@azure/identity 4.4.1 → 4.5.0-alpha.20240815.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (62) hide show
  1. package/README.md +22 -1
  2. package/dist/index.js +169 -85
  3. package/dist/index.js.map +1 -1
  4. package/dist-esm/src/client/identityClient.js +1 -2
  5. package/dist-esm/src/client/identityClient.js.map +1 -1
  6. package/dist-esm/src/constants.js +1 -1
  7. package/dist-esm/src/constants.js.map +1 -1
  8. package/dist-esm/src/credentials/azurePipelinesCredential.js +14 -5
  9. package/dist-esm/src/credentials/azurePipelinesCredential.js.map +1 -1
  10. package/dist-esm/src/credentials/azurePowerShellCredential.js +30 -13
  11. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  12. package/dist-esm/src/credentials/clientAssertionCredential.js +9 -2
  13. package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
  14. package/dist-esm/src/credentials/clientCertificateCredential.js +35 -27
  15. package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
  16. package/dist-esm/src/credentials/clientSecretCredential.js +9 -2
  17. package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
  18. package/dist-esm/src/credentials/deviceCodeCredential.js +1 -1
  19. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  20. package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +1 -1
  21. package/dist-esm/src/credentials/environmentCredential.js +11 -1
  22. package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
  23. package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
  24. package/dist-esm/src/credentials/interactiveBrowserCredential.js +1 -1
  25. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  26. package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +1 -1
  27. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js +6 -5
  28. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js.map +1 -1
  29. package/dist-esm/src/credentials/onBehalfOfCredential.js +16 -9
  30. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
  31. package/dist-esm/src/credentials/usernamePasswordCredential.js +13 -3
  32. package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
  33. package/dist-esm/src/credentials/workloadIdentityCredential.js +16 -6
  34. package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
  35. package/dist-esm/src/errors.js +12 -7
  36. package/dist-esm/src/errors.js.map +1 -1
  37. package/dist-esm/src/msal/browserFlows/flows.js.map +1 -0
  38. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  39. package/dist-esm/src/msal/nodeFlows/msalClient.js +8 -1
  40. package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
  41. package/package.json +5 -5
  42. package/types/identity.d.ts +26 -8
  43. package/dist-esm/src/msal/flows.js.map +0 -1
  44. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +0 -47
  45. package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +0 -1
  46. package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js +0 -42
  47. package/dist-esm/src/msal/nodeFlows/msalClientAssertion.js.map +0 -1
  48. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js +0 -112
  49. package/dist-esm/src/msal/nodeFlows/msalClientCertificate.js.map +0 -1
  50. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js +0 -33
  51. package/dist-esm/src/msal/nodeFlows/msalClientSecret.js.map +0 -1
  52. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js +0 -35
  53. package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +0 -1
  54. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +0 -323
  55. package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +0 -1
  56. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js +0 -58
  57. package/dist-esm/src/msal/nodeFlows/msalOnBehalfOf.js.map +0 -1
  58. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +0 -113
  59. package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +0 -1
  60. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js +0 -33
  61. package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +0 -1
  62. /package/dist-esm/src/msal/{flows.js → browserFlows/flows.js} +0 -0
@@ -1,323 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- import * as msalNode from "@azure/msal-node";
4
- import { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DEFAULT_TOKEN_CACHE_NAME, DeveloperSignOnClientId, } from "../../constants";
5
- import { formatSuccess } from "../../util/logging";
6
- import { defaultLoggerCallback, ensureValidMsalToken, getAuthority, getKnownAuthorities, getMSALLogLevel, handleMsalError, msalToPublic, publicToMsal, randomUUID, } from "../utils";
7
- import { hasNativeBroker, nativeBrokerInfo, persistenceProvider } from "./msalPlugins";
8
- import { processMultiTenantRequest, resolveAdditionallyAllowedTenantIds, resolveTenantId, } from "../../util/tenantIdUtils";
9
- import { AuthenticationRequiredError } from "../../errors";
10
- import { IdentityClient } from "../../client/identityClient";
11
- import { calculateRegionalAuthority } from "../../regionalAuthority";
12
- import { getLogLevel } from "@azure/logger";
13
- /**
14
- * MSAL partial base client for Node.js.
15
- *
16
- * It completes the input configuration with some default values.
17
- * It also provides with utility protected methods that can be used from any of the clients,
18
- * which includes handlers for successful responses and errors.
19
- *
20
- * @internal
21
- */
22
- export class MsalNode {
23
- constructor(options) {
24
- var _a, _b, _c, _d, _e, _f;
25
- this.app = {};
26
- this.caeApp = {};
27
- this.requiresConfidential = false;
28
- this.logger = options.logger;
29
- this.msalConfig = this.defaultNodeMsalConfig(options);
30
- this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
31
- this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
32
- this.clientId = this.msalConfig.auth.clientId;
33
- if (options === null || options === void 0 ? void 0 : options.getAssertion) {
34
- this.getAssertion = options.getAssertion;
35
- }
36
- this.enableBroker = (_b = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _b === void 0 ? void 0 : _b.enabled;
37
- this.enableMsaPassthrough = (_c = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough;
38
- this.parentWindowHandle = (_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.parentWindowHandle;
39
- // If persistence has been configured
40
- if (persistenceProvider !== undefined && ((_e = options.tokenCachePersistenceOptions) === null || _e === void 0 ? void 0 : _e.enabled)) {
41
- const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;
42
- const nonCaeOptions = Object.assign({ name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
43
- const caeOptions = Object.assign({ name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
44
- this.createCachePlugin = () => persistenceProvider(nonCaeOptions);
45
- this.createCachePluginCae = () => persistenceProvider(caeOptions);
46
- }
47
- else if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
48
- throw new Error([
49
- "Persistent token caching was requested, but no persistence provider was configured.",
50
- "You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
51
- "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
52
- "`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.",
53
- ].join(" "));
54
- }
55
- // If broker has not been configured
56
- if (!hasNativeBroker() && this.enableBroker) {
57
- throw new Error([
58
- "Broker for WAM was requested to be enabled, but no native broker was configured.",
59
- "You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)",
60
- "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
61
- "`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.",
62
- ].join(" "));
63
- }
64
- this.azureRegion = calculateRegionalAuthority(options.regionalAuthority);
65
- }
66
- /**
67
- * Generates a MSAL configuration that generally works for Node.js
68
- */
69
- defaultNodeMsalConfig(options) {
70
- var _a;
71
- const clientId = options.clientId || DeveloperSignOnClientId;
72
- const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
73
- this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;
74
- const authority = getAuthority(tenantId, this.authorityHost);
75
- this.identityClient = new IdentityClient(Object.assign(Object.assign({}, options.tokenCredentialOptions), { authorityHost: authority, loggingOptions: options.loggingOptions }));
76
- const clientCapabilities = [];
77
- return {
78
- auth: {
79
- clientId,
80
- authority,
81
- knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),
82
- clientCapabilities,
83
- },
84
- // Cache is defined in this.prepare();
85
- system: {
86
- networkClient: this.identityClient,
87
- loggerOptions: {
88
- loggerCallback: defaultLoggerCallback(options.logger),
89
- logLevel: getMSALLogLevel(getLogLevel()),
90
- piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
91
- },
92
- },
93
- };
94
- }
95
- getApp(appType, enableCae) {
96
- const app = enableCae ? this.caeApp : this.app;
97
- if (appType === "publicFirst") {
98
- return (app.public || app.confidential);
99
- }
100
- else if (appType === "confidentialFirst") {
101
- return (app.confidential || app.public);
102
- }
103
- else if (appType === "confidential") {
104
- return app.confidential;
105
- }
106
- else {
107
- return app.public;
108
- }
109
- }
110
- /**
111
- * Prepares the MSAL applications.
