npm - @azure/identity - Versions diffs - 4.5.0-alpha.20240916.2 → 4.5.0-alpha.20240926.2 - Mend

@azure/identity 4.5.0-alpha.20240916.2 → 4.5.0-alpha.20240926.2

Files changed (19) hide show

package/README.md +21 -18
package/dist/index.js +41 -21
package/dist/index.js.map +1 -1
package/dist-esm/src/credentials/chainedTokenCredential.js +8 -1
package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -1
package/dist-esm/src/credentials/deviceCodeCredential.js +6 -4
package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
package/dist-esm/src/msal/nodeFlows/msalClient.js +6 -6
package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
package/dist-esm/src/msal/utils.js +14 -1
package/dist-esm/src/msal/utils.js.map +1 -1
package/dist-esm/src/plugins/consumer.js +6 -8
package/dist-esm/src/plugins/consumer.js.map +1 -1
package/dist-esm/src/tokenProvider.js +3 -3
package/dist-esm/src/tokenProvider.js.map +1 -1
package/package.json +14 -13
package/types/identity.d.ts +53 -47

package/README.md CHANGED Viewed

@@ -157,19 +157,14 @@ You can find more examples of using various credentials in [Azure Identity Examp
 This example demonstrates authenticating the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys) client library using `DefaultAzureCredential`.
-```javascript
-// The default credential first checks environment variables for configuration as described above.
-// If environment configuration is incomplete, it will try managed identity.
-// Azure Key Vault service to use
-import { KeyClient } from "@azure/keyvault-keys";
-// Azure authentication library to access Azure Key Vault
+```ts snippet:defaultazurecredential_authenticate
 import { DefaultAzureCredential } from "@azure/identity";
+import { KeyClient } from "@azure/keyvault-keys";
+// Configure vault URL
+const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
 // Azure SDK clients accept the credential as a parameter
 const credential = new DefaultAzureCredential();
 // Create authenticated client
 const client = new KeyClient(vaultUrl, credential);
 ```
@@ -182,17 +177,23 @@ A relatively common scenario involves authenticating using a user-assigned manag
 While `DefaultAzureCredential` is generally the quickest way to get started developing applications for Azure, more advanced users may want to customize the credentials considered when authenticating. The `ChainedTokenCredential` enables users to combine multiple credential instances to define a customized chain of credentials. This example demonstrates creating a `ChainedTokenCredential` that attempts to authenticate using two differently configured instances of `ClientSecretCredential`, to then authenticate the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys):
-```typescript
+```ts snippet:chaintedtokencredential_authenticate
 import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
+import { KeyClient } from "@azure/keyvault-keys";
+// Configure variables
+const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
+const tenantId = "<tenant-id>";
+const clientId = "<client-id>";
+const clientSecret = "<client-secret>";
+const anotherClientId = "<another-client-id>";
+const anotherSecret = "<another-client-secret>";
 // When an access token is requested, the chain will try each
 // credential in order, stopping when one provides a token
 const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
 const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
 const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
 // The chain can be used anywhere a credential is required
-import { KeyClient } from "@azure/keyvault-keys";
 const client = new KeyClient(vaultUrl, credentialChain);
 ```
@@ -214,15 +215,16 @@ For examples of how to use managed identity for authentication, see [the example
 Credentials default to authenticating to the Microsoft Entra endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The [`AzureAuthorityHosts`][authority_hosts] enum defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
-```typescript
-import { AzureAuthorityHosts, ClientSecretCredential } from "@azure/identity";
+```ts snippet:cloudconfiguration_authenticate
+import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
 const credential = new ClientSecretCredential(
   "<YOUR_TENANT_ID>",
   "<YOUR_CLIENT_ID>",
   "<YOUR_CLIENT_SECRET>",
   {
     authorityHost: AzureAuthorityHosts.AzureGovernment,
-  }
+  },
 );
 ```
@@ -234,15 +236,16 @@ AZURE_AUTHORITY_HOST=https://login.partner.microsoftonline.cn
 The `AzureAuthorityHosts` enum defines authorities for well-known clouds for your convenience; however, if the authority for your cloud isn't listed in `AzureAuthorityHosts`, you may pass any valid authority URL as a string argument. For example:
-```typescript
-import { AzureAuthorityHosts, ClientSecretCredential } from "@azure/identity";
+```ts snippet:cloudconfiguration_authorityhost
+import { ClientSecretCredential } from "@azure/identity";
 const credential = new ClientSecretCredential(
   "<YOUR_TENANT_ID>",
   "<YOUR_CLIENT_ID>",
   "<YOUR_CLIENT_SECRET>",
   {
     authorityHost: "https://login.partner.microsoftonline.cn",
-  }
+  },
 );
 ```

