npm - @azure/identity - Versions diffs - 4.5.1-alpha.20241112.1 → 4.5.1-alpha.20241114.2 - Mend

@azure/identity 4.5.1-alpha.20241112.1 → 4.5.1-alpha.20241114.2

Files changed (1066) hide show

package/dist/commonjs/credentials/workloadIdentityCredential.js ADDED Viewed

@@ -0,0 +1,118 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WorkloadIdentityCredential = exports.SupportedWorkloadEnvironmentVariables = void 0;
+const logging_js_1 = require("../util/logging.js");
+const clientAssertionCredential_js_1 = require("./clientAssertionCredential.js");
+const errors_js_1 = require("../errors.js");
+const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
+const promises_1 = require("node:fs/promises");
+const credentialName = "WorkloadIdentityCredential";
+/**
+ * Contains the list of all supported environment variable names so that an
+ * appropriate error message can be generated when no credentials can be
+ * configured.
+ *
+ * @internal
+ */
+exports.SupportedWorkloadEnvironmentVariables = [
+    "AZURE_TENANT_ID",
+    "AZURE_CLIENT_ID",
+    "AZURE_FEDERATED_TOKEN_FILE",
+];
+const logger = (0, logging_js_1.credentialLogger)(credentialName);
+/**
+ * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
+ * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
+ * authentication, applications authenticate themselves using their own identity, rather than using a shared service
+ * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
+ * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
+ * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
+ * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
+ * need to worry about storing and securing sensitive credentials themselves.
+ * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
+ * a token using the SACs available in the Azure Kubernetes environment.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
+ * Workload ID</a> for more information.
+ */
+class WorkloadIdentityCredential {
+    /**
+     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
+     *
+     * @param options - The identity client options to use for authentication.
+     */
+    constructor(options) {
+        this.azureFederatedTokenFileContent = undefined;
+        this.cacheDate = undefined;
+        // Logging environment variables for error details
+        const assignedEnv = (0, logging_js_1.processEnvVars)(exports.SupportedWorkloadEnvironmentVariables).assigned.join(", ");
+        logger.info(`Found the following environment variables: ${assignedEnv}`);
+        const workloadIdentityCredentialOptions = options !== null && options !== void 0 ? options : {};
+        const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;
+        const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;
+        this.federatedTokenFilePath =
+            workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;
+        if (tenantId) {
+            (0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
+        }
+        if (!clientId) {
+            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_CLIENT_ID".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);
+        }
+        if (!tenantId) {
+            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_TENANT_ID".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);
+        }
+        if (!this.federatedTokenFilePath) {
+            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_FEDERATED_TOKEN_FILE".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);
+        }
+        logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`);
+        this.client = new clientAssertionCredential_js_1.ClientAssertionCredential(tenantId, clientId, this.readFileContents.bind(this), options);
+    }
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options) {
+        if (!this.client) {
+            const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters.
+      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables -
+      "AZURE_TENANT_ID",
+      "AZURE_CLIENT_ID",
+      "AZURE_FEDERATED_TOKEN_FILE". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;
+            logger.info(errorMessage);
+            throw new errors_js_1.CredentialUnavailableError(errorMessage);
+        }
+        logger.info("Invoking getToken() of Client Assertion Credential");
+        return this.client.getToken(scopes, options);
+    }
+    async readFileContents() {
+        // Cached assertions expire after 5 minutes
+        if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {
+            this.azureFederatedTokenFileContent = undefined;
+        }
+        if (!this.federatedTokenFilePath) {
+            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`);
+        }
+        if (!this.azureFederatedTokenFileContent) {
+            const file = await (0, promises_1.readFile)(this.federatedTokenFilePath, "utf8");
+            const value = file.trim();
+            if (!value) {
+                throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`);
+            }
+            else {
+                this.azureFederatedTokenFileContent = value;
+                this.cacheDate = Date.now();
+            }
+        }
+        return this.azureFederatedTokenFileContent;
+    }
+}
+exports.WorkloadIdentityCredential = WorkloadIdentityCredential;
+//# sourceMappingURL=workloadIdentityCredential.js.map