112
- */
113
- async init(options) {
114
- if (options === null || options === void 0 ? void 0 : options.abortSignal) {
115
- options.abortSignal.addEventListener("abort", () => {
116
- // This will abort any pending request in the IdentityClient,
117
- // based on the received or generated correlationId
118
- this.identityClient.abortRequests(options.correlationId);
119
- });
120
- }
121
- const app = (options === null || options === void 0 ? void 0 : options.enableCae) ? this.caeApp : this.app;
122
- if (options === null || options === void 0 ? void 0 : options.enableCae) {
123
- this.msalConfig.auth.clientCapabilities = ["cp1"];
124
- }
125
- if (app.public || app.confidential) {
126
- return;
127
- }
128
- if ((options === null || options === void 0 ? void 0 : options.enableCae) && this.createCachePluginCae !== undefined) {
129
- this.msalConfig.cache = {
130
- cachePlugin: await this.createCachePluginCae(),
131
- };
132
- }
133
- if (this.createCachePlugin !== undefined) {
134
- this.msalConfig.cache = {
135
- cachePlugin: await this.createCachePlugin(),
136
- };
137
- }
138
- if (hasNativeBroker() && this.enableBroker) {
139
- this.msalConfig.broker = {
140
- nativeBrokerPlugin: nativeBrokerInfo.broker,
141
- };
142
- if (!this.parentWindowHandle) {
143
- // error should have been thrown from within the constructor of InteractiveBrowserCredential
144
- this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
145
- }
146
- }
147
- if (options === null || options === void 0 ? void 0 : options.enableCae) {
148
- this.caeApp.public = new msalNode.PublicClientApplication(this.msalConfig);
149
- }
150
- else {
151
- this.app.public = new msalNode.PublicClientApplication(this.msalConfig);
152
- }
153
- // write a test so that user callback is invoked just once and the second time the token is cached and user callback not called
154
- //
155
- if (this.getAssertion !== undefined) {
156
- this.msalConfig.auth.clientAssertion = this.getAssertion;
157
- }
158
- // The confidential client requires either a secret, assertion or certificate.
159
- if (this.msalConfig.auth.clientSecret ||
160
- this.msalConfig.auth.clientAssertion ||
161
- this.msalConfig.auth.clientCertificate) {
162
- if (options === null || options === void 0 ? void 0 : options.enableCae) {
163
- this.caeApp.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);
164
- }
165
- else {
166
- this.app.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);
167
- }
168
- }
169
- else {
170
- if (this.requiresConfidential) {
171
- throw new Error("Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.");
172
- }
173
- }
174
- }
175
- /**
176
- * Allows the cancellation of a MSAL request.
177
- */
178
- withCancellation(promise, abortSignal, onCancel) {
179
- return new Promise((resolve, reject) => {
180
- promise
181
- .then((msalToken) => {
182
- return resolve(msalToken);
183
- })
184
- .catch(reject);
185
- if (abortSignal) {
186
- abortSignal.addEventListener("abort", () => {
187
- onCancel === null || onCancel === void 0 ? void 0 : onCancel();
188
- });
189
- }
190
- });
191
- }
192
- /**
193
- * Returns the existing account, attempts to load the account from MSAL.
194
- */
195
- async getActiveAccount(enableCae = false) {
196
- if (this.account) {
197
- return this.account;
198
- }
199
- const cache = this.getApp("confidentialFirst", enableCae).getTokenCache();
200
- const accountsByTenant = await (cache === null || cache === void 0 ? void 0 : cache.getAllAccounts());
201
- if (!accountsByTenant) {
202
- return;
203
- }
204
- if (accountsByTenant.length === 1) {
205
- this.account = msalToPublic(this.clientId, accountsByTenant[0]);
206
- }
207
- else {
208
- this.logger
209
- .info(`More than one account was found authenticated for this Client ID and Tenant ID.
210
- However, no "authenticationRecord" has been provided for this credential,
211
- therefore we're unable to pick between these accounts.
212
- A new login attempt will be requested, to ensure the correct account is picked.
213
- To work with multiple accounts for the same Client ID and Tenant ID, please provide an "authenticationRecord" when initializing a credential to prevent this from happening.`);
214
- return;
215
- }
216
- return this.account;
217
- }
218
- /**
219
- * Attempts to retrieve a token from cache.
220
- */
221
- async getTokenSilent(scopes, options) {
222
- var _a, _b, _c;
223
- await this.getActiveAccount(options === null || options === void 0 ? void 0 : options.enableCae);
224
- if (!this.account) {
225
- throw new AuthenticationRequiredError({
226
- scopes,
227
- getTokenOptions: options,
228
- message: "Silent authentication failed. We couldn't retrieve an active account from the cache.",
229
- });
230
- }
231
- const silentRequest = {
232
- // To be able to re-use the account, the Token Cache must also have been provided.
