npm - @azure/identity - Versions diffs - 4.5.1-alpha.20241111.1 → 4.5.1-alpha.20241113.2 - Mend

@azure/identity 4.5.1-alpha.20241111.1 → 4.5.1-alpha.20241113.2

Files changed (1066) hide show

package/dist/commonjs/util/processUtils.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import * as childProcess from "child_process";
+/**
+ * Easy to mock childProcess utils.
+ * @internal
+ */
+export declare const processUtils: {
+    /**
+     * Promisifying childProcess.execFile
+     * @internal
+     */
+    execFile(file: string, params: string[], options?: childProcess.ExecFileOptionsWithStringEncoding): Promise<string | Buffer>;
+};
+//# sourceMappingURL=processUtils.d.ts.map

package/dist/commonjs/util/processUtils.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"processUtils.d.ts","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,YAAY,MAAM,eAAe,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;;OAGG;mBAEK,MAAM,UACJ,MAAM,EAAE,YACN,YAAY,CAAC,iCAAiC,GACvD,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;CAiB5B,CAAC"}

package/dist/commonjs/util/processUtils.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processUtils = void 0;
+const tslib_1 = require("tslib");
+const childProcess = tslib_1.__importStar(require("child_process"));
+/**
+ * Easy to mock childProcess utils.
+ * @internal
+ */
+exports.processUtils = {
+    /**
+     * Promisifying childProcess.execFile
+     * @internal
+     */
+    execFile(file, params, options) {
+        return new Promise((resolve, reject) => {
+            childProcess.execFile(file, params, options, (error, stdout, stderr) => {
+                if (Buffer.isBuffer(stdout)) {
+                    stdout = stdout.toString("utf8");
+                }
+                if (Buffer.isBuffer(stderr)) {
+                    stderr = stderr.toString("utf8");
+                }
+                if (stderr || error) {
+                    reject(stderr ? new Error(stderr) : error);
+                }
+                else {
+                    resolve(stdout);
+                }
+            });
+        });
+    },
+};
+//# sourceMappingURL=processUtils.js.map

package/dist/commonjs/util/processUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"processUtils.js","sourceRoot":"","sources":["../../../src/util/processUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,oEAA8C;AAE9C;;;GAGG;AACU,QAAA,YAAY,GAAG;IAC1B;;;OAGG;IACH,QAAQ,CACN,IAAY,EACZ,MAAgB,EAChB,OAAwD;QAExD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACrE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as childProcess from \"child_process\";\n\n/**\n * Easy to mock childProcess utils.\n * @internal\n */\nexport const processUtils = {\n /**\n * Promisifying childProcess.execFile\n * @internal\n */\n execFile(\n file: string,\n params: string[],\n options?: childProcess.ExecFileOptionsWithStringEncoding,\n ): Promise<string | Buffer> {\n return new Promise((resolve, reject) => {\n childProcess.execFile(file, params, options, (error, stdout, stderr) => {\n if (Buffer.isBuffer(stdout)) {\n stdout = stdout.toString(\"utf8\");\n }\n if (Buffer.isBuffer(stderr)) {\n stderr = stderr.toString(\"utf8\");\n }\n if (stderr || error) {\n reject(stderr ? new Error(stderr) : error);\n } else {\n resolve(stdout);\n }\n });\n });\n },\n};\n"]}

package/dist/commonjs/util/scopeUtils.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { CredentialLogger } from "./logging.js";
+/**
+ * Ensures the scopes value is an array.
+ * @internal
+ */
+export declare function ensureScopes(scopes: string | string[]): string[];
+/**
+ * Throws if the received scope is not valid.
+ * @internal
+ */
+export declare function ensureValidScopeForDevTimeCreds(scope: string, logger: CredentialLogger): void;
+/**
+ * Returns the resource out of a scope.
+ * @internal
+ */
+export declare function getScopeResource(scope: string): string;
+//# sourceMappingURL=scopeUtils.d.ts.map

package/dist/commonjs/util/scopeUtils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scopeUtils.d.ts","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAEhE;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAM7F;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEtD"}

