@azure/identity 4.5.1-alpha.20241112.1 → 4.5.1-alpha.20241113.2
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/browser/client/identityClient.d.ts +65 -0
- package/dist/browser/client/identityClient.d.ts.map +1 -0
- package/dist/browser/client/identityClient.js +248 -0
- package/dist/browser/client/identityClient.js.map +1 -0
- package/dist/browser/constants.d.ts +64 -0
- package/dist/browser/constants.d.ts.map +1 -0
- package/dist/browser/credentials/authorityValidationOptions.d.ts +16 -0
- package/dist/browser/credentials/authorityValidationOptions.d.ts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredential.d.ts +11 -0
- package/dist/browser/credentials/authorizationCodeCredential.js +16 -0
- package/dist/browser/credentials/authorizationCodeCredentialOptions.d.ts +8 -0
- package/dist/browser/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/authorizationCodeCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/azureApplicationCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/azureApplicationCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/azureApplicationCredential.d.ts +24 -0
- package/dist/browser/credentials/azureApplicationCredential.js +34 -0
- package/dist/browser/credentials/azureApplicationCredentialOptions.d.ts +13 -0
- package/dist/browser/credentials/azureApplicationCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/azureApplicationCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/azureCliCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/azureCliCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/azureCliCredential.d.ts +13 -0
- package/dist/browser/credentials/azureCliCredential.js +23 -0
- package/dist/browser/credentials/azureCliCredentialOptions.d.ts +20 -0
- package/dist/browser/credentials/azureCliCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/azureCliCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.d.ts +13 -0
- package/dist/browser/credentials/azureDeveloperCliCredential.js +23 -0
- package/dist/browser/credentials/azureDeveloperCliCredentialOptions.d.ts +15 -0
- package/dist/browser/credentials/azureDeveloperCliCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/azureDeveloperCliCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredential.d.ts +13 -0
- package/dist/browser/credentials/azurePipelinesCredential.js +23 -0
- package/dist/browser/credentials/azurePipelinesCredentialOptions.d.ts +9 -0
- package/dist/browser/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/azurePipelinesCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredential.d.ts +12 -0
- package/dist/browser/credentials/azurePowerShellCredential.js +22 -0
- package/dist/browser/credentials/azurePowerShellCredentialOptions.d.ts +15 -0
- package/dist/browser/credentials/azurePowerShellCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/azurePowerShellCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/brokerAuthOptions.d.ts +13 -0
- package/dist/browser/credentials/brokerAuthOptions.d.ts.map +1 -0
- package/dist/browser/credentials/brokerAuthOptions.js.map +1 -0
- package/dist/browser/credentials/browserCustomizationOptions.d.ts +19 -0
- package/dist/browser/credentials/browserCustomizationOptions.d.ts.map +1 -0
- package/dist/browser/credentials/chainedTokenCredential.d.ts +49 -0
- package/dist/browser/credentials/chainedTokenCredential.d.ts.map +1 -0
- package/dist/browser/credentials/chainedTokenCredential.js +90 -0
- package/dist/browser/credentials/chainedTokenCredential.js.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/clientAssertionCredential.d.ts +12 -0
- package/dist/browser/credentials/clientAssertionCredential.js +22 -0
- package/dist/browser/credentials/clientAssertionCredentialOptions.d.ts +9 -0
- package/dist/browser/credentials/clientAssertionCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/clientAssertionCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/clientCertificateCredential.d.ts +13 -0
- package/dist/browser/credentials/clientCertificateCredential.js +23 -0
- package/dist/browser/credentials/clientCertificateCredentialOptions.d.ts +14 -0
- package/dist/browser/credentials/clientCertificateCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/clientCertificateCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/clientSecretCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/clientSecretCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/clientSecretCredential.d.ts +40 -0
- package/dist/browser/credentials/clientSecretCredential.js +83 -0
- package/dist/browser/credentials/clientSecretCredentialOptions.d.ts +9 -0
- package/dist/browser/credentials/clientSecretCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/clientSecretCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/credentialPersistenceOptions.d.ts +29 -0
- package/dist/browser/credentials/credentialPersistenceOptions.d.ts.map +1 -0
- package/dist/browser/credentials/credentialPersistenceOptions.js.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/defaultAzureCredential.d.ts +19 -0
- package/dist/browser/credentials/defaultAzureCredential.js +29 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts +49 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/defaultAzureCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/deviceCodeCredential.d.ts +13 -0
- package/dist/browser/credentials/deviceCodeCredential.js +23 -0
- package/dist/browser/credentials/deviceCodeCredentialOptions.d.ts +53 -0
- package/dist/browser/credentials/deviceCodeCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/deviceCodeCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/environmentCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/environmentCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/environmentCredential.d.ts +13 -0
- package/dist/browser/credentials/environmentCredential.js +23 -0
- package/dist/browser/credentials/environmentCredentialOptions.d.ts +9 -0
- package/dist/browser/credentials/environmentCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/environmentCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredential.d.ts +53 -0
- package/dist/browser/credentials/interactiveBrowserCredential.js +86 -0
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.d.ts +77 -0
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/interactiveBrowserCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/interactiveCredentialOptions.d.ts +25 -0
- package/dist/browser/credentials/interactiveCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/interactiveCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.d.ts +18 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js +122 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsMsi.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +12 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index-browser.d.mts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index-browser.mjs.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/index.d.ts +6 -0
- package/dist/browser/credentials/managedIdentityCredential/index.js +16 -0
- package/dist/browser/credentials/managedIdentityCredential/models.d.ts +24 -0
- package/dist/browser/credentials/managedIdentityCredential/models.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/models.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts +14 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js +32 -0
- package/dist/browser/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
- package/dist/browser/credentials/managedIdentityCredential/utils.d.ts +33 -0
- package/dist/browser/credentials/managedIdentityCredential/utils.d.ts.map +1 -0
- package/dist/browser/credentials/multiTenantTokenCredentialOptions.d.ts +12 -0
- package/dist/browser/credentials/multiTenantTokenCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/multiTenantTokenCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredential.d.ts +12 -0
- package/dist/browser/credentials/onBehalfOfCredential.js +23 -0
- package/dist/browser/credentials/onBehalfOfCredentialOptions.d.ts +76 -0
- package/dist/browser/credentials/onBehalfOfCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/onBehalfOfCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredential.d.ts +40 -0
- package/dist/browser/credentials/usernamePasswordCredential.js +77 -0
- package/dist/browser/credentials/usernamePasswordCredentialOptions.d.ts +9 -0
- package/dist/browser/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/usernamePasswordCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredential.d.ts +15 -0
- package/dist/browser/credentials/visualStudioCodeCredential.js +27 -0
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts +11 -0
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredentialOptions.js.map +1 -0
- package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts +11 -0
- package/dist/browser/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential-browser.d.mts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential-browser.mjs.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredential.d.ts +17 -0
- package/dist/browser/credentials/workloadIdentityCredential.js +27 -0
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts +20 -0
- package/dist/browser/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -0
- package/dist/browser/credentials/workloadIdentityCredentialOptions.js.map +1 -0
- package/dist/browser/errors.d.ts +139 -0
- package/dist/browser/errors.d.ts.map +1 -0
- package/dist/browser/index.d.ts +59 -0
- package/dist/browser/index.d.ts.map +1 -0
- package/dist/browser/index.js +34 -0
- package/dist/browser/index.js.map +1 -0
- package/dist/browser/msal/browserFlows/flows.d.ts +42 -0
- package/dist/browser/msal/browserFlows/flows.d.ts.map +1 -0
- package/dist/browser/msal/browserFlows/flows.js.map +1 -0
- package/dist/browser/msal/browserFlows/msalAuthCode.d.ts +50 -0
- package/dist/browser/msal/browserFlows/msalAuthCode.d.ts.map +1 -0
- package/dist/browser/msal/browserFlows/msalAuthCode.js +203 -0
- package/dist/browser/msal/browserFlows/msalAuthCode.js.map +1 -0
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts +106 -0
- package/dist/browser/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -0
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js +116 -0
- package/dist/browser/msal/browserFlows/msalBrowserCommon.js.map +1 -0
- package/dist/browser/msal/credentials.d.ts +52 -0
- package/dist/browser/msal/credentials.d.ts.map +1 -0
- package/dist/browser/msal/credentials.js.map +1 -0
- package/dist/browser/msal/msal-browser.d.mts.map +1 -0
- package/dist/browser/msal/msal-browser.mjs.map +1 -0
- package/dist/browser/msal/msal.d.ts +3 -0
- package/dist/browser/msal/msal.js +5 -0
- package/dist/browser/msal/nodeFlows/brokerOptions.d.ts +44 -0
- package/dist/browser/msal/nodeFlows/brokerOptions.d.ts.map +1 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts +186 -0
- package/dist/browser/msal/nodeFlows/msalClient.d.ts.map +1 -0
- package/dist/browser/msal/nodeFlows/msalClient.js +477 -0
- package/dist/browser/msal/nodeFlows/msalClient.js.map +1 -0
- package/dist/browser/msal/nodeFlows/msalPlugins.d.ts +91 -0
- package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map +1 -0
- package/dist/browser/msal/nodeFlows/msalPlugins.js +87 -0
- package/dist/browser/msal/nodeFlows/msalPlugins.js.map +1 -0
- package/dist/browser/msal/nodeFlows/tokenCachePersistenceOptions.d.ts +24 -0
- package/dist/browser/msal/nodeFlows/tokenCachePersistenceOptions.d.ts.map +1 -0
- package/dist/browser/msal/types.d.ts +87 -0
- package/dist/browser/msal/types.d.ts.map +1 -0
- package/dist/browser/msal/utils.d.ts +95 -0
- package/dist/browser/msal/utils.d.ts.map +1 -0
- package/dist/browser/msal/utils.js +232 -0
- package/dist/browser/msal/utils.js.map +1 -0
- package/dist/browser/package.json +3 -0
- package/dist/browser/plugins/consumer-browser.d.mts.map +1 -0
- package/dist/browser/plugins/consumer-browser.mjs.map +1 -0
- package/dist/browser/plugins/consumer.d.ts +2 -0
- package/dist/browser/plugins/consumer.js +7 -0
- package/dist/browser/plugins/provider.d.ts +36 -0
- package/dist/browser/plugins/provider.d.ts.map +1 -0
- package/dist/browser/plugins/provider.js.map +1 -0
- package/dist/browser/regionalAuthority.d.ts +122 -0
- package/dist/browser/regionalAuthority.d.ts.map +1 -0
- package/dist/browser/tokenCredentialOptions.d.ts +28 -0
- package/dist/browser/tokenCredentialOptions.d.ts.map +1 -0
- package/dist/browser/tokenProvider.d.ts +38 -0
- package/dist/browser/tokenProvider.d.ts.map +1 -0
- package/dist/browser/util/authHostEnv-browser.d.mts +4 -0
- package/dist/browser/util/authHostEnv-browser.d.mts.map +1 -0
- package/dist/browser/util/authHostEnv-browser.mjs +7 -0
- package/dist/browser/util/authHostEnv-browser.mjs.map +1 -0
- package/dist/browser/util/identityTokenEndpoint.d.ts +2 -0
- package/dist/browser/util/identityTokenEndpoint.d.ts.map +1 -0
- package/dist/browser/util/logging.d.ts +70 -0
- package/dist/browser/util/logging.d.ts.map +1 -0
- package/dist/browser/util/processMultiTenantRequest-browser.d.mts.map +1 -0
- package/dist/browser/util/processMultiTenantRequest-browser.mjs.map +1 -0
- package/dist/browser/util/processMultiTenantRequest.d.ts +9 -0
- package/dist/browser/util/processMultiTenantRequest.js +29 -0
- package/dist/browser/util/processUtils.d.ts +13 -0
- package/dist/browser/util/processUtils.d.ts.map +1 -0
- package/dist/browser/util/scopeUtils.d.ts +17 -0
- package/dist/browser/util/scopeUtils.d.ts.map +1 -0
- package/dist/browser/util/scopeUtils.js +29 -0
- package/dist/browser/util/scopeUtils.js.map +1 -0
- package/dist/browser/util/subscriptionUtils.d.ts +6 -0
- package/dist/browser/util/subscriptionUtils.d.ts.map +1 -0
- package/dist/browser/util/subscriptionUtils.js +14 -0
- package/dist/browser/util/subscriptionUtils.js.map +1 -0
- package/dist/browser/util/tenantIdUtils.d.ts +15 -0
- package/dist/browser/util/tenantIdUtils.d.ts.map +1 -0
- package/dist/browser/util/tenantIdUtils.js +44 -0
- package/dist/browser/util/tenantIdUtils.js.map +1 -0
- package/dist/browser/util/tracing.d.ts +6 -0
- package/dist/browser/util/tracing.d.ts.map +1 -0
- package/dist/browser/util/tracing.js +14 -0
- package/dist/browser/util/tracing.js.map +1 -0
- package/dist/commonjs/client/identityClient.d.ts +65 -0
- package/dist/commonjs/client/identityClient.d.ts.map +1 -0
- package/dist/commonjs/client/identityClient.js +253 -0
- package/dist/commonjs/client/identityClient.js.map +1 -0
- package/dist/commonjs/constants.d.ts +64 -0
- package/dist/commonjs/constants.d.ts.map +1 -0
- package/dist/commonjs/constants.js +73 -0
- package/dist/commonjs/constants.js.map +1 -0
- package/dist/commonjs/credentials/authorityValidationOptions.d.ts +16 -0
- package/dist/commonjs/credentials/authorityValidationOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/authorityValidationOptions.js +5 -0
- package/dist/commonjs/credentials/authorityValidationOptions.js.map +1 -0
- package/dist/commonjs/credentials/authorizationCodeCredential.d.ts +73 -0
- package/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/authorizationCodeCredential.js +64 -0
- package/dist/commonjs/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts +8 -0
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/azureApplicationCredential.d.ts +24 -0
- package/dist/commonjs/credentials/azureApplicationCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureApplicationCredential.js +36 -0
- package/dist/commonjs/credentials/azureApplicationCredential.js.map +1 -0
- package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts +13 -0
- package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureApplicationCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/azureApplicationCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/azureCliCredential.d.ts +64 -0
- package/dist/commonjs/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureCliCredential.js +194 -0
- package/dist/commonjs/credentials/azureCliCredential.js.map +1 -0