233
- account: publicToMsal(this.account),
234
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
235
- scopes,
236
- authority: options === null || options === void 0 ? void 0 : options.authority,
237
- claims: options === null || options === void 0 ? void 0 : options.claims,
238
- };
239
- if (hasNativeBroker() && this.enableBroker) {
240
- if (!silentRequest.tokenQueryParameters) {
241
- silentRequest.tokenQueryParameters = {};
242
- }
243
- if (!this.parentWindowHandle) {
244
- // error should have been thrown from within the constructor of InteractiveBrowserCredential
245
- this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
246
- }
247
- if (this.enableMsaPassthrough) {
248
- silentRequest.tokenQueryParameters["msal_request_type"] = "consumer_passthrough";
249
- }
250
- }
251
- try {
252
- this.logger.info("Attempting to acquire token silently");
253
- /**
254
- * The following code to retrieve all accounts is done as a workaround in an attempt to force the
255
- * refresh of the token cache with the token and the account passed in through the
256
- * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
257
- * This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.
258
- */
259
- await ((_a = this.getApp("publicFirst", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
260
- const response = (_c = (await ((_b = this.getApp("confidential", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenSilent(silentRequest));
261
- return this.handleResult(scopes, response || undefined);
262
- }
263
- catch (err) {
264
- throw handleMsalError(scopes, err, options);
265
- }
266
- }
267
- /**
268
- * Wrapper around each MSAL flow get token operation: doGetToken.
269
- * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.
270
- */
271
- async getToken(scopes, options = {}) {
272
- const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||
273
- this.tenantId;
274
- options.authority = getAuthority(tenantId, this.authorityHost);
275
- options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || randomUUID();
276
- await this.init(options);
277
- try {
278
- // MSAL now caches tokens based on their claims,
279
- // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent
280
- // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533
281
- const optionsClaims = options.claims;
282
- if (optionsClaims) {
283
- this.cachedClaims = optionsClaims;
284
- }
285
- if (this.cachedClaims && !optionsClaims) {
286
- options.claims = this.cachedClaims;
287
- }
288
- // We don't return the promise since we want to catch errors right here.
289
- return await this.getTokenSilent(scopes, options);
290
- }
291
- catch (err) {
292
- if (err.name !== "AuthenticationRequiredError") {
293
- throw err;
294
- }
295
- if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
296
- throw new AuthenticationRequiredError({
297
- scopes,
298
- getTokenOptions: options,
299
- message: "Automatic authentication has been disabled. You may call the authentication() method.",
300
- });
301
- }
302
- this.logger.info(`Silent authentication failed, falling back to interactive method.`);
303
- return this.doGetToken(scopes, options);
304
- }
305
- }
306
- /**
307
- * Handles the MSAL authentication result.
308
- * If the result has an account, we update the local account reference.
309
- * If the token received is invalid, an error will be thrown depending on what's missing.
310
- */
311
- handleResult(scopes, result, getTokenOptions) {
312
- if (result === null || result === void 0 ? void 0 : result.account) {
313
- this.account = msalToPublic(this.clientId, result.account);
314
- }
315
- ensureValidMsalToken(scopes, result, getTokenOptions);
316
- this.logger.getToken.info(formatSuccess(scopes));
317
- return {
318
- token: result.accessToken,
319
- expiresOnTimestamp: result.expiresOn.getTime(),
320
- };
321
- }
322
- }
323
- //# sourceMappingURL=msalNodeCommon.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"msalNodeCommon.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalNodeCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAI7C,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAoB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAErE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,UAAU,GACX,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAG3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAI7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAoC5C;;;;;;;;GAQG;AACH,MAAM,OAAgB,QAAQ;IAkC5B,YAAY,OAAwB;;QAjC5B,QAAG,GAGP,EAAE,CAAC;QACC,WAAM,GAGV,EAAE,CAAC;QAQG,yBAAoB,GAAY,KAAK,CAAC;QAmB9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpF,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,OAAO,CAAC;QACpD,IAAI,CAAC,oBAAoB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,0CAAE,0BAA0B,CAAC;QAC/E,IAAI,CAAC,kBAAkB,GAAG,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB,CAAC;QAEpE,qCAAqC;QACrC,IAAI,mBAAmB,KAAK,SAAS,KAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,CAAA,EAAE,CAAC;YACvF,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,wBAAwB,CAAC;YAC5F,MAAM,aAAa,mBACjB,IAAI,EAAE,GAAG,aAAa,IAAI,oBAAoB,EAAE,IAC7C,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,MAAM,UAAU,mBACd,IAAI,EAAE,GAAG,aAAa,IAAI,gBAAgB,EAAE,IACzC,OAAO,CAAC,4BAA4B,CACxC,CAAC;YACF,IAAI,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,aAAa,CAAC,CAAC;YACnE,IAAI,CAAC,oBAAoB,GAAG,GAAG,EAAE,CAAC,mBAAoB,CAAC,UAAU,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,0BAA0B,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACO,qBAAqB,CAAC,OAAwB;;QACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,uBAAuB,CAAC;QAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC/E,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iCACnC,OAAO,CAAC,sBAAsB,KACjC,aAAa,EAAE,SAAS,EACxB,cAAc,EAAE,OAAO,CAAC,cAAc,IACtC,CAAC;QAEH,MAAM,kBAAkB,GAAa,EAAE,CAAC;QAExC,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,gBAAgB,EAAE,mBAAmB,CACnC,QAAQ,EACR,SAAS,EACT,OAAO,CAAC,wBAAwB,CACjC;gBACD,kBAAkB;aACnB;YACD,sCAAsC;YACtC,MAAM,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC;oBACrD,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;oBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;iBACtE;aACF;SACF,CAAC;IACJ,CAAC;IAYS,MAAM,CACd,OAAgB,EAChB,SAAmB;QAEnB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAC/C,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,mBAAmB,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,MAAM,CAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,cAAc,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC,YAAa,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,MAAO,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,CAAC;YACzB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACjD,6DAA6D;gBAC7D,mDAAmD;gBACnD,IAAI,CAAC,cAAe,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,GAAG,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACnC,OAAO;QACT,CAAC;QACD,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;YAClE,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,oBAAoB,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;gBACtB,WAAW,EAAE,MAAM,IAAI,CAAC,iBAAiB,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;gBACvB,kBAAkB,EAAE,gBAAiB,CAAC,MAAM;aAC7C,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1E,CAAC;QAED,+HAA+H;QAC/H,EAAE;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC;QAC3D,CAAC;QACD,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe;YACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EACtC,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzF,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,IAAI,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,gHAAgH,CACjH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB,CACxB,OAAsD,EACtD,WAA6B,EAC7B,QAAqB;QAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,OAAO;iBACJ,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAClB,OAAO,OAAO,CAAC,SAAU,CAAC,CAAC;YAC7B,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;YACjB,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACzC,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,EAAI,CAAC;gBACf,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,SAAS,GAAG,KAAK;QACtC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