package/dist/commonjs/util/scopeUtils.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureScopes = ensureScopes;
+exports.ensureValidScopeForDevTimeCreds = ensureValidScopeForDevTimeCreds;
+exports.getScopeResource = getScopeResource;
+const logging_js_1 = require("./logging.js");
+/**
+ * Ensures the scopes value is an array.
+ * @internal
+ */
+function ensureScopes(scopes) {
+    return Array.isArray(scopes) ? scopes : [scopes];
+}
+/**
+ * Throws if the received scope is not valid.
+ * @internal
+ */
+function ensureValidScopeForDevTimeCreds(scope, logger) {
+    if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {
+        const error = new Error("Invalid scope was specified by the user or calling client");
+        logger.getToken.info((0, logging_js_1.formatError)(scope, error));
+        throw error;
+    }
+}
+/**
+ * Returns the resource out of a scope.
+ * @internal
+ */
+function getScopeResource(scope) {
+    return scope.replace(/\/.default$/, "");
+}
+//# sourceMappingURL=scopeUtils.js.map

package/dist/commonjs/util/scopeUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scopeUtils.js","sourceRoot":"","sources":["../../../src/util/scopeUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AASlC,oCAEC;AAMD,0EAMC;AAMD,4CAEC;AA5BD,6CAA2C;AAE3C;;;GAGG;AACH,SAAgB,YAAY,CAAC,MAAyB;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,KAAa,EAAE,MAAwB;IACrF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QACrF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAChD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAC1C,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/**\n * Ensures the scopes value is an array.\n * @internal\n */\nexport function ensureScopes(scopes: string | string[]): string[] {\n return Array.isArray(scopes) ? scopes : [scopes];\n}\n\n/**\n * Throws if the received scope is not valid.\n * @internal\n */\nexport function ensureValidScopeForDevTimeCreds(scope: string, logger: CredentialLogger): void {\n if (!scope.match(/^[0-9a-zA-Z-_.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scope, error));\n throw error;\n }\n}\n\n/**\n * Returns the resource out of a scope.\n * @internal\n */\nexport function getScopeResource(scope: string): string {\n return scope.replace(/\\/.default$/, \"\");\n}\n"]}

package/dist/commonjs/util/subscriptionUtils.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { CredentialLogger } from "./logging.js";
+/**
+ * @internal
+ */
+export declare function checkSubscription(logger: CredentialLogger, subscription: string): void;
+//# sourceMappingURL=subscriptionUtils.d.ts.map

package/dist/commonjs/util/subscriptionUtils.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"subscriptionUtils.d.ts","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAQtF"}

package/dist/commonjs/util/subscriptionUtils.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSubscription = checkSubscription;
+const logging_js_1 = require("./logging.js");
+/**
+ * @internal
+ */
+function checkSubscription(logger, subscription) {
+    if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {
+        const error = new Error("Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.");
+        logger.info((0, logging_js_1.formatError)("", error));
+        throw error;
+    }
+}
+//# sourceMappingURL=subscriptionUtils.js.map

package/dist/commonjs/util/subscriptionUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"subscriptionUtils.js","sourceRoot":"","sources":["../../../src/util/subscriptionUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAQlC,8CAQC;AAbD,6CAA2C;AAE3C;;GAEG;AACH,SAAgB,iBAAiB,CAAC,MAAwB,EAAE,YAAoB;IAC9E,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,uLAAuL,CACxL,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\n\n/**\n * @internal\n */\nexport function checkSubscription(logger: CredentialLogger, subscription: string): void {\n if (!subscription.match(/^[0-9a-zA-Z-._ ]+$/)) {\n const error = new Error(\n \"Invalid subscription provided. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id.\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n"]}

package/dist/commonjs/util/tenantIdUtils.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { CredentialLogger } from "./logging.js";
+export { processMultiTenantRequest } from "./processMultiTenantRequest.js";
+/**
+ * @internal
+ */
+export declare function checkTenantId(logger: CredentialLogger, tenantId: string): void;
+/**
+ * @internal
+ */
+export declare function resolveTenantId(logger: CredentialLogger, tenantId?: string, clientId?: string): string;
+/**
+ * @internal
+ */
+export declare function resolveAdditionallyAllowedTenantIds(additionallyAllowedTenants?: string[]): string[];
+//# sourceMappingURL=tenantIdUtils.d.ts.map

