@azure/identity 4.5.0-beta.3 → 4.5.1-alpha.20241021.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. package/README.md +28 -33
  2. package/dist/index.js +118 -28
  3. package/dist/index.js.map +1 -1
  4. package/dist-esm/src/client/identityClient.js +1 -0
  5. package/dist-esm/src/client/identityClient.js.map +1 -1
  6. package/dist-esm/src/constants.js +1 -1
  7. package/dist-esm/src/constants.js.map +1 -1
  8. package/dist-esm/src/credentials/azureCliCredential.js +18 -2
  9. package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
  10. package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +1 -1
  11. package/dist-esm/src/credentials/azureDeveloperCliCredential.js +1 -0
  12. package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
  13. package/dist-esm/src/credentials/azurePipelinesCredential.js +15 -4
  14. package/dist-esm/src/credentials/azurePipelinesCredential.js.map +1 -1
  15. package/dist-esm/src/credentials/azurePowerShellCredential.js +1 -0
  16. package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
  17. package/dist-esm/src/credentials/chainedTokenCredential.js +11 -3
  18. package/dist-esm/src/credentials/chainedTokenCredential.js.map +1 -1
  19. package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +1 -1
  20. package/dist-esm/src/credentials/defaultAzureCredential.js +15 -2
  21. package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
  22. package/dist-esm/src/credentials/deviceCodeCredential.js +6 -4
  23. package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
  24. package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
  25. package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js +1 -0
  26. package/dist-esm/src/credentials/managedIdentityCredential/legacyMsiProvider.js.map +1 -1
  27. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js +1 -0
  28. package/dist-esm/src/credentials/managedIdentityCredential/msalMsiProvider.js.map +1 -1
  29. package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
  30. package/dist-esm/src/msal/browserFlows/msalAuthCode.js +1 -1
  31. package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
  32. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +1 -0
  33. package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
  34. package/dist-esm/src/msal/nodeFlows/msalClient.js +25 -0
  35. package/dist-esm/src/msal/nodeFlows/msalClient.js.map +1 -1
  36. package/dist-esm/src/msal/utils.js +2 -1
  37. package/dist-esm/src/msal/utils.js.map +1 -1
  38. package/dist-esm/src/plugins/consumer.js +6 -8
  39. package/dist-esm/src/plugins/consumer.js.map +1 -1
  40. package/dist-esm/src/tokenProvider.js +3 -3
  41. package/dist-esm/src/tokenProvider.js.map +1 -1
  42. package/dist-esm/src/util/subscriptionUtils.js +14 -0
  43. package/dist-esm/src/util/subscriptionUtils.js.map +1 -0
  44. package/package.json +19 -18
  45. package/types/identity.d.ts +80 -99
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY,EAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n msalToken?: MsalToken | null,\n getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n let authorityHost = options?.authorityHost;\n\n if (!authorityHost && isNodeLike) {\n authorityHost = process.env.AZURE_AUTHORITY_HOST;\n }\n\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n tenantId: string,\n authorityHost: string,\n disableInstanceDiscovery?: boolean,\n): string[] {\n if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n switch (logLevel) {\n case \"error\":\n return msalCommon.LogLevel.Error;\n case \"info\":\n return msalCommon.LogLevel.Info;\n case \"verbose\":\n return msalCommon.LogLevel.Verbose;\n case \"warning\":\n return msalCommon.LogLevel.Warning;\n default:\n // default msal logging level should be Info\n return msalCommon.LogLevel.Info;\n }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n scopes: string[],\n error: Error,\n getTokenOptions?: GetTokenOptions,\n): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n );\n break;\n default:\n logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\"\n ) {\n return error;\n }\n if (error.name === \"NativeAuthError\") {\n logger.info(\n formatError(\n scopes,\n `Error from the native broker: ${error.message} with status code: ${\n (error as any).statusCode\n }`,\n ),\n );\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
1
+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AACpF,OAAO,EAAoB,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAMpC;;GAEG;AACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,KAAK,CAAC;AAEhD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAyB,EACzB,SAA4B,EAC5B,eAAiC;IAEjC,MAAM,KAAK,GAAG,CAAC,OAAe,EAAS,EAAE;QACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,IAAI,2BAA2B,CAAC;YACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjD,eAAe;YACf,OAAO;SACR,CAAC,CAAC;IACL,CAAC,CAAC;IACF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoC;IACnE,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,UAAU,EAAE,CAAC;QACjC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,CAAC;IAED,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAI,IAAI,MAAM,CAAC,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,wBAAkC;IAElC,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvE,OAAO,CAAC,aAAa,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAIhC,CAAC,UAA4B,EAAE,WAA+B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAC7F,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAQ,EAAE;IACpC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,QAAQ,CAAC,KAAK;YAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,IAAI;YAC3B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