- package/dist/commonjs/credentials/azureCliCredentialOptions.d.ts +20 -0
- package/dist/commonjs/credentials/azureCliCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureCliCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/azureCliCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts +71 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js +176 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts +15 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/azurePipelinesCredential.d.ts +38 -0
- package/dist/commonjs/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/azurePipelinesCredential.js +146 -0
- package/dist/commonjs/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts +9 -0
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/azurePowerShellCredential.d.ts +75 -0
- package/dist/commonjs/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/azurePowerShellCredential.js +235 -0
- package/dist/commonjs/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.d.ts +15 -0
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/azurePowerShellCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/brokerAuthOptions.d.ts +13 -0
- package/dist/commonjs/credentials/brokerAuthOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/brokerAuthOptions.js +3 -0
- package/dist/commonjs/credentials/brokerAuthOptions.js.map +1 -0
- package/dist/commonjs/credentials/browserCustomizationOptions.d.ts +19 -0
- package/dist/commonjs/credentials/browserCustomizationOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/browserCustomizationOptions.js +5 -0
- package/dist/commonjs/credentials/browserCustomizationOptions.js.map +1 -0
- package/dist/commonjs/credentials/chainedTokenCredential.d.ts +49 -0
- package/dist/commonjs/credentials/chainedTokenCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/chainedTokenCredential.js +94 -0
- package/dist/commonjs/credentials/chainedTokenCredential.js.map +1 -0
- package/dist/commonjs/credentials/clientAssertionCredential.d.ts +33 -0
- package/dist/commonjs/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientAssertionCredential.js +59 -0
- package/dist/commonjs/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts +9 -0
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/clientCertificateCredential.d.ts +101 -0
- package/dist/commonjs/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientCertificateCredential.js +124 -0
- package/dist/commonjs/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts +14 -0
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/clientSecretCredential.d.ts +37 -0
- package/dist/commonjs/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientSecretCredential.js +64 -0
- package/dist/commonjs/credentials/clientSecretCredential.js.map +1 -0
- package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts +9 -0
- package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/clientSecretCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/credentialPersistenceOptions.d.ts +29 -0
- package/dist/commonjs/credentials/credentialPersistenceOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/credentialPersistenceOptions.js +5 -0
- package/dist/commonjs/credentials/credentialPersistenceOptions.js.map +1 -0
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts +65 -0
- package/dist/commonjs/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/defaultAzureCredential.js +171 -0
- package/dist/commonjs/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts +49 -0
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/defaultAzureCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/deviceCodeCredential.d.ts +67 -0
- package/dist/commonjs/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/deviceCodeCredential.js +96 -0
- package/dist/commonjs/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.d.ts +53 -0
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/deviceCodeCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/environmentCredential.d.ts +52 -0
- package/dist/commonjs/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/environmentCredential.js +135 -0
- package/dist/commonjs/credentials/environmentCredential.js.map +1 -0
- package/dist/commonjs/credentials/environmentCredentialOptions.d.ts +9 -0
- package/dist/commonjs/credentials/environmentCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/environmentCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/environmentCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/interactiveBrowserCredential.d.ts +56 -0
- package/dist/commonjs/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/interactiveBrowserCredential.js +95 -0
- package/dist/commonjs/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.d.ts +77 -0
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/interactiveBrowserCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/interactiveCredentialOptions.d.ts +25 -0
- package/dist/commonjs/credentials/interactiveCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/interactiveCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/interactiveCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.d.ts +18 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js +125 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsMsi.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +12 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js +36 -0
- package/dist/commonjs/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/index.d.ts +95 -0
- package/dist/commonjs/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/index.js +221 -0
- package/dist/commonjs/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/models.d.ts +24 -0
- package/dist/commonjs/credentials/managedIdentityCredential/models.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/models.js +5 -0
- package/dist/commonjs/credentials/managedIdentityCredential/models.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts +14 -0
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js +35 -0
- package/dist/commonjs/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/utils.d.ts +33 -0
- package/dist/commonjs/credentials/managedIdentityCredential/utils.d.ts.map +1 -0
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js +82 -0
- package/dist/commonjs/credentials/managedIdentityCredential/utils.js.map +1 -0
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.d.ts +12 -0
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/multiTenantTokenCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/onBehalfOfCredential.d.ts +102 -0
- package/dist/commonjs/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/onBehalfOfCredential.js +116 -0
- package/dist/commonjs/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.d.ts +76 -0
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/onBehalfOfCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/usernamePasswordCredential.d.ts +41 -0
- package/dist/commonjs/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/usernamePasswordCredential.js +71 -0
- package/dist/commonjs/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.d.ts +9 -0
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/usernamePasswordCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts +60 -0
- package/dist/commonjs/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredential.js +196 -0
- package/dist/commonjs/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts +11 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialOptions.js.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts +11 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js +5 -0
- package/dist/commonjs/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
- package/dist/commonjs/credentials/workloadIdentityCredential.d.ts +47 -0
- package/dist/commonjs/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/commonjs/credentials/workloadIdentityCredential.js +118 -0
- package/dist/commonjs/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts +20 -0
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js +5 -0
- package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js.map +1 -0
- package/dist/commonjs/errors.d.ts +139 -0
- package/dist/commonjs/errors.d.ts.map +1 -0
- package/dist/commonjs/errors.js +130 -0
- package/dist/commonjs/errors.js.map +1 -0
- package/dist/commonjs/index.d.ts +59 -0
- package/dist/commonjs/index.d.ts.map +1 -0
- package/dist/commonjs/index.js +69 -0
- package/dist/commonjs/index.js.map +1 -0
- package/dist/commonjs/msal/browserFlows/flows.d.ts +42 -0
- package/dist/commonjs/msal/browserFlows/flows.d.ts.map +1 -0
- package/dist/commonjs/msal/browserFlows/flows.js +5 -0
- package/dist/commonjs/msal/browserFlows/flows.js.map +1 -0
- package/dist/commonjs/msal/browserFlows/msalAuthCode.d.ts +50 -0
- package/dist/commonjs/msal/browserFlows/msalAuthCode.d.ts.map +1 -0
- package/dist/commonjs/msal/browserFlows/msalAuthCode.js +208 -0
- package/dist/commonjs/msal/browserFlows/msalAuthCode.js.map +1 -0
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts +106 -0
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -0
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js +121 -0
- package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map +1 -0
- package/dist/commonjs/msal/credentials.d.ts +52 -0
- package/dist/commonjs/msal/credentials.d.ts.map +1 -0
- package/dist/commonjs/msal/credentials.js +5 -0
- package/dist/commonjs/msal/credentials.js.map +1 -0
- package/dist/commonjs/msal/msal.d.ts +3 -0
- package/dist/commonjs/msal/msal.d.ts.map +1 -0
- package/dist/commonjs/msal/msal.js +9 -0
- package/dist/commonjs/msal/msal.js.map +1 -0
- package/dist/commonjs/msal/nodeFlows/brokerOptions.d.ts +44 -0
- package/dist/commonjs/msal/nodeFlows/brokerOptions.d.ts.map +1 -0
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js +3 -0
- package/dist/commonjs/msal/nodeFlows/brokerOptions.js.map +1 -0
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts +186 -0
- package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map +1 -0
- package/dist/commonjs/msal/nodeFlows/msalClient.js +482 -0
- package/dist/commonjs/msal/nodeFlows/msalClient.js.map +1 -0
- package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts +91 -0
- package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map +1 -0
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js +91 -0
- package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map +1 -0
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.d.ts +24 -0
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.d.ts.map +1 -0
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js +5 -0
- package/dist/commonjs/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -0
- package/dist/commonjs/msal/types.d.ts +87 -0
- package/dist/commonjs/msal/types.d.ts.map +1 -0
- package/dist/commonjs/msal/types.js +5 -0
- package/dist/commonjs/msal/types.js.map +1 -0
- package/dist/commonjs/msal/utils.d.ts +95 -0
- package/dist/commonjs/msal/utils.d.ts.map +1 -0
- package/dist/commonjs/msal/utils.js +247 -0
- package/dist/commonjs/msal/utils.js.map +1 -0
- package/dist/commonjs/package.json +3 -0
- package/dist/commonjs/plugins/consumer.d.ts +28 -0
- package/dist/commonjs/plugins/consumer.d.ts.map +1 -0
- package/dist/commonjs/plugins/consumer.js +46 -0
- package/dist/commonjs/plugins/consumer.js.map +1 -0
- package/dist/commonjs/plugins/provider.d.ts +36 -0
- package/dist/commonjs/plugins/provider.d.ts.map +1 -0
- package/dist/commonjs/plugins/provider.js +5 -0
- package/dist/commonjs/plugins/provider.js.map +1 -0
- package/dist/commonjs/regionalAuthority.d.ts +122 -0
- package/dist/commonjs/regionalAuthority.d.ts.map +1 -0
- package/dist/commonjs/regionalAuthority.js +144 -0
- package/dist/commonjs/regionalAuthority.js.map +1 -0
- package/dist/commonjs/tokenCredentialOptions.d.ts +28 -0
- package/dist/commonjs/tokenCredentialOptions.d.ts.map +1 -0
- package/dist/commonjs/tokenCredentialOptions.js +5 -0
- package/dist/commonjs/tokenCredentialOptions.js.map +1 -0
- package/dist/commonjs/tokenProvider.d.ts +38 -0
- package/dist/commonjs/tokenProvider.d.ts.map +1 -0
- package/dist/commonjs/tokenProvider.js +55 -0
- package/dist/commonjs/tokenProvider.js.map +1 -0
- package/dist/commonjs/tsdoc-metadata.json +11 -0
- package/dist/commonjs/util/identityTokenEndpoint.d.ts +2 -0
- package/dist/commonjs/util/identityTokenEndpoint.d.ts.map +1 -0
- package/dist/commonjs/util/identityTokenEndpoint.js +14 -0
- package/dist/commonjs/util/identityTokenEndpoint.js.map +1 -0
- package/dist/commonjs/util/logging.d.ts +70 -0
- package/dist/commonjs/util/logging.d.ts.map +1 -0
- package/dist/commonjs/util/logging.js +103 -0
- package/dist/commonjs/util/logging.js.map +1 -0
- package/dist/commonjs/util/processMultiTenantRequest.d.ts +10 -0
- package/dist/commonjs/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/commonjs/util/processMultiTenantRequest.js +38 -0
- package/dist/commonjs/util/processMultiTenantRequest.js.map +1 -0
- package/dist/commonjs/util/processUtils.d.ts +13 -0
- package/dist/commonjs/util/processUtils.d.ts.map +1 -0
- package/dist/commonjs/util/processUtils.js +36 -0
- package/dist/commonjs/util/processUtils.js.map +1 -0
- package/dist/commonjs/util/scopeUtils.d.ts +17 -0
- package/dist/commonjs/util/scopeUtils.d.ts.map +1 -0
- package/dist/commonjs/util/scopeUtils.js +34 -0
- package/dist/commonjs/util/scopeUtils.js.map +1 -0
- package/dist/commonjs/util/subscriptionUtils.d.ts +6 -0
- package/dist/commonjs/util/subscriptionUtils.d.ts.map +1 -0
- package/dist/commonjs/util/subscriptionUtils.js +17 -0
- package/dist/commonjs/util/subscriptionUtils.js.map +1 -0
- package/dist/commonjs/util/tenantIdUtils.d.ts +15 -0
- package/dist/commonjs/util/tenantIdUtils.d.ts.map +1 -0
- package/dist/commonjs/util/tenantIdUtils.js +51 -0
- package/dist/commonjs/util/tenantIdUtils.js.map +1 -0
- package/dist/commonjs/util/tracing.d.ts +6 -0
- package/dist/commonjs/util/tracing.d.ts.map +1 -0
- package/dist/commonjs/util/tracing.js +17 -0
- package/dist/commonjs/util/tracing.js.map +1 -0
- package/dist/esm/client/identityClient.d.ts +65 -0
- package/dist/esm/client/identityClient.d.ts.map +1 -0
- package/dist/esm/client/identityClient.js +248 -0
- package/dist/esm/client/identityClient.js.map +1 -0
- package/dist/esm/constants.d.ts +64 -0
- package/dist/esm/constants.d.ts.map +1 -0
- package/dist/esm/constants.js +70 -0
- package/dist/esm/constants.js.map +1 -0
- package/dist/esm/credentials/authorityValidationOptions.d.ts +16 -0
- package/dist/esm/credentials/authorityValidationOptions.d.ts.map +1 -0
- package/dist/esm/credentials/authorityValidationOptions.js +4 -0
- package/dist/esm/credentials/authorityValidationOptions.js.map +1 -0
- package/dist/esm/credentials/authorizationCodeCredential.d.ts +73 -0
- package/dist/esm/credentials/authorizationCodeCredential.d.ts.map +1 -0
- package/dist/esm/credentials/authorizationCodeCredential.js +60 -0
- package/dist/esm/credentials/authorizationCodeCredential.js.map +1 -0
- package/dist/esm/credentials/authorizationCodeCredentialOptions.d.ts +8 -0
- package/dist/esm/credentials/authorizationCodeCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/authorizationCodeCredentialOptions.js +4 -0
- package/dist/esm/credentials/authorizationCodeCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/azureApplicationCredential.d.ts +24 -0
- package/dist/esm/credentials/azureApplicationCredential.d.ts.map +1 -0
- package/dist/esm/credentials/azureApplicationCredential.js +32 -0
- package/dist/esm/credentials/azureApplicationCredential.js.map +1 -0
- package/dist/esm/credentials/azureApplicationCredentialOptions.d.ts +13 -0
- package/dist/esm/credentials/azureApplicationCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/azureApplicationCredentialOptions.js +4 -0
- package/dist/esm/credentials/azureApplicationCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/azureCliCredential.d.ts +64 -0
- package/dist/esm/credentials/azureCliCredential.d.ts.map +1 -0
- package/dist/esm/credentials/azureCliCredential.js +189 -0