package/dist/commonjs/util/tenantIdUtils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenantIdUtils.d.ts","sourceRoot":"","sources":["../../../src/util/tenantIdUtils.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAE3E;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAQ9E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAYR;AAED;;GAEG;AACH,wBAAgB,mCAAmC,CACjD,0BAA0B,CAAC,EAAE,MAAM,EAAE,GACpC,MAAM,EAAE,CAUV"}

package/dist/commonjs/util/tenantIdUtils.js ADDED Viewed

@@ -0,0 +1,51 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processMultiTenantRequest = void 0;
+exports.checkTenantId = checkTenantId;
+exports.resolveTenantId = resolveTenantId;
+exports.resolveAdditionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds;
+const constants_js_1 = require("../constants.js");
+const logging_js_1 = require("./logging.js");
+var processMultiTenantRequest_js_1 = require("./processMultiTenantRequest.js");
+Object.defineProperty(exports, "processMultiTenantRequest", { enumerable: true, get: function () { return processMultiTenantRequest_js_1.processMultiTenantRequest; } });
+/**
+ * @internal
+ */
+function checkTenantId(logger, tenantId) {
+    if (!tenantId.match(/^[0-9a-zA-Z-.]+$/)) {
+        const error = new Error("Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.");
+        logger.info((0, logging_js_1.formatError)("", error));
+        throw error;
+    }
+}
+/**
+ * @internal
+ */
+function resolveTenantId(logger, tenantId, clientId) {
+    if (tenantId) {
+        checkTenantId(logger, tenantId);
+        return tenantId;
+    }
+    if (!clientId) {
+        clientId = constants_js_1.DeveloperSignOnClientId;
+    }
+    if (clientId !== constants_js_1.DeveloperSignOnClientId) {
+        return "common";
+    }
+    return "organizations";
+}
+/**
+ * @internal
+ */
+function resolveAdditionallyAllowedTenantIds(additionallyAllowedTenants) {
+    if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {
+        return [];
+    }
+    if (additionallyAllowedTenants.includes("*")) {
+        return constants_js_1.ALL_TENANTS;
+    }
+    return additionallyAllowedTenants;
+}
+//# sourceMappingURL=tenantIdUtils.js.map

package/dist/commonjs/util/tenantIdUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenantIdUtils.js","sourceRoot":"","sources":["../../../src/util/tenantIdUtils.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAUlC,sCAQC;AAKD,0CAgBC;AAKD,kFAYC;AAtDD,kDAAuE;AAEvE,6CAA2C;AAC3C,+EAA2E;AAAlE,yIAAA,yBAAyB,OAAA;AAElC;;GAEG;AACH,SAAgB,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4KAA4K,CAC7K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,MAAwB,EACxB,QAAiB,EACjB,QAAiB;IAEjB,IAAI,QAAQ,EAAE,CAAC;QACb,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,sCAAuB,CAAC;IACrC,CAAC;IACD,IAAI,QAAQ,KAAK,sCAAuB,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,mCAAmC,CACjD,0BAAqC;IAErC,IAAI,CAAC,0BAA0B,IAAI,0BAA0B,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3E,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,0BAA0B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,0BAAW,CAAC;IACrB,CAAC;IAED,OAAO,0BAA0B,CAAC;AACpC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { ALL_TENANTS, DeveloperSignOnClientId } from \"../constants.js\";\nimport type { CredentialLogger } from \"./logging.js\";\nimport { formatError } from \"./logging.js\";\nexport { processMultiTenantRequest } from \"./processMultiTenantRequest.js\";\n\n/**\n * @internal\n */\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n if (!tenantId.match(/^[0-9a-zA-Z-.]+$/)) {\n const error = new Error(\n \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.\",\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n\n/**\n * @internal\n */\nexport function resolveTenantId(\n logger: CredentialLogger,\n tenantId?: string,\n clientId?: string,\n): string {\n if (tenantId) {\n checkTenantId(logger, tenantId);\n return tenantId;\n }\n if (!clientId) {\n clientId = DeveloperSignOnClientId;\n }\n if (clientId !== DeveloperSignOnClientId) {\n return \"common\";\n }\n return \"organizations\";\n}\n\n/**\n * @internal\n */\nexport function resolveAdditionallyAllowedTenantIds(\n additionallyAllowedTenants?: string[],\n): string[] {\n if (!additionallyAllowedTenants || additionallyAllowedTenants.length === 0) {\n return [];\n }\n\n if (additionallyAllowedTenants.includes(\"*\")) {\n return ALL_TENANTS;\n }\n\n return additionallyAllowedTenants;\n}\n"]}