1E,MAAM,gBAAgB,GAAG,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,cAAc,EAAE,CAAA,CAAC;QAEvD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM;iBACR,IAAI,CAAC;;;;6KAI+J,CAAC,CAAC;YACzK,OAAO;QACT,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,MAAgB,EAChB,OAAuC;;QAEvC,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAA+B;YAChD,kFAAkF;YAClF,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YACnC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM;YACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;YAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;SACxB,CAAC;QAEF,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,aAAa,CAAC,oBAAoB,EAAE,CAAC;gBACxC,aAAa,CAAC,oBAAoB,GAAG,EAAE,CAAC;YAC1C,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,4FAA4F;gBAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD;;;;;eAKG;YACH,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,aAAa,GAAG,cAAc,EAAE,CAAA,CAAC;YACvF,MAAM,QAAQ,GACZ,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,0CAAE,kBAAkB,CACxE,aAAa,CACd,CAAA,CAAC,mCAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAOD;;;OAGG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAE/D,OAAO,CAAC,aAAa,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,KAAI,UAAU,EAAE,CAAC;QAC/D,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,CAAC;YACH,gDAAgD;YAChD,uGAAuG;YACvG,2GAA2G;YAC3G,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,CAAC;YAC9C,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC;YACpC,CAAC;YACD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;YACrC,CAAC;YACD,wEAAwE;YACxE,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE,CAAC;gBAC5C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;YACtF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,YAAY,CACpB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;QACD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;SAC/C,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { AppType, AuthenticationRecord, MsalResult } from \"../types\";\nimport {\n CACHE_CAE_SUFFIX,\n CACHE_NON_CAE_SUFFIX,\n DEFAULT_TOKEN_CACHE_NAME,\n DeveloperSignOnClientId,\n} from \"../../constants\";\nimport { CredentialLogger, formatSuccess } from \"../../util/logging\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n defaultLoggerCallback,\n ensureValidMsalToken,\n getAuthority,\n getKnownAuthorities,\n getMSALLogLevel,\n handleMsalError,\n msalToPublic,\n publicToMsal,\n randomUUID,\n} from \"../utils\";\nimport { hasNativeBroker, nativeBrokerInfo, persistenceProvider } from \"./msalPlugins\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils\";\n\nimport { AbortSignalLike } from \"@azure/abort-controller\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { BrokerOptions } from \"./brokerOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions\";\nimport { calculateRegionalAuthority } from \"../../regionalAuthority\";\nimport { getLogLevel } from \"@azure/logger\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types for Node.\n * @internal\n */\nexport interface MsalNodeOptions extends MsalFlowOptions {\n tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n brokerOptions?: BrokerOptions;\n tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n /**\n * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n * If the property is not specified, uses a non-regional authority endpoint.\n */\n regionalAuthority?: string;\n /**\n * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n */\n loggingOptions?: LogPolicyOptions & {\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n allowLoggingAccountIdentifiers?: boolean;\n /**\n * Allows logging personally identifiable information for customer support.\n */\n enableUnsafeSupportLogging?: boolean;\n };\n}\nexport type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;\n\nexport type ClientAssertionConfig = {\n clientId: string;\n tokenEndpoint?: string;\n};\n/**\n * MSAL partial base client for Node.js.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalNode implements MsalFlow {\n private app: {\n public?: msalNode.PublicClientApplication;\n confidential?: msalNode.ConfidentialClientApplication;\n } = {};\n private caeApp: {\n public?: msalNode.PublicClientApplication;\n confidential?: msalNode.ConfidentialClientApplication;\n } = {};\n private account?: AuthenticationRecord;\n protected msalConfig: msalNode.Configuration;\n protected clientId: string;\n protected tenantId: string;\n protected additionallyAllowedTenantIds: string[];\n protected authorityHost?: string;\n protected identityClient?: IdentityClient;\n protected requiresConfidential: boolean = false;\n protected azureRegion?: string;\n protected createCachePlugin: (() => Promise<msalNode.ICachePlugin>) | undefined;\n protected createCachePluginCae: (() => Promise<msalNode.ICachePlugin>) | undefined;\n protected createNativeBrokerPlugin: (() => Promise<msalNode.INativeBrokerPlugin>) | undefined;\n protected enableMsaPassthrough?: boolean;\n protected parentWindowHandle?: Uint8Array;\n protected enableBroker?: boolean;\n protected logger: CredentialLogger;\n\n /**\n * MSAL currently caches the tokens depending on the claims used to retrieve them.\n * In cases like CAE, in which we use claims to update the tokens, trying to retrieve the token without the claims will yield the original token.\n * To ensure we always get the latest token, we have to keep track of the claims.\n */\n private cachedClaims: string | undefined;\n\n protected getAssertion?: () => Promise<string>;\n constructor(options: MsalNodeOptions) {\n this.logger = options.logger;\n this.msalConfig = this.defaultNodeMsalConfig(options);\n this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n this.clientId = this.msalConfig.auth.clientId;\n if (options?.getAssertion) {\n this.getAssertion = options.getAssertion;\n }\n this.enableBroker = options?.brokerOptions?.enabled;\n this.enableMsaPassthrough = options?.brokerOptions?.legacyEnableMsaPassthrough;\n this.parentWindowHandle = options.brokerOptions?.parentWindowHandle;\n\n // If persistence has been configured\n if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions?.enabled) {\n const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n const nonCaeOptions = {\n name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n ...options.tokenCachePersistenceOptions,\n };\n const caeOptions = {\n name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n ...options.tokenCachePersistenceOptions,\n };\n this.createCachePlugin = () => persistenceProvider!(nonCaeOptions);\n this.createCachePluginCae = () => persistenceProvider!(caeOptions);\n } else if (options.tokenCachePersistenceOptions?.enabled) {\n throw new Error(\n [\n \"Persistent token caching was requested, but no persistence provider was configured.\",\n \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n ].join(\" \"),\n );\n }\n\n // If broker has not been configured\n if (!hasNativeBroker() && this.enableBroker) {\n throw new Error(\n [\n \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n ].join(\" \"),\n );\n }\n\n this.azureRegion = calculateRegionalAuthority(options.regionalAuthority);\n }\n\n /**\n * Generates a MSAL configuration that generally works for Node.js\n */\n protected defaultNodeMsalConfig(options: MsalNodeOptions): msalNode.Configuration {\n const clientId = options.clientId || DeveloperSignOnClientId;\n const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);\n\n this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;\n const authority = getAuthority(tenantId, this.authorityHost);\n\n this.identityClient = new IdentityClient({\n ...options.tokenCredentialOptions,\n authorityHost: authority,\n loggingOptions: options.loggingOptions,\n });\n\n const clientCapabilities: string[] = [];\n\n return {\n auth: {\n clientId,\n authority,\n knownAuthorities: getKnownAuthorities(\n tenantId,\n authority,\n options.disableInstanceDiscovery,\n ),\n clientCapabilities,\n },\n // Cache is defined in this.prepare();\n system: {\n networkClient: this.identityClient,\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(options.logger),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n },\n };\n }\n protected getApp(\n appType: \"publicFirst\" | \"confidentialFirst\",\n enableCae?: boolean,\n ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication;\n protected getApp(appType: \"public\", enableCae?: boolean): msalNode.PublicClientApplication;\n\n protected getApp(\n appType: \"confidential\",\n enableCae?: boolean,\n ): msalNode.ConfidentialClientApplication;\n\n protected getApp(\n appType: AppType,\n enableCae?: boolean,\n ): msalNode.ConfidentialClientApplication | msalNode.PublicClientApplication {\n const app = enableCae ? this.caeApp : this.app;\n if (appType === \"publicFirst\") {\n return (app.public || app.confidential)!;\n } else if (appType === \"confidentialFirst\") {\n return (app.confidential || app.public)!;\n } else if (appType === \"confidential\") {\n return app.confidential!;\n } else {\n return app.public!;\n }\n }\n\n /**\n * Prepares the MSAL applications.