npm - @azure/identity - Versions diffs - 4.4.0 → 4.5.0-alpha.20240813.2 - Mend

@azure/identity 4.4.0 → 4.5.0-alpha.20240813.2

Files changed (70) hide show

package/types/identity.d.ts CHANGED Viewed

@@ -40,7 +40,9 @@ export declare class AuthenticationError extends Error {
      * The error response details.
      */
     readonly errorResponse: ErrorResponse;
-    constructor(statusCode: number, errorBody: object | string | undefined | null);
+    constructor(statusCode: number, errorBody: object | string | undefined | null, options?: {
+        cause?: unknown;
+    });
 }
 /**
@@ -109,6 +111,10 @@ export declare interface AuthenticationRequiredErrorOptions {
      * The message of the error.
      */
     message?: string;
+    /**
+     * The underlying cause, if any, that caused the authentication to fail.
+     */
+    cause?: unknown;
 }
 /**
@@ -651,7 +657,6 @@ export declare class ClientCertificateCredential implements TokenCredential {
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
     private buildClientCertificate;
-    private parseCertificate;
 }
 /**
@@ -782,7 +787,9 @@ export declare interface CredentialPersistenceOptions {
  * an error that should halt the chain, it's caught and the chain continues
  */
 export declare class CredentialUnavailableError extends Error {
-    constructor(message?: string);
+    constructor(message?: string, options?: {
+        cause?: unknown;
+    });
 }
 /**
@@ -978,7 +985,7 @@ export declare class DeviceCodeCredential implements TokenCredential {
      * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
-     * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
+     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this
@@ -996,7 +1003,11 @@ export declare interface DeviceCodeCredentialOptions extends InteractiveCredenti
      */
     tenantId?: string;
     /**
-     * The client (application) ID of an App Registration in the tenant.
+     * Client ID of the Microsoft Entra application that users will sign into.
+     * It is recommended that developers register their applications and assign appropriate roles.
+     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
+     * If not specified, users will authenticate to an Azure development application,
+     * which is not recommended for production scenarios.
      */
     clientId?: string;
     /**
@@ -1056,6 +1067,7 @@ export declare class EnvironmentCredential implements TokenCredential {
      * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
      * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
      * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
+     * - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.
      *
      * Alternatively, users can provide environment variables for username and password authentication:
      * - `AZURE_USERNAME`: Username to authenticate with.
@@ -1210,7 +1222,7 @@ export declare class InteractiveBrowserCredential implements TokenCredential {
      * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
-     * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
+     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
      *
      * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.
      * PKCE is a security feature that mitigates authentication code interception attacks.
@@ -1237,8 +1249,10 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
      */
     tenantId?: string;
     /**
-     * The client (application) ID of an App Registration in the tenant.
+     * The Client ID of the Microsoft Entra application that users will sign into.
      * This parameter is required on the browser.
+     * Developers need to register their applications and assign appropriate roles.
+     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
      */
     clientId: string;
     /**
@@ -1270,7 +1284,11 @@ export declare interface InteractiveBrowserCredentialNodeOptions extends Interac
      */
     tenantId?: string;
     /**
-     * The client (application) ID of an App Registration in the tenant.
+     * The Client ID of the Microsoft Entra application that users will sign into.
+     * It is recommended that developers register their applications and assign appropriate roles.
+     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
+     * If not specified, users will authenticate to an Azure development application,
+     * which is not recommended for production scenarios.
      */
     clientId?: string;
     /**

package/dist-esm/src/msal/flows.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"flows.js","sourceRoot":"","sources":["../../../src/msal/flows.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"./types\";\nimport { CredentialFlowGetTokenOptions } from \"./credentials\";\nimport { CredentialLogger } from \"../util/logging\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * @internal\n */\nexport interface MsalFlowOptions {\n logger: CredentialLogger;\n clientId?: string;\n tenantId?: string;\n authorityHost?: string;\n authenticationRecord?: AuthenticationRecord;\n disableAutomaticAuthentication?: boolean;\n disableInstanceDiscovery?: boolean;\n getAssertion?: () => Promise<string>;\n enableMsaPassthrough?: boolean;\n}\n\n/**\n * The common methods we use to work with the MSAL flows.\n * @internal\n */\nexport interface MsalFlow {\n /**\n * Allows for any setup before any request is processed.\n */\n init(options?: CredentialFlowGetTokenOptions): Promise<void>;\n /**\n * Tries to load the active account, either from memory or from MSAL.\n */\n getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n /**\n * Tries to retrieve the token silently using MSAL.\n */\n getTokenSilent(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n /**\n * Calls to the implementation's doGetToken method.\n */\n getToken(scopes?: string[], options?: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js DELETED Viewed