package/dist/commonjs/util/tracing.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Creates a span using the global tracer.
+ * @internal
+ */
+export declare const tracingClient: import("@azure/core-tracing").TracingClient;
+//# sourceMappingURL=tracing.d.ts.map

package/dist/commonjs/util/tracing.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"tracing.d.ts","sourceRoot":"","sources":["../../../src/util/tracing.ts"],"names":[],"mappings":"AAMA;;;GAGG;AACH,eAAO,MAAM,aAAa,6CAIxB,CAAC"}

package/dist/commonjs/util/tracing.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tracingClient = void 0;
+const constants_js_1 = require("../constants.js");
+const core_tracing_1 = require("@azure/core-tracing");
+/**
+ * Creates a span using the global tracer.
+ * @internal
+ */
+exports.tracingClient = (0, core_tracing_1.createTracingClient)({
+    namespace: "Microsoft.AAD",
+    packageName: "@azure/identity",
+    packageVersion: constants_js_1.SDK_VERSION,
+});
+//# sourceMappingURL=tracing.js.map

package/dist/commonjs/util/tracing.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../../src/util/tracing.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,kDAA8C;AAC9C,sDAA0D;AAE1D;;;GAGG;AACU,QAAA,aAAa,GAAG,IAAA,kCAAmB,EAAC;IAC/C,SAAS,EAAE,eAAe;IAC1B,WAAW,EAAE,iBAAiB;IAC9B,cAAc,EAAE,0BAAW;CAC5B,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { SDK_VERSION } from \"../constants.js\";\nimport { createTracingClient } from \"@azure/core-tracing\";\n\n/**\n * Creates a span using the global tracer.\n * @internal\n */\nexport const tracingClient = createTracingClient({\n namespace: \"Microsoft.AAD\",\n packageName: \"@azure/identity\",\n packageVersion: SDK_VERSION,\n});\n"]}