\n */\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (options?.abortSignal) {\n options.abortSignal.addEventListener(\"abort\", () => {\n // This will abort any pending request in the IdentityClient,\n // based on the received or generated correlationId\n this.identityClient!.abortRequests(options.correlationId);\n });\n }\n\n const app = options?.enableCae ? this.caeApp : this.app;\n if (options?.enableCae) {\n this.msalConfig.auth.clientCapabilities = [\"cp1\"];\n }\n if (app.public || app.confidential) {\n return;\n }\n if (options?.enableCae && this.createCachePluginCae !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePluginCae(),\n };\n }\n if (this.createCachePlugin !== undefined) {\n this.msalConfig.cache = {\n cachePlugin: await this.createCachePlugin(),\n };\n }\n\n if (hasNativeBroker() && this.enableBroker) {\n this.msalConfig.broker = {\n nativeBrokerPlugin: nativeBrokerInfo!.broker,\n };\n if (!this.parentWindowHandle) {\n // error should have been thrown from within the constructor of InteractiveBrowserCredential\n this.logger.warning(\n \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n );\n }\n }\n\n if (options?.enableCae) {\n this.caeApp.public = new msalNode.PublicClientApplication(this.msalConfig);\n } else {\n this.app.public = new msalNode.PublicClientApplication(this.msalConfig);\n }\n\n // write a test so that user callback is invoked just once and the second time the token is cached and user callback not called\n //\n if (this.getAssertion !== undefined) {\n this.msalConfig.auth.clientAssertion = this.getAssertion;\n }\n // The confidential client requires either a secret, assertion or certificate.\n if (\n this.msalConfig.auth.clientSecret ||\n this.msalConfig.auth.clientAssertion ||\n this.msalConfig.auth.clientCertificate\n ) {\n if (options?.enableCae) {\n this.caeApp.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n } else {\n this.app.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);\n }\n } else {\n if (this.requiresConfidential) {\n throw new Error(\n \"Unable to generate the MSAL confidential client. Missing either the client's secret, certificate or assertion.\",\n );\n }\n }\n }\n\n /**\n * Allows the cancellation of a MSAL request.\n */\n protected withCancellation(\n promise: Promise<msalNode.AuthenticationResult | null>,\n abortSignal?: AbortSignalLike,\n onCancel?: () => void,\n ): Promise<msalNode.AuthenticationResult | null> {\n return new Promise((resolve, reject) => {\n promise\n .then((msalToken) => {\n return resolve(msalToken!);\n })\n .catch(reject);\n if (abortSignal) {\n abortSignal.addEventListener(\"abort\", () => {\n onCancel?.();\n });\n }\n });\n }\n\n /**\n * Returns the existing account, attempts to load the account from MSAL.\n */\n async getActiveAccount(enableCae = false): Promise<AuthenticationRecord | undefined> {\n if (this.account) {\n return this.account;\n }\n const cache = this.getApp(\"confidentialFirst\", enableCae).getTokenCache();\n const accountsByTenant = await cache?.getAllAccounts();\n\n if (!accountsByTenant) {\n return;\n }\n\n if (accountsByTenant.length === 1) {\n this.account = msalToPublic(this.clientId, accountsByTenant[0]);\n } else {\n this.logger\n .info(`More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing a credential to prevent this from happening.`);\n return;\n }\n\n return this.account;\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n await this.getActiveAccount(options?.enableCae);\n if (!this.account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const silentRequest: msalNode.SilentFlowRequest = {\n // To be able to re-use the account, the Token Cache must also have been provided.\n account: publicToMsal(this.account),\n correlationId: options?.correlationId,\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n };\n\n if (hasNativeBroker() && this.enableBroker) {\n if (!silentRequest.tokenQueryParameters) {\n silentRequest.tokenQueryParameters = {};\n }\n if (!this.parentWindowHandle) {\n // error should have been thrown from within the constructor of InteractiveBrowserCredential\n this.logger.warning(\n \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n );\n }\n if (this.enableMsaPassthrough) {\n silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n }\n }\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n /**\n * The following code to retrieve all accounts is done as a workaround in an attempt to force the\n * refresh of the token cache with the token and the account passed in through the\n * `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651\n * This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.\n */\n await this.getApp(\"publicFirst\", options?.enableCae)?.getTokenCache().getAllAccounts();\n const response =\n (await this.getApp(\"confidential\", options?.enableCae)?.acquireTokenSilent(\n silentRequest,\n )) ?? (await this.getApp(\"public\", options?.enableCae).acquireTokenSilent(silentRequest));\n return this.handleResult(scopes, response || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n protected abstract doGetToken(scopes: string[], options?: GetTokenOptions): Promise<AccessToken>;\n\n /**\n * Wrapper around each MSAL flow get token operation: doGetToken.\n * If disableAutomaticAuthentication is sent through the constructor, it will prevent MSAL from requesting the user input.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n this.tenantId;\n\n options.authority = getAuthority(tenantId, this.authorityHost);\n\n options.correlationId = options?.correlationId || randomUUID();\n await this.init(options);\n\n try {\n // MSAL now caches tokens based on their claims,\n // so now one has to keep track fo claims in order to retrieve the newer tokens from acquireTokenSilent\n // This update happened on PR: https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/4533\n const optionsClaims = (options as any).claims;\n if (optionsClaims) {\n this.cachedClaims = optionsClaims;\n }\n if (this.cachedClaims && !optionsClaims) {\n options.claims = this.cachedClaims;\n }\n // We don't return the promise since we want to catch errors right here.\n return await this.getTokenSilent(scopes, options);\n } catch (err: any) {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(`Silent authentication failed, falling back to interactive method.`);\n return this.doGetToken(scopes, options);\n }\n }\n\n /**\n * Handles the MSAL authentication result.\n * If the result has an account, we update the local account reference.\n * If the token received is invalid, an error will be thrown depending on what's missing.\n */\n protected handleResult(\n scopes: string | string[],\n result?: MsalResult,\n getTokenOptions?: GetTokenOptions,\n ): AccessToken {\n if (result?.account) {\n this.account = msalToPublic(this.clientId, result.account);\n }\n ensureValidMsalToken(scopes, result, getTokenOptions);\n this.logger.getToken.info(formatSuccess(scopes));\n return {\n token: result.accessToken,\n expiresOnTimestamp: result.expiresOn.getTime(),\n };\n }\n}\n"]}
@@ -1,58 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- import { MsalNode } from "./msalNodeCommon";
4
- import { formatError } from "../../util/logging";
5
- import { handleMsalError } from "../utils";
6
- import { parseCertificate } from "./msalClientCertificate";
7
- /**
8
- * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.