- package/dist/esm/credentials/azureCliCredential.js.map +1 -0
- package/dist/esm/credentials/azureCliCredentialOptions.d.ts +20 -0
- package/dist/esm/credentials/azureCliCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/azureCliCredentialOptions.js +4 -0
- package/dist/esm/credentials/azureCliCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts +71 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.d.ts.map +1 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.js +171 -0
- package/dist/esm/credentials/azureDeveloperCliCredential.js.map +1 -0
- package/dist/esm/credentials/azureDeveloperCliCredentialOptions.d.ts +15 -0
- package/dist/esm/credentials/azureDeveloperCliCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/azureDeveloperCliCredentialOptions.js +4 -0
- package/dist/esm/credentials/azureDeveloperCliCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/azurePipelinesCredential.d.ts +38 -0
- package/dist/esm/credentials/azurePipelinesCredential.d.ts.map +1 -0
- package/dist/esm/credentials/azurePipelinesCredential.js +141 -0
- package/dist/esm/credentials/azurePipelinesCredential.js.map +1 -0
- package/dist/esm/credentials/azurePipelinesCredentialOptions.d.ts +9 -0
- package/dist/esm/credentials/azurePipelinesCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/azurePipelinesCredentialOptions.js +4 -0
- package/dist/esm/credentials/azurePipelinesCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/azurePowerShellCredential.d.ts +75 -0
- package/dist/esm/credentials/azurePowerShellCredential.d.ts.map +1 -0
- package/dist/esm/credentials/azurePowerShellCredential.js +229 -0
- package/dist/esm/credentials/azurePowerShellCredential.js.map +1 -0
- package/dist/esm/credentials/azurePowerShellCredentialOptions.d.ts +15 -0
- package/dist/esm/credentials/azurePowerShellCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/azurePowerShellCredentialOptions.js +4 -0
- package/dist/esm/credentials/azurePowerShellCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/brokerAuthOptions.d.ts +13 -0
- package/dist/esm/credentials/brokerAuthOptions.d.ts.map +1 -0
- package/dist/esm/credentials/brokerAuthOptions.js +2 -0
- package/dist/esm/credentials/brokerAuthOptions.js.map +1 -0
- package/dist/esm/credentials/browserCustomizationOptions.d.ts +19 -0
- package/dist/esm/credentials/browserCustomizationOptions.d.ts.map +1 -0
- package/dist/esm/credentials/browserCustomizationOptions.js +4 -0
- package/dist/esm/credentials/browserCustomizationOptions.js.map +1 -0
- package/dist/esm/credentials/chainedTokenCredential.d.ts +49 -0
- package/dist/esm/credentials/chainedTokenCredential.d.ts.map +1 -0
- package/dist/esm/credentials/chainedTokenCredential.js +90 -0
- package/dist/esm/credentials/chainedTokenCredential.js.map +1 -0
- package/dist/esm/credentials/clientAssertionCredential.d.ts +33 -0
- package/dist/esm/credentials/clientAssertionCredential.d.ts.map +1 -0
- package/dist/esm/credentials/clientAssertionCredential.js +55 -0
- package/dist/esm/credentials/clientAssertionCredential.js.map +1 -0
- package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts +9 -0
- package/dist/esm/credentials/clientAssertionCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/clientAssertionCredentialOptions.js +4 -0
- package/dist/esm/credentials/clientAssertionCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/clientCertificateCredential.d.ts +101 -0
- package/dist/esm/credentials/clientCertificateCredential.d.ts.map +1 -0
- package/dist/esm/credentials/clientCertificateCredential.js +119 -0
- package/dist/esm/credentials/clientCertificateCredential.js.map +1 -0
- package/dist/esm/credentials/clientCertificateCredentialOptions.d.ts +14 -0
- package/dist/esm/credentials/clientCertificateCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/clientCertificateCredentialOptions.js +4 -0
- package/dist/esm/credentials/clientCertificateCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/clientSecretCredential.d.ts +37 -0
- package/dist/esm/credentials/clientSecretCredential.d.ts.map +1 -0
- package/dist/esm/credentials/clientSecretCredential.js +60 -0
- package/dist/esm/credentials/clientSecretCredential.js.map +1 -0
- package/dist/esm/credentials/clientSecretCredentialOptions.d.ts +9 -0
- package/dist/esm/credentials/clientSecretCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/clientSecretCredentialOptions.js +4 -0
- package/dist/esm/credentials/clientSecretCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/credentialPersistenceOptions.d.ts +29 -0
- package/dist/esm/credentials/credentialPersistenceOptions.d.ts.map +1 -0
- package/dist/esm/credentials/credentialPersistenceOptions.js +4 -0
- package/dist/esm/credentials/credentialPersistenceOptions.js.map +1 -0
- package/dist/esm/credentials/defaultAzureCredential.d.ts +65 -0
- package/dist/esm/credentials/defaultAzureCredential.d.ts.map +1 -0
- package/dist/esm/credentials/defaultAzureCredential.js +164 -0
- package/dist/esm/credentials/defaultAzureCredential.js.map +1 -0
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts +49 -0
- package/dist/esm/credentials/defaultAzureCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/defaultAzureCredentialOptions.js +4 -0
- package/dist/esm/credentials/defaultAzureCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/deviceCodeCredential.d.ts +67 -0
- package/dist/esm/credentials/deviceCodeCredential.d.ts.map +1 -0
- package/dist/esm/credentials/deviceCodeCredential.js +91 -0
- package/dist/esm/credentials/deviceCodeCredential.js.map +1 -0
- package/dist/esm/credentials/deviceCodeCredentialOptions.d.ts +53 -0
- package/dist/esm/credentials/deviceCodeCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/deviceCodeCredentialOptions.js +4 -0
- package/dist/esm/credentials/deviceCodeCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/environmentCredential.d.ts +52 -0
- package/dist/esm/credentials/environmentCredential.d.ts.map +1 -0
- package/dist/esm/credentials/environmentCredential.js +130 -0
- package/dist/esm/credentials/environmentCredential.js.map +1 -0
- package/dist/esm/credentials/environmentCredentialOptions.d.ts +9 -0
- package/dist/esm/credentials/environmentCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/environmentCredentialOptions.js +4 -0
- package/dist/esm/credentials/environmentCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/interactiveBrowserCredential.d.ts +56 -0
- package/dist/esm/credentials/interactiveBrowserCredential.d.ts.map +1 -0
- package/dist/esm/credentials/interactiveBrowserCredential.js +91 -0
- package/dist/esm/credentials/interactiveBrowserCredential.js.map +1 -0
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.d.ts +77 -0
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.js +4 -0
- package/dist/esm/credentials/interactiveBrowserCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/interactiveCredentialOptions.d.ts +25 -0
- package/dist/esm/credentials/interactiveCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/interactiveCredentialOptions.js +4 -0
- package/dist/esm/credentials/interactiveCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.d.ts +18 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js +122 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsMsi.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts +12 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js +33 -0
- package/dist/esm/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/index.d.ts +95 -0
- package/dist/esm/credentials/managedIdentityCredential/index.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/index.js +217 -0
- package/dist/esm/credentials/managedIdentityCredential/index.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/models.d.ts +24 -0
- package/dist/esm/credentials/managedIdentityCredential/models.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/models.js +4 -0
- package/dist/esm/credentials/managedIdentityCredential/models.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts +14 -0
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js +32 -0
- package/dist/esm/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/utils.d.ts +33 -0
- package/dist/esm/credentials/managedIdentityCredential/utils.d.ts.map +1 -0
- package/dist/esm/credentials/managedIdentityCredential/utils.js +77 -0
- package/dist/esm/credentials/managedIdentityCredential/utils.js.map +1 -0
- package/dist/esm/credentials/multiTenantTokenCredentialOptions.d.ts +12 -0
- package/dist/esm/credentials/multiTenantTokenCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/multiTenantTokenCredentialOptions.js +4 -0
- package/dist/esm/credentials/multiTenantTokenCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/onBehalfOfCredential.d.ts +102 -0
- package/dist/esm/credentials/onBehalfOfCredential.d.ts.map +1 -0
- package/dist/esm/credentials/onBehalfOfCredential.js +112 -0
- package/dist/esm/credentials/onBehalfOfCredential.js.map +1 -0
- package/dist/esm/credentials/onBehalfOfCredentialOptions.d.ts +76 -0
- package/dist/esm/credentials/onBehalfOfCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/onBehalfOfCredentialOptions.js +4 -0
- package/dist/esm/credentials/onBehalfOfCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/usernamePasswordCredential.d.ts +41 -0
- package/dist/esm/credentials/usernamePasswordCredential.d.ts.map +1 -0
- package/dist/esm/credentials/usernamePasswordCredential.js +67 -0
- package/dist/esm/credentials/usernamePasswordCredential.js.map +1 -0
- package/dist/esm/credentials/usernamePasswordCredentialOptions.d.ts +9 -0
- package/dist/esm/credentials/usernamePasswordCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/usernamePasswordCredentialOptions.js +4 -0
- package/dist/esm/credentials/usernamePasswordCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredential.d.ts +60 -0
- package/dist/esm/credentials/visualStudioCodeCredential.d.ts.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredential.js +190 -0
- package/dist/esm/credentials/visualStudioCodeCredential.js.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts +11 -0
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.js +4 -0
- package/dist/esm/credentials/visualStudioCodeCredentialOptions.js.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts +11 -0
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.d.ts.map +1 -0
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js +4 -0
- package/dist/esm/credentials/visualStudioCodeCredentialPlugin.js.map +1 -0
- package/dist/esm/credentials/workloadIdentityCredential.d.ts +47 -0
- package/dist/esm/credentials/workloadIdentityCredential.d.ts.map +1 -0
- package/dist/esm/credentials/workloadIdentityCredential.js +114 -0
- package/dist/esm/credentials/workloadIdentityCredential.js.map +1 -0
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts +20 -0
- package/dist/esm/credentials/workloadIdentityCredentialOptions.d.ts.map +1 -0
- package/dist/esm/credentials/workloadIdentityCredentialOptions.js +4 -0
- package/dist/esm/credentials/workloadIdentityCredentialOptions.js.map +1 -0
- package/dist/esm/errors.d.ts +139 -0
- package/dist/esm/errors.d.ts.map +1 -0
- package/dist/esm/errors.js +123 -0
- package/dist/esm/errors.js.map +1 -0
- package/dist/esm/index.d.ts +59 -0
- package/dist/esm/index.d.ts.map +1 -0
- package/dist/esm/index.js +34 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/msal/browserFlows/flows.d.ts +42 -0
- package/dist/esm/msal/browserFlows/flows.d.ts.map +1 -0
- package/dist/esm/msal/browserFlows/flows.js +4 -0
- package/dist/esm/msal/browserFlows/flows.js.map +1 -0
- package/dist/esm/msal/browserFlows/msalAuthCode.d.ts +50 -0
- package/dist/esm/msal/browserFlows/msalAuthCode.d.ts.map +1 -0
- package/dist/esm/msal/browserFlows/msalAuthCode.js +203 -0
- package/dist/esm/msal/browserFlows/msalAuthCode.js.map +1 -0
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts +106 -0
- package/dist/esm/msal/browserFlows/msalBrowserCommon.d.ts.map +1 -0
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js +116 -0
- package/dist/esm/msal/browserFlows/msalBrowserCommon.js.map +1 -0
- package/dist/esm/msal/credentials.d.ts +52 -0
- package/dist/esm/msal/credentials.d.ts.map +1 -0
- package/dist/esm/msal/credentials.js +4 -0
- package/dist/esm/msal/credentials.js.map +1 -0
- package/dist/esm/msal/msal.d.ts +3 -0
- package/dist/esm/msal/msal.d.ts.map +1 -0
- package/dist/esm/msal/nodeFlows/brokerOptions.d.ts +44 -0
- package/dist/esm/msal/nodeFlows/brokerOptions.d.ts.map +1 -0
- package/dist/esm/msal/nodeFlows/brokerOptions.js +2 -0
- package/dist/esm/msal/nodeFlows/brokerOptions.js.map +1 -0
- package/dist/esm/msal/nodeFlows/msalClient.d.ts +186 -0
- package/dist/esm/msal/nodeFlows/msalClient.d.ts.map +1 -0
- package/dist/esm/msal/nodeFlows/msalClient.js +477 -0
- package/dist/esm/msal/nodeFlows/msalClient.js.map +1 -0
- package/dist/esm/msal/nodeFlows/msalPlugins.d.ts +91 -0
- package/dist/esm/msal/nodeFlows/msalPlugins.d.ts.map +1 -0
- package/dist/esm/msal/nodeFlows/msalPlugins.js +87 -0
- package/dist/esm/msal/nodeFlows/msalPlugins.js.map +1 -0
- package/dist/esm/msal/nodeFlows/tokenCachePersistenceOptions.d.ts +24 -0
- package/dist/esm/msal/nodeFlows/tokenCachePersistenceOptions.d.ts.map +1 -0
- package/dist/esm/msal/nodeFlows/tokenCachePersistenceOptions.js +4 -0
- package/dist/esm/msal/nodeFlows/tokenCachePersistenceOptions.js.map +1 -0
- package/dist/esm/msal/types.d.ts +87 -0
- package/dist/esm/msal/types.d.ts.map +1 -0
- package/dist/esm/msal/types.js +4 -0
- package/dist/esm/msal/types.js.map +1 -0
- package/dist/esm/msal/utils.d.ts +95 -0
- package/dist/esm/msal/utils.d.ts.map +1 -0
- package/dist/esm/msal/utils.js +232 -0
- package/dist/esm/msal/utils.js.map +1 -0
- package/dist/esm/package.json +3 -0
- package/dist/esm/plugins/consumer.d.ts +28 -0
- package/dist/esm/plugins/consumer.d.ts.map +1 -0
- package/dist/esm/plugins/consumer.js +43 -0
- package/dist/esm/plugins/consumer.js.map +1 -0
- package/dist/esm/plugins/provider.d.ts +36 -0
- package/dist/esm/plugins/provider.d.ts.map +1 -0
- package/dist/esm/plugins/provider.js +4 -0
- package/dist/esm/plugins/provider.js.map +1 -0
- package/dist/esm/regionalAuthority.d.ts +122 -0
- package/dist/esm/regionalAuthority.d.ts.map +1 -0
- package/dist/esm/regionalAuthority.js +140 -0
- package/dist/esm/regionalAuthority.js.map +1 -0
- package/dist/esm/tokenCredentialOptions.d.ts +28 -0
- package/dist/esm/tokenCredentialOptions.d.ts.map +1 -0
- package/dist/esm/tokenCredentialOptions.js +4 -0
- package/dist/esm/tokenCredentialOptions.js.map +1 -0
- package/dist/esm/tokenProvider.d.ts +38 -0
- package/dist/esm/tokenProvider.d.ts.map +1 -0
- package/dist/esm/tokenProvider.js +52 -0
- package/dist/esm/tokenProvider.js.map +1 -0
- package/dist/esm/util/authHostEnv-browser.d.mts +4 -0
- package/dist/esm/util/authHostEnv-browser.d.mts.map +1 -0
- package/dist/esm/util/authHostEnv-browser.mjs +7 -0
- package/dist/esm/util/authHostEnv-browser.mjs.map +1 -0
- package/dist/esm/util/identityTokenEndpoint.d.ts +2 -0
- package/dist/esm/util/identityTokenEndpoint.d.ts.map +1 -0
- package/dist/esm/util/identityTokenEndpoint.js +11 -0
- package/dist/esm/util/identityTokenEndpoint.js.map +1 -0
- package/dist/esm/util/logging.d.ts +70 -0
- package/dist/esm/util/logging.d.ts.map +1 -0
- package/dist/esm/util/logging.js +94 -0
- package/dist/esm/util/logging.js.map +1 -0
- package/dist/esm/util/processMultiTenantRequest.d.ts +10 -0
- package/dist/esm/util/processMultiTenantRequest.d.ts.map +1 -0
- package/dist/esm/util/processMultiTenantRequest.js +35 -0
- package/dist/esm/util/processMultiTenantRequest.js.map +1 -0
- package/dist/esm/util/processUtils.d.ts +13 -0
- package/dist/esm/util/processUtils.d.ts.map +1 -0
- package/dist/esm/util/processUtils.js +32 -0
- package/dist/esm/util/processUtils.js.map +1 -0
- package/dist/esm/util/scopeUtils.d.ts +17 -0
- package/dist/esm/util/scopeUtils.d.ts.map +1 -0
- package/dist/esm/util/scopeUtils.js +29 -0
- package/dist/esm/util/scopeUtils.js.map +1 -0
- package/dist/esm/util/subscriptionUtils.d.ts +6 -0