@@ -1,47 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { MsalNode } from "./msalNodeCommon";
-import { credentialLogger } from "../../util/logging";
-import { handleMsalError } from "../utils";
-/**
- * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`
- * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback
- * @internal
- */
-export class MsalAuthorizationCode extends MsalNode {
-    constructor(options) {
-        super(options);
-        this.logger = credentialLogger("Node.js MSAL Authorization Code");
-        this.redirectUri = options.redirectUri;
-        this.authorizationCode = options.authorizationCode;
-        if (options.clientSecret) {
-            this.msalConfig.auth.clientSecret = options.clientSecret;
-        }
-    }
-    async getAuthCodeUrl(options) {
-        await this.init();
-        return this.getApp("confidentialFirst", options.enableCae).getAuthCodeUrl({
-            scopes: options.scopes,
-            redirectUri: options.redirectUri,
-        });
-    }
-    async doGetToken(scopes, options) {
-        try {
-            const result = await this.getApp("confidentialFirst", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByCode({
-                scopes,
-                redirectUri: this.redirectUri,
-                code: this.authorizationCode,
-                correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
-                authority: options === null || options === void 0 ? void 0 : options.authority,
-                claims: options === null || options === void 0 ? void 0 : options.claims,
-            });
-            // The Client Credential flow does not return an account,
-            // so each time getToken gets called, we will have to acquire a new token through the service.
-            return this.handleResult(scopes, result || undefined);
-        }
-        catch (err) {
-            throw handleMsalError(scopes, err, options);
-        }
-    }
-}
-//# sourceMappingURL=msalAuthorizationCode.js.map

package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"msalAuthorizationCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalAuthorizationCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAY3C;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAIpB;QACC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC;YACxE,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC;gBAC3F,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,iBAAiB;gBAC5B,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { handleMsalError } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalAuthorizationCodeOptions extends MsalNodeOptions {\n redirectUri: string;\n authorizationCode: string;\n clientSecret?: string;\n}\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalAuthorizationCode extends MsalNode {\n private redirectUri: string;\n private authorizationCode: string;\n\n constructor(options: MsalAuthorizationCodeOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Authorization Code\");\n this.redirectUri = options.redirectUri;\n this.authorizationCode = options.authorizationCode;\n if (options.clientSecret) {\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n }\n\n async getAuthCodeUrl(options: {\n scopes: string[];\n redirectUri: string;\n enableCae?: boolean;\n }): Promise<string> {\n await this.init();\n return this.getApp(\"confidentialFirst\", options.enableCae).getAuthCodeUrl({\n scopes: options.scopes,\n redirectUri: options.redirectUri,\n });\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n try {\n const result = await this.getApp(\"confidentialFirst\", options?.enableCae).acquireTokenByCode({\n scopes,\n redirectUri: this.redirectUri,\n code: this.authorizationCode,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js DELETED Viewed

@@ -1,42 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { MsalNode } from "./msalNodeCommon";
-import { handleMsalError } from "../utils";
-import { isError } from "@azure/core-util";
-/**
- * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
- * @internal
- */
-export class MsalClientAssertion extends MsalNode {
-    constructor(options) {
-        super(options);
-        this.requiresConfidential = true;
-        this.getAssertion = options.getAssertion;
-    }
-    async doGetToken(scopes, options = {}) {
-        try {
-            const result = await this.getApp("confidential", options.enableCae).acquireTokenByClientCredential({
-                scopes,
-                correlationId: options.correlationId,
-                azureRegion: this.azureRegion,
-                authority: options.authority,
-                claims: options.claims,
-                clientAssertion: this.getAssertion,
-            });
-            // The Client Credential flow does not return an account,
-            // so each time getToken gets called, we will have to acquire a new token through the service.
-            return this.handleResult(scopes, result || undefined);
-        }
-        catch (err) {
-            let err2 = err;
-            if (err === null || err === undefined) {
-                err2 = new Error(JSON.stringify(err));
-            }
-            else {
-                err2 = isError(err) ? err : new Error(String(err));
-            }
-            throw handleMsalError(scopes, err2, options);
-        }
-    }
-}
-//# sourceMappingURL=msalClientAssertion.js.map

