@azure/identity 4.5.0-beta.3 → 4.5.1-alpha.20241021.1
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +28 -33
- package/dist/index.js +118 -28
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +1 -0
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/constants.js +1 -1
- package/dist-esm/src/constants.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +18 -2
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +1 -0
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePipelinesCredential.js +15 -4
- package/dist-esm/src/credentials/azurePipelinesCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +1 -0
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js +11 -3
- package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
- package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +15 -2
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +6 -4
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js +1 -0
- package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js +1 -0
- package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js +1 -1
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +1 -0
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalClient.js +25 -0
- package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
- package/dist-esm/src/msal/utils.js +2 -1
- package/dist-esm/src/msal/utils.js.map +1 -1
- package/dist-esm/src/plugins/consumer.js +6 -8
- package/dist-esm/src/plugins/consumer.js.map +1 -1
- package/dist-esm/src/tokenProvider.js +3 -3
- package/dist-esm/src/tokenProvider.js.map +1 -1
- package/dist-esm/src/util/subscriptionUtils.js +14 -0
- package/dist-esm/src/util/subscriptionUtils.js.map +1 -0
- package/package.json +19 -18
- package/types/identity.d.ts +80 -99
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n msalToken?: MsalToken | null,\n getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n let authorityHost = options?.authorityHost;\n\n if (!authorityHost && isNodeLike) {\n authorityHost = process.env.AZURE_AUTHORITY_HOST;\n }\n\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n tenantId: string,\n authorityHost: string,\n disableInstanceDiscovery?: boolean,\n): string[] {\n if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n switch (logLevel) {\n case \"error\":\n return msalCommon.LogLevel.Error;\n case \"info\":\n return msalCommon.LogLevel.Info;\n case \"verbose\":\n return msalCommon.LogLevel.Verbose;\n case \"warning\":\n return msalCommon.LogLevel.Warning;\n default:\n // default msal logging level should be Info\n return msalCommon.LogLevel.Info;\n }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n scopes: string[],\n error: Error,\n getTokenOptions?: GetTokenOptions,\n): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n );\n break;\n default:\n logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n if (error.name === \"NativeAuthError\") {\n logger.info(\n formatError(\n scopes,\n `Error from the native broker: ${error.message} with status code: ${\n (error as any).statusCode\n }`,\n ),\n );\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY;QAC3B,KAAK,CAAC,IAAI,KAAK,qBAAqB,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n msalToken?: MsalToken | null,\n getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n let authorityHost = options?.authorityHost;\n\n if (!authorityHost && isNodeLike) {\n authorityHost = process.env.AZURE_AUTHORITY_HOST;\n }\n\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n tenantId: string,\n authorityHost: string,\n disableInstanceDiscovery?: boolean,\n): string[] {\n if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n switch (logLevel) {\n case \"error\":\n return msalCommon.LogLevel.Error;\n case \"info\":\n return msalCommon.LogLevel.Info;\n case \"verbose\":\n return msalCommon.LogLevel.Verbose;\n case \"warning\":\n return msalCommon.LogLevel.Warning;\n default:\n // default msal logging level should be Info\n return msalCommon.LogLevel.Info;\n }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n scopes: string[],\n error: Error,\n getTokenOptions?: GetTokenOptions,\n): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n );\n break;\n default:\n logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\" ||\n error.name === \"AuthenticationError\"\n ) {\n return error;\n }\n if (error.name === \"NativeAuthError\") {\n logger.info(\n formatError(\n scopes,\n `Error from the native broker: ${error.message} with status code: ${\n (error as any).statusCode\n }`,\n ),\n );\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
|
@@ -22,18 +22,16 @@ const pluginContext = {
|
|
22
22
|
*
|
23
23
|
* Example:
|
24
24
|
*
|
25
|
-
* ```
|
26
|
-
* import {
|
25
|
+
* ```ts snippet:consumer_example
|
26
|
+
* import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
|
27
27
|
*
|
28
|
-
* import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
|
29
28
|
* useIdentityPlugin(cachePersistencePlugin);
|
30
|
-
*
|
31
|
-
* // The plugin has the capability to extend `DefaultAzureCredential` and to
|
29
|
+
* // The plugin has the capability to extend `DeviceCodeCredential` and to
|
32
30
|
* // add middleware to the underlying credentials, such as persistence.