- package/dist/esm/util/subscriptionUtils.d.ts.map +1 -0
- package/dist/esm/util/subscriptionUtils.js +14 -0
- package/dist/esm/util/subscriptionUtils.js.map +1 -0
- package/dist/esm/util/tenantIdUtils.d.ts +15 -0
- package/dist/esm/util/tenantIdUtils.d.ts.map +1 -0
- package/dist/esm/util/tenantIdUtils.js +44 -0
- package/dist/esm/util/tenantIdUtils.js.map +1 -0
- package/dist/esm/util/tracing.d.ts +6 -0
- package/dist/esm/util/tracing.d.ts.map +1 -0
- package/dist/esm/util/tracing.js +14 -0
- package/dist/esm/util/tracing.js.map +1 -0
- package/package.json +52 -63
- package/dist/index.js +0 -4200
- package/dist/index.js.map +0 -1
- package/dist-esm/src/client/identityClient.js +0 -248
- package/dist-esm/src/client/identityClient.js.map +0 -1
- package/dist-esm/src/credentials/authorizationCodeCredential.browser.js +0 -16
- package/dist-esm/src/credentials/authorizationCodeCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/authorizationCodeCredential.js +0 -60
- package/dist-esm/src/credentials/authorizationCodeCredential.js.map +0 -1
- package/dist-esm/src/credentials/authorizationCodeCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/azureApplicationCredential.browser.js +0 -34
- package/dist-esm/src/credentials/azureApplicationCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/azureApplicationCredential.js +0 -32
- package/dist-esm/src/credentials/azureApplicationCredential.js.map +0 -1
- package/dist-esm/src/credentials/azureApplicationCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/azureCliCredential.browser.js +0 -23
- package/dist-esm/src/credentials/azureCliCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/azureCliCredential.js +0 -189
- package/dist-esm/src/credentials/azureCliCredential.js.map +0 -1
- package/dist-esm/src/credentials/azureCliCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.browser.js +0 -23
- package/dist-esm/src/credentials/azureDeveloperCliCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +0 -171
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +0 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/azurePipelinesCredential.browser.js +0 -23
- package/dist-esm/src/credentials/azurePipelinesCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/azurePipelinesCredential.js +0 -141
- package/dist-esm/src/credentials/azurePipelinesCredential.js.map +0 -1
- package/dist-esm/src/credentials/azurePipelinesCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.browser.js +0 -22
- package/dist-esm/src/credentials/azurePowerShellCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +0 -229
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +0 -1
- package/dist-esm/src/credentials/azurePowerShellCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/brokerAuthOptions.js.map +0 -1
- package/dist-esm/src/credentials/chainedTokenCredential.js +0 -90
- package/dist-esm/src/credentials/chainedTokenCredential.js.map +0 -1
- package/dist-esm/src/credentials/clientAssertionCredential.browser.js +0 -22
- package/dist-esm/src/credentials/clientAssertionCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/clientAssertionCredential.js +0 -55
- package/dist-esm/src/credentials/clientAssertionCredential.js.map +0 -1
- package/dist-esm/src/credentials/clientAssertionCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/clientCertificateCredential.browser.js +0 -23
- package/dist-esm/src/credentials/clientCertificateCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/clientCertificateCredential.js +0 -119
- package/dist-esm/src/credentials/clientCertificateCredential.js.map +0 -1
- package/dist-esm/src/credentials/clientCertificateCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/clientSecretCredential.browser.js +0 -83
- package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/clientSecretCredential.js +0 -60
- package/dist-esm/src/credentials/clientSecretCredential.js.map +0 -1
- package/dist-esm/src/credentials/clientSecretCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/credentialPersistenceOptions.js.map +0 -1
- package/dist-esm/src/credentials/defaultAzureCredential.browser.js +0 -29
- package/dist-esm/src/credentials/defaultAzureCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +0 -164
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +0 -1
- package/dist-esm/src/credentials/defaultAzureCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/deviceCodeCredential.browser.js +0 -23
- package/dist-esm/src/credentials/deviceCodeCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +0 -91
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +0 -1
- package/dist-esm/src/credentials/deviceCodeCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/environmentCredential.browser.js +0 -23
- package/dist-esm/src/credentials/environmentCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/environmentCredential.js +0 -130
- package/dist-esm/src/credentials/environmentCredential.js.map +0 -1
- package/dist-esm/src/credentials/environmentCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +0 -86
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +0 -91
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +0 -1
- package/dist-esm/src/credentials/interactiveBrowserCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/interactiveCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +0 -122
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsRetryPolicy.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js +0 -16
- package/dist-esm/src/credentials/managedIdentityCredential/index.browser.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +0 -217
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/models.js.map +0 -1
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +0 -32
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +0 -1
- package/dist-esm/src/credentials/multiTenantTokenCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.browser.js +0 -23
- package/dist-esm/src/credentials/onBehalfOfCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +0 -112
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +0 -1
- package/dist-esm/src/credentials/onBehalfOfCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +0 -77
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.js +0 -67
- package/dist-esm/src/credentials/usernamePasswordCredential.js.map +0 -1
- package/dist-esm/src/credentials/usernamePasswordCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js +0 -27
- package/dist-esm/src/credentials/visualStudioCodeCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/visualStudioCodeCredential.js +0 -190
- package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +0 -1
- package/dist-esm/src/credentials/visualStudioCodeCredentialOptions.js.map +0 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.browser.js +0 -27
- package/dist-esm/src/credentials/workloadIdentityCredential.browser.js.map +0 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js +0 -114
- package/dist-esm/src/credentials/workloadIdentityCredential.js.map +0 -1
- package/dist-esm/src/credentials/workloadIdentityCredentialOptions.js.map +0 -1
- package/dist-esm/src/index.js +0 -34
- package/dist-esm/src/index.js.map +0 -1
- package/dist-esm/src/msal/browserFlows/flows.js.map +0 -1
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js +0 -203
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +0 -1
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +0 -116
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +0 -1
- package/dist-esm/src/msal/credentials.js.map +0 -1
- package/dist-esm/src/msal/msal.browser.js +0 -5
- package/dist-esm/src/msal/msal.browser.js.map +0 -1
- package/dist-esm/src/msal/nodeFlows/msalClient.js +0 -484
- package/dist-esm/src/msal/nodeFlows/msalClient.js.map +0 -1
- package/dist-esm/src/msal/nodeFlows/msalPlugins.js +0 -87
- package/dist-esm/src/msal/nodeFlows/msalPlugins.js.map +0 -1
- package/dist-esm/src/msal/utils.js +0 -232
- package/dist-esm/src/msal/utils.js.map +0 -1
- package/dist-esm/src/plugins/consumer.browser.js +0 -7
- package/dist-esm/src/plugins/consumer.browser.js.map +0 -1
- package/dist-esm/src/plugins/consumer.js +0 -43
- package/dist-esm/src/plugins/consumer.js.map +0 -1
- package/dist-esm/src/plugins/provider.js.map +0 -1
- package/dist-esm/src/util/authHostEnv.browser.js +0 -7
- package/dist-esm/src/util/authHostEnv.browser.js.map +0 -1
- package/dist-esm/src/util/processMultiTenantRequest.browser.js +0 -29
- package/dist-esm/src/util/processMultiTenantRequest.browser.js.map +0 -1
- package/dist-esm/src/util/processMultiTenantRequest.js +0 -35
- package/dist-esm/src/util/processMultiTenantRequest.js.map +0 -1
- package/dist-esm/src/util/scopeUtils.js +0 -29
- package/dist-esm/src/util/scopeUtils.js.map +0 -1
- package/dist-esm/src/util/subscriptionUtils.js +0 -14
- package/dist-esm/src/util/subscriptionUtils.js.map +0 -1
- package/dist-esm/src/util/tenantIdUtils.js +0 -44
- package/dist-esm/src/util/tenantIdUtils.js.map +0 -1
- package/dist-esm/src/util/tracing.js +0 -14
- package/dist-esm/src/util/tracing.js.map +0 -1
- /package/{dist-esm/src → dist/browser}/constants.js +0 -0
- /package/{dist-esm/src → dist/browser}/constants.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/authorityValidationOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/authorityValidationOptions.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/authorizationCodeCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/azureApplicationCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/azureCliCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/azureDeveloperCliCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/azurePipelinesCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/azurePowerShellCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/brokerAuthOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/browserCustomizationOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/browserCustomizationOptions.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/clientAssertionCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/clientCertificateCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/clientSecretCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/credentialPersistenceOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/defaultAzureCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/deviceCodeCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/environmentCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/interactiveBrowserCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/interactiveCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/managedIdentityCredential/imdsRetryPolicy.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/managedIdentityCredential/models.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/managedIdentityCredential/utils.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/managedIdentityCredential/utils.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/multiTenantTokenCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/onBehalfOfCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/usernamePasswordCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/visualStudioCodeCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/visualStudioCodeCredentialPlugin.js +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/visualStudioCodeCredentialPlugin.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/credentials/workloadIdentityCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/errors.js +0 -0
- /package/{dist-esm/src → dist/browser}/errors.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/msal/browserFlows/flows.js +0 -0
- /package/{dist-esm/src → dist/browser}/msal/credentials.js +0 -0
- /package/{dist-esm/src → dist/browser}/msal/nodeFlows/brokerOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/msal/nodeFlows/brokerOptions.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/msal/nodeFlows/tokenCachePersistenceOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/msal/nodeFlows/tokenCachePersistenceOptions.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/msal/types.js +0 -0
- /package/{dist-esm/src → dist/browser}/msal/types.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/plugins/provider.js +0 -0
- /package/{dist-esm/src → dist/browser}/regionalAuthority.js +0 -0
- /package/{dist-esm/src → dist/browser}/regionalAuthority.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/tokenCredentialOptions.js +0 -0
- /package/{dist-esm/src → dist/browser}/tokenCredentialOptions.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/tokenProvider.js +0 -0
- /package/{dist-esm/src → dist/browser}/tokenProvider.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/util/identityTokenEndpoint.js +0 -0
- /package/{dist-esm/src → dist/browser}/util/identityTokenEndpoint.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/util/logging.js +0 -0
- /package/{dist-esm/src → dist/browser}/util/logging.js.map +0 -0
- /package/{dist-esm/src → dist/browser}/util/processUtils.js +0 -0
- /package/{dist-esm/src → dist/browser}/util/processUtils.js.map +0 -0
- /package/{dist-esm/src → dist/esm}/msal/msal.js +0 -0
- /package/{dist-esm/src → dist/esm}/msal/msal.js.map +0 -0
- /package/{types → dist}/identity.d.ts +0 -0
@@ -0,0 +1,125 @@
|
|
1
|
+
"use strict";
|
2
|
+
// Copyright (c) Microsoft Corporation.
|
3
|
+
// Licensed under the MIT License.
|
4
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
5
|
+
exports.imdsMsi = void 0;
|
6
|
+
const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
|
7
|
+
const core_util_1 = require("@azure/core-util");
|
8
|
+
const logging_js_1 = require("../../util/logging.js");
|
9
|
+
const utils_js_1 = require("./utils.js");
|
10
|
+
const tracing_js_1 = require("../../util/tracing.js");
|
11
|
+
const msiName = "ManagedIdentityCredential - IMDS";
|
12
|
+
const logger = (0, logging_js_1.credentialLogger)(msiName);
|
13
|
+
const imdsHost = "http://169.254.169.254";
|
14
|
+
const imdsEndpointPath = "/metadata/identity/oauth2/token";
|
15
|
+
const imdsApiVersion = "2018-02-01";
|
16
|
+
/**
|
17
|
+
* Generates the options used on the request for an access token.
|
18
|
+
*/
|
19
|
+
function prepareRequestOptions(scopes, clientId, resourceId, options) {
|
20
|
+
var _a;
|
21
|
+
const resource = (0, utils_js_1.mapScopesToResource)(scopes);
|
22
|
+
if (!resource) {
|
23
|
+
throw new Error(`${msiName}: Multiple scopes are not supported.`);
|
24
|
+
}
|
25
|
+
const { skipQuery, skipMetadataHeader } = options || {};
|
26
|
+
let query = "";
|
27
|
+
// Pod Identity will try to process this request even if the Metadata header is missing.
|
28
|
+
// We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.
|
29
|
+
if (!skipQuery) {
|
30
|
+
const queryParameters = {
|
31
|
+
resource,
|
32
|
+
"api-version": imdsApiVersion,
|
33
|
+
};
|
34
|
+
if (clientId) {
|
35
|
+
queryParameters.client_id = clientId;
|
36
|
+
}
|
37
|
+
if (resourceId) {
|
38
|
+
queryParameters.msi_res_id = resourceId;
|
39
|
+
}
|
40
|
+
const params = new URLSearchParams(queryParameters);
|
41
|
+
query = `?${params.toString()}`;
|
42
|
+
}
|
43
|
+
const url = new URL(imdsEndpointPath, (_a = process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) !== null && _a !== void 0 ? _a : imdsHost);
|
44
|
+
const rawHeaders = {
|
45
|
+
Accept: "application/json",
|
46
|
+
Metadata: "true",
|
47
|
+
};
|
48
|
+
// Remove the Metadata header to invoke a request error from some IMDS endpoints.
|
49
|
+
if (skipMetadataHeader) {
|
50
|
+
delete rawHeaders.Metadata;
|
51
|
+
}
|
52
|
+
return {
|
53
|
+
// In this case, the `?` should be added in the "query" variable `skipQuery` is not set.
|
54
|
+
url: `${url}${query}`,
|
55
|
+
method: "GET",
|
56
|
+
headers: (0, core_rest_pipeline_1.createHttpHeaders)(rawHeaders),
|
57
|
+
};
|
58
|
+
}
|
59
|
+
/**
|
60
|
+
* Defines how to determine whether the Azure IMDS MSI is available.
|
61
|
+
*
|
62
|
+
* Actually getting the token once we determine IMDS is available is handled by MSAL.