,qBAAqB,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,wBAAwB,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,KAAK,UAAU,CAAC,QAAQ,CAAC,OAAO;YAC9B,UAAU,CAAC,IAAI,CAAC,QAAQ,QAAQ,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;IACX,CAAC;AACH,CAAC,CAAC;AAEJ;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmC;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QACrC;YACE,4CAA4C;YAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAgB,EAChB,KAAY,EACZ,eAAiC;IAEjC,IACE,KAAK,CAAC,IAAI,KAAK,WAAW;QAC1B,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EACjC,CAAC;QACD,MAAM,SAAS,GAAG,KAA6B,CAAC;QAChD,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,4BAA4B;gBAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvD,KAAK,+BAA+B;gBAClC,OAAO,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;YAC9E,KAAK,kBAAkB,CAAC;YACxB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,gBAAgB;gBACnB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,MAAM,EAAE,qCAAqC,SAAS,CAAC,SAAS,EAAE,CAAC,CAChF,CAAC;gBACF,MAAM;YACR;gBACE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC9E,MAAM;QACV,CAAC;IACH,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,0BAA0B;QACzC,KAAK,CAAC,IAAI,KAAK,+BAA+B;QAC9C,KAAK,CAAC,IAAI,KAAK,YAAY;QAC3B,KAAK,CAAC,IAAI,KAAK,qBAAqB,EACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,iCAAiC,KAAK,CAAC,OAAO,sBAC3C,KAAa,CAAC,UACjB,EAAE,CACH,CACF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,2BAA2B,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qBAAqB;AAErB,MAAM,UAAU,YAAY,CAAC,OAA6B;IACxD,MAAM,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,uCACK,OAAO,KACV,cAAc,EAAE,OAAO,CAAC,aAAa,EACrC,WAAW,IACX;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAwB;IACrE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC;QAC9D,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,eAAe;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ;QACR,OAAO,EAAE,iCAAiC;KAC3C,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,+BAA+B,CAAC,gBAAwB;IACtE,MAAM,MAAM,GAAgD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAEzF,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,iCAAiC,EAAE,CAAC;QAC3E,MAAM,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from \"./types\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../errors\";\nimport { CredentialLogger, credentialLogger, formatError } from \"../util/logging\";\nimport { DefaultAuthorityHost, DefaultTenantId } from \"../constants\";\nimport { randomUUID as coreRandomUUID, isNode, isNodeLike } from \"@azure/core-util\";\n\nimport { AbortError } from \"@azure/abort-controller\";\nimport { AzureLogLevel } from \"@azure/logger\";\nimport { GetTokenOptions } from \"@azure/core-auth\";\nimport { msalCommon } from \"./msal\";\n\nexport interface ILoggerCallback {\n (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;\n}\n\n/**\n * @internal\n */\nconst logger = credentialLogger(\"IdentityUtils\");\n\n/**\n * Latest AuthenticationRecord version\n * @internal\n */\nconst LatestAuthenticationRecordVersion = \"1.0\";\n\n/**\n * Ensures the validity of the MSAL token\n * @internal\n */\nexport function ensureValidMsalToken(\n scopes: string | string[],\n msalToken?: MsalToken | null,\n getTokenOptions?: GetTokenOptions,\n): asserts msalToken is ValidMsalToken {\n const error = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw error(\"No response\");\n }\n if (!msalToken.expiresOn) {\n throw error(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw error(`Response had no \"accessToken\" property.`);\n }\n}\n\n/**\n * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.\n *\n * Defaults to {@link DefaultAuthorityHost}.\n * @internal\n */\nexport function getAuthorityHost(options?: { authorityHost?: string }): string {\n let authorityHost = options?.authorityHost;\n\n if (!authorityHost && isNodeLike) {\n authorityHost = process.env.AZURE_AUTHORITY_HOST;\n }\n\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/**\n * Generates a valid authority by combining a host with a tenantId.\n * @internal\n */\nexport function getAuthority(tenantId: string, host?: string): string {\n if (!host) {\n host = DefaultAuthorityHost;\n }\n if (new RegExp(`${tenantId}/?$`).test(host)) {\n return host;\n }\n if (host.endsWith(\"/\")) {\n return host + tenantId;\n } else {\n return `${host}/${tenantId}`;\n }\n}\n\n/**\n * Generates the known authorities.\n * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.\n * For that reason, we have to force MSAL to disable validating the authority\n * by sending it within the known authorities in the MSAL configuration.\n * @internal\n */\nexport function getKnownAuthorities(\n tenantId: string,\n authorityHost: string,\n disableInstanceDiscovery?: boolean,\n): string[] {\n if ((tenantId === \"adfs\" && authorityHost) || disableInstanceDiscovery) {\n return [authorityHost];\n }\n return [];\n}\n\n/**\n * Generates a logger that can be passed to the MSAL clients.\n * @param credLogger - The logger of the credential.