package/dist/esm/client/identityClient.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import type { INetworkModule, NetworkRequestOptions, NetworkResponse } from "@azure/msal-node";
+import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
+import { ServiceClient } from "@azure/core-client";
+import type { PipelineRequest } from "@azure/core-rest-pipeline";
+import type { AbortSignalLike } from "@azure/abort-controller";
+import type { TokenCredentialOptions } from "../tokenCredentialOptions.js";
+/**
+ * An internal type used to communicate details of a token request's
+ * response that should not be sent back as part of the access token.
+ */
+export interface TokenResponse {
+    /**
+     * The AccessToken to be returned from getToken.
+     */
+    accessToken: AccessToken;
+    /**
+     * The refresh token if the 'offline_access' scope was used.
+     */
+    refreshToken?: string;
+}
+/**
+ * @internal
+ */
+export declare function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string;
+/**
+ * The network module used by the Identity credentials.
+ *
+ * It allows for credentials to abort any pending request independently of the MSAL flow,
+ * by calling to the `abortRequests()` method.
+ *
+ */
+export declare class IdentityClient extends ServiceClient implements INetworkModule {
+    authorityHost: string;
+    private allowLoggingAccountIdentifiers?;
+    private abortControllers;
+    private allowInsecureConnection;
+    private tokenCredentialOptions;
+    constructor(options?: TokenCredentialOptions);
+    sendTokenRequest(request: PipelineRequest): Promise<TokenResponse | null>;
+    refreshAccessToken(tenantId: string, clientId: string, scopes: string, refreshToken: string | undefined, clientSecret: string | undefined, options?: GetTokenOptions): Promise<TokenResponse | null>;
+    generateAbortSignal(correlationId: string): AbortSignalLike;
+    abortRequests(correlationId?: string): void;
+    getCorrelationId(options?: NetworkRequestOptions): string;
+    sendGetRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
+    sendPostRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
+    /**
+     *
+     * @internal
+     */
+    getTokenCredentialOptions(): TokenCredentialOptions;
+    /**
+     * If allowLoggingAccountIdentifiers was set on the constructor options
+     * we try to log the account identifiers by parsing the received access token.
+     *
+     * The account identifiers we try to log are:
+     * - `appid`: The application or Client Identifier.
+     * - `upn`: User Principal Name.
+     *   - It might not be available in some authentication scenarios.
+     *   - If it's not available, we put a placeholder: "No User Principal Name available".
+     * - `tid`: Tenant Identifier.
+     * - `oid`: Object Identifier of the authenticated user.
+     */
+    private logIdentifiers;
+}
+//# sourceMappingURL=identityClient.d.ts.map

package/dist/esm/client/identityClient.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"identityClient.d.ts","sourceRoot":"","sources":["../../../src/client/identityClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,2BAA2B,CAAC;AAEnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAM/D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAS3E;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,WAAW,CAAC;IACzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,MAAM,CAWvF;AAED;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,aAAc,YAAW,cAAc;IAClE,aAAa,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,OAAO,CAAC,EAAE,sBAAsB;IAmCtC,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmCzE,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkEhC,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe;IAe3D,aAAa,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI;IAgB3C,gBAAgB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM;IAUnD,mBAAmB,CAAC,CAAC,EACzB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAqBxB,oBAAoB,CAAC,CAAC,EAC1B,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAsB9B;;;OAGG;IACH,yBAAyB,IAAI,sBAAsB;IAGnD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,cAAc;CA6BvB"}