package/dist/commonjs/credentials/workloadIdentityCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workloadIdentityCredential.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAGlC,mDAAsE;AAEtE,iFAA2E;AAC3E,4CAA0D;AAE1D,+DAAyD;AACzD,+CAA4C;AAE5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;AACpD;;;;;;GAMG;AACU,QAAA,qCAAqC,GAAG;IACnD,iBAAiB;IACjB,iBAAiB;IACjB,4BAA4B;CAC7B,CAAC;AACF,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,cAAc,CAAC,CAAC;AAChD;;;;;;;;;;;;;GAaG;AACH,MAAa,0BAA0B;IAMrC;;;;OAIG;IACH,YAAY,OAA2C;QAT/C,mCAA8B,GAAuB,SAAS,CAAC;QAC/D,cAAS,GAAuB,SAAS,CAAC;QAShD,kDAAkD;QAClD,MAAM,WAAW,GAAG,IAAA,2BAAc,EAAC,6CAAqC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAEzE,MAAM,iCAAiC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,MAAM,QAAQ,GAAG,iCAAiC,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3F,IAAI,CAAC,sBAAsB;YACzB,iCAAiC,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC5F,IAAI,QAAQ,EAAE,CAAC;YACb,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc;qIAC4G,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,eAAe,iCAAiC,CAAC,QAAQ,uCAAuC,CAC/J,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,wDAAyB,CACzC,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,GAAG,cAAc;;;;iKAIqH,CAAC;YAC5J,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,MAAM,IAAI,sCAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACjF,IAAI,CAAC,8BAA8B,GAAG,SAAS,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,gDAAgD,IAAI,CAAC,sBAAsB,GAAG,CAChG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,4CAA4C,IAAI,CAAC,sBAAsB,GAAG,CAC5F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAzGD,gEAyGC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, processEnvVars } from \"../util/logging.js\";\n\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport type { WorkloadIdentityCredentialOptions } from \"./workloadIdentityCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { readFile } from \"node:fs/promises\";\n\nconst credentialName = \"WorkloadIdentityCredential\";\n/**\n * Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n *\n * @internal\n */\nexport const SupportedWorkloadEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\",\n];\nconst logger = credentialLogger(credentialName);\n/**\n * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)\n * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity\n * authentication, applications authenticate themselves using their own identity, rather than using a shared service\n * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account\n * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload\n * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for\n * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't\n * need to worry about storing and securing sensitive credentials themselves.\n * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires\n * a token using the SACs available in the Azure Kubernetes environment.\n * Refer to <a href=\"https://learn.microsoft.com/azure/aks/workload-identity-overview\">Microsoft Entra\n * Workload ID</a> for more information.\n */\nexport class WorkloadIdentityCredential implements TokenCredential {\n private client: ClientAssertionCredential | undefined;\n private azureFederatedTokenFileContent: string | undefined = undefined;\n private cacheDate: number | undefined = undefined;\n private federatedTokenFilePath: string | undefined;\n\n /**\n * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.\n *\n * @param options - The identity client options to use for authentication.\n */\n constructor(options?: WorkloadIdentityCredentialOptions) {\n // Logging environment variables for error details\n const assignedEnv = processEnvVars(SupportedWorkloadEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assignedEnv}`);\n\n const workloadIdentityCredentialOptions = options ?? {};\n const tenantId = workloadIdentityCredentialOptions.tenantId || process.env.AZURE_TENANT_ID;\n const clientId = workloadIdentityCredentialOptions.clientId || process.env.AZURE_CLIENT_ID;\n this.federatedTokenFilePath =\n workloadIdentityCredentialOptions.tokenFilePath || process.env.AZURE_FEDERATED_TOKEN_FILE;\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_CLIENT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_TENANT_ID\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - \"AZURE_FEDERATED_TOKEN_FILE\".\n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`,\n );\n }\n\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, clientId: ${workloadIdentityCredentialOptions.clientId} and federated token path: [REDACTED]`,\n );\n this.client = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.readFileContents.bind(this),\n options,\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken | null> {\n if (!this.client) {\n const errorMessage = `${credentialName}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. \n In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - \n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_FEDERATED_TOKEN_FILE\". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;\n logger.info(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.client.getToken(scopes, options);\n }\n\n private async readFileContents(): Promise<string> {\n // Cached assertions expire after 5 minutes\n if (this.cacheDate !== undefined && Date.now() - this.cacheDate >= 1000 * 60 * 5) {\n this.azureFederatedTokenFileContent = undefined;\n }\n if (!this.federatedTokenFilePath) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`,\n );\n }\n if (!this.azureFederatedTokenFileContent) {\n const file = await readFile(this.federatedTokenFilePath, \"utf8\");\n const value = file.trim();\n if (!value) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`,\n );\n } else {\n this.azureFederatedTokenFileContent = value;\n this.cacheDate = Date.now();\n }\n }\n return this.azureFederatedTokenFileContent;\n }\n}\n"]}