\n * @internal\n */\nexport const defaultLoggerCallback: (\n logger: CredentialLogger,\n platform?: \"Node\" | \"Browser\",\n) => ILoggerCallback =\n (credLogger: CredentialLogger, platform: \"Node\" | \"Browser\" = isNode ? \"Node\" : \"Browser\") =>\n (level, message, containsPii): void => {\n if (containsPii) {\n return;\n }\n switch (level) {\n case msalCommon.LogLevel.Error:\n credLogger.info(`MSAL ${platform} V2 error: ${message}`);\n return;\n case msalCommon.LogLevel.Info:\n credLogger.info(`MSAL ${platform} V2 info message: ${message}`);\n return;\n case msalCommon.LogLevel.Verbose:\n credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);\n return;\n case msalCommon.LogLevel.Warning:\n credLogger.info(`MSAL ${platform} V2 warning: ${message}`);\n return;\n }\n };\n\n/**\n * @internal\n */\nexport function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel {\n switch (logLevel) {\n case \"error\":\n return msalCommon.LogLevel.Error;\n case \"info\":\n return msalCommon.LogLevel.Info;\n case \"verbose\":\n return msalCommon.LogLevel.Verbose;\n case \"warning\":\n return msalCommon.LogLevel.Warning;\n default:\n // default msal logging level should be Info\n return msalCommon.LogLevel.Info;\n }\n}\n\n/**\n * Wraps core-util's randomUUID in order to allow for mocking in tests.\n * This prepares the library for the upcoming core-util update to ESM.\n *\n * @internal\n * @returns A string containing a random UUID\n */\nexport function randomUUID(): string {\n return coreRandomUUID();\n}\n\n/**\n * Handles MSAL errors.\n */\nexport function handleMsalError(\n scopes: string[],\n error: Error,\n getTokenOptions?: GetTokenOptions,\n): Error {\n if (\n error.name === \"AuthError\" ||\n error.name === \"ClientAuthError\" ||\n error.name === \"BrowserAuthError\"\n ) {\n const msalError = error as msalCommon.AuthError;\n switch (msalError.errorCode) {\n case \"endpoints_resolution_error\":\n logger.info(formatError(scopes, error.message));\n return new CredentialUnavailableError(error.message);\n case \"device_code_polling_cancelled\":\n return new AbortError(\"The authentication has been aborted by the caller.\");\n case \"consent_required\":\n case \"interaction_required\":\n case \"login_required\":\n logger.info(\n formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`),\n );\n break;\n default:\n logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));\n break;\n }\n }\n if (\n error.name === \"ClientConfigurationError\" ||\n error.name === \"BrowserConfigurationAuthError\" ||\n error.name === \"AbortError\" ||\n error.name === \"AuthenticationError\"\n ) {\n return error;\n }\n if (error.name === \"NativeAuthError\") {\n logger.info(\n formatError(\n scopes,\n `Error from the native broker: ${error.message} with status code: ${\n (error as any).statusCode\n }`,\n ),\n );\n return error;\n }\n return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });\n}\n\n// transformations.ts\n\nexport function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo {\n const [environment] = account.authority.match(/([a-z]*\\.[a-z]*\\.[a-z]*)/) || [\"\"];\n return {\n ...account,\n localAccountId: account.homeAccountId,\n environment,\n };\n}\n\nexport function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord {\n const record = {\n authority: getAuthority(account.tenantId, account.environment),\n homeAccountId: account.homeAccountId,\n tenantId: account.tenantId || DefaultTenantId,\n username: account.username,\n clientId,\n version: LatestAuthenticationRecordVersion,\n };\n return record;\n}\n\n/**\n * Serializes an `AuthenticationRecord` into a string.\n *\n * The output of a serialized authentication record will contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.\n */\nexport function serializeAuthenticationRecord(record: AuthenticationRecord): string {\n return JSON.stringify(record);\n}\n\n/**\n * Deserializes a previously serialized authentication record from a string into an object.\n *\n * The input string must contain the following properties:\n *\n * - \"authority\"\n * - \"homeAccountId\"\n * - \"clientId\"\n * - \"tenantId\"\n * - \"username\"\n * - \"version\"\n *\n * If the version we receive is unsupported, an error will be thrown.\n *\n * At the moment, the only available version is: \"1.0\", which is always set when the authentication record is serialized.\n *\n * @param serializedRecord - Authentication record previously serialized into string.\n * @returns AuthenticationRecord.\n */\nexport function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord {\n const parsed: AuthenticationRecord & { version?: string } = JSON.parse(serializedRecord);\n\n if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {\n throw Error(\"Unsupported AuthenticationRecord version\");\n }\n\n return parsed;\n}\n"]}
@@ -22,18 +22,16 @@ const pluginContext = {
22
22
  *
23
23
  * Example:
24
24
  *
25
- * ```javascript
26
- * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
25
+ * ```ts snippet:consumer_example
26
+ * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
27
27
  *
28
- * import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
29
28
  * useIdentityPlugin(cachePersistencePlugin);
30
- *
31
- * // The plugin has the capability to extend `DefaultAzureCredential` and to
29
+ * // The plugin has the capability to extend `DeviceCodeCredential` and to
32
30
  * // add middleware to the underlying credentials, such as persistence.
33
- * const credential = new DefaultAzureCredential({
31
+ * const credential = new DeviceCodeCredential({
34
32
  * tokenCachePersistenceOptions: {
35
- * enabled: true
36
- * }
33
+ * enabled: true,
34
+ * },
37
35
  * });
38
36
  * ```
39
37
  *
@@ -1 +1 @@
1
