@azure/identity 4.5.0-alpha.20240917.2 → 4.5.0-alpha.20240926.2
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +21 -18
- package/dist/index.js +23 -16
- package/dist/index.js.map +1 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js +8 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
- package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +6 -4
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/plugins/consumer.js +6 -8
- package/dist-esm/src/plugins/consumer.js.map +1 -1
- package/dist-esm/src/tokenProvider.js +3 -3
- package/dist-esm/src/tokenProvider.js.map +1 -1
- package/package.json +14 -13
- package/types/identity.d.ts +53 -47
package/README.md
CHANGED
@@ -157,19 +157,14 @@ You can find more examples of using various credentials in [Azure Identity Examp
|
|
157
157
|
|
158
158
|
This example demonstrates authenticating the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys) client library using `DefaultAzureCredential`.
|
159
159
|
|
160
|
-
```
|
161
|
-
// The default credential first checks environment variables for configuration as described above.
|
162
|
-
// If environment configuration is incomplete, it will try managed identity.
|
163
|
-
|
164
|
-
// Azure Key Vault service to use
|
165
|
-
import { KeyClient } from "@azure/keyvault-keys";
|
166
|
-
|
167
|
-
// Azure authentication library to access Azure Key Vault
|
160
|
+
```ts snippet:defaultazurecredential_authenticate
|
168
161
|
import { DefaultAzureCredential } from "@azure/identity";
|
162
|
+
import { KeyClient } from "@azure/keyvault-keys";
|
169
163
|
|
164
|
+
// Configure vault URL
|
165
|
+
const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
|
170
166
|
// Azure SDK clients accept the credential as a parameter
|
171
167
|
const credential = new DefaultAzureCredential();
|
172
|
-
|
173
168
|
// Create authenticated client
|
174
169
|
const client = new KeyClient(vaultUrl, credential);
|
175
170
|
```
|
@@ -182,17 +177,23 @@ A relatively common scenario involves authenticating using a user-assigned manag
|
|
182
177
|
|
183
178
|
While `DefaultAzureCredential` is generally the quickest way to get started developing applications for Azure, more advanced users may want to customize the credentials considered when authenticating. The `ChainedTokenCredential` enables users to combine multiple credential instances to define a customized chain of credentials. This example demonstrates creating a `ChainedTokenCredential` that attempts to authenticate using two differently configured instances of `ClientSecretCredential`, to then authenticate the `KeyClient` from the [@azure/keyvault-keys](https://www.npmjs.com/package/@azure/keyvault-keys):
|
184
179
|
|
185
|
-
```
|
180
|
+
```ts snippet:chaintedtokencredential_authenticate
|
186
181
|
import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
|
182
|
+
import { KeyClient } from "@azure/keyvault-keys";
|
187
183
|
|
184
|
+
// Configure variables
|
185
|
+
const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
|
186
|
+
const tenantId = "<tenant-id>";
|
187
|
+
const clientId = "<client-id>";
|
188
|
+
const clientSecret = "<client-secret>";
|
189
|
+
const anotherClientId = "<another-client-id>";
|
190
|
+
const anotherSecret = "<another-client-secret>";
|
188
191
|
// When an access token is requested, the chain will try each
|
189
192
|
// credential in order, stopping when one provides a token
|
190
193
|
const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
191
194
|
const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
|
192
195
|
const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
|
193
|
-
|
194
196
|
// The chain can be used anywhere a credential is required
|
195
|
-
import { KeyClient } from "@azure/keyvault-keys";
|
196
197
|
const client = new KeyClient(vaultUrl, credentialChain);
|
197
198
|
```
|
198
199
|
|
@@ -214,15 +215,16 @@ For examples of how to use managed identity for authentication, see [the example
|
|
214
215
|
|
215
216
|
Credentials default to authenticating to the Microsoft Entra endpoint for Azure Public Cloud. To access resources in other clouds, such as Azure Government or a private cloud, configure credentials with the `authorityHost` argument in the constructor. The [`AzureAuthorityHosts`][authority_hosts] enum defines authorities for well-known clouds. For the US Government cloud, you could instantiate a credential this way:
|
216
217
|
|
217
|
-
```
|
218
|
-
import {
|
218
|
+
```ts snippet:cloudconfiguration_authenticate
|
219
|
+
import { ClientSecretCredential, AzureAuthorityHosts } from "@azure/identity";
|
220
|
+
|
219
221
|
const credential = new ClientSecretCredential(
|
220
222
|
"<YOUR_TENANT_ID>",
|