package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Options for the {@link WorkloadIdentityCredential}
+ */
+export interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+    /**
+     * ID of the application's Microsoft Entra tenant. Also called its directory ID.
+     */
+    tenantId?: string;
+    /**
+     * The client ID of a Microsoft Entra app registration.
+     */
+    clientId?: string;
+    /**
+     * The path to a file containing a Kubernetes service account token that authenticates the identity.
+     */
+    tokenFilePath?: string;
+}
+//# sourceMappingURL=workloadIdentityCredentialOptions.d.ts.map

package/dist/commonjs/credentials/workloadIdentityCredentialOptions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workloadIdentityCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,0BAA0B;IAC5B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB"}

package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=workloadIdentityCredentialOptions.js.map

package/dist/commonjs/credentials/workloadIdentityCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workloadIdentityCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/workloadIdentityCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link WorkloadIdentityCredential}\n */\nexport interface WorkloadIdentityCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {\n /**\n * ID of the application's Microsoft Entra tenant. Also called its directory ID.\n */\n tenantId?: string;\n /**\n * The client ID of a Microsoft Entra app registration.\n */\n clientId?: string;\n /**\n * The path to a file containing a Kubernetes service account token that authenticates the identity.\n */\n tokenFilePath?: string;\n}\n"]}

package/dist/commonjs/errors.d.ts ADDED Viewed

@@ -0,0 +1,139 @@
+import type { GetTokenOptions } from "@azure/core-auth";
+/**
+ * See the official documentation for more details:
+ *
+ * https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1
+ *
+ * NOTE: This documentation is for v1 OAuth support but the same error
+ * response details still apply to v2.
+ */
+export interface ErrorResponse {
+    /**
+     * The string identifier for the error.
+     */
+    error: string;
+    /**
+     * The error's description.
+     */
+    errorDescription: string;
+    /**
+     * An array of codes pertaining to the error(s) that occurred.
+     */
+    errorCodes?: number[];
+    /**
+     * The timestamp at which the error occurred.
+     */
+    timestamp?: string;
+    /**
+     * The trace identifier for this error occurrence.
+     */
+    traceId?: string;
+    /**
+     * The correlation ID to be used for tracking the source of the error.
+     */
+    correlationId?: string;
+}
+/**
+ * Used for internal deserialization of OAuth responses. Public model is ErrorResponse
+ * @internal
+ */
+export interface OAuthErrorResponse {
+    error: string;
+    error_description: string;
+    error_codes?: number[];
+    timestamp?: string;
+    trace_id?: string;
+    correlation_id?: string;
+}
+/**
+ * The Error.name value of an CredentialUnavailable
+ */
+export declare const CredentialUnavailableErrorName = "CredentialUnavailableError";
+/**
+ * This signifies that the credential that was tried in a chained credential
+ * was not available to be used as the credential. Rather than treating this as
+ * an error that should halt the chain, it's caught and the chain continues
+ */
+export declare class CredentialUnavailableError extends Error {
+    constructor(message?: string, options?: {
+        cause?: unknown;
+    });
