@azure/identity 4.3.1-alpha.20240627.1 → 4.3.1-alpha.20240628.2
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/index.js +22 -10
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/clientAssertionCredential.js +1 -2
- package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +12 -4
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +1 -1
- package/dist-esm/src/index.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalClient.js +9 -4
- package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js +1 -2
- package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +4 -2
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +1 -1
- package/package.json +3 -3
- package/types/identity.d.ts +46 -1
package/dist/index.js
CHANGED
|
@@ -2232,17 +2232,22 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
2232
2232
|
});
|
|
2233
2233
|
});
|
|
2234
2234
|
}
|
|
2235
|
-
async function getTokenOnBehalfOf(scopes, userAssertionToken,
|
|
2235
|
+
async function getTokenOnBehalfOf(scopes, userAssertionToken, clientCredentials, options = {}) {
|
|
2236
2236
|
msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);
|
|
2237
|
-
if (typeof
|
|
2237
|
+
if (typeof clientCredentials === "string") {
|
|
2238
2238
|
// Client secret
|
|
2239
2239
|
msalLogger.getToken.info(`Using client secret for on behalf of flow`);
|
|
2240
|
-
state.msalConfig.auth.clientSecret =
|
|
2240
|
+
state.msalConfig.auth.clientSecret = clientCredentials;
|
|
2241
|
+
}
|
|
2242
|
+
else if (typeof clientCredentials === "function") {
|
|
2243
|
+
// Client Assertion
|
|
2244
|
+
msalLogger.getToken.info(`Using client assertion callback for on behalf of flow`);
|
|
2245
|
+
state.msalConfig.auth.clientAssertion = clientCredentials;
|
|
2241
2246
|
}
|
|
2242
2247
|
else {
|
|
2243
2248
|
// Client certificate
|
|
2244
2249
|
msalLogger.getToken.info(`Using client certificate for on behalf of flow`);
|
|
2245
|
-
state.msalConfig.auth.clientCertificate =
|
|
2250
|
+
state.msalConfig.auth.clientCertificate = clientCredentials;
|
|
2246
2251
|
}
|
|
2247
2252
|
const msalApp = await getConfidentialApp(options);
|
|
2248
2253
|
try {
|
|
@@ -2382,9 +2387,8 @@ class ClientAssertionCredential {
|
|
|
2382
2387
|
async getToken(scopes, options = {}) {
|
|
2383
2388
|
return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
|
|
2384
2389
|
newOptions.tenantId = processMultiTenantRequest(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger$h);
|
|
2385
|
-
const clientAssertion = await this.getAssertion();
|
|
2386
2390
|
const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
|
|
2387
|
-
return this.msalClient.getTokenByClientAssertion(arrayScopes,
|
|
2391
|
+
return this.msalClient.getTokenByClientAssertion(arrayScopes, this.getAssertion, newOptions);
|
|
2388
2392
|
});
|
|
2389
2393
|
}
|
|
2390
2394
|
}
|
|
@@ -4278,14 +4282,19 @@ class OnBehalfOfCredential {
|
|
|
4278
4282
|
constructor(options) {
|
|
4279
4283
|
const { clientSecret } = options;
|
|
4280
4284
|
const { certificatePath, sendCertificateChain } = options;
|
|
4285
|
+
const { getAssertion } = options;
|
|
4281
4286
|
const { tenantId, clientId, userAssertionToken, additionallyAllowedTenants: additionallyAllowedTenantIds, } = options;
|
|
4282
|
-
if (!tenantId ||
|
|
4283
|
-
|
|
4287
|
+
if (!tenantId ||
|
|
4288
|
+
!clientId ||
|
|
4289
|
+
!(clientSecret || certificatePath || getAssertion) ||
|
|
4290
|
+
!userAssertionToken) {
|
|
4291
|
+
throw new Error(`${credentialName}: tenantId, clientId, clientSecret (or certificatePath or getAssertion) and userAssertionToken are required parameters.`);
|
|
4284
4292
|
}
|
|
4285
4293
|
this.certificatePath = certificatePath;
|
|
4286
4294
|
this.clientSecret = clientSecret;
|
|
4287
4295
|
this.userAssertionToken = userAssertionToken;
|
|
4288
4296
|
this.sendCertificateChain = sendCertificateChain;
|
|
4297
|
+
this.clientAssertion = getAssertion;
|
|
4289
4298
|
this.tenantId = tenantId;
|
|
4290
4299
|
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(additionallyAllowedTenantIds);
|
|
4291
4300
|
this.msalClient = createMsalClient(clientId, this.tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
|
|
@@ -4308,9 +4317,12 @@ class OnBehalfOfCredential {
|
|
|
4308
4317
|
else if (this.clientSecret) {
|
|
4309
4318
|
return this.msalClient.getTokenOnBehalfOf(arrayScopes, this.userAssertionToken, this.clientSecret, options);
|
|
4310
4319
|
}
|
|
4320
|
+
else if (this.clientAssertion) {
|
|
4321
|
+
return this.msalClient.getTokenOnBehalfOf(arrayScopes, this.userAssertionToken, this.clientAssertion, options);
|
|
4322
|
+
}
|
|
4311
4323
|
else {
|
|
4312
|
-
// this is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath were provided
|
|
4313
|
-
throw new Error("Expected either clientSecret or certificatePath to be defined.");
|
|
4324
|
+
// this is an invalid scenario and is a bug, as the constructor should have thrown an error if neither clientSecret nor certificatePath nor clientAssertion were provided
|
|
4325
|
+
throw new Error("Expected either clientSecret or certificatePath or clientAssertion to be defined.");
|
|
4314
4326
|
}
|
|
4315
4327
|
});
|
|
4316
4328
|
}
|