package/dist/esm/client/identityClient.js ADDED Viewed

@@ -0,0 +1,248 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { ServiceClient } from "@azure/core-client";
+import { isNode } from "@azure/core-util";
+import { createHttpHeaders, createPipelineRequest } from "@azure/core-rest-pipeline";
+import { AuthenticationError, AuthenticationErrorName } from "../errors.js";
+import { getIdentityTokenEndpointSuffix } from "../util/identityTokenEndpoint.js";
+import { DefaultAuthorityHost, SDK_VERSION } from "../constants.js";
+import { tracingClient } from "../util/tracing.js";
+import { logger } from "../util/logging.js";
+import { parseExpirationTimestamp, parseRefreshTimestamp, } from "../credentials/managedIdentityCredential/utils.js";
+const noCorrelationId = "noCorrelationId";
+/**
+ * @internal
+ */
+export function getIdentityClientAuthorityHost(options) {
+    // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.
+    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
+    // The AZURE_AUTHORITY_HOST environment variable can only be provided in Node.js.
+    if (isNode) {
+        authorityHost = authorityHost !== null && authorityHost !== void 0 ? authorityHost : process.env.AZURE_AUTHORITY_HOST;
+    }
+    // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com
+    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
+}
+/**
+ * The network module used by the Identity credentials.
+ *
+ * It allows for credentials to abort any pending request independently of the MSAL flow,
+ * by calling to the `abortRequests()` method.
+ *
+ */
+export class IdentityClient extends ServiceClient {
+    constructor(options) {
+        var _a, _b;
+        const packageDetails = `azsdk-js-identity/${SDK_VERSION}`;
+        const userAgentPrefix = ((_a = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _a === void 0 ? void 0 : _a.userAgentPrefix)
+            ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`
+            : `${packageDetails}`;
+        const baseUri = getIdentityClientAuthorityHost(options);
+        if (!baseUri.startsWith("https:")) {
+            throw new Error("The authorityHost address must use the 'https' protocol.");
+        }
+        super(Object.assign(Object.assign({ requestContentType: "application/json; charset=utf-8", retryOptions: {
+                maxRetries: 3,
+            } }, options), { userAgentOptions: {
+                userAgentPrefix,
+            }, baseUri }));
+        this.allowInsecureConnection = false;
+        this.authorityHost = baseUri;
+        this.abortControllers = new Map();
+        this.allowLoggingAccountIdentifiers = (_b = options === null || options === void 0 ? void 0 : options.loggingOptions) === null || _b === void 0 ? void 0 : _b.allowLoggingAccountIdentifiers;
+        // used for WorkloadIdentity
+        this.tokenCredentialOptions = Object.assign({}, options);
+        // used for ManagedIdentity
+        if (options === null || options === void 0 ? void 0 : options.allowInsecureConnection) {
+            this.allowInsecureConnection = options.allowInsecureConnection;
+        }
+    }
+    async sendTokenRequest(request) {
+        logger.info(`IdentityClient: sending token request to [${request.url}]`);
+        const response = await this.sendRequest(request);
+        if (response.bodyAsText && (response.status === 200 || response.status === 201)) {
+            const parsedBody = JSON.parse(response.bodyAsText);
+            if (!parsedBody.access_token) {
+                return null;
+            }
+            this.logIdentifiers(response);
+            const token = {
+                accessToken: {
+                    token: parsedBody.access_token,
+                    expiresOnTimestamp: parseExpirationTimestamp(parsedBody),
+                    refreshAfterTimestamp: parseRefreshTimestamp(parsedBody),
+                    tokenType: "Bearer",
+                },
+                refreshToken: parsedBody.refresh_token,
+            };
+            logger.info(`IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`);
+            return token;
+        }
+        else {
+            const error = new AuthenticationError(response.status, response.bodyAsText);
+            logger.warning(`IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`);
+            throw error;
+        }
+    }
+    async refreshAccessToken(tenantId, clientId, scopes, refreshToken, clientSecret, options = {}) {
+        if (refreshToken === undefined) {
+            return null;
+        }
+        logger.info(`IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`);
+        const refreshParams = {
+            grant_type: "refresh_token",
+            client_id: clientId,
+            refresh_token: refreshToken,
+            scope: scopes,
+        };
+        if (clientSecret !== undefined) {
+            refreshParams.client_secret = clientSecret;
+        }
+        const query = new URLSearchParams(refreshParams);
+        return tracingClient.withSpan("IdentityClient.refreshAccessToken", options, async (updatedOptions) => {
+            try {
+                const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);
+                const request = createPipelineRequest({
+                    url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,
+                    method: "POST",
+                    body: query.toString(),
+                    abortSignal: options.abortSignal,
+                    headers: createHttpHeaders({
+                        Accept: "application/json",
+                        "Content-Type": "application/x-www-form-urlencoded",
+                    }),
+                    tracingOptions: updatedOptions.tracingOptions,
+                });
+                const response = await this.sendTokenRequest(request);
+                logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);