+}
+/**
+ * The Error.name value of an AuthenticationError
+ */
+export declare const AuthenticationErrorName = "AuthenticationError";
+/**
+ * Provides details about a failure to authenticate with Azure Active
+ * Directory.  The `errorResponse` field contains more details about
+ * the specific failure.
+ */
+export declare class AuthenticationError extends Error {
+    /**
+     * The HTTP status code returned from the authentication request.
+     */
+    readonly statusCode: number;
+    /**
+     * The error response details.
+     */
+    readonly errorResponse: ErrorResponse;
+    constructor(statusCode: number, errorBody: object | string | undefined | null, options?: {
+        cause?: unknown;
+    });
+}
+/**
+ * The Error.name value of an AggregateAuthenticationError
+ */
+export declare const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
+/**
+ * Provides an `errors` array containing {@link AuthenticationError} instance
+ * for authentication failures from credentials in a {@link ChainedTokenCredential}.
+ */
+export declare class AggregateAuthenticationError extends Error {
+    /**
+     * The array of error objects that were thrown while trying to authenticate
+     * with the credentials in a {@link ChainedTokenCredential}.
+     */
+    errors: any[];
+    constructor(errors: any[], errorMessage?: string);
+}
+/**
+ * Optional parameters to the {@link AuthenticationRequiredError}
+ */
+export interface AuthenticationRequiredErrorOptions {
+    /**
+     * The list of scopes for which the token will have access.
+     */
+    scopes: string[];
+    /**
+     * The options passed to the getToken request.
+     */
+    getTokenOptions?: GetTokenOptions;
+    /**
+     * The message of the error.
+     */
+    message?: string;
+    /**
+     * The underlying cause, if any, that caused the authentication to fail.
+     */
+    cause?: unknown;
+}
+/**
+ * Error used to enforce authentication after trying to retrieve a token silently.
+ */
+export declare class AuthenticationRequiredError extends Error {
+    /**
+     * The list of scopes for which the token will have access.
+     */
+    scopes: string[];
+    /**
+     * The options passed to the getToken request.
+     */
+    getTokenOptions?: GetTokenOptions;
+    constructor(
+    /**
+     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
+     */
+    options: AuthenticationRequiredErrorOptions);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/commonjs/errors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAUD;;GAEG;AACH,eAAO,MAAM,8BAA8B,+BAA+B,CAAC;AAE3E;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;gBACvC,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAK5D;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,wBAAwB,CAAC;AAE7D;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C;;OAEG;IACH,SAAgB,UAAU,EAAE,MAAM,CAAC;IAEnC;;OAEG;IACH,SAAgB,aAAa,EAAE,aAAa,CAAC;gBAG3C,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,IAAI,EAC7C,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CA8ChC;AAED;;GAEG;AACH,eAAO,MAAM,gCAAgC,iCAAiC,CAAC;AAE/E;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,KAAK;IACrD;;;OAGG;IACI,MAAM,EAAE,GAAG,EAAE,CAAC;gBAET,MAAM,EAAE,GAAG,EAAE,EAAE,YAAY,CAAC,EAAE,MAAM;CAQjD;AAaD;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD;;OAEG;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB;;OAEG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,KAAK;IACpD;;OAEG;IACI,MAAM,EAAE,MAAM,EAAE,CAAC;IACxB;;OAEG;IACI,eAAe,CAAC,EAAE,eAAe,CAAC;;IAGvC;;OAEG;IACH,OAAO,EAAE,kCAAkC;CAW9C"}