9
- * @internal
10
- */
11
- export class MsalOnBehalfOf extends MsalNode {
12
- constructor(options) {
13
- super(options);
14
- this.logger.info("Initialized MSAL's On-Behalf-Of flow");
15
- this.requiresConfidential = true;
16
- this.userAssertionToken = options.userAssertionToken;
17
- this.certificatePath = options.certificatePath;
18
- this.sendCertificateChain = options.sendCertificateChain;
19
- this.clientSecret = options.clientSecret;
20
- }
21
- // Changing the MSAL configuration asynchronously
22
- async init(options) {
23
- if (this.certificatePath) {
24
- try {
25
- const parts = await parseCertificate({ certificatePath: this.certificatePath }, this.sendCertificateChain);
26
- this.msalConfig.auth.clientCertificate = {
27
- thumbprint: parts.thumbprint,
28
- privateKey: parts.certificateContents,
29
- x5c: parts.x5c,
30
- };
31
- }
32
- catch (error) {
33
- this.logger.info(formatError("", error));
34
- throw error;
35
- }
36
- }
37
- else {
38
- this.msalConfig.auth.clientSecret = this.clientSecret;
39
- }
40
- return super.init(options);
41
- }
42
- async doGetToken(scopes, options = {}) {
43
- try {
44
- const result = await this.getApp("confidential", options.enableCae).acquireTokenOnBehalfOf({
45
- scopes,
46
- correlationId: options.correlationId,
47
- authority: options.authority,
48
- claims: options.claims,
49
- oboAssertion: this.userAssertionToken,
50
- });
51
- return this.handleResult(scopes, result || undefined);
52
- }
53
- catch (err) {
54
- throw handleMsalError(scopes, err, options);
55
- }
56
- }
57
- }
58
- //# sourceMappingURL=msalOnBehalfOf.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"msalOnBehalfOf.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOnBehalfOf.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AA8B3D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAM1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,IAAI,CAAC,OAAuC;QAChD,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,EACzC,IAAI,CAAC,oBAAoB,CAC1B,CAAC;gBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG;oBACvC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,KAAK,CAAC,mBAAmB;oBACrC,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC;YACJ,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACxD,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC;gBACzF,MAAM;gBACN,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,IAAI,CAAC,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { formatError } from \"../../util/logging\";\nimport { handleMsalError } from \"../utils\";\nimport { parseCertificate } from \"./msalClientCertificate\";\n\n/**\n * Options that can be passed to configure MSAL to handle On-Behalf-Of authentication requests.\n * @internal\n */\nexport interface MsalOnBehalfOfOptions extends MsalNodeOptions {\n /**\n * A client secret that was generated for the App Registration.\n */\n clientSecret?: string;\n /**\n * Location of the PEM certificate.\n */\n certificatePath?: string;\n /**\n * A function that retrieves the client assertion for the credential to use\n */\n getAssertion?: () => Promise<string>;\n /**\n * Option to include x5c header for SubjectName and Issuer name authorization.\n * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n */\n sendCertificateChain?: boolean;\n /**\n * The user assertion for the On-Behalf-Of flow.\n */\n userAssertionToken: string;\n}\n\n/**\n * MSAL on behalf of flow. Calls to MSAL's confidential application's `acquireTokenOnBehalfOf` during `doGetToken`.\n * @internal\n */\nexport class MsalOnBehalfOf extends MsalNode {\n private userAssertionToken: string;\n private certificatePath?: string;\n private sendCertificateChain?: boolean;\n private clientSecret?: string;\n\n constructor(options: MsalOnBehalfOfOptions) {\n super(options);\n this.logger.info(\"Initialized MSAL's On-Behalf-Of flow\");\n this.requiresConfidential = true;\n this.userAssertionToken = options.userAssertionToken;\n this.certificatePath = options.certificatePath;\n this.sendCertificateChain = options.sendCertificateChain;\n this.clientSecret = options.clientSecret;\n }\n\n // Changing the MSAL configuration asynchronously\n async init(options?: CredentialFlowGetTokenOptions): Promise<void> {\n if (this.certificatePath) {\n try {\n const parts = await parseCertificate(\n { certificatePath: this.certificatePath },\n this.sendCertificateChain,\n );\n this.msalConfig.auth.clientCertificate = {\n thumbprint: parts.thumbprint,\n privateKey: parts.certificateContents,\n x5c: parts.x5c,\n };\n } catch (error: any) {\n this.logger.info(formatError(\"\", error));\n throw error;\n }\n } else {\n this.msalConfig.auth.clientSecret = this.clientSecret;\n }\n return super.init(options);\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const result = await this.getApp(\"confidential\", options.enableCae).acquireTokenOnBehalfOf({\n scopes,\n correlationId: options.correlationId,\n authority: options.authority,\n claims: options.claims,\n oboAssertion: this.userAssertionToken,\n });\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n}\n"]}
@@ -1,113 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- import { MsalNode } from "./msalNodeCommon";
4
- import { credentialLogger } from "../../util/logging";
5
- import { handleMsalError } from "../utils";
6
- import { hasNativeBroker } from "./msalPlugins";
7
- import open from "open";
8
- /**
9
- * A call to open(), but mockable
10
- * @internal
11
- */
12
- export const interactiveBrowserMockable = {
13
- open,
14
- };
15
- /**
16
- * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`
17
- * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback
18
- * @internal
19
- */
20
- export class MsalOpenBrowser extends MsalNode {
21
- constructor(options) {
22
- var _a, _b, _c, _d;
23
- super(options);
24
- this.loginHint = options.loginHint;
25
- this.errorTemplate = (_a = options.browserCustomizationOptions) === null || _a === void 0 ? void 0 : _a.errorMessage;
26
- this.successTemplate = (_b = options.browserCustomizationOptions) === null || _b === void 0 ? void 0 : _b.successMessage;
27
- this.logger = credentialLogger("Node.js MSAL Open Browser");
28
- this.useDefaultBrokerAccount =
29
- ((_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.enabled) && ((_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.useDefaultBrokerAccount);
30
- }
31
- async doGetToken(scopes, options = {}) {
32
- try {
33
- const interactiveRequest = {
34
- openBrowser: async (url) => {
35
- await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });
