@azure/identity 4.5.0-alpha.20240822.3 → 4.5.0-alpha.20240826.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. package/dist/index.js +38 -2
  2. package/dist/index.js.map +1 -1
  3. package/dist-esm/src/client/identityClient.js +2 -1
  4. package/dist-esm/src/client/identityClient.js.map +1 -1
  5. package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js +6 -0
  6. package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js.map +1 -1
  7. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js +2 -0
  8. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js.map +1 -1
  9. package/dist-esm/src/credentials/managedIdentityCredential/utils.js +25 -0
  10. package/dist-esm/src/credentials/managedIdentityCredential/utils.js.map +1 -1
  11. package/dist-esm/src/errors.js +0 -1
  12. package/dist-esm/src/errors.js.map +1 -1
  13. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +2 -0
  14. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  15. package/dist-esm/src/msal/nodeFlows/msalClient.js +10 -1
  16. package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
  17. package/dist-esm/src/msal/types.js.map +1 -1
  18. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -305,7 +305,6 @@ const AuthenticationErrorName = "AuthenticationError";
305
305
  * the specific failure.
306
306
  */
307
307
  class AuthenticationError extends Error {
308
- // eslint-disable-next-line @typescript-eslint/ban-types
309
308
  constructor(statusCode, errorBody, options) {
310
309
  let errorResponse = {
311
310
  error: "unknown",
@@ -551,6 +550,31 @@ function parseExpirationTimestamp(body) {
551
550
  }
552
551
  throw new Error(`Failed to parse token expiration from body. expires_in="${body.expires_in}", expires_on="${body.expires_on}"`);
553
552
  }
553
+ /**
554
+ * Given a token response, return the expiration timestamp as the number of milliseconds from the Unix epoch.
555
+ * @param body - A parsed response body from the authentication endpoint.
556
+ */
557
+ function parseRefreshTimestamp(body) {
558
+ if (body.refresh_on) {
559
+ if (typeof body.refresh_on === "number") {
560
+ return body.refresh_on * 1000;
561
+ }
562
+ if (typeof body.refresh_on === "string") {
563
+ const asNumber = +body.refresh_on;
564
+ if (!isNaN(asNumber)) {
565
+ return asNumber * 1000;
566
+ }
567
+ const asDate = Date.parse(body.refresh_on);
568
+ if (!isNaN(asDate)) {
569
+ return asDate;
570
+ }
571
+ }
572
+ throw new Error(`Failed to parse refresh_on from body. refresh_on="${body.refresh_on}"`);
573
+ }
574
+ else {
575
+ return undefined;
576
+ }
577
+ }
554
578
 
555
579
  // Copyright (c) Microsoft Corporation.
556
580
  // Licensed under the MIT license.
@@ -615,6 +639,7 @@ class IdentityClient extends coreClient.ServiceClient {
615
639
  accessToken: {
616
640
  token: parsedBody.access_token,
617
641
  expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
642
+ refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),
618
643
  },
619
644
  refreshToken: parsedBody.refresh_token,
620
645
  };
@@ -1685,7 +1710,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1685
1710
  * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.
1686
1711
  */
1687
1712
  async function withSilentAuthentication(msalApp, scopes, options, onAuthenticationRequired) {
1688
- var _a;
1713
+ var _a, _b;
1689
1714
  let response = null;
1690
1715
  try {
1691
1716
  response = await getTokenSilent(msalApp, scopes, options);
@@ -1718,9 +1743,11 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1718
1743
  return {
1719
1744
  token: response.accessToken,
1720
1745
  expiresOnTimestamp: response.expiresOn.getTime(),
1746
+ refreshAfterTimestamp: (_b = response.refreshOn) === null || _b === void 0 ? void 0 : _b.getTime(),
1721
1747
  };
1722
1748
  }
1723
1749
  async function getTokenByClientSecret(scopes, clientSecret, options = {}) {
1750
+ var _a;
1724
1751
  state.logger.getToken.info(`Attempting to acquire token using client secret`);
1725
1752
  state.msalConfig.auth.clientSecret = clientSecret;
1726
1753
  const msalApp = await getConfidentialApp(options);
@@ -1736,6 +1763,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1736
1763
  return {
1737
1764
  token: response.accessToken,
1738
1765
  expiresOnTimestamp: response.expiresOn.getTime(),
1766
+ refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
1739
1767
  };
1740
1768
  }
1741
1769
  catch (err) {
@@ -1743,6 +1771,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1743
1771
  }
1744
1772
  }
1745
1773
  async function getTokenByClientAssertion(scopes, clientAssertion, options = {}) {
1774
+ var _a;
1746
1775
  state.logger.getToken.info(`Attempting to acquire token using client assertion`);
1747
1776
  state.msalConfig.auth.clientAssertion = clientAssertion;
1748
1777
  const msalApp = await getConfidentialApp(options);
@@ -1759,6 +1788,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1759
1788
  return {
1760
1789
  token: response.accessToken,
1761
1790
  expiresOnTimestamp: response.expiresOn.getTime(),
1791
+ refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
1762
1792
  };
1763
1793
  }
1764
1794
  catch (err) {
@@ -1766,6 +1796,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1766
1796
  }
1767
1797
  }
1768
1798
  async function getTokenByClientCertificate(scopes, certificate, options = {}) {
1799
+ var _a;
1769
1800
  state.logger.getToken.info(`Attempting to acquire token using client certificate`);
1770
1801
  state.msalConfig.auth.clientCertificate = certificate;
1771
1802
  const msalApp = await getConfidentialApp(options);
@@ -1781,6 +1812,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1781
1812
  return {
1782
1813
  token: response.accessToken,
1783
1814
  expiresOnTimestamp: response.expiresOn.getTime(),
1815
+ refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
1784
1816
  };
1785
1817
  }
1786
1818
  catch (err) {
@@ -1851,6 +1883,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1851
1883
  });
1852
1884
  }
1853
1885
  async function getTokenOnBehalfOf(scopes, userAssertionToken, clientCredentials, options = {}) {
1886
+ var _a;
1854
1887
  msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);
1855
1888
  if (typeof clientCredentials === "string") {
1856
1889
  // Client secret
@@ -1880,6 +1913,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
1880
1913
  return {
1881
1914
  token: response.accessToken,
1882
1915
  expiresOnTimestamp: response.expiresOn.getTime(),
1916
+ refreshAfterTimestamp: (_a = response.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
1883
1917
  };
1884
1918
  }
1885
1919
  catch (err) {
@@ -2223,6 +2257,7 @@ class MsalMsiProvider {
2223
2257
  throw new CredentialUnavailableError(`ManagedIdentityCredential: Multiple scopes are not supported. Scopes: ${JSON.stringify(scopes)}`);
2224
2258
  }
2225
2259
  return tracingClient.withSpan("ManagedIdentityCredential.getToken", options, async () => {
2260
+ var _a;
2226
2261
  try {
2227
2262
  const isTokenExchangeMsi = await tokenExchangeMsi.isAvailable({
2228
2263
  scopes,
@@ -2282,6 +2317,7 @@ class MsalMsiProvider {
2282
2317
  return {
2283
2318
  expiresOnTimestamp: token.expiresOn.getTime(),
2284
2319
  token: token.accessToken,
2320
+ refreshAfterTimestamp: (_a = token.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
2285
2321
  };
2286
2322
  }
2287
2323
  catch (err) {