package/dist/commonjs/errors.js ADDED Viewed

@@ -0,0 +1,130 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthenticationRequiredError = exports.AggregateAuthenticationError = exports.AggregateAuthenticationErrorName = exports.AuthenticationError = exports.AuthenticationErrorName = exports.CredentialUnavailableError = exports.CredentialUnavailableErrorName = void 0;
+function isErrorResponse(errorResponse) {
+    return (errorResponse &&
+        typeof errorResponse.error === "string" &&
+        typeof errorResponse.error_description === "string");
+}
+/**
+ * The Error.name value of an CredentialUnavailable
+ */
+exports.CredentialUnavailableErrorName = "CredentialUnavailableError";
+/**
+ * This signifies that the credential that was tried in a chained credential
+ * was not available to be used as the credential. Rather than treating this as
+ * an error that should halt the chain, it's caught and the chain continues
+ */
+class CredentialUnavailableError extends Error {
+    constructor(message, options) {
+        // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property
+        super(message, options);
+        this.name = exports.CredentialUnavailableErrorName;
+    }
+}
+exports.CredentialUnavailableError = CredentialUnavailableError;
+/**
+ * The Error.name value of an AuthenticationError
+ */
+exports.AuthenticationErrorName = "AuthenticationError";
+/**
+ * Provides details about a failure to authenticate with Azure Active
+ * Directory.  The `errorResponse` field contains more details about
+ * the specific failure.
+ */
+class AuthenticationError extends Error {
+    constructor(statusCode, errorBody, options) {
+        let errorResponse = {
+            error: "unknown",
+            errorDescription: "An unknown error occurred and no additional details are available.",
+        };
+        if (isErrorResponse(errorBody)) {
+            errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);
+        }
+        else if (typeof errorBody === "string") {
+            try {
+                // Most error responses will contain JSON-formatted error details
+                // in the response body
+                const oauthErrorResponse = JSON.parse(errorBody);
+                errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);
+            }
+            catch (e) {
+                if (statusCode === 400) {
+                    errorResponse = {
+                        error: "invalid_request",
+                        errorDescription: `The service indicated that the request was invalid.\n\n${errorBody}`,
+                    };
+                }
+                else {
+                    errorResponse = {
+                        error: "unknown_error",
+                        errorDescription: `An unknown error has occurred. Response body:\n\n${errorBody}`,
+                    };
+                }
+            }
+        }
+        else {
+            errorResponse = {
+                error: "unknown_error",
+                errorDescription: "An unknown error occurred and no additional details are available.",
+            };
+        }
+        super(`${errorResponse.error} Status code: ${statusCode}\nMore details:\n${errorResponse.errorDescription},`,
+        // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property
+        options);
+        this.statusCode = statusCode;
+        this.errorResponse = errorResponse;
+        // Ensure that this type reports the correct name
+        this.name = exports.AuthenticationErrorName;
+    }
+}
+exports.AuthenticationError = AuthenticationError;
+/**
+ * The Error.name value of an AggregateAuthenticationError
+ */
+exports.AggregateAuthenticationErrorName = "AggregateAuthenticationError";
+/**
+ * Provides an `errors` array containing {@link AuthenticationError} instance
+ * for authentication failures from credentials in a {@link ChainedTokenCredential}.
+ */
+class AggregateAuthenticationError extends Error {
+    constructor(errors, errorMessage) {
+        const errorDetail = errors.join("\n");
+        super(`${errorMessage}\n${errorDetail}`);
+        this.errors = errors;
+        // Ensure that this type reports the correct name
+        this.name = exports.AggregateAuthenticationErrorName;
+    }
+}
+exports.AggregateAuthenticationError = AggregateAuthenticationError;
+function convertOAuthErrorResponseToErrorResponse(errorBody) {
+    return {
+        error: errorBody.error,
+        errorDescription: errorBody.error_description,
+        correlationId: errorBody.correlation_id,
+        errorCodes: errorBody.error_codes,
+        timestamp: errorBody.timestamp,
+        traceId: errorBody.trace_id,
+    };
+}
+/**
+ * Error used to enforce authentication after trying to retrieve a token silently.
+ */
+class AuthenticationRequiredError extends Error {
+    constructor(
+    /**
+     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
+     */
+    options) {
+        super(options.message,
+        // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property
+        options.cause ? { cause: options.cause } : undefined);
+        this.scopes = options.scopes;
+        this.getTokenOptions = options.getTokenOptions;
+        this.name = "AuthenticationRequiredError";
+    }
+}
+exports.AuthenticationRequiredError = AuthenticationRequiredError;
+//# sourceMappingURL=errors.js.map