|
33
|
-
* const credential = new
|
31
|
+
* const credential = new DeviceCodeCredential({
|
34
32
|
* tokenCachePersistenceOptions: {
|
35
|
-
* enabled: true
|
36
|
-
* }
|
33
|
+
* enabled: true,
|
34
|
+
* },
|
37
35
|
* });
|
38
36
|
* ```
|
39
37
|
*
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,GAChC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF;;;;GAIG;AACH,MAAM,aAAa,GAAuB;IACxC,kBAAkB,EAAE,wBAAwB;IAC5C,yBAAyB,EAAE,+BAA+B;IAC1D,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF
|
1
|
+
{"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,GAChC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF;;;;GAIG;AACH,MAAM,aAAa,GAAuB;IACxC,kBAAkB,EAAE,wBAAwB;IAC5C,yBAAyB,EAAE,+BAA+B;IAC1D,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,MAAM,CAAC,aAAa,CAAC,CAAC;AACxB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AzurePluginContext, IdentityPlugin } from \"./provider\";\nimport {\n msalNodeFlowCacheControl,\n msalNodeFlowNativeBrokerControl,\n} from \"../msal/nodeFlows/msalPlugins\";\n\nimport { vsCodeCredentialControl } from \"../credentials/visualStudioCodeCredential\";\n\n/**\n * The context passed to an Identity plugin. This contains objects that\n * plugins can use to set backend implementations.\n * @internal\n */\nconst pluginContext: AzurePluginContext = {\n cachePluginControl: msalNodeFlowCacheControl,\n nativeBrokerPluginControl: msalNodeFlowNativeBrokerControl,\n vsCodeCredentialControl: vsCodeCredentialControl,\n};\n\n/**\n * Extend Azure Identity with additional functionality. Pass a plugin from\n * a plugin package, such as:\n *\n * - `@azure/identity-cache-persistence`: provides persistent token caching\n * - `@azure/identity-vscode`: provides the dependencies of\n * `VisualStudioCodeCredential` and enables it\n *\n * Example:\n *\n * ```ts snippet:consumer_example\n * import { useIdentityPlugin, DeviceCodeCredential } from \"@azure/identity\";\n *\n * useIdentityPlugin(cachePersistencePlugin);\n * // The plugin has the capability to extend `DeviceCodeCredential` and to\n * // add middleware to the underlying credentials, such as persistence.\n * const credential = new DeviceCodeCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true,\n * },\n * });\n * ```\n *\n * @param plugin - the plugin to register\n */\nexport function useIdentityPlugin(plugin: IdentityPlugin): void {\n plugin(pluginContext);\n}\n"]}
|
@@ -4,14 +4,14 @@ import { bearerTokenAuthenticationPolicy, createEmptyPipeline, createPipelineReq
|
|
4
4
|
/**
|
5
5
|
* Returns a callback that provides a bearer token.