- {"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,GAChC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF;;;;GAIG;AACH,MAAM,aAAa,GAAuB;IACxC,kBAAkB,EAAE,wBAAwB;IAC5C,yBAAyB,EAAE,+BAA+B;IAC1D,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,MAAM,CAAC,aAAa,CAAC,CAAC;AACxB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AzurePluginContext, IdentityPlugin } from \"./provider\";\nimport {\n msalNodeFlowCacheControl,\n msalNodeFlowNativeBrokerControl,\n} from \"../msal/nodeFlows/msalPlugins\";\n\nimport { vsCodeCredentialControl } from \"../credentials/visualStudioCodeCredential\";\n\n/**\n * The context passed to an Identity plugin. This contains objects that\n * plugins can use to set backend implementations.\n * @internal\n */\nconst pluginContext: AzurePluginContext = {\n cachePluginControl: msalNodeFlowCacheControl,\n nativeBrokerPluginControl: msalNodeFlowNativeBrokerControl,\n vsCodeCredentialControl: vsCodeCredentialControl,\n};\n\n/**\n * Extend Azure Identity with additional functionality. Pass a plugin from\n * a plugin package, such as:\n *\n * - `@azure/identity-cache-persistence`: provides persistent token caching\n * - `@azure/identity-vscode`: provides the dependencies of\n * `VisualStudioCodeCredential` and enables it\n *\n * Example:\n *\n * ```javascript\n * import { cachePersistencePlugin } from \"@azure/identity-cache-persistence\";\n *\n * import { useIdentityPlugin, DefaultAzureCredential } from \"@azure/identity\";\n * useIdentityPlugin(cachePersistencePlugin);\n *\n * // The plugin has the capability to extend `DefaultAzureCredential` and to\n * // add middleware to the underlying credentials, such as persistence.\n * const credential = new DefaultAzureCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true\n * }\n * });\n * ```\n *\n * @param plugin - the plugin to register\n */\nexport function useIdentityPlugin(plugin: IdentityPlugin): void {\n plugin(pluginContext);\n}\n"]}
1
+ {"version":3,"file":"consumer.js","sourceRoot":"","sources":["../../../src/plugins/consumer.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,GAChC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF;;;;GAIG;AACH,MAAM,aAAa,GAAuB;IACxC,kBAAkB,EAAE,wBAAwB;IAC5C,yBAAyB,EAAE,+BAA+B;IAC1D,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,MAAM,CAAC,aAAa,CAAC,CAAC;AACxB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AzurePluginContext, IdentityPlugin } from \"./provider\";\nimport {\n msalNodeFlowCacheControl,\n msalNodeFlowNativeBrokerControl,\n} from \"../msal/nodeFlows/msalPlugins\";\n\nimport { vsCodeCredentialControl } from \"../credentials/visualStudioCodeCredential\";\n\n/**\n * The context passed to an Identity plugin. This contains objects that\n * plugins can use to set backend implementations.\n * @internal\n */\nconst pluginContext: AzurePluginContext = {\n cachePluginControl: msalNodeFlowCacheControl,\n nativeBrokerPluginControl: msalNodeFlowNativeBrokerControl,\n vsCodeCredentialControl: vsCodeCredentialControl,\n};\n\n/**\n * Extend Azure Identity with additional functionality. Pass a plugin from\n * a plugin package, such as:\n *\n * - `@azure/identity-cache-persistence`: provides persistent token caching\n * - `@azure/identity-vscode`: provides the dependencies of\n * `VisualStudioCodeCredential` and enables it\n *\n * Example:\n *\n * ```ts snippet:consumer_example\n * import { useIdentityPlugin, DeviceCodeCredential } from \"@azure/identity\";\n *\n * useIdentityPlugin(cachePersistencePlugin);\n * // The plugin has the capability to extend `DeviceCodeCredential` and to\n * // add middleware to the underlying credentials, such as persistence.\n * const credential = new DeviceCodeCredential({\n * tokenCachePersistenceOptions: {\n * enabled: true,\n * },\n * });\n * ```\n *\n * @param plugin - the plugin to register\n */\nexport function useIdentityPlugin(plugin: IdentityPlugin): void {\n plugin(pluginContext);\n}\n"]}
@@ -4,14 +4,14 @@ import { bearerTokenAuthenticationPolicy, createEmptyPipeline, createPipelineReq
4
4
  /**
5
5
  * Returns a callback that provides a bearer token.
6
6
  * For example, the bearer token can be used to authenticate a request as follows:
7
- * ```js
8
- * import { DefaultAzureCredential } from "@azure/identity";
7
+ * ```ts snippet:token_provider_example
8
+ * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
9
+ * import { createPipelineRequest } from "@azure/core-rest-pipeline";
9
10
  *
10
11
  * const credential = new DefaultAzureCredential();
11
12
  * const scope = "https://cognitiveservices.azure.com/.default";
12
13
  * const getAccessToken = getBearerTokenProvider(credential, scope);
13
14
  * const token = await getAccessToken();
14
- *
15
15
  * // usage
16
16
  * const request = createPipelineRequest({ url: "https://example.com" });
17
17
  * request.headers.set("Authorization", `Bearer ${token}`);
@@ -1 +1 @@
1
- {"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n bearerTokenAuthenticationPolicy,\n createEmptyPipeline,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n /** The abort signal to abort requests to get tokens */\n abortSignal?: AbortSignal;\n /** The tracing options for the requests to get tokens */\n tracingOptions?: {\n /**\n * Tracing Context for the current request to get a token.\n */\n tracingContext?: TracingContext;\n };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```js\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n *\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n credential: TokenCredential,\n scopes: string | string[],\n options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n const { abortSignal, tracingOptions } = options || {};\n const pipeline = createEmptyPipeline();\n pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n async function getRefreshedToken(): Promise<string> {\n // Create a pipeline with just the bearer token policy\n // and run a dummy request through it to get the token\n const res = await pipeline.sendRequest(\n {\n sendRequest: (request) =>\n Promise.resolve({\n request,\n status: 200,\n headers: request.headers,\n }),\n },\n createPipelineRequest({\n url: \"https://example.com\",\n abortSignal,\n tracingOptions,\n }),\n );\n const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n if (!accessToken) {\n throw new Error(\"Failed to get access token\");\n }\n return accessToken;\n }\n return getRefreshedToken;\n}\n"]}