package/dist/commonjs/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAyDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACU,QAAA,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAa,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB,EAAE,OAA6B;QACzD,2JAA2J;QAC3J,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,sCAA8B,CAAC;IAC7C,CAAC;CACF;AAND,gEAMC;AAED;;GAEG;AACU,QAAA,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAa,mBAAoB,SAAQ,KAAK;IAW5C,YACE,UAAkB,EAClB,SAA6C,EAC7C,OAA6B;QAE7B,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;oBACvB,aAAa,GAAG;wBACd,KAAK,EAAE,iBAAiB;wBACxB,gBAAgB,EAAE,0DAA0D,SAAS,EAAE;qBACxF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;QACJ,CAAC;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,iBAAiB,UAAU,oBAAoB,aAAa,CAAC,gBAAgB,GAAG;QACtG,2JAA2J;QAC3J,OAAO,CACR,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,+BAAuB,CAAC;IACtC,CAAC;CACF;AA5DD,kDA4DC;AAED;;GAEG;AACU,QAAA,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,wCAAgC,CAAC;IAC/C,CAAC;CACF;AAfD,oEAeC;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC;AAwBD;;GAEG;AACH,MAAa,2BAA4B,SAAQ,KAAK;IAUpD;IACE;;OAEG;IACH,OAA2C;QAE3C,KAAK,CACH,OAAO,CAAC,OAAO;QACf,2JAA2J;QAC3J,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF;AAzBD,kEAyBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * See the official documentation for more details:\n *\n * https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n /**\n * The string identifier for the error.\n */\n error: string;\n\n /**\n * The error's description.\n */\n errorDescription: string;\n\n /**\n * An array of codes pertaining to the error(s) that occurred.\n */\n errorCodes?: number[];\n\n /**\n * The timestamp at which the error occurred.\n */\n timestamp?: string;\n\n /**\n * The trace identifier for this error occurrence.\n */\n traceId?: string;\n\n /**\n * The correlation ID to be used for tracking the source of the error.\n */\n correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n constructor(message?: string, options?: { cause?: unknown }) {\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n super(message, options);\n this.name = CredentialUnavailableErrorName;\n }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n /**\n * The HTTP status code returned from the authentication request.\n */\n public readonly statusCode: number;\n\n /**\n * The error response details.\n */\n public readonly errorResponse: ErrorResponse;\n\n constructor(\n statusCode: number,\n errorBody: object | string | undefined | null,\n options?: { cause?: unknown },\n ) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e: any) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"invalid_request\",\n errorDescription: `The service indicated that the request was invalid.\\n\\n${errorBody}`,\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`,\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\",\n };\n }\n\n super(\n `${errorResponse.error} Status code: ${statusCode}\\nMore details:\\n${errorResponse.errorDescription},`,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options,\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n /**\n * The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n */\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id,\n };\n}\n\n/**\n * Optional parameters to the {@link AuthenticationRequiredError}\n */\nexport interface AuthenticationRequiredErrorOptions {\n /**\n * The list of scopes for which the token will have access.\n */\n scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n getTokenOptions?: GetTokenOptions;\n /**\n * The message of the error.\n */\n message?: string;\n /**\n * The underlying cause, if any, that caused the authentication to fail.\n */\n cause?: unknown;\n}\n\n/**\n * Error used to enforce authentication after trying to retrieve a token silently.\n */\nexport class AuthenticationRequiredError extends Error {\n /**\n * The list of scopes for which the token will have access.\n */\n public scopes: string[];\n /**\n * The options passed to the getToken request.\n */\n public getTokenOptions?: GetTokenOptions;\n\n constructor(\n /**\n * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.\n */\n options: AuthenticationRequiredErrorOptions,\n ) {\n super(\n options.message,\n // @ts-expect-error - TypeScript does not recognize this until we use ES2022 as the target; however, all our major runtimes do support the `cause` property\n options.cause ? { cause: options.cause } : undefined,\n );\n this.scopes = options.scopes;\n this.getTokenOptions = options.getTokenOptions;\n this.name = \"AuthenticationRequiredError\";\n }\n}\n"]}