|
6
6
|
* For example, the bearer token can be used to authenticate a request as follows:
|
7
|
-
* ```
|
8
|
-
* import { DefaultAzureCredential } from "@azure/identity";
|
7
|
+
* ```ts snippet:token_provider_example
|
8
|
+
* import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
|
9
|
+
* import { createPipelineRequest } from "@azure/core-rest-pipeline";
|
9
10
|
*
|
10
11
|
* const credential = new DefaultAzureCredential();
|
11
12
|
* const scope = "https://cognitiveservices.azure.com/.default";
|
12
13
|
* const getAccessToken = getBearerTokenProvider(credential, scope);
|
13
14
|
* const token = await getAccessToken();
|
14
|
-
*
|
15
15
|
* // usage
|
16
16
|
* const request = createPipelineRequest({ url: "https://example.com" });
|
17
17
|
* request.headers.set("Authorization", `Bearer ${token}`);
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n bearerTokenAuthenticationPolicy,\n createEmptyPipeline,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n /** The abort signal to abort requests to get tokens */\n abortSignal?: AbortSignal;\n /** The tracing options for the requests to get tokens */\n tracingOptions?: {\n /**\n * Tracing Context for the current request to get a token.\n */\n tracingContext?: TracingContext;\n };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```
|
1
|
+
{"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n bearerTokenAuthenticationPolicy,\n createEmptyPipeline,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n /** The abort signal to abort requests to get tokens */\n abortSignal?: AbortSignal;\n /** The tracing options for the requests to get tokens */\n tracingOptions?: {\n /**\n * Tracing Context for the current request to get a token.\n */\n tracingContext?: TracingContext;\n };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```ts snippet:token_provider_example\n * import { DefaultAzureCredential, getBearerTokenProvider } from \"@azure/identity\";\n * import { createPipelineRequest } from \"@azure/core-rest-pipeline\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n credential: TokenCredential,\n scopes: string | string[],\n options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n const { abortSignal, tracingOptions } = options || {};\n const pipeline = createEmptyPipeline();\n pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n async function getRefreshedToken(): Promise<string> {\n // Create a pipeline with just the bearer token policy\n // and run a dummy request through it to get the token\n const res = await pipeline.sendRequest(\n {\n sendRequest: (request) =>\n Promise.resolve({\n request,\n status: 200,\n headers: request.headers,\n }),\n },\n createPipelineRequest({\n url: \"https://example.com\",\n abortSignal,\n tracingOptions,\n }),\n );\n const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n if (!accessToken) {\n throw new Error(\"Failed to get access token\");\n }\n return accessToken;\n }\n return getRefreshedToken;\n}\n"]}
|
@@ -0,0 +1,14 @@
|
|
1
|
+
// Copyright (c) Microsoft Corporation.
|
2
|
+
// Licensed under the MIT License.
|
3
|
+
import { formatError } from "./logging";
|
4
|
+
/**
|
5
|
+
* @internal
|
6
|
+
*/
|
7
|
+
export function checkSubscription(logger, subscription) {
|
8
|
+
if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
|
9
|
+
const error = new Error("Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.");
|
10
|
+
logger.info(formatError("", error));
|
11
|
+
throw error;
|
12
|
+
}
|
13
|
+
}
|
14
|
+
//# sourceMappingURL=subscriptionUtils.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"subscriptionUtils.js","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAoB,WAAW,EAAE,MAAM,WAAW,CAAC;AAE1D;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAwB,EAAE,YAAoB;IAC9E,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uLAAuL,CACxL,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { CredentialLogger, formatError } from \"./logging\";\n\n/**\n * @internal\n */\nexport function checkSubscription(logger: CredentialLogger, subscription: string): void {\n if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {\n const error = new Error(\n \"Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n"]}
|
package/package.json
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
{
|
2
2
|
"name": "@azure/identity",
|
3
3
|
"sdk-type": "client",
|
4
|
-
"version": "4.5.