|
63
|
+
*/
|
64
|
+
exports.imdsMsi = {
|
65
|
+
name: "imdsMsi",
|
66
|
+
async isAvailable(options) {
|
67
|
+
const { scopes, identityClient, clientId, resourceId, getTokenOptions } = options;
|
68
|
+
const resource = (0, utils_js_1.mapScopesToResource)(scopes);
|
69
|
+
if (!resource) {
|
70
|
+
logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);
|
71
|
+
return false;
|
72
|
+
}
|
73
|
+
// if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist
|
74
|
+
if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {
|
75
|
+
return true;
|
76
|
+
}
|
77
|
+
if (!identityClient) {
|
78
|
+
throw new Error("Missing IdentityClient");
|
79
|
+
}
|
80
|
+
const requestOptions = prepareRequestOptions(resource, clientId, resourceId, {
|
81
|
+
skipMetadataHeader: true,
|
82
|
+
skipQuery: true,
|
83
|
+
});
|
84
|
+
return tracing_js_1.tracingClient.withSpan("ManagedIdentityCredential-pingImdsEndpoint", getTokenOptions !== null && getTokenOptions !== void 0 ? getTokenOptions : {}, async (updatedOptions) => {
|
85
|
+
var _a, _b;
|
86
|
+
requestOptions.tracingOptions = updatedOptions.tracingOptions;
|
87
|
+
// Create a request with a timeout since we expect that
|
88
|
+
// not having a "Metadata" header should cause an error to be
|
89
|
+
// returned quickly from the endpoint, proving its availability.
|
90
|
+
const request = (0, core_rest_pipeline_1.createPipelineRequest)(requestOptions);
|
91
|
+
// Default to 1000 if the default of 0 is used.
|
92
|
+
// Negative values can still be used to disable the timeout.
|
93
|
+
request.timeout = ((_a = updatedOptions.requestOptions) === null || _a === void 0 ? void 0 : _a.timeout) || 1000;
|
94
|
+
// This MSI uses the imdsEndpoint to get the token, which only uses http://
|
95
|
+
request.allowInsecureConnection = true;
|
96
|
+
let response;
|
97
|
+
try {
|
98
|
+
logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);
|
99
|
+
response = await identityClient.sendRequest(request);
|
100
|
+
}
|
101
|
+
catch (err) {
|
102
|
+
// If the request failed, or Node.js was unable to establish a connection,
|
103
|
+
// or the host was down, we'll assume the IMDS endpoint isn't available.
|
104
|
+
if ((0, core_util_1.isError)(err)) {
|
105
|
+
logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);
|
106
|
+
}
|
107
|
+
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host"
|
108
|
+
// rather than just timing out, as expected.
|
109
|
+
logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
|
110
|
+
return false;
|
111
|
+
}
|
112
|
+
if (response.status === 403) {
|
113
|
+
if ((_b = response.bodyAsText) === null || _b === void 0 ? void 0 : _b.includes("unreachable")) {
|
114
|
+
logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);
|
115
|
+
logger.info(`${msiName}: ${response.bodyAsText}`);
|
116
|
+
return false;
|
117
|
+
}
|
118
|
+
}
|
119
|
+
// If we received any response, the endpoint is available
|
120
|
+
logger.info(`${msiName}: The Azure IMDS endpoint is available`);
|
121
|
+
return true;
|
122
|
+
});
|
123
|
+
},
|
124
|
+
};
|
125
|
+
//# sourceMappingURL=imdsMsi.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"imdsMsi.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsMsi.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAGlC,kEAAqF;AACrF,gDAA2C;AAG3C,sDAAyD;AACzD,yCAAiD;AACjD,sDAAsD;AAGtD,MAAM,OAAO,GAAG,kCAAkC,CAAC;AACnD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,OAAO,CAAC,CAAC;AAEzC,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAC3D,MAAM,cAAc,GAAG,YAAY,CAAC;AAEpC;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAyB,EACzB,QAAiB,EACjB,UAAmB,EACnB,OAGC;;IAED,MAAM,QAAQ,GAAG,IAAA,8BAAmB,EAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACxD,IAAI,KAAK,GAAG,EAAE,CAAC;IAEf,wFAAwF;IACxF,iGAAiG;IACjG,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,eAAe,GAA2B;YAC9C,QAAQ;YACR,aAAa,EAAE,cAAc;SAC9B,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;QACvC,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,eAAe,CAAC,UAAU,GAAG,UAAU,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;QACpD,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAClC,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,mCAAI,QAAQ,CAAC,CAAC;IAEjG,MAAM,UAAU,GAA2B;QACzC,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE,MAAM;KACjB,CAAC;IAEF,iFAAiF;IACjF,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,wFAAwF;QACxF,GAAG,EAAE,GAAG,GAAG,GAAG,KAAK,EAAE;QACrB,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAA,sCAAiB,EAAC,UAAU,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACU,QAAA,OAAO,GAAG;IACrB,IAAI,EAAE,SAAS;IACf,KAAK,CAAC,WAAW,CAAC,OAMjB;QACC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;QAClF,MAAM,QAAQ,GAAG,IAAA,8BAAmB,EAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mDAAmD,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,oHAAoH;QACpH,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE;YAC3E,kBAAkB,EAAE,IAAI;YACxB,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QAEH,OAAO,0BAAa,CAAC,QAAQ,CAC3B,4CAA4C,EAC5C,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,EAAE,EACrB,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,cAAc,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;YAE9D,uDAAuD;YACvD,6DAA6D;YAC7D,gEAAgE;YAChE,MAAM,OAAO,GAAG,IAAA,0CAAqB,EAAC,cAAc,CAAC,CAAC;YAEtD,+CAA+C;YAC/C,4DAA4D;YAC5D,OAAO,CAAC,OAAO,GAAG,CAAA,MAAA,cAAc,CAAC,cAAc,0CAAE,OAAO,KAAI,IAAI,CAAC;YAEjE,2EAA2E;YAC3E,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACvC,IAAI,QAA0B,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,mCAAmC,CAAC,CAAC;gBAC3D,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,0EAA0E;gBAC1E,wEAAwE;gBACxE,IAAI,IAAA,mBAAO,EAAC,GAAG,CAAC,EAAE,CAAC;oBACjB,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,kBAAkB,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzE,CAAC;gBACD,6NAA6N;gBAC7N,4CAA4C;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,MAAA,QAAQ,CAAC,UAAU,0CAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,0CAA0C,CAAC,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;oBAClD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,yDAAyD;YACzD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,wCAAwC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelineRequestOptions, PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { isError } from \"@azure/core-util\";\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../../util/logging.js\";\nimport { mapScopesToResource } from \"./utils.js\";\nimport { tracingClient } from \"../../util/tracing.js\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\n\nconst msiName = \"ManagedIdentityCredential - IMDS\";\nconst logger = credentialLogger(msiName);\n\nconst imdsHost = \"http://169.254.169.254\";\nconst imdsEndpointPath = \"/metadata/identity/oauth2/token\";\nconst imdsApiVersion = \"2018-02-01\";\n\n/**\n * Generates the options used on the request for an access token.\n */\nfunction prepareRequestOptions(\n scopes: string | string[],\n clientId?: string,\n resourceId?: string,\n options?: {\n skipQuery?: boolean;\n skipMetadataHeader?: boolean;\n },\n): PipelineRequestOptions {\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new Error(`${msiName}: Multiple scopes are not supported.`);\n }\n\n const { skipQuery, skipMetadataHeader } = options || {};\n let query = \"\";\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n if (!skipQuery) {\n const queryParameters: Record<string, string> = {\n resource,\n \"api-version\": imdsApiVersion,\n };\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n if (resourceId) {\n queryParameters.msi_res_id = resourceId;\n }\n const params = new URLSearchParams(queryParameters);\n query = `?${params.toString()}`;\n }\n\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const rawHeaders: Record<string, string> = {\n Accept: \"application/json\",\n Metadata: \"true\",\n };\n\n // Remove the Metadata header to invoke a request error from some IMDS endpoints.\n if (skipMetadataHeader) {\n delete rawHeaders.Metadata;\n }\n\n return {\n // In this case, the `?` should be added in the \"query\" variable `skipQuery` is not set.\n url: `${url}${query}`,\n method: \"GET\",\n headers: createHttpHeaders(rawHeaders),\n };\n}\n\n/**\n * Defines how to determine whether the Azure IMDS MSI is available.\n *\n * Actually getting the token once we determine IMDS is available is handled by MSAL.\n */\nexport const imdsMsi = {\n name: \"imdsMsi\",\n async isAvailable(options: {\n scopes: string | string[];\n identityClient?: IdentityClient;\n clientId?: string;\n resourceId?: string;\n getTokenOptions?: GetTokenOptions;\n }): Promise<boolean> {\n const { scopes, identityClient, clientId, resourceId, getTokenOptions } = options;\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n logger.info(`${msiName}: Unavailable. Multiple scopes are not supported.`);\n return false;\n }\n\n // if the PodIdentityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n if (!identityClient) {\n throw new Error(\"Missing IdentityClient\");\n }\n\n const requestOptions = prepareRequestOptions(resource, clientId, resourceId, {\n skipMetadataHeader: true,\n skipQuery: true,\n });\n\n return tracingClient.withSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions ?? {},\n async (updatedOptions) => {\n requestOptions.tracingOptions = updatedOptions.tracingOptions;\n\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const request = createPipelineRequest(requestOptions);\n\n // Default to 1000 if the default of 0 is used.\n // Negative values can still be used to disable the timeout.\n request.timeout = updatedOptions.requestOptions?.timeout || 1000;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n let response: PipelineResponse;\n try {\n logger.info(`${msiName}: Pinging the Azure IMDS endpoint`);\n response = await identityClient.sendRequest(request);\n } catch (err: unknown) {\n // If the request failed, or Node.js was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n if (isError(err)) {\n logger.verbose(`${msiName}: Caught error ${err.name}: ${err.message}`);\n }\n // This is a special case for Docker Desktop which responds with a 403 with a message that contains \"A socket operation was attempted to an unreachable network\" or \"A socket operation was attempted to an unreachable host\"\n // rather than just timing out, as expected.\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n return false;\n }\n if (response.status === 403) {\n if (response.bodyAsText?.includes(\"unreachable\")) {\n logger.info(`${msiName}: The Azure IMDS endpoint is unavailable`);\n logger.info(`${msiName}: ${response.bodyAsText}`);\n return false;\n }\n }\n // If we received any response, the endpoint is available\n logger.info(`${msiName}: The Azure IMDS endpoint is available`);\n return true;\n },\n );\n },\n};\n"]}
|
@@ -0,0 +1,12 @@
|
|
1
|
+
import type { PipelinePolicy } from "@azure/core-rest-pipeline";
|
2
|
+
import type { MSIConfiguration } from "./models.js";
|
3
|
+
/**
|
4
|
+
* An additional policy that retries on 404 errors. The default retry policy does not retry on
|
5
|
+
* 404s, but the IMDS endpoint can return 404s when the token is not yet available. This policy
|
6
|
+
* will retry on 404s with an exponential backoff.
|
7
|
+
*
|
8
|
+
* @param msiRetryConfig - The retry configuration for the MSI credential.
|
9
|
+
* @returns - The policy that will retry on 404s.
|
10
|
+
*/
|
11
|
+
export declare function imdsRetryPolicy(msiRetryConfig: MSIConfiguration["retryConfig"]): PipelinePolicy;
|
12
|
+
//# sourceMappingURL=imdsRetryPolicy.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"imdsRetryPolicy.d.ts","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAGhE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAMpD;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,cAAc,EAAE,gBAAgB,CAAC,aAAa,CAAC,GAAG,cAAc,CAqB/F"}
|
@@ -0,0 +1,36 @@
|
|
1
|
+
"use strict";
|
2
|
+
// Copyright (c) Microsoft Corporation.
|
3
|
+
// Licensed under the MIT License.
|
4
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
5
|
+
exports.imdsRetryPolicy = imdsRetryPolicy;
|
6
|
+
const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
|
7
|
+
const core_util_1 = require("@azure/core-util");
|
8
|
+
// Matches the default retry configuration in expontentialRetryStrategy.ts
|
9
|
+
const DEFAULT_CLIENT_MAX_RETRY_INTERVAL = 1000 * 64;
|
10
|
+
/**
|
11
|
+
* An additional policy that retries on 404 errors. The default retry policy does not retry on
|
12
|
+
* 404s, but the IMDS endpoint can return 404s when the token is not yet available. This policy
|
13
|
+
* will retry on 404s with an exponential backoff.
|
14
|
+
*
|
15
|
+
* @param msiRetryConfig - The retry configuration for the MSI credential.
|
16
|
+
* @returns - The policy that will retry on 404s.
|
17
|
+
*/
|
18
|
+
function imdsRetryPolicy(msiRetryConfig) {
|
19
|
+
return (0, core_rest_pipeline_1.retryPolicy)([
|
20
|
+
{
|
21
|
+
name: "imdsRetryPolicy",
|
22
|
+
retry: ({ retryCount, response }) => {
|
23
|
+
if ((response === null || response === void 0 ? void 0 : response.status) !== 404) {
|
24
|
+
return { skipStrategy: true };
|
25
|
+
}
|
26
|
+
return (0, core_util_1.calculateRetryDelay)(retryCount, {
|
27
|
+
retryDelayInMs: msiRetryConfig.startDelayInMs,
|
28
|
+
maxRetryDelayInMs: DEFAULT_CLIENT_MAX_RETRY_INTERVAL,
|
29
|
+
});
|
30
|
+
},
|
31
|
+
},
|
32
|
+
], {
|
33
|
+
maxRetries: msiRetryConfig.maxRetries,
|
34
|
+
});
|
35
|
+
}
|
36
|
+
//# sourceMappingURL=imdsRetryPolicy.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"imdsRetryPolicy.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/imdsRetryPolicy.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAmBlC,0CAqBC;AArCD,kEAAwD;AAGxD,gDAAuD;AAEvD,0EAA0E;AAC1E,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,CAAC;AAEpD;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,cAA+C;IAC7E,OAAO,IAAA,gCAAW,EAChB;QACE;YACE,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAClC,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;oBAC7B,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAED,OAAO,IAAA,+BAAmB,EAAC,UAAU,EAAE;oBACrC,cAAc,EAAE,cAAc,CAAC,cAAc;oBAC7C,iBAAiB,EAAE,iCAAiC;iBACrD,CAAC,CAAC;YACL,CAAC;SACF;KACF,EACD;QACE,UAAU,EAAE,cAAc,CAAC,UAAU;KACtC,CACF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { PipelinePolicy } from \"@azure/core-rest-pipeline\";\nimport { retryPolicy } from \"@azure/core-rest-pipeline\";\n\nimport type { MSIConfiguration } from \"./models.js\";\nimport { calculateRetryDelay } from \"@azure/core-util\";\n\n// Matches the default retry configuration in expontentialRetryStrategy.ts\nconst DEFAULT_CLIENT_MAX_RETRY_INTERVAL = 1000 * 64;\n\n/**\n * An additional policy that retries on 404 errors. The default retry policy does not retry on\n * 404s, but the IMDS endpoint can return 404s when the token is not yet available. This policy\n * will retry on 404s with an exponential backoff.\n *\n * @param msiRetryConfig - The retry configuration for the MSI credential.\n * @returns - The policy that will retry on 404s.\n */\nexport function imdsRetryPolicy(msiRetryConfig: MSIConfiguration[\"retryConfig\"]): PipelinePolicy {\n return retryPolicy(\n [\n {\n name: \"imdsRetryPolicy\",\n retry: ({ retryCount, response }) => {\n if (response?.status !== 404) {\n return { skipStrategy: true };\n }\n\n return calculateRetryDelay(retryCount, {\n retryDelayInMs: msiRetryConfig.startDelayInMs,\n maxRetryDelayInMs: DEFAULT_CLIENT_MAX_RETRY_INTERVAL,\n });\n },\n },\n ],\n {\n maxRetries: msiRetryConfig.maxRetries,\n },\n );\n}\n"]}
|
@@ -0,0 +1,95 @@
|
|
1
|
+
import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
|
2
|
+
import type { TokenCredentialOptions } from "../../tokenCredentialOptions.js";
|
3
|
+
/**
|
4
|
+
* Options to send on the {@link ManagedIdentityCredential} constructor.
