.js
CHANGED
|
@@ -44,7 +44,7 @@ var child_process__namespace = /*#__PURE__*/_interopNamespaceDefault(child_proce
|
|
|
44
44
|
/**
|
|
45
45
|
* Current version of the `@azure/identity` package.
|
|
46
46
|
*/
|
|
47
|
-
const SDK_VERSION = `4.
|
|
47
|
+
const SDK_VERSION = `4.3.0-beta.1`;
|
|
48
48
|
/**
|
|
49
49
|
* The default client ID for authentication
|
|
50
50
|
* @internal
|
|
@@ -4337,10 +4337,10 @@ class DeviceCodeCredential {
|
|
|
4337
4337
|
// Copyright (c) Microsoft Corporation.
|
|
4338
4338
|
// Licensed under the MIT license.
|
|
4339
4339
|
const credentialName$1 = "AzurePipelinesServiceConnectionCredential";
|
|
4340
|
-
const OIDC_API_VERSION = "7.1";
|
|
4341
4340
|
const logger$2 = credentialLogger(credentialName$1);
|
|
4341
|
+
const OIDC_API_VERSION = "7.1-preview.1";
|
|
4342
4342
|
/**
|
|
4343
|
-
* This credential is designed to be used in
|
|
4343
|
+
* This credential is designed to be used in Azure Pipelines with service connections
|
|
4344
4344
|
* as a setup for workload identity federation.
|
|
4345
4345
|
*/
|
|
4346
4346
|
class AzurePipelinesServiceConnectionCredential {
|
|
@@ -4348,7 +4348,7 @@ class AzurePipelinesServiceConnectionCredential {
|
|
|
4348
4348
|
* AzurePipelinesServiceConnectionCredential supports Federated Identity on Azure Pipelines through Service Connections.
|
|
4349
4349
|
* @param tenantId - tenantId associated with the service connection
|
|
4350
4350
|
* @param clientId - clientId associated with the service connection
|
|
4351
|
-
* @param serviceConnectionId - id for the service connection
|
|
4351
|
+
* @param serviceConnectionId - id for the service connection, as found in the querystring's resourceId key
|
|
4352
4352
|
* @param options - The identity client options to use for authentication.
|
|
4353
4353
|
*/
|
|
4354
4354
|
constructor(tenantId, clientId, serviceConnectionId, options) {
|
|
@@ -4359,7 +4359,7 @@ class AzurePipelinesServiceConnectionCredential {
|
|
|
4359
4359
|
logger$2.info(`Invoking AzurePipelinesServiceConnectionCredential with tenant ID: ${tenantId}, clientId: ${clientId} and service connection id: ${serviceConnectionId}`);
|
|
4360
4360
|
if (clientId && tenantId && serviceConnectionId) {
|
|
4361
4361
|
this.ensurePipelinesSystemVars();
|
|
4362
|
-
const oidcRequestUrl = `${process.env.SYSTEM_TEAMFOUNDATIONCOLLECTIONURI}${process.env.SYSTEM_TEAMPROJECTID}/_apis/distributedtask/hubs/build/plans/${process.env.SYSTEM_PLANID}/jobs/${process.env.SYSTEM_JOBID}/oidctoken?api-version=${OIDC_API_VERSION}&serviceConnectionId=${
|
|
4362
|
+
const oidcRequestUrl = `${process.env.SYSTEM_TEAMFOUNDATIONCOLLECTIONURI}${process.env.SYSTEM_TEAMPROJECTID}/_apis/distributedtask/hubs/build/plans/${process.env.SYSTEM_PLANID}/jobs/${process.env.SYSTEM_JOBID}/oidctoken?api-version=${OIDC_API_VERSION}&serviceConnectionId=${serviceConnectionId}`;
|
|
4363
4363
|
const systemAccessToken = `${process.env.SYSTEM_ACCESSTOKEN}`;
|
|
4364
4364
|
logger$2.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${clientId} and service connection id: ${serviceConnectionId}`);
|
|
4365
4365
|
this.clientAssertionCredential = new ClientAssertionCredential(tenantId, clientId, this.requestOidcToken.bind(this, oidcRequestUrl, systemAccessToken), options);
|
|
@@ -4375,8 +4375,7 @@ class AzurePipelinesServiceConnectionCredential {
|
|
|
4375
4375
|
*/
|
|
4376
4376
|
async getToken(scopes, options) {
|
|
4377
4377
|
if (!this.clientAssertionCredential) {
|
|
4378
|
-
const errorMessage = `${credentialName$1}: is unavailable.
|
|
4379
|
-
To use Federation Identity in Azure Pipelines, these are required as inputs / env variables -
|
|
4378
|
+
const errorMessage = `${credentialName$1}: is unavailable. To use Federation Identity in Azure Pipelines, these are required as input parameters / env variables -
|
|
4380
4379
|
tenantId,
|
|
4381
4380
|
clientId,
|
|
4382
4381
|
serviceConnectionId,
|
|
@@ -4413,14 +4412,16 @@ class AzurePipelinesServiceConnectionCredential {
|
|
|
4413
4412
|
const response = await httpClient.sendRequest(request);
|
|
4414
4413
|
const text = response.bodyAsText;
|
|
4415
4414
|
if (!text) {
|
|
4416
|
-
|
|
4415
|
+
logger$2.error(`${credentialName$1}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
|
|
4416
|
+
throw new CredentialUnavailableError(`${credentialName$1}: Authenticated Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
|
|
4417
4417
|
}
|
|
4418
4418
|
const result = JSON.parse(text);
|
|
4419
4419
|
if (result === null || result === void 0 ? void 0 : result.oidcToken) {
|
|
4420
4420
|
return result.oidcToken;
|
|
4421
4421
|
}
|
|
4422
4422
|
else {
|
|
4423
|
-
|
|
4423
|
+
logger$2.error(`${credentialName$1}: Authentication Failed. oidcToken field not detected in the response. Response = ${JSON.stringify(result)}`);
|
|
4424
|
+
throw new CredentialUnavailableError(`${credentialName$1}: Authentication Failed. oidcToken field not detected in the response. Response = ${JSON.stringify(result)}`);
|
|
4424
4425
|
}
|
|
4425
4426
|
}
|
|
4426
4427
|
/**
|