|
4
|
+
"version": "4.5.1-alpha.20241021.1",
|
5
5
|
"description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
|
6
6
|
"main": "dist/index.js",
|
7
7
|
"module": "dist-esm/src/index.js",
|
@@ -47,28 +47,29 @@
|
|
47
47
|
},
|
48
48
|
"scripts": {
|
49
49
|
"audit": "node ../../../common/scripts/rush-audit.js && rimraf node_modules package-lock.json && npm i --package-lock-only 2>&1 && npm audit",
|
50
|
+
"build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
|
50
51
|
"build:samples": "echo Obsolete.",
|
51
52
|
"build:test": "echo skipped. actual commands inlined in browser test scripts",
|
52
|
-
"
|
53
|
+
"check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
|
53
54
|
"clean": "rimraf --glob dist dist-* types *.tgz *.log",
|
54
55
|
"execute:samples": "dev-tool samples run samples-dev",
|
55
56
|
"extract-api": "tsc -p . && dev-tool run extract-api",
|
56
57
|
"format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
|
57
|
-
"
|
58
|
+
"integration-test": "npm run integration-test:node && npm run integration-test:browser",
|
58
59
|
"integration-test:browser": "echo skipped",
|
59
|
-
"integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
|
60
60
|
"integration-test:managed-identity": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'",
|
61
|
-
"integration-test": "
|
62
|
-
"lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
|
61
|
+
"integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
|
63
62
|
"lint": "eslint package.json api-extractor.json src test",
|
63
|
+
"lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
|
64
64
|
"pack": "npm pack 2>&1",
|
65
|
+
"test": "npm run clean && npm run build:test && npm run unit-test && npm run integration-test",
|
65
66
|
"test:browser": "npm run clean && tsc -p . && dev-tool run bundle && npm run unit-test:browser && npm run integration-test:browser",
|
66
67
|
"test:node": "npm run clean && npm run unit-test:node && npm run integration-test:node",
|
67
|
-
"test": "npm run
|
68
|
+
"unit-test": "npm run unit-test:node && npm run unit-test:browser",
|
68
69
|
"unit-test:browser": "dev-tool run test:browser",
|
69
|
-
"unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/integration/**/*.spec.ts' 'test/**/**/*.spec.ts'",
|
70
|
-
"unit-test:node:no-timeouts": "dev-tool run test:node-ts-input -- --timeout Infinite --exclude 'test/**/browser/**/*.spec.ts' 'test/**/**/*.spec.ts'",
|
71
|
-
"
|
70
|
+
"unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/snippets.spec.ts' --exclude 'test/integration/**/*.spec.ts' 'test/**/**/*.spec.ts'",
|
71
|
+
"unit-test:node:no-timeouts": "dev-tool run test:node-ts-input -- --timeout Infinite --exclude 'test/snippets.spec.ts' --exclude 'test/**/browser/**/*.spec.ts' 'test/**/**/*.spec.ts'",
|
72
|
+
"update-snippets": "dev-tool run update-snippets"
|
72
73
|
},
|
73
74
|
"files": [
|
74
75
|
"dist/",
|
@@ -109,14 +110,14 @@
|
|
109
110
|
"sideEffects": false,
|
110
111
|
"dependencies": {
|
111
112
|
"@azure/abort-controller": "^2.0.0",
|
112
|
-
"@azure/core-auth": "
|
113
|
+
"@azure/core-auth": ">=1.9.0-alpha <1.9.0-alphb",
|
113
114
|
"@azure/core-client": "^1.9.2",
|
114
115
|
"@azure/core-rest-pipeline": "^1.17.0",
|
115
116
|
"@azure/core-tracing": "^1.0.0",
|
116
|
-
"@azure/core-util": "
|
117
|
+
"@azure/core-util": ">=1.11.0-alpha <1.11.0-alphb",
|
117
118
|
"@azure/logger": "^1.0.0",
|
118
|
-
"@azure/msal-node": "^2.
|
119
|
-
"@azure/msal-browser": "^3.
|
119
|
+
"@azure/msal-node": "^2.15.0",
|
120
|
+
"@azure/msal-browser": "^3.26.1",
|
120
121
|
"events": "^3.0.0",
|
121
122
|
"jws": "^4.0.0",
|
122
123
|
"open": "^8.0.0",
|
@@ -125,10 +126,10 @@
|
|
125
126
|
},
|
126
127
|
"devDependencies": {
|
127
128
|
"@azure-tools/test-recorder": "^3.0.0",
|
128
|
-
"@azure/dev-tool": "^1.0.0",
|
129
|
-
"@azure/eslint-plugin-azure-sdk": "^3.0.0",
|
130
|
-
"@azure/keyvault-keys": "^4.2.0",
|
131
129
|
"@azure-tools/test-utils": "^1.0.1",
|
130
|
+
"@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
|
131
|
+
"@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
|
132
|
+
"@azure/keyvault-keys": "^4.2.0",
|
132
133
|
"@microsoft/api-extractor": "^7.31.1",
|
133
134
|
"@types/chai": "^4.1.6",
|
134
135
|
"@types/jsonwebtoken": "^9.0.0",
|
@@ -160,7 +161,7 @@
|
|
160
161
|
"rimraf": "^5.0.5",
|
161
162
|
"sinon": "^17.0.0",
|
162
163
|
"ts-node": "^10.0.0",
|
163
|
-
"typescript": "~5.