+                return response;
+            }
+            catch (err) {
+                if (err.name === AuthenticationErrorName &&
+                    err.errorResponse.error === "interaction_required") {
+                    // It's likely that the refresh token has expired, so
+                    // return null so that the credential implementation will
+                    // initiate the authentication flow again.
+                    logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);
+                    return null;
+                }
+                else {
+                    logger.warning(`IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`);
+                    throw err;
+                }
+            }
+        });
+    }
+    // Here is a custom layer that allows us to abort requests that go through MSAL,
+    // since MSAL doesn't allow us to pass options all the way through.
+    generateAbortSignal(correlationId) {
+        const controller = new AbortController();
+        const controllers = this.abortControllers.get(correlationId) || [];
+        controllers.push(controller);
+        this.abortControllers.set(correlationId, controllers);
+        const existingOnAbort = controller.signal.onabort;
+        controller.signal.onabort = (...params) => {
+            this.abortControllers.set(correlationId, undefined);
+            if (existingOnAbort) {
+                existingOnAbort.apply(controller.signal, params);
+            }
+        };
+        return controller.signal;
+    }
+    abortRequests(correlationId) {
+        const key = correlationId || noCorrelationId;
+        const controllers = [
+            ...(this.abortControllers.get(key) || []),
+            // MSAL passes no correlation ID to the get requests...
+            ...(this.abortControllers.get(noCorrelationId) || []),
+        ];
+        if (!controllers.length) {
+            return;
+        }
+        for (const controller of controllers) {
+            controller.abort();
+        }
+        this.abortControllers.set(key, undefined);
+    }
+    getCorrelationId(options) {
+        var _a;
+        const parameter = (_a = options === null || options === void 0 ? void 0 : options.body) === null || _a === void 0 ? void 0 : _a.split("&").map((part) => part.split("=")).find(([key]) => key === "client-request-id");
+        return parameter && parameter.length ? parameter[1] || noCorrelationId : noCorrelationId;
+    }
+    // The MSAL network module methods follow
+    async sendGetRequestAsync(url, options) {
+        const request = createPipelineRequest({
+            url,
+            method: "GET",
+            body: options === null || options === void 0 ? void 0 : options.body,
+            allowInsecureConnection: this.allowInsecureConnection,
+            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            abortSignal: this.generateAbortSignal(noCorrelationId),
+        });
+        const response = await this.sendRequest(request);
+        this.logIdentifiers(response);
+        return {
+            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            headers: response.headers.toJSON(),
+            status: response.status,
+        };
+    }
+    async sendPostRequestAsync(url, options) {
+        const request = createPipelineRequest({
+            url,
+            method: "POST",
+            body: options === null || options === void 0 ? void 0 : options.body,
+            headers: createHttpHeaders(options === null || options === void 0 ? void 0 : options.headers),
+            allowInsecureConnection: this.allowInsecureConnection,
+            // MSAL doesn't send the correlation ID on the get requests.
+            abortSignal: this.generateAbortSignal(this.getCorrelationId(options)),
+        });
+        const response = await this.sendRequest(request);
+        this.logIdentifiers(response);
+        return {
+            body: response.bodyAsText ? JSON.parse(response.bodyAsText) : undefined,
+            headers: response.headers.toJSON(),
+            status: response.status,
+        };
+    }
+    /**
+     *
+     * @internal
+     */
+    getTokenCredentialOptions() {
+        return this.tokenCredentialOptions;
+    }
+    /**
+     * If allowLoggingAccountIdentifiers was set on the constructor options
+     * we try to log the account identifiers by parsing the received access token.
+     *
+     * The account identifiers we try to log are:
+     * - `appid`: The application or Client Identifier.
+     * - `upn`: User Principal Name.
+     *   - It might not be available in some authentication scenarios.
+     *   - If it's not available, we put a placeholder: "No User Principal Name available".
+     * - `tid`: Tenant Identifier.
+     * - `oid`: Object Identifier of the authenticated user.
+     */
+    logIdentifiers(response) {
+        if (!this.allowLoggingAccountIdentifiers || !response.bodyAsText) {
+            return;
+        }
+        const unavailableUpn = "No User Principal Name available";
+        try {
+            const parsed = response.parsedBody || JSON.parse(response.bodyAsText);
+            const accessToken = parsed.access_token;
+            if (!accessToken) {
+                // Without an access token allowLoggingAccountIdentifiers isn't useful.
+                return;
+            }
+            const base64Metadata = accessToken.split(".")[1];
+            const { appid, upn, tid, oid } = JSON.parse(Buffer.from(base64Metadata, "base64").toString("utf8"));
+            logger.info(`[Authenticated account] Client ID: ${appid}. Tenant ID: ${tid}. User Principal Name: ${upn || unavailableUpn}. Object ID (user): ${oid}`);
+        }
+        catch (e) {
+            logger.warning("allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:", e.message);
+        }
+    }
+}
+//# sourceMappingURL=identityClient.js.map