36
- },
37
- scopes,
38
- authority: options === null || options === void 0 ? void 0 : options.authority,
39
- claims: options === null || options === void 0 ? void 0 : options.claims,
40
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
41
- loginHint: this.loginHint,
42
- errorTemplate: this.errorTemplate,
43
- successTemplate: this.successTemplate,
44
- };
45
- if (hasNativeBroker() && this.enableBroker) {
46
- return this.doGetBrokeredToken(scopes, interactiveRequest, {
47
- enableCae: options.enableCae,
48
- useDefaultBrokerAccount: this.useDefaultBrokerAccount,
49
- });
50
- }
51
- // If the broker is not enabled, we will fall back to interactive authentication
52
- if (hasNativeBroker() && !this.enableBroker) {
53
- this.logger.verbose("Authentication will resume normally without the broker, since it's not enabled");
54
- }
55
- const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
56
- return this.handleResult(scopes, result || undefined);
57
- }
58
- catch (err) {
59
- throw handleMsalError(scopes, err, options);
60
- }
61
- }
62
- /**
63
- * A helper function that supports brokered authentication through the MSAL's public application.
64
- *
65
- * When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.
66
- * If the default broker account is not available, the method will fall back to interactive authentication.
67
- */
68
- async doGetBrokeredToken(scopes, interactiveRequest, options) {
69
- var _a;
70
- this.logger.verbose("Authentication will resume through the broker");
71
- if (this.parentWindowHandle) {
72
- interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);
73
- }
74
- else {
75
- // error should have been thrown from within the constructor of InteractiveBrowserCredential
76
- this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
77
- }
78
- if (this.enableMsaPassthrough) {
79
- ((_a = interactiveRequest.tokenQueryParameters) !== null && _a !== void 0 ? _a : (interactiveRequest.tokenQueryParameters = {}))["msal_request_type"] =
80
- "consumer_passthrough";
81
- }
82
- if (options.useDefaultBrokerAccount) {
83
- interactiveRequest.prompt = "none";
84
- this.logger.verbose("Attempting broker authentication using the default broker account");
85
- }
86
- else {
87
- interactiveRequest.prompt = undefined;
88
- this.logger.verbose("Attempting broker authentication without the default broker account");
89
- }
90
- try {
91
- const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenInteractive(interactiveRequest);
92
- if (result.fromNativeBroker) {
93
- this.logger.verbose(`This result is returned from native broker`);
94
- }
95
- return this.handleResult(scopes, result || undefined);
96
- }
97
- catch (e) {
98
- this.logger.verbose(`Failed to authenticate through the broker: ${e.message}`);
99
- // If we tried to use the default broker account and failed, fall back to interactive authentication
100
- if (options.useDefaultBrokerAccount) {
101
- return this.doGetBrokeredToken(scopes, interactiveRequest, {
102
- enableCae: options.enableCae,
103
- useDefaultBrokerAccount: false,
104
- });
105
- }
106
- else {
107
- // If we're not using the default broker account, throw the error
108
- throw handleMsalError(scopes, e);
109
- }
110
- }
111
- }
112
- }
113
- //# sourceMappingURL=msalOpenBrowser.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"msalOpenBrowser.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalOpenBrowser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,IAAI,MAAM,MAAM,CAAC;AAexB;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI;CACL,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,eAAgB,SAAQ,QAAQ;IAM3C,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,aAAa,GAAG,MAAA,OAAO,CAAC,2BAA2B,0CAAE,YAAY,CAAC;QACvE,IAAI,CAAC,eAAe,GAAG,MAAA,OAAO,CAAC,2BAA2B,0CAAE,cAAc,CAAC;QAC3E,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;QAC5D,IAAI,CAAC,uBAAuB;YAC1B,CAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,MAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,uBAAuB,CAAA,CAAC;IACrF,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAgC;gBACtD,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;oBACzB,MAAM,0BAA0B,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM;gBACN,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC;YAEF,IAAI,eAAe,EAAE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,EAAE;oBACzD,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;iBACtD,CAAC,CAAC;YACL,CAAC;YAED,gFAAgF;YAEhF,IAAI,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gFAAgF,CACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,uBAAuB,CACpF,kBAAkB,CACnB,CAAC;YACF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAC9B,MAAgB,EAChB,kBAA+C,EAC/C,OAGC;;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,4FAA4F;YAC5F,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,OAAC,kBAAkB,CAAC,oBAAoB,oCAAvC,kBAAkB,CAAC,oBAAoB,GAAK,EAAE,EAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QAED,IAAI,OAAO,CAAC,uBAAuB,EAAE,CAAC;YACpC,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,kBAAkB,CAAC,MAAM,GAAG,SAAS,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC7F,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,uBAAuB,CACpF,kBAAkB,CACnB,CAAC;YACF,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC5B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/E,oGAAoG;YACpG,IAAI,OAAO,CAAC,uBAAuB,EAAE,CAAC;gBACpC,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,EAAE;oBACzD,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,uBAAuB,EAAE,KAAK;iBAC/B,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,MAAM,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { handleMsalError } from \"../utils\";\nimport { hasNativeBroker } from \"./msalPlugins\";\nimport open from \"open\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalOpenBrowserOptions extends MsalNodeOptions {\n redirectUri?: string;\n loginHint?: string;\n browserCustomizationOptions?: {\n errorMessage?: string;\n successMessage?: string;\n };\n}\n\n/**\n * A call to open(), but mockable\n * @internal\n */\nexport const interactiveBrowserMockable = {\n open,\n};\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalOpenBrowser extends MsalNode {\n private loginHint?: string;\n private errorTemplate?: string;\n private successTemplate?: string;\n private useDefaultBrokerAccount?: boolean;\n\n constructor(options: MsalOpenBrowserOptions) {\n super(options);\n this.loginHint = options.loginHint;\n this.errorTemplate = options.browserCustomizationOptions?.errorMessage;\n