|
164
|
+
"typescript": "~5.6.2",
|
164
165
|
"util": "^0.12.1"
|
165
166
|
}
|
166
167
|
}
|
package/types/identity.d.ts
CHANGED
@@ -242,6 +242,7 @@ export declare class AzureCliCredential implements TokenCredential {
|
|
242
242
|
private tenantId?;
|
243
243
|
private additionallyAllowedTenantIds;
|
244
244
|
private timeout?;
|
245
|
+
private subscription?;
|
245
246
|
/**
|
246
247
|
* Creates an instance of the {@link AzureCliCredential}.
|
247
248
|
*
|
@@ -285,6 +286,11 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
|
|
285
286
|
* Process timeout configurable for making token requests, provided in milliseconds
|
286
287
|
*/
|
287
288
|
processTimeoutInMs?: number;
|
289
|
+
/**
|
290
|
+
* Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
|
291
|
+
* than the Azure CLI's current account.
|
292
|
+
*/
|
293
|
+
subscription?: string;
|
288
294
|
}
|
289
295
|
|
290
296
|
/**
|
@@ -529,8 +535,9 @@ export declare interface BrowserCustomizationOptions {
|
|
529
535
|
export declare type BrowserLoginStyle = "redirect" | "popup";
|
530
536
|
|
531
537
|
/**
|
532
|
-
* Enables multiple `TokenCredential` implementations to be tried in order
|
533
|
-
*
|
538
|
+
* Enables multiple `TokenCredential` implementations to be tried in order until
|
539
|
+
* one of the getToken methods returns an access token. For more information, see
|
540
|
+
* [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
|
534
541
|
*/
|
535
542
|
export declare class ChainedTokenCredential implements TokenCredential {
|
536
543
|
private _sources;
|
@@ -540,7 +547,14 @@ export declare class ChainedTokenCredential implements TokenCredential {
|
|
540
547
|
* @param sources - `TokenCredential` implementations to be tried in order.
|
541
548
|
*
|
542
549
|
* Example usage:
|
543
|
-
* ```
|
550
|
+
* ```ts snippet:chained_token_credential_example
|
551
|
+
* import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
|
552
|
+
*
|
553
|
+
* const tenantId = "<tenant-id>";
|
554
|
+
* const clientId = "<client-id>";
|
555
|
+
* const clientSecret = "<client-secret>";
|
556
|
+
* const anotherClientId = "<another-client-id>";
|
557
|
+
* const anotherSecret = "<another-client-secret>";
|
544
558
|
* const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
545
559
|
* const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
|
546
560
|
* const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
|
@@ -758,23 +772,14 @@ export declare interface CredentialPersistenceOptions {
|
|
758
772
|
*
|
759
773
|
* Example:
|
760
774
|
*
|
761
|
-
* ```
|
762
|
-
* import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
|
775
|
+
* ```ts snippet:credential_persistence_options_example
|
763
776
|
* import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
|
764
777
|
*
|
765
778
|
* useIdentityPlugin(cachePersistencePlugin);
|
766
|
-
*
|
767
|
-
*
|
768
|
-
*
|
769
|
-
*
|
770
|
-
* enabled: true
|
771
|
-
* }
|
772
|
-
* });
|
773
|
-
* }
|
774
|
-
*
|
775
|
-
* main().catch((error) => {
|
776
|
-
* console.error("An error occurred:", error);
|
777
|
-
* process.exit(1);
|
779
|
+
* const credential = new DeviceCodeCredential({
|
780
|
+
* tokenCachePersistenceOptions: {
|
781
|
+
* enabled: true,
|
782
|
+
* },
|
778
783
|
* });
|
779
784
|
* ```
|
780
785
|
*/
|
@@ -798,69 +803,37 @@ export declare class CredentialUnavailableError extends Error {
|
|
798
803
|
export declare const CredentialUnavailableErrorName = "CredentialUnavailableError";
|
799
804
|
|
800
805
|
/**
|
801
|
-
* Provides a default {@link ChainedTokenCredential} configuration that
|
802
|
-
*
|
806
|
+
* Provides a default {@link ChainedTokenCredential} configuration that works for most
|
807
|
+
* applications that use Azure SDK client libraries. For more information, see
|
808
|
+
* [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).