|
5
|
+
* This variation supports `clientId` and not `resourceId`, since only one of both is supported.
|
6
|
+
*/
|
7
|
+
export interface ManagedIdentityCredentialClientIdOptions extends TokenCredentialOptions {
|
8
|
+
/**
|
9
|
+
* The client ID of the user - assigned identity, or app registration(when working with AKS pod - identity).
|
10
|
+
*/
|
11
|
+
clientId?: string;
|
12
|
+
}
|
13
|
+
/**
|
14
|
+
* Options to send on the {@link ManagedIdentityCredential} constructor.
|
15
|
+
* This variation supports `resourceId` and not `clientId`, since only one of both is supported.
|
16
|
+
*/
|
17
|
+
export interface ManagedIdentityCredentialResourceIdOptions extends TokenCredentialOptions {
|
18
|
+
/**
|
19
|
+
* Allows specifying a custom resource Id.
|
20
|
+
* In scenarios such as when user assigned identities are created using an ARM template,
|
21
|
+
* where the resource Id of the identity is known but the client Id can't be known ahead of time,
|
22
|
+
* this parameter allows programs to use these user assigned identities
|
23
|
+
* without having to first determine the client Id of the created identity.
|
24
|
+
*/
|
25
|
+
resourceId: string;
|
26
|
+
}
|
27
|
+
/**
|
28
|
+
* Options to send on the {@link ManagedIdentityCredential} constructor.
|
29
|
+
* This variation supports `objectId` as a constructor argument.
|
30
|
+
*/
|
31
|
+
export interface ManagedIdentityCredentialObjectIdOptions extends TokenCredentialOptions {
|
32
|
+
/**
|
33
|
+
* Allows specifying the object ID of the underlying service principal used to authenticate a user-assigned managed identity.
|
34
|
+
* This is an alternative to providing a client ID or resource ID and is not required for system-assigned managed identities.
|
35
|
+
*/
|
36
|
+
objectId: string;
|
37
|
+
}
|
38
|
+
/**
|
39
|
+
* Attempts authentication using a managed identity available at the deployment environment.
|
40
|
+
* This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
|
41
|
+
* Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
|
42
|
+
*
|
43
|
+
* More information about configuring managed identities can be found here:
|
44
|
+
* https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
|
45
|
+
*/
|
46
|
+
export declare class ManagedIdentityCredential implements TokenCredential {
|
47
|
+
private managedIdentityApp;
|
48
|
+
private identityClient;
|
49
|
+
private clientId?;
|
50
|
+
private resourceId?;
|
51
|
+
private objectId?;
|
52
|
+
private msiRetryConfig;
|
53
|
+
private isAvailableIdentityClient;
|
54
|
+
/**
|
55
|
+
* Creates an instance of ManagedIdentityCredential with the client ID of a
|
56
|
+
* user-assigned identity, or app registration (when working with AKS pod-identity).
|
57
|
+
*
|
58
|
+
* @param clientId - The client ID of the user-assigned identity, or app registration (when working with AKS pod-identity).
|
59
|
+
* @param options - Options for configuring the client which makes the access token request.
|
60
|
+
*/
|
61
|
+
constructor(clientId: string, options?: TokenCredentialOptions);
|
62
|
+
/**
|
63
|
+
* Creates an instance of ManagedIdentityCredential with a client ID
|
64
|
+
*
|
65
|
+
* @param options - Options for configuring the client which makes the access token request.
|
66
|
+
*/
|
67
|
+
constructor(options?: ManagedIdentityCredentialClientIdOptions);
|
68
|
+
/**
|
69
|
+
* Creates an instance of ManagedIdentityCredential with a resource ID
|
70
|
+
*
|
71
|
+
* @param options - Options for configuring the resource which makes the access token request.
|
72
|
+
*/
|
73
|
+
constructor(options?: ManagedIdentityCredentialResourceIdOptions);
|
74
|
+
/**
|
75
|
+
* Creates an instance of ManagedIdentityCredential with an object ID
|
76
|
+
*
|
77
|
+
* @param options - Options for configuring the resource which makes the access token request.
|
78
|
+
*/
|
79
|
+
constructor(options?: ManagedIdentityCredentialObjectIdOptions);
|
80
|
+
/**
|
81
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
82
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
83
|
+
* If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
|
84
|
+
*
|
85
|
+
* @param scopes - The list of scopes for which the token will have access.
|
86
|
+
* @param options - The options used to configure any requests this
|
87
|
+
* TokenCredential implementation might make.
|
88
|
+
*/
|
89
|
+
getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
90
|
+
/**
|
91
|
+
* Ensures the validity of the MSAL token
|
92
|
+
*/
|
93
|
+
private ensureValidMsalToken;
|
94
|
+
}
|
95
|
+
//# sourceMappingURL=index.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AAiB9E;;;GAGG;AACH,MAAM,WAAW,wCAAyC,SAAQ,sBAAsB;IACtF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,0CAA2C,SAAQ,sBAAsB;IACxF;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,wCAAyC,SAAQ,sBAAsB;IACtF;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,qBAAa,yBAA0B,YAAW,eAAe;IAC/D,OAAO,CAAC,kBAAkB,CAA6B;IACvD,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,cAAc,CAIpB;IACF,OAAO,CAAC,yBAAyB,CAAiB;IAElD;;;;;;OAMG;gBACS,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;IAC9D;;;;OAIG;gBACS,OAAO,CAAC,EAAE,0CAA0C;IAChE;;;;OAIG;gBACS,OAAO,CAAC,EAAE,wCAAwC;IAyF9D;;;;;;;;OAQG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IAyGvB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAuB7B"}
|
@@ -0,0 +1,221 @@
|
|
1
|
+
"use strict";
|
2
|
+
// Copyright (c) Microsoft Corporation.
|
3
|
+
// Licensed under the MIT License.
|
4
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
5
|
+
exports.ManagedIdentityCredential = void 0;
|
6
|
+
const logger_1 = require("@azure/logger");
|
7
|
+
const msal_node_1 = require("@azure/msal-node");
|
8
|
+
const identityClient_js_1 = require("../../client/identityClient.js");
|
9
|
+
const errors_js_1 = require("../../errors.js");
|
10
|
+
const utils_js_1 = require("../../msal/utils.js");
|
11
|
+
const imdsRetryPolicy_js_1 = require("./imdsRetryPolicy.js");
|
12
|
+
const logging_js_1 = require("../../util/logging.js");
|
13
|
+
const tracing_js_1 = require("../../util/tracing.js");
|
14
|
+
const imdsMsi_js_1 = require("./imdsMsi.js");
|
15
|
+
const tokenExchangeMsi_js_1 = require("./tokenExchangeMsi.js");
|
16
|
+
const utils_js_2 = require("./utils.js");
|
17
|
+
const logger = (0, logging_js_1.credentialLogger)("ManagedIdentityCredential");
|
18
|
+
/**
|
19
|
+
* Attempts authentication using a managed identity available at the deployment environment.
|
20
|
+
* This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
|
21
|
+
* Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
|
22
|
+
*
|
23
|
+
* More information about configuring managed identities can be found here:
|
24
|
+
* https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
|
25
|
+
*/
|
26
|
+
class ManagedIdentityCredential {
|
27
|
+
/**
|
28
|
+
* @internal
|
29
|
+
* @hidden
|
30
|
+
*/
|
31
|
+
constructor(clientIdOrOptions, options) {
|
32
|
+
var _a, _b;
|
33
|
+
this.msiRetryConfig = {
|
34
|
+
maxRetries: 5,
|
35
|
+
startDelayInMs: 800,
|
36
|
+
intervalIncrement: 2,
|
37
|
+
};
|
38
|
+
let _options;
|
39
|
+
if (typeof clientIdOrOptions === "string") {
|
40
|
+
this.clientId = clientIdOrOptions;
|
41
|
+
_options = options !== null && options !== void 0 ? options : {};
|
42
|
+
}
|
43
|
+
else {
|
44
|
+
this.clientId = clientIdOrOptions === null || clientIdOrOptions === void 0 ? void 0 : clientIdOrOptions.clientId;
|
45
|
+
_options = clientIdOrOptions !== null && clientIdOrOptions !== void 0 ? clientIdOrOptions : {};
|
46
|
+
}
|
47
|
+
this.resourceId = _options === null || _options === void 0 ? void 0 : _options.resourceId;
|
48
|
+
this.objectId = _options === null || _options === void 0 ? void 0 : _options.objectId;
|
49
|
+
// For JavaScript users.
|
50
|
+
const providedIds = [this.clientId, this.resourceId, this.objectId].filter(Boolean);
|
51
|
+
if (providedIds.length > 1) {
|
52
|
+
throw new Error(`ManagedIdentityCredential: only one of 'clientId', 'resourceId', or 'objectId' can be provided. Received values: ${JSON.stringify({ clientId: this.clientId, resourceId: this.resourceId, objectId: this.objectId })}`);
|
53
|
+
}
|
54
|
+
// ManagedIdentity uses http for local requests
|
55
|
+
_options.allowInsecureConnection = true;
|
56
|
+
if (((_a = _options.retryOptions) === null || _a === void 0 ? void 0 : _a.maxRetries) !== undefined) {
|
57
|
+
this.msiRetryConfig.maxRetries = _options.retryOptions.maxRetries;
|
58
|
+
}
|
59
|
+
this.identityClient = new identityClient_js_1.IdentityClient(Object.assign(Object.assign({}, _options), { additionalPolicies: [{ policy: (0, imdsRetryPolicy_js_1.imdsRetryPolicy)(this.msiRetryConfig), position: "perCall" }] }));
|
60
|
+
this.managedIdentityApp = new msal_node_1.ManagedIdentityApplication({
|
61
|
+
managedIdentityIdParams: {
|
62
|
+
userAssignedClientId: this.clientId,
|
63
|
+
userAssignedResourceId: this.resourceId,
|
64
|
+
userAssignedObjectId: this.objectId,
|
65
|
+
},
|
66
|
+
system: {
|
67
|
+
disableInternalRetries: true,
|
68
|
+
networkClient: this.identityClient,
|
69
|
+
loggerOptions: {
|
70
|
+
logLevel: (0, utils_js_1.getMSALLogLevel)((0, logger_1.getLogLevel)()),
|
71
|
+
piiLoggingEnabled: (_b = _options.loggingOptions) === null || _b === void 0 ? void 0 : _b.enableUnsafeSupportLogging,
|
72
|
+
loggerCallback: (0, utils_js_1.defaultLoggerCallback)(logger),
|
73
|
+
},
|
74
|
+
},
|
75
|
+
});
|
76
|
+
this.isAvailableIdentityClient = new identityClient_js_1.IdentityClient(Object.assign(Object.assign({}, _options), { retryOptions: {
|
77
|
+
maxRetries: 0,
|
78
|
+
} }));
|
79
|
+
// CloudShell MSI will ignore any user-assigned identity passed as parameters. To avoid confusion, we prevent this from happening as early as possible.
|
80
|
+
if (this.managedIdentityApp.getManagedIdentitySource() === "CloudShell") {
|
81
|
+
if (this.clientId || this.resourceId || this.objectId) {
|
82
|
+
logger.warning(`CloudShell MSI detected with user-provided IDs - throwing. Received values: ${JSON.stringify({
|
83
|
+
clientId: this.clientId,
|
84
|
+
resourceId: this.resourceId,
|
85
|
+
objectId: this.objectId,
|
86
|
+
})}.`);
|
87
|
+
throw new errors_js_1.CredentialUnavailableError("ManagedIdentityCredential: Specifying a user-assigned managed identity is not supported for CloudShell at runtime. When using Managed Identity in CloudShell, omit the clientId, resourceId, and objectId parameters.");
|
88
|
+
}
|
89
|
+
}
|
90
|
+
}
|
91
|
+
/**
|
92
|
+
* Authenticates with Microsoft Entra ID and returns an access token if successful.
|
93
|
+
* If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
94
|
+
* If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
|
95
|
+
*
|
96
|
+
* @param scopes - The list of scopes for which the token will have access.
|
97
|
+
* @param options - The options used to configure any requests this
|
98
|
+
* TokenCredential implementation might make.
|
99
|
+
*/
|
100
|
+
async getToken(scopes, options = {}) {
|
101
|
+
logger.getToken.info("Using the MSAL provider for Managed Identity.");
|
102
|
+
const resource = (0, utils_js_2.mapScopesToResource)(scopes);
|
103
|
+
if (!resource) {
|
104
|
+
throw new errors_js_1.CredentialUnavailableError(`ManagedIdentityCredential: Multiple scopes are not supported. Scopes: ${JSON.stringify(scopes)}`);
|
105
|
+
}
|
106
|
+
return tracing_js_1.tracingClient.withSpan("ManagedIdentityCredential.getToken", options, async () => {
|
107
|
+
var _a;
|
108
|
+
try {
|
109
|
+
const isTokenExchangeMsi = await tokenExchangeMsi_js_1.tokenExchangeMsi.isAvailable(this.clientId);
|
110
|
+
// Most scenarios are handled by MSAL except for two:
|
111
|
+
// AKS pod identity - MSAL does not implement the token exchange flow.
|
112
|
+
// IMDS Endpoint probing - MSAL does not do any probing before trying to get a token.