1
+ {"version":3,"file":"tokenProvider.js","sourceRoot":"","sources":["../../src/tokenProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EACL,+BAA+B,EAC/B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAiBnC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAyB,EACzB,OAAuC;IAEvC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;IACvC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5E,KAAK,UAAU,iBAAiB;;QAC9B,sDAAsD;QACtD,sDAAsD;QACtD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CACpC;YACE,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CACvB,OAAO,CAAC,OAAO,CAAC;gBACd,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;SACL,EACD,qBAAqB,CAAC;YACpB,GAAG,EAAE,qBAAqB;YAC1B,WAAW;YACX,cAAc;SACf,CAAC,CACH,CAAC;QACF,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential, TracingContext } from \"@azure/core-auth\";\nimport {\n bearerTokenAuthenticationPolicy,\n createEmptyPipeline,\n createPipelineRequest,\n} from \"@azure/core-rest-pipeline\";\n\n/**\n * The options to configure the token provider.\n */\nexport interface GetBearerTokenProviderOptions {\n /** The abort signal to abort requests to get tokens */\n abortSignal?: AbortSignal;\n /** The tracing options for the requests to get tokens */\n tracingOptions?: {\n /**\n * Tracing Context for the current request to get a token.\n */\n tracingContext?: TracingContext;\n };\n}\n\n/**\n * Returns a callback that provides a bearer token.\n * For example, the bearer token can be used to authenticate a request as follows:\n * ```ts snippet:token_provider_example\n * import { DefaultAzureCredential, getBearerTokenProvider } from \"@azure/identity\";\n * import { createPipelineRequest } from \"@azure/core-rest-pipeline\";\n *\n * const credential = new DefaultAzureCredential();\n * const scope = \"https://cognitiveservices.azure.com/.default\";\n * const getAccessToken = getBearerTokenProvider(credential, scope);\n * const token = await getAccessToken();\n * // usage\n * const request = createPipelineRequest({ url: \"https://example.com\" });\n * request.headers.set(\"Authorization\", `Bearer ${token}`);\n * ```\n *\n * @param credential - The credential used to authenticate the request.\n * @param scopes - The scopes required for the bearer token.\n * @param options - Options to configure the token provider.\n * @returns a callback that provides a bearer token.\n */\nexport function getBearerTokenProvider(\n credential: TokenCredential,\n scopes: string | string[],\n options?: GetBearerTokenProviderOptions,\n): () => Promise<string> {\n const { abortSignal, tracingOptions } = options || {};\n const pipeline = createEmptyPipeline();\n pipeline.addPolicy(bearerTokenAuthenticationPolicy({ credential, scopes }));\n async function getRefreshedToken(): Promise<string> {\n // Create a pipeline with just the bearer token policy\n // and run a dummy request through it to get the token\n const res = await pipeline.sendRequest(\n {\n sendRequest: (request) =>\n Promise.resolve({\n request,\n status: 200,\n headers: request.headers,\n }),\n },\n createPipelineRequest({\n url: \"https://example.com\",\n abortSignal,\n tracingOptions,\n }),\n );\n const accessToken = res.headers.get(\"authorization\")?.split(\" \")[1];\n if (!accessToken) {\n throw new Error(\"Failed to get access token\");\n }\n return accessToken;\n }\n return getRefreshedToken;\n}\n"]}
@@ -0,0 +1,14 @@
1
+ // Copyright (c) Microsoft Corporation.
2
+ // Licensed under the MIT License.
3
+ import { formatError } from "./logging";
4
+ /**
5
+ * @internal
6
+ */
7
+ export function checkSubscription(logger, subscription) {
8
+ if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
9
+ const error = new Error("Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.");
10
+ logger.info(formatError("", error));
11
+ throw error;
12
+ }
13
+ }
14
+ //# sourceMappingURL=subscriptionUtils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"subscriptionUtils.js","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAoB,WAAW,EAAE,MAAM,WAAW,CAAC;AAE1D;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAwB,EAAE,YAAoB;IAC9E,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uLAAuL,CACxL,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { CredentialLogger, formatError } from \"./logging\";\n\n/**\n * @internal\n */\nexport function checkSubscription(logger: CredentialLogger, subscription: string): void {\n if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {\n const error = new Error(\n \"Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@azure/identity",
3
3
  "sdk-type": "client",
4
- "version": "4.5.0-beta.3",
4
+ "version": "4.5.1-alpha.20241021.1",
5
5
  "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID",
6
6
  "main": "dist/index.js",
7
7
  "module": "dist-esm/src/index.js",
@@ -47,28 +47,29 @@
47
47
  },
48
48
  "scripts": {
49
49
  "audit": "node ../../../common/scripts/rush-audit.js && rimraf node_modules package-lock.json && npm i --package-lock-only 2>&1 && npm audit",
50
+ "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
50
51
  "build:samples": "echo Obsolete.",
51
52
  "build:test": "echo skipped. actual commands inlined in browser test scripts",
52
- "build": "npm run clean && npm run extract-api && tsc -p . && dev-tool run bundle",
53
+ "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
53
54
  "clean": "rimraf --glob dist dist-* types *.tgz *.log",
54
55
  "execute:samples": "dev-tool samples run samples-dev",
55
56