package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"msalClientAssertion.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientAssertion.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAa3C;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,QAAQ;IAE/C,YAAY,OAAmC;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAC9B,cAAc,EACd,OAAO,CAAC,SAAS,CAClB,CAAC,8BAA8B,CAAC;gBAC/B,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,eAAe,EAAE,IAAI,CAAC,YAAY;aACnC,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,IAAI,GAAG,GAAG,CAAC;YACf,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtC,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,eAAe,CAAC,MAAM,EAAE,IAAa,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { handleMsalError } from \"../utils\";\nimport { isError } from \"@azure/core-util\";\n\n/**\n * Options that can be passed to configure MSAL to handle client assertions.\n * @internal\n */\nexport interface MsalClientAssertionOptions extends MsalNodeOptions {\n /**\n * A function that retrieves the assertion for the credential to use.\n */\n getAssertion: () => Promise<string>;\n}\n\n/**\n * MSAL client assertion client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientAssertion extends MsalNode {\n getAssertion: () => Promise<string>;\n constructor(options: MsalClientAssertionOptions) {\n super(options);\n this.requiresConfidential = true;\n this.getAssertion = options.getAssertion;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const result = await this.getApp(\n \"confidential\",\n options.enableCae,\n ).acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n clientAssertion: this.getAssertion,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, result || undefined);\n } catch (err: unknown) {\n let err2 = err;\n if (err === null || err === undefined) {\n err2 = new Error(JSON.stringify(err));\n } else {\n err2 = isError(err) ? err : new Error(String(err));\n }\n throw handleMsalError(scopes, err2 as Error, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js DELETED Viewed

@@ -1,112 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { MsalNode } from "./msalNodeCommon";
-import { createHash, createPrivateKey } from "crypto";
-import { formatError } from "../../util/logging";
-import { handleMsalError } from "../utils";
-import { promisify } from "util";
-import { readFile } from "fs";
-const readFileAsync = promisify(readFile);
-/**
- * Tries to asynchronously load a certificate from the given path.
- *
- * @param configuration - Either the PEM value or the path to the certificate.
- * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.
- * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.
- * @internal
- */
-export async function parseCertificate(configuration, sendCertificateChain) {
-    const certificateParts = {};
-    const certificate = configuration
-        .certificate;
-    const certificatePath = configuration
-        .certificatePath;
-    certificateParts.certificateContents =
-        certificate || (await readFileAsync(certificatePath, "utf8"));
-    if (sendCertificateChain) {
-        certificateParts.x5c = certificateParts.certificateContents;
-    }
-    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
-    const publicKeys = [];
-    // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
-    let match;
-    do {
-        match = certificatePattern.exec(certificateParts.certificateContents);
-        if (match) {
-            publicKeys.push(match[3]);
-        }
-    } while (match);
-    if (publicKeys.length === 0) {
-        throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
-    }
-    certificateParts.thumbprint = createHash("sha1")
-        .update(Buffer.from(publicKeys[0], "base64"))
-        .digest("hex")
-        .toUpperCase();
-    return certificateParts;
-}
-/**
- * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
- * @internal
- */
-export class MsalClientCertificate extends MsalNode {
-    constructor(options) {
-        super(options);
-        this.requiresConfidential = true;
-        this.configuration = options.configuration;
-        this.sendCertificateChain = options.sendCertificateChain;
-    }
-    // Changing the MSAL configuration asynchronously
-    async init(options) {
-        try {
-            const parts = await parseCertificate(this.configuration, this.sendCertificateChain);
-            let privateKey;
-            if (this.configuration.certificatePassword !== undefined) {
-                const privateKeyObject = createPrivateKey({
-                    key: parts.certificateContents,
-                    passphrase: this.configuration.certificatePassword,
-                    format: "pem",
-                });
-                privateKey = privateKeyObject
-                    .export({
-                    format: "pem",
-                    type: "pkcs8",
-                })
-                    .toString();
-            }
-            else {
-                privateKey = parts.certificateContents;
-            }
-            this.msalConfig.auth.clientCertificate = {
-                thumbprint: parts.thumbprint,
-                privateKey: privateKey,
-                x5c: parts.x5c,
-            };
-        }
-        catch (error) {
-            this.logger.info(formatError("", error));
-            throw error;
-        }
-        return super.init(options);
-    }
-    async doGetToken(scopes, options = {}) {
-        try {
-            const clientCredReq = {
-                scopes,
-                correlationId: options.correlationId,
-                azureRegion: this.azureRegion,
-                authority: options.authority,
-                claims: options.claims,
-            };
-            const result = await this.getApp("confidential", options.enableCae).acquireTokenByClientCredential(clientCredReq);
-            // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,
-            // The Client Credential flow does not return the account information from the authentication service,
-            // so each time getToken gets called, we will have to acquire a new token through the service.
-            return this.handleResult(scopes, result || undefined);
-        }
-        catch (err) {
-            throw handleMsalError(scopes, err, options);
-        }
-    }
-}
-//# sourceMappingURL=msalClientCertificate.js.map