|
809
|
+
*
|
810
|
+
* The following credential types will be tried, in order:
|
811
|
+
*
|
812
|
+
* - {@link EnvironmentCredential}
|
813
|
+
* - {@link WorkloadIdentityCredential}
|
814
|
+
* - {@link ManagedIdentityCredential}
|
815
|
+
* - {@link AzureCliCredential}
|
816
|
+
* - {@link AzurePowerShellCredential}
|
817
|
+
* - {@link AzureDeveloperCliCredential}
|
818
|
+
*
|
819
|
+
* Consult the documentation of these credential types for more information
|
820
|
+
* on how they attempt authentication.
|
803
821
|
*/
|
804
822
|
export declare class DefaultAzureCredential extends ChainedTokenCredential {
|
805
823
|
/**
|
806
|
-
* Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}
|
807
|
-
*
|
808
|
-
* This credential provides a default {@link ChainedTokenCredential} configuration that should
|
809
|
-
* work for most applications that use the Azure SDK.
|
810
|
-
*
|
811
|
-
* The following credential types will be tried, in order:
|
812
|
-
*
|
813
|
-
* - {@link EnvironmentCredential}
|
814
|
-
* - {@link WorkloadIdentityCredential}
|
815
|
-
* - {@link ManagedIdentityCredential}
|
816
|
-
* - {@link AzureCliCredential}
|
817
|
-
* - {@link AzurePowerShellCredential}
|
818
|
-
* - {@link AzureDeveloperCliCredential}
|
819
|
-
*
|
820
|
-
* Consult the documentation of these credential types for more information
|
821
|
-
* on how they attempt authentication.
|
824
|
+
* Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.
|
822
825
|
*
|
823
826
|
* @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.
|
824
827
|
*/
|
825
828
|
constructor(options?: DefaultAzureCredentialClientIdOptions);
|
826
829
|
/**
|
827
|
-
*
|
828
|
-
*
|
829
|
-
* This credential provides a default {@link ChainedTokenCredential} configuration that should
|
830
|
-
* work for most applications that use the Azure SDK.
|
831
|
-
*
|
832
|
-
* The following credential types will be tried, in order:
|
833
|
-
*
|
834
|
-
* - {@link EnvironmentCredential}
|
835
|
-
* - {@link WorkloadIdentityCredential}
|
836
|
-
* - {@link ManagedIdentityCredential}
|
837
|
-
* - {@link AzureCliCredential}
|
838
|
-
* - {@link AzurePowerShellCredential}
|
839
|
-
* - {@link AzureDeveloperCliCredential}
|
840
|
-
*
|
841
|
-
* Consult the documentation of these credential types for more information
|
842
|
-
* on how they attempt authentication.
|
830
|
+
* Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.
|
843
831
|
*
|
844
832
|
* @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.
|
845
833
|
*/
|
846
834
|
constructor(options?: DefaultAzureCredentialResourceIdOptions);
|
847
835
|
/**
|
848
|
-
* Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}
|
849
|
-
*
|
850
|
-
* This credential provides a default {@link ChainedTokenCredential} configuration that should
|
851
|
-
* work for most applications that use the Azure SDK.