|
113
|
+
// As a DefaultAzureCredential optimization we probe the IMDS endpoint with a short timeout and no retries before actually trying to get a token
|
114
|
+
// We will continue to implement these features in the Identity library.
|
115
|
+
const identitySource = this.managedIdentityApp.getManagedIdentitySource();
|
116
|
+
const isImdsMsi = identitySource === "DefaultToImds" || identitySource === "Imds"; // Neither actually checks that IMDS endpoint is available, just that it's the source the MSAL _would_ try to use.
|
117
|
+
logger.getToken.info(`MSAL Identity source: ${identitySource}`);
|
118
|
+
if (isTokenExchangeMsi) {
|
119
|
+
// In the AKS scenario we will use the existing tokenExchangeMsi indefinitely.
|
120
|
+
logger.getToken.info("Using the token exchange managed identity.");
|
121
|
+
const result = await tokenExchangeMsi_js_1.tokenExchangeMsi.getToken({
|
122
|
+
scopes,
|
123
|
+
clientId: this.clientId,
|
124
|
+
identityClient: this.identityClient,
|
125
|
+
retryConfig: this.msiRetryConfig,
|
126
|
+
resourceId: this.resourceId,
|
127
|
+
});
|
128
|
+
if (result === null) {
|
129
|
+
throw new errors_js_1.CredentialUnavailableError("Attempted to use the token exchange managed identity, but received a null response.");
|
130
|
+
}
|
131
|
+
return result;
|
132
|
+
}
|
133
|
+
else if (isImdsMsi) {
|
134
|
+
// In the IMDS scenario we will probe the IMDS endpoint to ensure it's available before trying to get a token.
|
135
|
+
// If the IMDS endpoint is not available and this is the source that MSAL will use, we will fail-fast with an error that tells DAC to move to the next credential.
|
136
|
+
logger.getToken.info("Using the IMDS endpoint to probe for availability.");
|
137
|
+
const isAvailable = await imdsMsi_js_1.imdsMsi.isAvailable({
|
138
|
+
scopes,
|
139
|
+
clientId: this.clientId,
|
140
|
+
getTokenOptions: options,
|
141
|
+
identityClient: this.isAvailableIdentityClient,
|
142
|
+
resourceId: this.resourceId,
|
143
|
+
});
|
144
|
+
if (!isAvailable) {
|
145
|
+
throw new errors_js_1.CredentialUnavailableError(`Attempted to use the IMDS endpoint, but it is not available.`);
|
146
|
+
}
|
147
|
+
}
|
148
|
+
// If we got this far, it means:
|
149
|
+
// - This is not a tokenExchangeMsi,
|
150
|
+
// - We already probed for IMDS endpoint availability and failed-fast if it's unreachable.
|
151
|
+
// We can proceed normally by calling MSAL for a token.
|
152
|
+
logger.getToken.info("Calling into MSAL for managed identity token.");
|
153
|
+
const token = await this.managedIdentityApp.acquireToken({
|
154
|
+
resource,
|
155
|
+
});
|
156
|
+
this.ensureValidMsalToken(scopes, token, options);
|
157
|
+
logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
|
158
|
+
return {
|
159
|
+
expiresOnTimestamp: token.expiresOn.getTime(),
|
160
|
+
token: token.accessToken,
|
161
|
+
refreshAfterTimestamp: (_a = token.refreshOn) === null || _a === void 0 ? void 0 : _a.getTime(),
|
162
|
+
tokenType: "Bearer",
|
163
|
+
};
|
164
|
+
}
|
165
|
+
catch (err) {
|
166
|
+
logger.getToken.error((0, logging_js_1.formatError)(scopes, err));
|
167
|
+
// AuthenticationRequiredError described as Error to enforce authentication after trying to retrieve a token silently.
|
168
|
+
// TODO: why would this _ever_ happen considering we're not trying the silent request in this flow?
|
169
|
+
if (err.name === "AuthenticationRequiredError") {
|
170
|
+
throw err;
|
171
|
+
}
|
172
|
+
if (isNetworkError(err)) {
|
173
|
+
throw new errors_js_1.CredentialUnavailableError(`ManagedIdentityCredential: Network unreachable. Message: ${err.message}`, { cause: err });
|
174
|
+
}
|
175
|
+
throw new errors_js_1.CredentialUnavailableError(`ManagedIdentityCredential: Authentication failed. Message ${err.message}`, { cause: err });
|
176
|
+
}
|
177
|
+
});
|
178
|
+
}
|
179
|
+
/**
|
180
|
+
* Ensures the validity of the MSAL token
|
181
|
+
*/
|
182
|
+
ensureValidMsalToken(scopes, msalToken, getTokenOptions) {
|
183
|
+
const createError = (message) => {
|
184
|
+
logger.getToken.info(message);
|
185
|
+
return new errors_js_1.AuthenticationRequiredError({
|
186
|
+
scopes: Array.isArray(scopes) ? scopes : [scopes],
|
187
|
+
getTokenOptions,
|
188
|
+
message,
|
189
|
+
});
|
190
|
+
};
|
191
|
+
if (!msalToken) {
|
192
|
+
throw createError("No response.");
|
193
|
+
}
|
194
|
+
if (!msalToken.expiresOn) {
|
195
|
+
throw createError(`Response had no "expiresOn" property.`);
|
196
|
+
}
|
197
|
+
if (!msalToken.accessToken) {
|
198
|
+
throw createError(`Response had no "accessToken" property.`);
|
199
|
+
}
|
200
|
+
}
|
201
|
+
}
|
202
|
+
exports.ManagedIdentityCredential = ManagedIdentityCredential;
|
203
|
+
function isNetworkError(err) {
|
204
|
+
// MSAL error
|
205
|
+
if (err.errorCode === "network_error") {
|
206
|
+
return true;
|
207
|
+
}
|
208
|
+
// Probe errors
|
209
|
+
if (err.code === "ENETUNREACH" || err.code === "EHOSTUNREACH") {
|
210
|
+
return true;
|
211
|
+
}
|
212
|
+
// This is a special case for Docker Desktop which responds with a 403 with a message that contains "A socket operation was attempted to an unreachable network" or "A socket operation was attempted to an unreachable host"
|
213
|
+
// rather than just timing out, as expected.
|
214
|
+
if (err.statusCode === 403 || err.code === 403) {
|
215
|
+
if (err.message.includes("unreachable")) {
|
216
|
+
return true;
|
217
|
+
}
|
218
|
+
}
|
219
|
+
return false;
|
220
|
+
}
|
221
|
+
//# sourceMappingURL=index.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/index.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAKlC,0CAA4C;AAC5C,gDAA8D;AAC9D,sEAAgE;AAChE,+CAA0F;AAC1F,kDAA6E;AAC7E,6DAAuD;AAEvD,sDAAqF;AACrF,sDAAsD;AACtD,6CAAuC;AACvC,+DAAyD;AACzD,yCAAiD;AAGjD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,2BAA2B,CAAC,CAAC;AAwC7D;;;;;;;GAOG;AACH,MAAa,yBAAyB;IAuCpC;;;OAGG;IACH,YACE,iBAI4C,EAC5C,OAAgC;;QA3C1B,mBAAc,GAAoC;YACxD,UAAU,EAAE,CAAC;YACb,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,CAAC;SACrB,CAAC;QAyCA,IAAI,QAAgC,CAAC;QACrC,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC;YAClC,QAAQ,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,GAAI,iBAA8D,aAA9D,iBAAiB,uBAAjB,iBAAiB,CAA+C,QAAQ,CAAC;YAC1F,QAAQ,GAAG,iBAAiB,aAAjB,iBAAiB,cAAjB,iBAAiB,GAAI,EAAE,CAAC;QACrC,CAAC;QACD,IAAI,CAAC,UAAU,GAAI,QAAuD,aAAvD,QAAQ,uBAAR,QAAQ,CAAiD,UAAU,CAAC;QACvF,IAAI,CAAC,QAAQ,GAAI,QAAqD,aAArD,QAAQ,uBAAR,QAAQ,CAA+C,QAAQ,CAAC;QAEjF,wBAAwB;QACxB,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,oHAAoH,IAAI,CAAC,SAAS,CAChI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAClF,EAAE,CACJ,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,QAAQ,CAAC,uBAAuB,GAAG,IAAI,CAAC;QAExC,IAAI,CAAA,MAAA,QAAQ,CAAC,YAAY,0CAAE,UAAU,MAAK,SAAS,EAAE,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,UAAU,CAAC;QACpE,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,kCAAc,iCACnC,QAAQ,KACX,kBAAkB,EAAE,CAAC,EAAE,MAAM,EAAE,IAAA,oCAAe,EAAC,IAAI,CAAC,cAAc,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,IAC3F,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,IAAI,sCAA0B,CAAC;YACvD,uBAAuB,EAAE;gBACvB,oBAAoB,EAAE,IAAI,CAAC,QAAQ;gBACnC,sBAAsB,EAAE,IAAI,CAAC,UAAU;gBACvC,oBAAoB,EAAE,IAAI,CAAC,QAAQ;aACpC;YACD,MAAM,EAAE;gBACN,sBAAsB,EAAE,IAAI;gBAC5B,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,aAAa,EAAE;oBACb,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;oBACxC,iBAAiB,EAAE,MAAA,QAAQ,CAAC,cAAc,0CAAE,0BAA0B;oBACtE,cAAc,EAAE,IAAA,gCAAqB,EAAC,MAAM,CAAC;iBAC9C;aACF;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,yBAAyB,GAAG,IAAI,kCAAc,iCAC9C,QAAQ,KACX,YAAY,EAAE;gBACZ,UAAU,EAAE,CAAC;aACd,IACD,CAAC;QAEH,uJAAuJ;QACvJ,IAAI,IAAI,CAAC,kBAAkB,CAAC,wBAAwB,EAAE,KAAK,YAAY,EAAE,CAAC;YACxE,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACtD,MAAM,CAAC,OAAO,CACZ,+EAA+E,IAAI,CAAC,SAAS,CAC3F;oBACE,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;iBACxB,CACF,GAAG,CACL,CAAC;gBACF,MAAM,IAAI,sCAA0B,CAClC,uNAAuN,CACxN,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QACtE,MAAM,QAAQ,GAAG,IAAA,8BAAmB,EAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,yEAAyE,IAAI,CAAC,SAAS,CACrF,MAAM,CACP,EAAE,CACJ,CAAC;QACJ,CAAC;QAED,OAAO,0BAAa,CAAC,QAAQ,CAAC,oCAAoC,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACtF,IAAI,CAAC;gBACH,MAAM,kBAAkB,GAAG,MAAM,sCAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAE7E,qDAAqD;gBACrD,sEAAsE;gBACtE,qFAAqF;gBACrF,gJAAgJ;gBAChJ,wEAAwE;gBAExE,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,wBAAwB,EAAE,CAAC;gBAC1E,MAAM,SAAS,GAAG,cAAc,KAAK,eAAe,IAAI,cAAc,KAAK,MAAM,CAAC,CAAC,kHAAkH;gBAErM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAC;gBAEhE,IAAI,kBAAkB,EAAE,CAAC;oBACvB,8EAA8E;oBAC9E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;oBACnE,MAAM,MAAM,GAAG,MAAM,sCAAgB,CAAC,QAAQ,CAAC;wBAC7C,MAAM;wBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,cAAc,EAAE,IAAI,CAAC,cAAc;wBACnC,WAAW,EAAE,IAAI,CAAC,cAAc;wBAChC,UAAU,EAAE,IAAI,CAAC,UAAU;qBAC5B,CAAC,CAAC;oBAEH,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;wBACpB,MAAM,IAAI,sCAA0B,CAClC,qFAAqF,CACtF,CAAC;oBACJ,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;qBAAM,IAAI,SAAS,EAAE,CAAC;oBACrB,8GAA8G;oBAC9G,kKAAkK;oBAClK,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;oBAC3E,MAAM,WAAW,GAAG,MAAM,oBAAO,CAAC,WAAW,CAAC;wBAC5C,MAAM;wBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,eAAe,EAAE,OAAO;wBACxB,cAAc,EAAE,IAAI,CAAC,yBAAyB;wBAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;qBAC5B,CAAC,CAAC;oBAEH,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,MAAM,IAAI,sCAA0B,CAClC,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,gCAAgC;gBAChC,oCAAoC;gBACpC,0FAA0F;gBAC1F,uDAAuD;gBACvD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;gBACtE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC;oBACvD,QAAQ;iBACT,CAAC,CAAC;gBAEH,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;gBAE5C,OAAO;oBACL,kBAAkB,EAAE,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE;oBAC7C,KAAK,EAAE,KAAK,CAAC,WAAW;oBACxB,qBAAqB,EAAE,MAAA,KAAK,CAAC,SAAS,0CAAE,OAAO,EAAE;oBACjD,SAAS,EAAE,QAAQ;iBACL,CAAC;YACnB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAA,wBAAW,EAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEhD,sHAAsH;gBACtH,mGAAmG;gBACnG,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;oBAC/C,MAAM,GAAG,CAAC;gBACZ,CAAC;gBAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxB,MAAM,IAAI,sCAA0B,CAClC,4DAA4D,GAAG,CAAC,OAAO,EAAE,EACzE,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,sCAA0B,CAClC,6DAA6D,GAAG,CAAC,OAAO,EAAE,EAC1E,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,MAAyB,EACzB,SAAqB,EACrB,eAAiC;QAEjC,MAAM,WAAW,GAAG,CAAC,OAAe,EAAS,EAAE;YAC7C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,OAAO,IAAI,uCAA2B,CAAC;gBACrC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjD,eAAe;gBACf,OAAO;aACR,CAAC,CAAC;QACL,CAAC,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,WAAW,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YACzB,MAAM,WAAW,CAAC,uCAAuC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YAC3B,MAAM,WAAW,CAAC,yCAAyC,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;CACF;AA9QD,8DA8QC;AAED,SAAS,cAAc,CAAC,GAAQ;IAC9B,aAAa;IACb,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;IACf,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6NAA6N;IAC7N,4CAA4C;IAC5C,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;QAC/C,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\n\nimport type { TokenCredentialOptions } from \"../../tokenCredentialOptions.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { ManagedIdentityApplication } from \"@azure/msal-node\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport { getMSALLogLevel, defaultLoggerCallback } from \"../../msal/utils.js\";\nimport { imdsRetryPolicy } from \"./imdsRetryPolicy.js\";\nimport { MSIConfiguration } from \"./models.js\";\nimport { formatSuccess, formatError, credentialLogger } from \"../../util/logging.js\";\nimport { tracingClient } from \"../../util/tracing.js\";\nimport { imdsMsi } from \"./imdsMsi.js\";\nimport { tokenExchangeMsi } from \"./tokenExchangeMsi.js\";\nimport { mapScopesToResource } from \"./utils.js\";\nimport { MsalToken, ValidMsalToken } from \"../../msal/types.js\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential\");\n\n/**\n * Options to send on the {@link ManagedIdentityCredential} constructor.\n * This variation supports `clientId` and not `resourceId`, since only one of both is supported.\n */\nexport interface ManagedIdentityCredentialClientIdOptions extends TokenCredentialOptions {\n /**\n * The client ID of the user - assigned identity, or app registration(when working with AKS pod - identity).\n */\n clientId?: string;\n}\n\n/**\n * Options to send on the {@link ManagedIdentityCredential} constructor.\n * This variation supports `resourceId` and not `clientId`, since only one of both is supported.\n */\nexport interface ManagedIdentityCredentialResourceIdOptions extends TokenCredentialOptions {\n /**\n * Allows specifying a custom resource Id.\n * In scenarios such as when user assigned identities are created using an ARM template,\n * where the resource Id of the identity is known but the client Id can't be known ahead of time,\n * this parameter allows programs to use these user assigned identities\n * without having to first determine the client Id of the created identity.\n */\n resourceId: string;\n}\n\n/**\n * Options to send on the {@link ManagedIdentityCredential} constructor.