221
223
|
"<YOUR_CLIENT_ID>",
|
222
224
|
"<YOUR_CLIENT_SECRET>",
|
223
225
|
{
|
224
226
|
authorityHost: AzureAuthorityHosts.AzureGovernment,
|
225
|
-
}
|
227
|
+
},
|
226
228
|
);
|
227
229
|
```
|
228
230
|
|
@@ -234,15 +236,16 @@ AZURE_AUTHORITY_HOST=https://login.partner.microsoftonline.cn
|
|
234
236
|
|
235
237
|
The `AzureAuthorityHosts` enum defines authorities for well-known clouds for your convenience; however, if the authority for your cloud isn't listed in `AzureAuthorityHosts`, you may pass any valid authority URL as a string argument. For example:
|
236
238
|
|
237
|
-
```
|
238
|
-
import {
|
239
|
+
```ts snippet:cloudconfiguration_authorityhost
|
240
|
+
import { ClientSecretCredential } from "@azure/identity";
|
241
|
+
|
239
242
|
const credential = new ClientSecretCredential(
|
240
243
|
"<YOUR_TENANT_ID>",
|
241
244
|
"<YOUR_CLIENT_ID>",
|
242
245
|
"<YOUR_CLIENT_SECRET>",
|
243
246
|
{
|
244
247
|
authorityHost: "https://login.partner.microsoftonline.cn",
|
245
|
-
}
|
248
|
+
},
|
246
249
|
);
|
247
250
|
```
|
248
251
|
|
package/dist/index.js
CHANGED
@@ -1017,18 +1017,16 @@ const pluginContext = {
|
|
1017
1017
|
*
|
1018
1018
|
* Example:
|
1019
1019
|
*
|
1020
|
-
* ```
|
1021
|
-
* import {
|
1020
|
+
* ```ts snippet:consumer_example
|
1021
|
+
* import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
|
1022
1022
|
*
|
1023
|
-
* import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
|
1024
1023
|
* useIdentityPlugin(cachePersistencePlugin);
|
1025
|
-
*
|
1026
|
-
* // The plugin has the capability to extend `DefaultAzureCredential` and to
|
1024
|
+
* // The plugin has the capability to extend `DeviceCodeCredential` and to
|
1027
1025
|
* // add middleware to the underlying credentials, such as persistence.
|
1028
|
-
* const credential = new
|
1026
|
+
* const credential = new DeviceCodeCredential({
|
1029
1027
|
* tokenCachePersistenceOptions: {
|
1030
|
-
* enabled: true
|
1031
|
-
* }
|
1028
|
+
* enabled: true,
|
1029
|
+
* },
|
1032
1030
|
* });
|
1033
1031
|
* ```
|
1034
1032
|
*
|
@@ -3061,7 +3059,14 @@ class ChainedTokenCredential {
|
|
3061
3059
|
* @param sources - `TokenCredential` implementations to be tried in order.
|
3062
3060
|
*
|
3063
3061
|
* Example usage:
|
3064
|
-
* ```
|
3062
|
+
* ```ts snippet:chained_token_credential_example
|
3063
|
+
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
|
3064
|
+
*
|
3065
|
+
* const tenantId = "<tenant-id>";
|
3066
|
+
* const clientId = "<client-id>";
|
3067
|
+
* const clientSecret = "<client-secret>";
|
3068
|
+
* const anotherClientId = "<another-client-id>";
|
3069
|
+
* const anotherSecret = "<another-client-secret>";
|
3065
3070
|
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
3066
3071
|
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
|
3067
3072
|
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
|
@@ -3725,13 +3730,15 @@ class DeviceCodeCredential {
|
|
3725
3730
|
*
|
3726
3731
|
* Developers can configure how this message is shown by passing a custom `userPromptCallback`:
|
3727
3732
|
*
|
3728
|
-
* ```
|
3733
|
+
* ```ts snippet:device_code_credential_example
|
3734
|
+
* import { DeviceCodeCredential } from "@azure/identity";
|
3735
|
+
*
|
3729
3736
|
* const credential = new DeviceCodeCredential({
|
3730
|
-
* tenantId: env.AZURE_TENANT_ID,
|
3731
|
-
* clientId: env.AZURE_CLIENT_ID,
|
3737
|
+
* tenantId: process.env.AZURE_TENANT_ID,
|
3738
|
+
* clientId: process.env.AZURE_CLIENT_ID,
|
3732
3739
|
* userPromptCallback: (info) => {
|
3733
3740
|
* console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
|
3734
|
-
* }
|
3741
|
+
* },
|
3735
3742
|
* });
|
3736
3743
|
* ```
|
3737
3744
|
*
|
@@ -4072,14 +4079,14 @@ class OnBehalfOfCredential {
|
|
4072
4079
|
/**
|
4073
4080
|
* Returns a callback that provides a bearer token.
|
4074
4081
|
* For example, the bearer token can be used to authenticate a request as follows:
|
4075
|
-
* ```
|
4076
|
-
* import { DefaultAzureCredential } from "@azure/identity";
|
4082
|
+
* ```ts snippet:token_provider_example
|
4083
|
+
* import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
|
4084
|
+
* import { createPipelineRequest } from "@azure/core-rest-pipeline";
|
4077
4085
|
*
|
4078
4086
|
* const credential = new DefaultAzureCredential();
|
4079
4087
|
* const scope = "https://cognitiveservices.azure.com/.default";
|
4080
4088
|
* const getAccessToken = getBearerTokenProvider(credential, scope);
|
4081
4089
|
* const token = await getAccessToken();
|
4082
|
-
*
|
4083
4090
|
* // usage
|
4084
4091
|
* const request = createPipelineRequest({ url: "https://example.com" });
|
4085
4092
|
* request.headers.set("Authorization", `Bearer ${token}`);
|