package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"msalClientCertificate.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientCertificate.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAOlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAKtD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAqC1C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,aAA0D,EAC1D,oBAA8B;IAE9B,MAAM,gBAAgB,GAA8B,EAAE,CAAC;IAEvD,MAAM,WAAW,GAAwB,aAAiD;SACvF,WAAW,CAAC;IACf,MAAM,eAAe,GAAwB,aAAqD;SAC/F,eAAe,CAAC;IACnB,gBAAgB,CAAC,mBAAmB;QAClC,WAAW,IAAI,CAAC,MAAM,aAAa,CAAC,eAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;IACjE,IAAI,oBAAoB,EAAE,CAAC;QACzB,gBAAgB,CAAC,GAAG,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;IAC9D,CAAC;IAED,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG,CAAC;QACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;QACtE,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;IAChG,CAAC;IAED,gBAAgB,CAAC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;SAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;SACb,WAAW,EAAE,CAAC;IAEjB,OAAO,gBAAoC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC3D,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAEpF,IAAI,UAA8B,CAAC;YACnC,IAAI,IAAI,CAAC,aAAa,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACzD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;oBACxC,GAAG,EAAE,KAAK,CAAC,mBAAmB;oBAC9B,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,mBAAmB;oBAClD,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBAEH,UAAU,GAAG,gBAAgB;qBAC1B,MAAM,CAAC;oBACN,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,OAAO;iBACd,CAAC;qBACD,QAAQ,EAAE,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,KAAK,CAAC,mBAAmB,CAAC;YACzC,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;gBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,UAAU;gBACtB,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC;QACJ,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,aAAa,GAA4B;gBAC7C,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAC9B,cAAc,EACd,OAAO,CAAC,SAAS,CAClB,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;YAChD,iHAAiH;YACjH,sGAAsG;YACtG,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n ClientCertificateCredentialPEMConfiguration,\n ClientCertificatePEMCertificate,\n ClientCertificatePEMCertificatePath,\n} from \"../../credentials/clientCertificateCredential\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { createHash, createPrivateKey } from \"crypto\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { ClientCredentialRequest } from \"@azure/msal-node\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { formatError } from \"../../util/logging\";\nimport { handleMsalError } from \"../utils\";\nimport { promisify } from \"util\";\nimport { readFile } from \"fs\";\n\nconst readFileAsync = promisify(readFile);\n\n/**\n * Options that can be passed to configure MSAL to handle client certificates.\n * @internal\n */\nexport interface MsalClientCertificateOptions extends MsalNodeOptions {\n /**\n * Location of the PEM certificate.\n */\n configuration: ClientCertificateCredentialPEMConfiguration;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n}\n\n/**\n * Parts of a certificate, as understood by MSAL.\n * @internal\n */\ninterface CertificateParts {\n /**\n * Hex encoded X.509 SHA-1 thumbprint of the certificate\n */\n thumbprint: string;\n /**\n * The PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----\n */\n certificateContents: string;\n /**\n * x5c header.\n */\n x5c: string;\n}\n\n/**\n * Tries to asynchronously load a certificate from the given path.\n *\n * @param configuration - Either the PEM value or the path to the certificate.\n * @param sendCertificateChain - Option to include x5c header for SubjectName and Issuer name authorization.\n * @returns - The certificate parts, or `undefined` if the certificate could not be loaded.\n * @internal\n */\nexport async function parseCertificate(\n configuration: ClientCertificateCredentialPEMConfiguration,\n sendCertificateChain?: boolean,\n): Promise<CertificateParts> {\n const certificateParts: Partial<CertificateParts> = {};\n\n const certificate: string | undefined = (configuration as ClientCertificatePEMCertificate)\n .certificate;\n const certificatePath: string | undefined = (configuration as ClientCertificatePEMCertificatePath)\n .certificatePath;\n certificateParts.certificateContents =\n certificate || (await readFileAsync(certificatePath!, \"utf8\"));\n if (sendCertificateChain) {\n certificateParts.x5c = certificateParts.certificateContents;\n }\n\n const certificatePattern =\n /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(certificateParts.certificateContents);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n }\n\n certificateParts.thumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n return certificateParts as CertificateParts;\n}\n\n/**\n * MSAL client certificate client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientCertificate extends MsalNode {\n private configuration: ClientCertificateCredentialPEMConfiguration;\n private sendCertificateChain?: boolean;\n\n constructor(options: MsalClientCertificateOptions) {\n super(options);\n this.requiresConfidential = true;\n this.configuration = options.configuration;\n this.sendCertificateChain = options.sendCertificateChain;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n try {\n const parts = await parseCertificate(this.configuration, this.sendCertificateChain);\n\n let privateKey: string | undefined;\n if (this.configuration.certificatePassword !== undefined) {\n const privateKeyObject = createPrivateKey({\n key: parts.certificateContents,\n passphrase: this.configuration.certificatePassword,\n format: \"pem\",\n });\n\n privateKey = privateKeyObject\n .export({\n format: \"pem\",\n type: \"pkcs8\",\n })\n .toString();\n } else {\n privateKey = parts.certificateContents;\n }\n\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: privateKey,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const clientCredReq: ClientCredentialRequest = {\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n };\n const result = await this.getApp(\n \"confidential\",\n options.enableCae,\n ).acquireTokenByClientCredential(clientCredReq);\n // Even though we're providing the same default in memory persistence cache that we use for DeviceCodeCredential,\n // The Client Credential flow does not return the account information from the authentication service,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalClientSecret.js DELETED Viewed