|
852
|
-
*
|
853
|
-
* The following credential types will be tried, in order:
|
854
|
-
*
|
855
|
-
* - {@link EnvironmentCredential}
|
856
|
-
* - {@link WorkloadIdentityCredential}
|
857
|
-
* - {@link ManagedIdentityCredential}
|
858
|
-
* - {@link AzureCliCredential}
|
859
|
-
* - {@link AzurePowerShellCredential}
|
860
|
-
* - {@link AzureDeveloperCliCredential}
|
861
|
-
*
|
862
|
-
* Consult the documentation of these credential types for more information
|
863
|
-
* on how they attempt authentication.
|
836
|
+
* Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.
|
864
837
|
*
|
865
838
|
* @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.
|
866
839
|
*/
|
@@ -955,13 +928,15 @@ export declare class DeviceCodeCredential implements TokenCredential {
|
|
955
928
|
*
|
956
929
|
* Developers can configure how this message is shown by passing a custom `userPromptCallback`:
|
957
930
|
*
|
958
|
-
* ```
|
931
|
+
* ```ts snippet:device_code_credential_example
|
932
|
+
* import { DeviceCodeCredential } from "@azure/identity";
|
933
|
+
*
|
959
934
|
* const credential = new DeviceCodeCredential({
|
960
|
-
* tenantId: env.AZURE_TENANT_ID,
|
961
|
-
* clientId: env.AZURE_CLIENT_ID,
|
935
|
+
* tenantId: process.env.AZURE_TENANT_ID,
|
936
|
+
* clientId: process.env.AZURE_CLIENT_ID,
|
962
937
|
* userPromptCallback: (info) => {
|
963
938
|
* console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
|
964
|
-
* }
|
939
|
+
* },
|
965
940
|
* });
|
966
941
|
* ```
|
967
942
|
*
|
@@ -1133,14 +1108,14 @@ export declare interface ErrorResponse {
|
|
1133
1108
|
/**
|
1134
1109
|
* Returns a callback that provides a bearer token.
|
1135
1110
|
* For example, the bearer token can be used to authenticate a request as follows:
|
1136
|
-
* ```
|
1137
|
-
* import { DefaultAzureCredential } from "@azure/identity";
|
1111
|
+
* ```ts snippet:token_provider_example
|
1112
|
+
* import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
|
1113
|
+
* import { createPipelineRequest } from "@azure/core-rest-pipeline";
|
1138
1114
|
*
|
1139
1115
|
* const credential = new DefaultAzureCredential();
|
1140
1116
|
* const scope = "https://cognitiveservices.azure.com/.default";
|
1141
1117
|
* const getAccessToken = getBearerTokenProvider(credential, scope);
|
1142
1118
|
* const token = await getAccessToken();
|
1143
|
-
*
|
1144
1119
|
* // usage
|
1145
1120
|
* const request = createPipelineRequest({ url: "https://example.com" });
|
1146
1121
|
* request.headers.set("Authorization", `Bearer ${token}`);
|
@@ -1441,15 +1416,17 @@ export declare class OnBehalfOfCredential implements TokenCredential {
|
|
1441
1416
|
*
|
1442
1417
|
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
1443
1418
|
*
|
1444
|
-
* ```ts
|
1419
|
+
* ```ts snippet:on_behalf_of_credential_pem_example
|
1420
|
+
* import { OnBehalfOfCredential } from "@azure/identity";
|
1421
|
+
* import { KeyClient } from "@azure/keyvault-keys";
|
1422
|
+
*
|
1445
1423
|
* const tokenCredential = new OnBehalfOfCredential({
|
1446
|
-
* tenantId,
|
1447
|
-
* clientId,
|
1424
|
+
* tenantId: "tenant-id",
|
1425
|
+
* clientId: "client-id",
|
1448
1426
|
* certificatePath: "/path/to/certificate.pem",
|
1449
|
-