this.successTemplate = options.browserCustomizationOptions?.successMessage;\n this.logger = credentialLogger(\"Node.js MSAL Open Browser\");\n this.useDefaultBrokerAccount =\n options.brokerOptions?.enabled && options.brokerOptions?.useDefaultBrokerAccount;\n }\n\n protected async doGetToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n try {\n const interactiveRequest: msalNode.InteractiveRequest = {\n openBrowser: async (url) => {\n await interactiveBrowserMockable.open(url, { wait: true, newInstance: true });\n },\n scopes,\n authority: options?.authority,\n claims: options?.claims,\n correlationId: options?.correlationId,\n loginHint: this.loginHint,\n errorTemplate: this.errorTemplate,\n successTemplate: this.successTemplate,\n };\n\n if (hasNativeBroker() && this.enableBroker) {\n return this.doGetBrokeredToken(scopes, interactiveRequest, {\n enableCae: options.enableCae,\n useDefaultBrokerAccount: this.useDefaultBrokerAccount,\n });\n }\n\n // If the broker is not enabled, we will fall back to interactive authentication\n\n if (hasNativeBroker() && !this.enableBroker) {\n this.logger.verbose(\n \"Authentication will resume normally without the broker, since it's not enabled\",\n );\n }\n\n const result = await this.getApp(\"public\", options?.enableCae).acquireTokenInteractive(\n interactiveRequest,\n );\n return this.handleResult(scopes, result || undefined);\n } catch (err: any) {\n throw handleMsalError(scopes, err, options);\n }\n }\n\n /**\n * A helper function that supports brokered authentication through the MSAL's public application.\n *\n * When options.useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n * If the default broker account is not available, the method will fall back to interactive authentication.\n */\n private async doGetBrokeredToken(\n scopes: string[],\n interactiveRequest: msalNode.InteractiveRequest,\n options: {\n enableCae?: boolean;\n useDefaultBrokerAccount?: boolean;\n },\n ): Promise<AccessToken> {\n this.logger.verbose(\"Authentication will resume through the broker\");\n if (this.parentWindowHandle) {\n interactiveRequest.windowHandle = Buffer.from(this.parentWindowHandle);\n } else {\n // error should have been thrown from within the constructor of InteractiveBrowserCredential\n this.logger.warning(\n \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n );\n }\n\n if (this.enableMsaPassthrough) {\n (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n \"consumer_passthrough\";\n }\n\n if (options.useDefaultBrokerAccount) {\n interactiveRequest.prompt = \"none\";\n this.logger.verbose(\"Attempting broker authentication using the default broker account\");\n } else {\n interactiveRequest.prompt = undefined;\n this.logger.verbose(\"Attempting broker authentication without the default broker account\");\n }\n\n try {\n const result = await this.getApp(\"public\", options?.enableCae).acquireTokenInteractive(\n interactiveRequest,\n );\n if (result.fromNativeBroker) {\n this.logger.verbose(`This result is returned from native broker`);\n }\n return this.handleResult(scopes, result || undefined);\n } catch (e: any) {\n this.logger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n // If we tried to use the default broker account and failed, fall back to interactive authentication\n if (options.useDefaultBrokerAccount) {\n return this.doGetBrokeredToken(scopes, interactiveRequest, {\n enableCae: options.enableCae,\n useDefaultBrokerAccount: false,\n });\n } else {\n // If we're not using the default broker account, throw the error\n throw handleMsalError(scopes, e);\n }\n }\n }\n}\n"]}
@@ -1,33 +0,0 @@
1
- // Copyright (c) Microsoft Corporation.
2
- // Licensed under the MIT license.
3
- import { MsalNode } from "./msalNodeCommon";
4
- import { handleMsalError } from "../utils";
5
- /**
6
- * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.
7
- * @internal
8
- */
9
- export class MsalUsernamePassword extends MsalNode {
10
- constructor(options) {
11
- super(options);
12
- this.username = options.username;
13
- this.password = options.password;
14
- }
15
- async doGetToken(scopes, options) {
16
- try {
17
- const requestOptions = {
18
- scopes,
19
- username: this.username,
20
- password: this.password,
21
- correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
22
- authority: options === null || options === void 0 ? void 0 : options.authority,
23
- claims: options === null || options === void 0 ? void 0 : options.claims,
24
- };
25
- const result = await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByUsernamePassword(requestOptions);
26
- return this.handleResult(scopes, result || undefined);
27
- }
28
- catch (error) {
29
- throw handleMsalError(scopes, error, options);
30
- }
31
- }
32
- }
33
- //# sourceMappingURL=msalUsernamePassword.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"msalUsernamePassword.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalUsernamePassword.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAI7D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAW3C;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,QAAQ;IAIhD,YAAY,OAAoC;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI,CAAC;YACH,MAAM,cAAc,GAAqC;gBACvD,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,8BAA8B,CAC3F,cAAc,CACf,CAAC;YACF,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\n\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { handleMsalError } from \"../utils\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through username and password.\n * @internal\n */\nexport interface MsalUsernamePasswordOptions extends MsalNodeOptions {\n username: string;\n password: string;\n}\n\n/**\n * MSAL username and password client. Calls to the MSAL's public application's `acquireTokenByUsernamePassword` during `doGetToken`.\n * @internal\n */\nexport class MsalUsernamePassword extends MsalNode {\n private username: string;\n private password: string;\n\n constructor(options: MsalUsernamePasswordOptions) {\n super(options);\n this.username = options.username;\n this.password = options.password;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.UsernamePasswordRequest = {\n scopes,\n username: this.username,\n password: this.password,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const result = await this.getApp(\"public\", options?.enableCae).acquireTokenByUsernamePassword(\n requestOptions,\n );\n return this.handleResult(scopes, result || undefined);\n } catch (error: any) {\n throw handleMsalError(scopes, error, options);\n }\n }\n}\n"]}