package/dist/index.js CHANGED Viewed

@@ -1017,18 +1017,16 @@ const pluginContext = {
  *
  * Example:
  *
- * ```javascript
- * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
+ * ```ts snippet:consumer_example
+ * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
  *
- * import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
  * useIdentityPlugin(cachePersistencePlugin);
- *
- * // The plugin has the capability to extend `DefaultAzureCredential` and to
+ * // The plugin has the capability to extend `DeviceCodeCredential` and to
  * // add middleware to the underlying credentials, such as persistence.
- * const credential = new DefaultAzureCredential({
+ * const credential = new DeviceCodeCredential({
  *   tokenCachePersistenceOptions: {
- *     enabled: true
- *   }
+ *     enabled: true,
+ *   },
  * });
  * ```
  *
@@ -1072,6 +1070,19 @@ function ensureValidMsalToken(scopes, msalToken, getTokenOptions) {
         throw error(`Response had no "accessToken" property.`);
     }
 }
+/**
+ * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.
+ *
+ * Defaults to {@link DefaultAuthorityHost}.
+ * @internal
+ */
+function getAuthorityHost(options) {
+    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
+    if (!authorityHost && coreUtil.isNodeLike) {
+        authorityHost = process.env.AZURE_AUTHORITY_HOST;
+    }
+    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
+}
 /**
  * Generates a valid authority by combining a host with a tenantId.
  * @internal
@@ -1570,10 +1581,10 @@ const interactiveBrowserMockable = {
  * @returns  The MSAL configuration object.
  */
 function generateMsalConfiguration(clientId, tenantId, msalClientOptions = {}) {
-    var _a, _b, _c, _d;
+    var _a, _b, _c;
     const resolvedTenant = resolveTenantId((_a = msalClientOptions.logger) !== null && _a !== void 0 ? _a : msalLogger, tenantId, clientId);
     // TODO: move and reuse getIdentityClientAuthorityHost
-    const authority = getAuthority(resolvedTenant, (_b = msalClientOptions.authorityHost) !== null && _b !== void 0 ? _b : process.env.AZURE_AUTHORITY_HOST);
+    const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));
     const httpClient = new IdentityClient(Object.assign(Object.assign({}, msalClientOptions.tokenCredentialOptions), { authorityHost: authority, loggingOptions: msalClientOptions.loggingOptions }));
     const msalConfig = {
         auth: {
@@ -1584,9 +1595,9 @@ function generateMsalConfiguration(clientId, tenantId, msalClientOptions = {}) {
         system: {
             networkClient: httpClient,
             loggerOptions: {
-                loggerCallback: defaultLoggerCallback((_c = msalClientOptions.logger) !== null && _c !== void 0 ? _c : msalLogger),
+                loggerCallback: defaultLoggerCallback((_b = msalClientOptions.logger) !== null && _b !== void 0 ? _b : msalLogger),
                 logLevel: getMSALLogLevel(logger$m.getLogLevel()),
-                piiLoggingEnabled: (_d = msalClientOptions.loggingOptions) === null || _d === void 0 ? void 0 : _d.enableUnsafeSupportLogging,
+                piiLoggingEnabled: (_c = msalClientOptions.loggingOptions) === null || _c === void 0 ? void 0 : _c.enableUnsafeSupportLogging,
             },
         },
     };
@@ -1691,7 +1702,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
      */
     function calculateRequestAuthority(options) {
         if (options === null || options === void 0 ? void 0 : options.tenantId) {
-            return getAuthority(options.tenantId, createMsalClientOptions.authorityHost);
+            return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));
         }
         return state.msalConfig.auth.authority;
     }
@@ -3048,7 +3059,14 @@ class ChainedTokenCredential {
      * @param sources - `TokenCredential` implementations to be tried in order.
      *
      * Example usage:
-     * ```javascript
+     * ```ts snippet:chained_token_credential_example
+     * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
+     *
+     * const tenantId = "<tenant-id>";
+     * const clientId = "<client-id>";
+     * const clientSecret = "<client-secret>";
+     * const anotherClientId = "<another-client-id>";
+     * const anotherSecret = "<another-client-secret>";
      * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
      * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
      * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
@@ -3712,13 +3730,15 @@ class DeviceCodeCredential {
      *
      * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
      *
-     * ```js
+     * ```ts snippet:device_code_credential_example
+     * import { DeviceCodeCredential } from "@azure/identity";
+     *
      * const credential = new DeviceCodeCredential({
-     *   tenantId: env.AZURE_TENANT_ID,
-     *   clientId: env.AZURE_CLIENT_ID,
+     *   tenantId: process.env.AZURE_TENANT_ID,
+     *   clientId: process.env.AZURE_CLIENT_ID,
      *   userPromptCallback: (info) => {
      *     console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
-     *   }
+     *   },
      * });
      * ```
      *
@@ -4059,14 +4079,14 @@ class OnBehalfOfCredential {
 /**
  * Returns a callback that provides a bearer token.
  * For example, the bearer token can be used to authenticate a request as follows:
- * ```js
- * import { DefaultAzureCredential } from "@azure/identity";
+ * ```ts snippet:token_provider_example
+ * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
+ * import { createPipelineRequest } from "@azure/core-rest-pipeline";
  *
  * const credential = new DefaultAzureCredential();
  * const scope = "https://cognitiveservices.azure.com/.default";
  * const getAccessToken = getBearerTokenProvider(credential, scope);
  * const token = await getAccessToken();
- *
  * // usage
  * const request = createPipelineRequest({ url: "https://example.com" });
  * request.headers.set("Authorization", `Bearer ${token}`);