@@ -1,33 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { MsalNode } from "./msalNodeCommon";
-import { handleMsalError } from "../utils";
-/**
- * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.
- * @internal
- */
-export class MsalClientSecret extends MsalNode {
-    constructor(options) {
-        super(options);
-        this.requiresConfidential = true;
-        this.msalConfig.auth.clientSecret = options.clientSecret;
-    }
-    async doGetToken(scopes, options = {}) {
-        try {
-            const result = await this.getApp("confidential", options.enableCae).acquireTokenByClientCredential({
-                scopes,
-                correlationId: options.correlationId,
-                azureRegion: this.azureRegion,
-                authority: options.authority,
-                claims: options.claims,
-            });
-            // The Client Credential flow does not return an account,
-            // so each time getToken gets called, we will have to acquire a new token through the service.
-            return this.handleResult(scopes, result || undefined);
-        }
-        catch (err) {
-            throw handleMsalError(scopes, err, options);
-        }
-    }
-}
-//# sourceMappingURL=msalClientSecret.js.map

package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"msalClientSecret.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClientSecret.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAa3C;;;GAGG;AACH,MAAM,OAAO,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,OAAgC;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAC9B,cAAc,EACd,OAAO,CAAC,SAAS,CAClB,CAAC,8BAA8B,CAAC;gBAC/B,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { handleMsalError } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle client secrets.\n * @internal\n */\nexport interface MsalClientSecretOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret: string;\n}\n\n/**\n * MSAL client secret client. Calls to MSAL's confidential application's `acquireTokenByClientCredential` during `doGetToken`.\n * @internal\n */\nexport class MsalClientSecret extends MsalNode {\n constructor(options: MsalClientSecretOptions) {\n super(options);\n this.requiresConfidential = true;\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const result = await this.getApp(\n \"confidential\",\n options.enableCae,\n ).acquireTokenByClientCredential({\n scopes,\n correlationId: options.correlationId,\n azureRegion: this.azureRegion,\n authority: options.authority,\n claims: options.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n}\n"]}

package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js DELETED Viewed

@@ -1,35 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { MsalNode } from "./msalNodeCommon";
-import { handleMsalError } from "../utils";
-/**
- * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.
- * @internal
- */
-export class MsalDeviceCode extends MsalNode {
-    constructor(options) {
-        super(options);
-        this.userPromptCallback = options.userPromptCallback;
-    }
-    async doGetToken(scopes, options) {
-        try {
-            const requestOptions = {
-                deviceCodeCallback: this.userPromptCallback,
-                scopes,
-                cancel: false,
-                correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
-                authority: options === null || options === void 0 ? void 0 : options.authority,
-                claims: options === null || options === void 0 ? void 0 : options.claims,
-            };
-            const promise = this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByDeviceCode(requestOptions);
-            const deviceResponse = await this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
-                requestOptions.cancel = true;
-            });
-            return this.handleResult(scopes, deviceResponse || undefined);
-        }
-        catch (error) {
-            throw handleMsalError(scopes, error, options);
-        }
-    }
-}
-//# sourceMappingURL=msalDeviceCode.js.map

package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAK7D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAU3C;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI,CAAC;YACH,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,wBAAwB,CAChF,cAAc,CACf,CAAC;YACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\nimport { handleMsalError } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MsalDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MsalDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const promise = this.getApp(\"public\", options?.enableCae).acquireTokenByDeviceCode(\n requestOptions,\n );\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, deviceResponse || undefined);\n } catch (error: any) {\n throw handleMsalError(scopes, error, options);\n }\n }\n}\n"]}