  "extract-api": "tsc -p . && dev-tool run extract-api",
56
57
  "format": "dev-tool run vendored prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
57
- "check-format": "dev-tool run vendored prettier --list-different --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
58
+ "integration-test": "npm run integration-test:node && npm run integration-test:browser",
58
59
  "integration-test:browser": "echo skipped",
59
- "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
60
60
  "integration-test:managed-identity": "dev-tool run test:node-ts-input -- --timeout 180000 'test/integration/**/*.spec.ts'",
61
- "integration-test": "npm run integration-test:node && npm run integration-test:browser",
62
- "lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
61
+ "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 180000 'test/public/node/*.spec.ts' 'test/internal/node/*.spec.ts'",
63
62
  "lint": "eslint package.json api-extractor.json src test",
63
+ "lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
64
64
  "pack": "npm pack 2>&1",
65
+ "test": "npm run clean && npm run build:test && npm run unit-test && npm run integration-test",
65
66
  "test:browser": "npm run clean && tsc -p . && dev-tool run bundle && npm run unit-test:browser && npm run integration-test:browser",
66
67
  "test:node": "npm run clean && npm run unit-test:node && npm run integration-test:node",
67
- "test": "npm run clean && npm run build:test && npm run unit-test && npm run integration-test",
68
+ "unit-test": "npm run unit-test:node && npm run unit-test:browser",
68
69
  "unit-test:browser": "dev-tool run test:browser",
69
- "unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/integration/**/*.spec.ts' 'test/**/**/*.spec.ts'",
70
- "unit-test:node:no-timeouts": "dev-tool run test:node-ts-input -- --timeout Infinite --exclude 'test/**/browser/**/*.spec.ts' 'test/**/**/*.spec.ts'",
71
- "unit-test": "npm run unit-test:node && npm run unit-test:browser"
70
+ "unit-test:node": "dev-tool run test:node-ts-input -- --timeout 300000 --exclude 'test/**/browser/**/*.spec.ts' --exclude 'test/snippets.spec.ts' --exclude 'test/integration/**/*.spec.ts' 'test/**/**/*.spec.ts'",
71
+ "unit-test:node:no-timeouts": "dev-tool run test:node-ts-input -- --timeout Infinite --exclude 'test/snippets.spec.ts' --exclude 'test/**/browser/**/*.spec.ts' 'test/**/**/*.spec.ts'",
72
+ "update-snippets": "dev-tool run update-snippets"
72
73
  },
73
74
  "files": [
74
75
  "dist/",
@@ -109,14 +110,14 @@
109
110
  "sideEffects": false,
110
111
  "dependencies": {
111
112
  "@azure/abort-controller": "^2.0.0",
112
- "@azure/core-auth": "^1.8.0",
113
+ "@azure/core-auth": ">=1.9.0-alpha <1.9.0-alphb",
113
114
  "@azure/core-client": "^1.9.2",
114
115
  "@azure/core-rest-pipeline": "^1.17.0",
115
116
  "@azure/core-tracing": "^1.0.0",
116
- "@azure/core-util": "^1.10.0",
117
+ "@azure/core-util": ">=1.11.0-alpha <1.11.0-alphb",
117
118
  "@azure/logger": "^1.0.0",
118
- "@azure/msal-node": "^2.9.2",
119
- "@azure/msal-browser": "^3.14.0",
119
+ "@azure/msal-node": "^2.15.0",
120
+ "@azure/msal-browser": "^3.26.1",
120
121
  "events": "^3.0.0",
121
122
  "jws": "^4.0.0",
122
123
  "open": "^8.0.0",
@@ -125,10 +126,10 @@
125
126
  },
126
127
  "devDependencies": {
127
128
  "@azure-tools/test-recorder": "^3.0.0",
128
- "@azure/dev-tool": "^1.0.0",
129
- "@azure/eslint-plugin-azure-sdk": "^3.0.0",
130
- "@azure/keyvault-keys": "^4.2.0",
131
129
  "@azure-tools/test-utils": "^1.0.1",
130
+ "@azure/dev-tool": ">=1.0.0-alpha <1.0.0-alphb",
131
+ "@azure/eslint-plugin-azure-sdk": ">=3.0.0-alpha <3.0.0-alphb",
132
+ "@azure/keyvault-keys": "^4.2.0",
132
133
  "@microsoft/api-extractor": "^7.31.1",
133
134
  "@types/chai": "^4.1.6",
134
135
  "@types/jsonwebtoken": "^9.0.0",
@@ -160,7 +161,7 @@
160
161
  "rimraf": "^5.0.5",
161
162
  "sinon": "^17.0.0",
162
163
  "ts-node": "^10.0.0",
163
- "typescript": "~5.5.3",
164
+ "typescript": "~5.6.2",
164
165
  "util": "^0.12.1"
165
166
  }
166
167
  }
@@ -242,6 +242,7 @@ export declare class AzureCliCredential implements TokenCredential {
242
242
  private tenantId?;
243
243
  private additionallyAllowedTenantIds;
244
244
  private timeout?;
245
+ private subscription?;
245
246
  /**
246
247
  * Creates an instance of the {@link AzureCliCredential}.
247
248
  *
@@ -285,6 +286,11 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
285
286
  * Process timeout configurable for making token requests, provided in milliseconds
286
287
  */
287
288
  processTimeoutInMs?: number;
289
+ /**
290
+ * Subscription is the name or ID of a subscription. Set this to acquire tokens for an account other
291
+ * than the Azure CLI's current account.
292
+ */
293
+ subscription?: string;
288
294
  }
289
295
 
290
296
  /**
@@ -529,8 +535,9 @@ export declare interface BrowserCustomizationOptions {
529
535
  export declare type BrowserLoginStyle = "redirect" | "popup";
530
536
 
531
537
  /**
532
- * Enables multiple `TokenCredential` implementations to be tried in order
533
- * until one of the getToken methods returns an access token.
538
+ * Enables multiple `TokenCredential` implementations to be tried in order until
539
+ * one of the getToken methods returns an access token. For more information, see
540
+ * [ChainedTokenCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-chainedtokencredential-for-granularity).
534
541
  */
535
542
  export declare class ChainedTokenCredential implements TokenCredential {
536
543
  private _sources;
@@ -540,7 +547,14 @@ export declare class ChainedTokenCredential implements TokenCredential {
540
547
  * @param sources - `TokenCredential` implementations to be tried in order.