\n * This variation supports `objectId` as a constructor argument.\n */\nexport interface ManagedIdentityCredentialObjectIdOptions extends TokenCredentialOptions {\n /**\n * Allows specifying the object ID of the underlying service principal used to authenticate a user-assigned managed identity.\n * This is an alternative to providing a client ID or resource ID and is not required for system-assigned managed identities.\n */\n objectId: string;\n}\n\n/**\n * Attempts authentication using a managed identity available at the deployment environment.\n * This authentication type works in Azure VMs, App Service instances, Azure Functions applications,\n * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.\n *\n * More information about configuring managed identities can be found here:\n * https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n */\nexport class ManagedIdentityCredential implements TokenCredential {\n private managedIdentityApp: ManagedIdentityApplication;\n private identityClient: IdentityClient;\n private clientId?: string;\n private resourceId?: string;\n private objectId?: string;\n private msiRetryConfig: MSIConfiguration[\"retryConfig\"] = {\n maxRetries: 5,\n startDelayInMs: 800,\n intervalIncrement: 2,\n };\n private isAvailableIdentityClient: IdentityClient;\n\n /**\n * Creates an instance of ManagedIdentityCredential with the client ID of a\n * user-assigned identity, or app registration (when working with AKS pod-identity).\n *\n * @param clientId - The client ID of the user-assigned identity, or app registration (when working with AKS pod-identity).\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(clientId: string, options?: TokenCredentialOptions);\n /**\n * Creates an instance of ManagedIdentityCredential with a client ID\n *\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(options?: ManagedIdentityCredentialClientIdOptions);\n /**\n * Creates an instance of ManagedIdentityCredential with a resource ID\n *\n * @param options - Options for configuring the resource which makes the access token request.\n */\n constructor(options?: ManagedIdentityCredentialResourceIdOptions);\n /**\n * Creates an instance of ManagedIdentityCredential with an object ID\n *\n * @param options - Options for configuring the resource which makes the access token request.\n */\n constructor(options?: ManagedIdentityCredentialObjectIdOptions);\n /**\n * @internal\n * @hidden\n */\n constructor(\n clientIdOrOptions?:\n | string\n | ManagedIdentityCredentialClientIdOptions\n | ManagedIdentityCredentialResourceIdOptions\n | ManagedIdentityCredentialObjectIdOptions,\n options?: TokenCredentialOptions,\n ) {\n let _options: TokenCredentialOptions;\n if (typeof clientIdOrOptions === \"string\") {\n this.clientId = clientIdOrOptions;\n _options = options ?? {};\n } else {\n this.clientId = (clientIdOrOptions as ManagedIdentityCredentialClientIdOptions)?.clientId;\n _options = clientIdOrOptions ?? {};\n }\n this.resourceId = (_options as ManagedIdentityCredentialResourceIdOptions)?.resourceId;\n this.objectId = (_options as ManagedIdentityCredentialObjectIdOptions)?.objectId;\n\n // For JavaScript users.\n const providedIds = [this.clientId, this.resourceId, this.objectId].filter(Boolean);\n if (providedIds.length > 1) {\n throw new Error(\n `ManagedIdentityCredential: only one of 'clientId', 'resourceId', or 'objectId' can be provided. Received values: ${JSON.stringify(\n { clientId: this.clientId, resourceId: this.resourceId, objectId: this.objectId },\n )}`,\n );\n }\n\n // ManagedIdentity uses http for local requests\n _options.allowInsecureConnection = true;\n\n if (_options.retryOptions?.maxRetries !== undefined) {\n this.msiRetryConfig.maxRetries = _options.retryOptions.maxRetries;\n }\n\n this.identityClient = new IdentityClient({\n ..._options,\n additionalPolicies: [{ policy: imdsRetryPolicy(this.msiRetryConfig), position: \"perCall\" }],\n });\n\n this.managedIdentityApp = new ManagedIdentityApplication({\n managedIdentityIdParams: {\n userAssignedClientId: this.clientId,\n userAssignedResourceId: this.resourceId,\n userAssignedObjectId: this.objectId,\n },\n system: {\n disableInternalRetries: true,\n networkClient: this.identityClient,\n loggerOptions: {\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: _options.loggingOptions?.enableUnsafeSupportLogging,\n loggerCallback: defaultLoggerCallback(logger),\n },\n },\n });\n\n this.isAvailableIdentityClient = new IdentityClient({\n ..._options,\n retryOptions: {\n maxRetries: 0,\n },\n });\n\n // CloudShell MSI will ignore any user-assigned identity passed as parameters. To avoid confusion, we prevent this from happening as early as possible.\n if (this.managedIdentityApp.getManagedIdentitySource() === \"CloudShell\") {\n if (this.clientId || this.resourceId || this.objectId) {\n logger.warning(\n `CloudShell MSI detected with user-provided IDs - throwing. Received values: ${JSON.stringify(\n {\n clientId: this.clientId,\n resourceId: this.resourceId,\n objectId: this.objectId,\n },\n )}.`,\n );\n throw new CredentialUnavailableError(\n \"ManagedIdentityCredential: Specifying a user-assigned managed identity is not supported for CloudShell at runtime. When using Managed Identity in CloudShell, omit the clientId, resourceId, and objectId parameters.\",\n );\n }\n }\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n logger.getToken.info(\"Using the MSAL provider for Managed Identity.\");\n const resource = mapScopesToResource(scopes);\n if (!resource) {\n throw new CredentialUnavailableError(\n `ManagedIdentityCredential: Multiple scopes are not supported. Scopes: ${JSON.stringify(\n scopes,\n )}`,\n );\n }\n\n return tracingClient.withSpan(\"ManagedIdentityCredential.getToken\", options, async () => {\n try {\n const isTokenExchangeMsi = await tokenExchangeMsi.isAvailable(this.clientId);\n\n // Most scenarios are handled by MSAL except for two:\n // AKS pod identity - MSAL does not implement the token exchange flow.\n // IMDS Endpoint probing - MSAL does not do any probing before trying to get a token.\n // As a DefaultAzureCredential optimization we probe the IMDS endpoint with a short timeout and no retries before actually trying to get a token\n // We will continue to implement these features in the Identity library.\n\n const identitySource = this.managedIdentityApp.getManagedIdentitySource();\n const isImdsMsi = identitySource === \"DefaultToImds\" || identitySource === \"Imds\"; // Neither actually checks that IMDS endpoint is available, just that it's the source the MSAL _would_ try to use.\n\n logger.getToken.info(`MSAL Identity source: ${identitySource}`);\n\n if (isTokenExchangeMsi) {\n // In the AKS scenario we will use the existing tokenExchangeMsi indefinitely.\n logger.getToken.info(\"Using the token exchange managed identity.\");\n const result = await tokenExchangeMsi.getToken({\n scopes,\n clientId: this.clientId,\n identityClient: this.identityClient,\n retryConfig: this.msiRetryConfig,\n resourceId: this.resourceId,\n });\n\n if (result === null) {\n throw new CredentialUnavailableError(\n \"Attempted to use the token exchange managed identity, but received a null response.\",\n );\n }\n\n return result;\n } else if (isImdsMsi) {\n // In the IMDS scenario we will probe the IMDS endpoint to ensure it's available before trying to get a token.\n // If the IMDS endpoint is not available and this is the source that MSAL will use, we will fail-fast with an error that tells DAC to move to the next credential.\n logger.getToken.info(\"Using the IMDS endpoint to probe for availability.\");\n const isAvailable = await imdsMsi.isAvailable({\n scopes,\n clientId: this.clientId,\n getTokenOptions: options,\n identityClient: this.isAvailableIdentityClient,\n resourceId: this.resourceId,\n });\n\n if (!isAvailable) {\n throw new CredentialUnavailableError(\n `Attempted to use the IMDS endpoint, but it is not available.`,\n );\n }\n }\n\n // If we got this far, it means:\n // - This is not a tokenExchangeMsi,\n // - We already probed for IMDS endpoint availability and failed-fast if it's unreachable.\n // We can proceed normally by calling MSAL for a token.\n logger.getToken.info(\"Calling into MSAL for managed identity token.\");\n const token = await this.managedIdentityApp.acquireToken({\n resource,\n });\n\n this.ensureValidMsalToken(scopes, token, options);\n logger.getToken.info(formatSuccess(scopes));\n\n return {\n expiresOnTimestamp: token.expiresOn.getTime(),\n token: token.accessToken,\n refreshAfterTimestamp: token.refreshOn?.getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (err: any) {\n logger.getToken.error(formatError(scopes, err));\n\n // AuthenticationRequiredError described as Error to enforce authentication after trying to retrieve a token silently.\n // TODO: why would this _ever_ happen considering we're not trying the silent request in this flow?\n if (err.name === \"AuthenticationRequiredError\") {\n throw err;\n }\n\n if (isNetworkError(err)) {\n throw new CredentialUnavailableError(\n `ManagedIdentityCredential: Network unreachable. Message: ${err.message}`,\n { cause: err },\n );\n }\n\n throw new CredentialUnavailableError(\n `ManagedIdentityCredential: Authentication failed. Message ${err.message}`,\n { cause: err },\n );\n }\n });\n }\n\n /**\n * Ensures the validity of the MSAL token\n */\n private ensureValidMsalToken(\n scopes: string | string[],\n msalToken?: MsalToken,\n getTokenOptions?: GetTokenOptions,\n ): asserts msalToken is ValidMsalToken {\n const createError = (message: string): Error => {\n logger.getToken.info(message);\n return new AuthenticationRequiredError({\n scopes: Array.isArray(scopes) ? scopes : [scopes],\n getTokenOptions,\n message,\n });\n };\n if (!msalToken) {\n throw createError(\"No response.\");\n }\n if (!msalToken.expiresOn) {\n throw createError(`Response had no \"expiresOn\" property.`);\n }\n if (!msalToken.accessToken) {\n throw createError(`Response had no \"accessToken\" property.`);\n }\n }\n}\n\nfunction isNetworkError(err: any): boolean {\n // MSAL error\n if (err.errorCode === \"network_error\") {\n return true;\n }\n\n // Probe errors\n if (err.code === \"ENETUNREACH\" || err.code === \"EHOSTUNREACH\") {\n return true;\n }\n\n // This is a special case for Docker Desktop which responds with a 403 with a message that contains \"A socket operation was attempted to an unreachable network\" or \"A socket operation was attempted to an unreachable host\"\n // rather than just timing out, as expected.\n if (err.statusCode === 403 || err.code === 403) {\n if (err.message.includes(\"unreachable\")) {\n return true;\n }\n }\n\n return false;\n}\n"]}
|
@@ -0,0 +1,24 @@
|
|
1
|
+
import type { AccessToken } from "@azure/core-auth";
|
2
|
+
import type { IdentityClient } from "../../client/identityClient.js";
|
3
|
+
/**
|
4
|
+
* @internal
|
5
|
+
*/
|
6
|
+
export interface MSIConfiguration {
|
7
|
+
retryConfig: {
|
8
|
+
maxRetries: number;
|
9
|
+
startDelayInMs: number;
|
10
|
+
intervalIncrement: number;
|
11
|
+
};
|
12
|
+
identityClient: IdentityClient;
|
13
|
+
scopes: string | string[];
|
14
|
+
clientId?: string;
|
15
|
+
resourceId?: string;
|
16
|
+
}
|
17
|
+
/**
|
18
|
+
* @internal
|
19
|
+
* Represents an access token for {@link ManagedIdentity} for internal usage,
|
20
|
+
* with an expiration time and the time in which token should refresh.
|
21
|
+
*/
|
22
|
+
export declare interface MSIToken extends AccessToken {
|
23
|
+
}
|
24
|
+
//# sourceMappingURL=models.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/models.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAErE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,cAAc,EAAE,cAAc,CAAC;IAC/B,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,CAAC,OAAO,WAAW,QAAS,SAAQ,WAAW;CAAG"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"models.js","sourceRoot":"","sources":["../../../../src/credentials/managedIdentityCredential/models.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken } from \"@azure/core-auth\";\n\nimport type { IdentityClient } from \"../../client/identityClient.js\";\n\n/**\n * @internal\n */\nexport interface MSIConfiguration {\n retryConfig: {\n maxRetries: number;\n startDelayInMs: number;\n intervalIncrement: number;\n };\n identityClient: IdentityClient;\n scopes: string | string[];\n clientId?: string;\n resourceId?: string;\n}\n\n/**\n * @internal\n * Represents an access token for {@link ManagedIdentity} for internal usage,\n * with an expiration time and the time in which token should refresh.\n */\nexport declare interface MSIToken extends AccessToken {}\n"]}
|
@@ -0,0 +1,14 @@
|
|
1
|
+
import type { AccessToken, GetTokenOptions } from "@azure/core-auth";
|
2
|
+
import type { MSIConfiguration } from "./models.js";
|
3
|
+
/**
|
4
|
+
* Defines how to determine whether the token exchange MSI is available, and also how to retrieve a token from the token exchange MSI.
|
5
|
+
*
|
6
|
+
* Token exchange MSI (used by AKS) is the only MSI implementation handled entirely by Azure Identity.
|
7
|
+
* The rest have been migrated to MSAL.
|
8
|
+
*/
|
9
|
+
export declare const tokenExchangeMsi: {
|
10
|
+
name: string;
|
11
|
+
isAvailable(clientId?: string): Promise<boolean>;
|
12
|
+
getToken(configuration: MSIConfiguration, getTokenOptions?: GetTokenOptions): Promise<AccessToken | null>;
|
13
|
+
};
|
14
|
+
//# sourceMappingURL=tokenExchangeMsi.d.ts.map
|