@azure/identity 4.5.0-alpha.20240927.1 → 4.5.0-alpha.20241007.2

package/dist/index.js

@@ -44,7 +44,7 @@ var child_process__namespace = /*#__PURE__*/_interopNamespaceDefault(child_proce
 /**
  * Current version of the `@azure/identity` package.
  */
-const SDK_VERSION = `4.5.0-beta.3`;
+const SDK_VERSION = `4.5.0`;
 /**
  * The default client ID for authentication
  * @internal
@@ -1182,7 +1182,8 @@ function handleMsalError(scopes, error, getTokenOptions) {
     }
     if (error.name === "ClientConfigurationError" ||
         error.name === "BrowserConfigurationAuthError" ||
-        error.name === "AbortError") {
+        error.name === "AbortError" ||
+        error.name === "AuthenticationError") {
         return error;
     }
     if (error.name === "NativeAuthError") {
@@ -3810,7 +3811,8 @@ class AzurePipelinesCredential {
      * @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
      * @param options - The identity client options to use for authentication.
      */
-    constructor(tenantId, clientId, serviceConnectionId, systemAccessToken, options) {
+    constructor(tenantId, clientId, serviceConnectionId, systemAccessToken, options = {}) {
+        var _a, _b;
         if (!clientId) {
             throw new CredentialUnavailableError(`${credentialName$1}: is unavailable. clientId is a required parameter.`);
         }
@@ -3823,6 +3825,12 @@ class AzurePipelinesCredential {
         if (!systemAccessToken) {
             throw new CredentialUnavailableError(`${credentialName$1}: is unavailable. systemAccessToken is a required parameter.`);
         }
+        // Allow these headers to be logged for troubleshooting by AzurePipelines.
+        options.loggingOptions = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.loggingOptions), { additionalAllowedHeaderNames: [
+                ...((_b = (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.additionalAllowedHeaderNames) !== null && _b !== void 0 ? _b : []),
+                "x-vss-e2eid",
+                "x-msedge-ref",
+            ] });
         this.identityClient = new IdentityClient(options);
         checkTenantId(logger$2, tenantId);
         logger$2.info(`Invoking AzurePipelinesCredential with tenant ID: ${tenantId}, client ID: ${clientId}, and service connection ID: ${serviceConnectionId}`);
@@ -3871,6 +3879,8 @@ class AzurePipelinesCredential {
             headers: coreRestPipeline.createHttpHeaders({
                 "Content-Type": "application/json",
                 Authorization: `Bearer ${systemAccessToken}`,
+                // Prevents the service from responding with a redirect HTTP status code (useful for automation).
+                "X-TFS-FedAuthRedirect": "Suppress",
             }),
         });
         const response = await this.identityClient.sendRequest(request);
@@ -3878,6 +3888,7 @@ class AzurePipelinesCredential {
     }
 }
 function handleOidcResponse(response) {
+    // OIDC token is present in `bodyAsText` field
     const text = response.bodyAsText;
     if (!text) {
         logger$2.error(`${credentialName$1}: Authentication Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
@@ -3895,7 +3906,7 @@ function handleOidcResponse(response) {
             const errorMessage = `${credentialName$1}: Authentication Failed. oidcToken field not detected in the response.`;
             let errorDescription = ``;
             if (response.status !== 200) {
-                errorDescription = `Complete response - ${JSON.stringify(result)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
+                errorDescription = `Response body = ${text}. Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
             }
             logger$2.error(errorMessage);
             logger$2.error(errorDescription);
@@ -3907,11 +3918,12 @@ function handleOidcResponse(response) {
     }
     catch (e) {
         const errorDetails = `${credentialName$1}: Authentication Failed. oidcToken field not detected in the response.`;
-        logger$2.error(`Response from service = ${text} and error message = ${e.message}`);
+        logger$2.error(`Response from service = ${text}, Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} 
+      and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}, error message = ${e.message}`);
         logger$2.error(errorDetails);
         throw new AuthenticationError(response.status, {
             error: errorDetails,
-            error_description: `Response = ${text}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
+            error_description: `Response = ${text}. Response headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] =  ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
         });
     }
 }