* userAssertionToken: "access-token"
|
1427
|
+
* userAssertionToken: "access-token",
|
1450
1428
|
* });
|
1451
1429
|
* const client = new KeyClient("vault-url", tokenCredential);
|
1452
|
-
*
|
1453
1430
|
* await client.getKey("key-name");
|
1454
1431
|
* ```
|
1455
1432
|
*
|
@@ -1463,15 +1440,17 @@ export declare class OnBehalfOfCredential implements TokenCredential {
|
|
1463
1440
|
*
|
1464
1441
|
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
1465
1442
|
*
|
1466
|
-
* ```ts
|
1443
|
+
* ```ts snippet:on_behalf_of_credential_secret_example
|
1444
|
+
* import { OnBehalfOfCredential } from "@azure/identity";
|
1445
|
+
* import { KeyClient } from "@azure/keyvault-keys";
|
1446
|
+
*
|
1467
1447
|
* const tokenCredential = new OnBehalfOfCredential({
|
1468
|
-
* tenantId,
|
1469
|
-
* clientId,
|
1470
|
-
* clientSecret,
|
1471
|
-
* userAssertionToken: "access-token"
|
1448
|
+
* tenantId: "tenant-id",
|
1449
|
+
* clientId: "client-id",
|
1450
|
+
* clientSecret: "client-secret",
|
1451
|
+
* userAssertionToken: "access-token",
|
1472
1452
|
* });
|
1473
1453
|
* const client = new KeyClient("vault-url", tokenCredential);
|
1474
|
-
*
|
1475
1454
|
* await client.getKey("key-name");
|
1476
1455
|
* ```
|
1477
1456
|
*
|
@@ -1485,15 +1464,19 @@ export declare class OnBehalfOfCredential implements TokenCredential {
|
|
1485
1464
|
*
|
1486
1465
|
* Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
1487
1466
|
*
|
1488
|
-
* ```ts
|
1467
|
+
* ```ts snippet:on_behalf_of_credential_assertion_example
|
1468
|
+
* import { OnBehalfOfCredential } from "@azure/identity";
|
1469
|
+
* import { KeyClient } from "@azure/keyvault-keys";
|
1470
|
+
*
|
1489
1471
|
* const tokenCredential = new OnBehalfOfCredential({
|
1490
|
-
* tenantId,
|
1491
|
-
* clientId,
|
1492
|
-
* getAssertion: () => {
|
1493
|
-
*
|
1472
|
+
* tenantId: "tenant-id",
|
1473
|
+
* clientId: "client-id",
|
1474
|
+
* getAssertion: () => {
|
1475
|
+
* return Promise.resolve("my-jwt");
|
1476
|
+
* },
|
1477
|
+
* userAssertionToken: "access-token",
|
1494
1478
|
* });
|
1495
1479
|
* const client = new KeyClient("vault-url", tokenCredential);
|
1496
|
-
*
|
1497
1480
|
* await client.getKey("key-name");
|
1498
1481
|
* ```
|
1499
1482
|
*
|
@@ -1666,18 +1649,16 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
|
|
1666
1649
|
*
|
1667
1650
|
* Example:
|
1668
1651
|
*
|
1669
|
-
* ```
|
1670
|
-
* import {
|
1652
|
+
* ```ts snippet:consumer_example
|
1653
|
+
* import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
|
1671
1654
|
*
|
1672
|
-
* import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
|
1673
1655
|
* useIdentityPlugin(cachePersistencePlugin);
|
1674
|
-
*
|
1675
|
-
* // The plugin has the capability to extend `DefaultAzureCredential` and to
|
1656
|
+
* // The plugin has the capability to extend `DeviceCodeCredential` and to
|
1676
1657
|
* // add middleware to the underlying credentials, such as persistence.
|
1677
|
-
* const credential = new
|
1658
|
+
* const credential = new DeviceCodeCredential({
|
1678
1659
|
* tokenCachePersistenceOptions: {
|
1679
|
-
* enabled: true
|
1680
|
-
* }
|
1660
|
+
* enabled: true,
|
1661
|
+
* },
|
1681
1662
|
* });
|
1682
1663
|
* ```
|
1683
1664
|
*
|