541
548
  *
542
549
  * Example usage:
543
- * ```javascript
550
+ * ```ts snippet:chained_token_credential_example
551
+ * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
552
+ *
553
+ * const tenantId = "<tenant-id>";
554
+ * const clientId = "<client-id>";
555
+ * const clientSecret = "<client-secret>";
556
+ * const anotherClientId = "<another-client-id>";
557
+ * const anotherSecret = "<another-client-secret>";
544
558
  * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
545
559
  * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
546
560
  * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
@@ -758,23 +772,14 @@ export declare interface CredentialPersistenceOptions {
758
772
  *
759
773
  * Example:
760
774
  *
761
- * ```javascript
762
- * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
775
+ * ```ts snippet:credential_persistence_options_example
763
776
  * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
764
777
  *
765
778
  * useIdentityPlugin(cachePersistencePlugin);
766
- *
767
- * async function main() {
768
- * const credential = new DeviceCodeCredential({
769
- * tokenCachePersistenceOptions: {
770
- * enabled: true
771
- * }
772
- * });
773
- * }
774
- *
775
- * main().catch((error) => {
776
- * console.error("An error occurred:", error);
777
- * process.exit(1);
779
+ * const credential = new DeviceCodeCredential({
780
+ * tokenCachePersistenceOptions: {
781
+ * enabled: true,
782
+ * },
778
783
  * });
779
784
  * ```
780
785
  */
@@ -798,69 +803,37 @@ export declare class CredentialUnavailableError extends Error {
798
803
  export declare const CredentialUnavailableErrorName = "CredentialUnavailableError";
799
804
 
800
805
  /**
801
- * Provides a default {@link ChainedTokenCredential} configuration that should
802
- * work for most applications that use the Azure SDK.
806
+ * Provides a default {@link ChainedTokenCredential} configuration that works for most
807
+ * applications that use Azure SDK client libraries. For more information, see
808
+ * [DefaultAzureCredential overview](https://aka.ms/azsdk/js/identity/credential-chains#use-defaultazurecredential-for-flexibility).
809
+ *
810
+ * The following credential types will be tried, in order:
811
+ *
812
+ * - {@link EnvironmentCredential}
813
+ * - {@link WorkloadIdentityCredential}
814
+ * - {@link ManagedIdentityCredential}
815
+ * - {@link AzureCliCredential}
816
+ * - {@link AzurePowerShellCredential}
817
+ * - {@link AzureDeveloperCliCredential}
818
+ *
819
+ * Consult the documentation of these credential types for more information
820
+ * on how they attempt authentication.
803
821
  */
804
822
  export declare class DefaultAzureCredential extends ChainedTokenCredential {
805
823
  /**
806
- * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}
807
- *
808
- * This credential provides a default {@link ChainedTokenCredential} configuration that should
809
- * work for most applications that use the Azure SDK.
810
- *
811
- * The following credential types will be tried, in order:
812
- *
813
- * - {@link EnvironmentCredential}
814
- * - {@link WorkloadIdentityCredential}
815
- * - {@link ManagedIdentityCredential}
816
- * - {@link AzureCliCredential}
817
- * - {@link AzurePowerShellCredential}
818
- * - {@link AzureDeveloperCliCredential}
819
- *
820
- * Consult the documentation of these credential types for more information
821
- * on how they attempt authentication.
824
+ * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}.
822
825
  *
823
826
  * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.
824
827
  */
825
828
  constructor(options?: DefaultAzureCredentialClientIdOptions);
826
829
  /**
827
- * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}
828
- *
829
- * This credential provides a default {@link ChainedTokenCredential} configuration that should
830
- * work for most applications that use the Azure SDK.
831
- *
832
- * The following credential types will be tried, in order:
833
- *
834
- * - {@link EnvironmentCredential}
835
- * - {@link WorkloadIdentityCredential}
836
- * - {@link ManagedIdentityCredential}
837
- * - {@link AzureCliCredential}
838
- * - {@link AzurePowerShellCredential}
839
- * - {@link AzureDeveloperCliCredential}
840
- *
841
- * Consult the documentation of these credential types for more information
842
- * on how they attempt authentication.
830
+ * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}.
843
831
  *
844
832
  * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.
845
833
  */
846
834
  constructor(options?: DefaultAzureCredentialResourceIdOptions);
847
835
  /**
848
- * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}
849
- *
850
- * This credential provides a default {@link ChainedTokenCredential} configuration that should
851
- * work for most applications that use the Azure SDK.
852
- *
853
- * The following credential types will be tried, in order:
854
- *
855
- * - {@link EnvironmentCredential}
856
- * - {@link WorkloadIdentityCredential}
857
- * - {@link ManagedIdentityCredential}
858
- * - {@link AzureCliCredential}
859
- * - {@link AzurePowerShellCredential}
860
- * - {@link AzureDeveloperCliCredential}
861
- *
862
- * Consult the documentation of these credential types for more information
863
- * on how they attempt authentication.
836
+ * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}.
864
837
  *
865
838
  * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.
866
839
  */
@@ -955,13 +928,15 @@ export declare class DeviceCodeCredential implements TokenCredential {
955
928
  *
956
929
  * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
957
930
  *
958
- * ```js
931
+ * ```ts snippet:device_code_credential_example
932
+ * import { DeviceCodeCredential } from "@azure/identity";
933
+ *
959
934
  * const credential = new DeviceCodeCredential({
960
- * tenantId: env.AZURE_TENANT_ID,
961
- * clientId: env.AZURE_CLIENT_ID,
935
+ * tenantId: process.env.AZURE_TENANT_ID,
936
+ * clientId: process.env.AZURE_CLIENT_ID,
962
937
  * userPromptCallback: (info) => {
963
938
  * console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
964
- * }
939
+ * },
965
940
  * });
966
941
  * ```
967
942
  *
@@ -1133,14 +1108,14 @@ export declare interface ErrorResponse {
1133
1108
  /**
1134
1109
  * Returns a callback that provides a bearer token.
1135
1110
  * For example, the bearer token can be used to authenticate a request as follows:
1136
- * ```js
1137
- * import { DefaultAzureCredential } from "@azure/identity";
1111
+ * ```ts snippet:token_provider_example
1112
+ * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
1113
+ * import { createPipelineRequest } from "@azure/core-rest-pipeline";
1138
1114
  *
1139
1115
  * const credential = new DefaultAzureCredential();
1140
1116
  * const scope = "https://cognitiveservices.azure.com/.default";
1141
1117
  * const getAccessToken = getBearerTokenProvider(credential, scope);
1142
1118
  * const token = await getAccessToken();
1143
- *
1144
1119
  * // usage
1145
1120
  * const request = createPipelineRequest({ url: "https://example.com" });
1146
1121
  * request.headers.set("Authorization", `Bearer ${token}`);
@@ -1441,15 +1416,17 @@ export declare class OnBehalfOfCredential implements TokenCredential {
1441
1416
  *
1442
1417
  * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
1443
1418
  *
1444
- * ```ts
1419
+ * ```ts snippet:on_behalf_of_credential_pem_example
1420
+ * import { OnBehalfOfCredential } from "@azure/identity";
1421
+ * import { KeyClient } from "@azure/keyvault-keys";
1422
+ *
1445
1423
  * const tokenCredential = new OnBehalfOfCredential({
1446
- * tenantId,
1447
- * clientId,
1424
+ * tenantId: "tenant-id",
1425
+ * clientId: "client-id",
1448
1426
  * certificatePath: "/path/to/certificate.pem",
1449
- * userAssertionToken: "access-token"
1427
+ * userAssertionToken: "access-token",
1450
1428
  * });
1451
1429
  * const client = new KeyClient("vault-url", tokenCredential);
1452
- *
1453
1430
  * await client.getKey("key-name");
1454
1431
  * ```
1455
1432
  *
@@ -1463,15 +1440,17 @@ export declare class OnBehalfOfCredential implements TokenCredential {
1463
1440
  *
1464
1441
  * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
1465
1442
  *
1466
- * ```ts
1443
+ * ```ts snippet:on_behalf_of_credential_secret_example
1444
+ * import { OnBehalfOfCredential } from "@azure/identity";
1445
+ * import { KeyClient } from "@azure/keyvault-keys";
1446
+ *
1467
1447
  * const tokenCredential = new OnBehalfOfCredential({
1468
- * tenantId,
1469
- * clientId,
1470
- * clientSecret,
1471
- * userAssertionToken: "access-token"
1448
+ * tenantId: "tenant-id",
1449
+ * clientId: "client-id",
1450
+ * clientSecret: "client-secret",
1451
+ * userAssertionToken: "access-token",
1472
1452
  * });
1473
1453
  * const client = new KeyClient("vault-url", tokenCredential);
1474
- *
1475
1454
  * await client.getKey("key-name");
1476
1455
  * ```
1477
1456
  *
@@ -1485,15 +1464,19 @@ export declare class OnBehalfOfCredential implements TokenCredential {
1485
1464
  *
1486
1465
  * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
1487
1466
  *
1488
- * ```ts
1467
+ * ```ts snippet:on_behalf_of_credential_assertion_example
1468
+ * import { OnBehalfOfCredential } from "@azure/identity";
1469
+ * import { KeyClient } from "@azure/keyvault-keys";
1470
+ *
1489
1471
  * const tokenCredential = new OnBehalfOfCredential({
1490
- * tenantId,
1491
- * clientId,
1492
- * getAssertion: () => { return Promise.resolve("my-jwt")},
1493
- * userAssertionToken: "access-token"
1472
+ * tenantId: "tenant-id",
1473
+ * clientId: "client-id",
1474
+ * getAssertion: () => {
1475
+ * return Promise.resolve("my-jwt");
1476
+ * },
1477
+ * userAssertionToken: "access-token",
1494
1478
  * });
1495
1479
  * const client = new KeyClient("vault-url", tokenCredential);
1496
- *
1497
1480
  * await client.getKey("key-name");
1498
1481
  * ```
1499
1482
  *
@@ -1666,18 +1649,16 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
1666
1649
  *
1667
1650
  * Example:
1668
1651
  *
1669
- * ```javascript
1670
- * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
1652
+ * ```ts snippet:consumer_example
1653
+ * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
1671
1654
  *
1672
- * import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
1673
1655
  * useIdentityPlugin(cachePersistencePlugin);
1674
- *
1675
- * // The plugin has the capability to extend `DefaultAzureCredential` and to
1656
+ * // The plugin has the capability to extend `DeviceCodeCredential` and to
1676
1657
  * // add middleware to the underlying credentials, such as persistence.
1677
- * const credential = new DefaultAzureCredential({
1658
+ * const credential = new DeviceCodeCredential({
1678
1659
  * tokenCachePersistenceOptions: {
1679
- * enabled: true
1680
- * }
1660
+ * enabled: true,
1661
+ * },
1681
1662
  * });
1682
1663
  * ```
1683
1664
  *