package/dist/commonjs/index.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+export * from "./plugins/consumer.js";
+export { IdentityPlugin } from "./plugins/provider.js";
+import type { TokenCredential } from "@azure/core-auth";
+export { AuthenticationError, ErrorResponse, AggregateAuthenticationError, AuthenticationErrorName, AggregateAuthenticationErrorName, CredentialUnavailableError, CredentialUnavailableErrorName, AuthenticationRequiredError, AuthenticationRequiredErrorOptions, } from "./errors.js";
+export { AuthenticationRecord } from "./msal/types.js";
+export { serializeAuthenticationRecord, deserializeAuthenticationRecord } from "./msal/utils.js";
+export { TokenCredentialOptions } from "./tokenCredentialOptions.js";
+export { MultiTenantTokenCredentialOptions } from "./credentials/multiTenantTokenCredentialOptions.js";
+export { AuthorityValidationOptions } from "./credentials/authorityValidationOptions.js";
+export { BrokerAuthOptions } from "./credentials/brokerAuthOptions.js";
+export { BrokerOptions, BrokerEnabledOptions, BrokerDisabledOptions, } from "./msal/nodeFlows/brokerOptions.js";
+export { InteractiveCredentialOptions } from "./credentials/interactiveCredentialOptions.js";
+export { ChainedTokenCredential } from "./credentials/chainedTokenCredential.js";
+export { ClientSecretCredential } from "./credentials/clientSecretCredential.js";
+export { ClientSecretCredentialOptions } from "./credentials/clientSecretCredentialOptions.js";
+export { DefaultAzureCredential } from "./credentials/defaultAzureCredential.js";
+export { DefaultAzureCredentialOptions, DefaultAzureCredentialClientIdOptions, DefaultAzureCredentialResourceIdOptions, } from "./credentials/defaultAzureCredentialOptions.js";
+export { EnvironmentCredential } from "./credentials/environmentCredential.js";
+export { EnvironmentCredentialOptions } from "./credentials/environmentCredentialOptions.js";
+export { ClientCertificateCredential, ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificatePath, ClientCertificatePEMCertificate, } from "./credentials/clientCertificateCredential.js";
+export { ClientCertificateCredentialOptions } from "./credentials/clientCertificateCredentialOptions.js";
+export { ClientAssertionCredential } from "./credentials/clientAssertionCredential.js";
+export { ClientAssertionCredentialOptions } from "./credentials/clientAssertionCredentialOptions.js";
+export { CredentialPersistenceOptions } from "./credentials/credentialPersistenceOptions.js";
+export { AzureCliCredential } from "./credentials/azureCliCredential.js";
+export { AzureCliCredentialOptions } from "./credentials/azureCliCredentialOptions.js";
+export { AzureDeveloperCliCredential } from "./credentials/azureDeveloperCliCredential.js";
+export { AzureDeveloperCliCredentialOptions } from "./credentials/azureDeveloperCliCredentialOptions.js";
+export { InteractiveBrowserCredential } from "./credentials/interactiveBrowserCredential.js";
+export { InteractiveBrowserCredentialNodeOptions, InteractiveBrowserCredentialInBrowserOptions, BrowserLoginStyle, } from "./credentials/interactiveBrowserCredentialOptions.js";
+export { ManagedIdentityCredential, ManagedIdentityCredentialClientIdOptions, ManagedIdentityCredentialResourceIdOptions, ManagedIdentityCredentialObjectIdOptions, } from "./credentials/managedIdentityCredential/index.js";
+export { DeviceCodeCredential } from "./credentials/deviceCodeCredential.js";
+export { DeviceCodePromptCallback, DeviceCodeInfo, } from "./credentials/deviceCodeCredentialOptions.js";
+export { DeviceCodeCredentialOptions } from "./credentials/deviceCodeCredentialOptions.js";
+export { AzurePipelinesCredential as AzurePipelinesCredential } from "./credentials/azurePipelinesCredential.js";
+export { AzurePipelinesCredentialOptions as AzurePipelinesCredentialOptions } from "./credentials/azurePipelinesCredentialOptions.js";
+export { AuthorizationCodeCredential } from "./credentials/authorizationCodeCredential.js";
+export { AuthorizationCodeCredentialOptions } from "./credentials/authorizationCodeCredentialOptions.js";
+export { AzurePowerShellCredential } from "./credentials/azurePowerShellCredential.js";
+export { AzurePowerShellCredentialOptions } from "./credentials/azurePowerShellCredentialOptions.js";
+export { OnBehalfOfCredentialOptions, OnBehalfOfCredentialSecretOptions, OnBehalfOfCredentialCertificateOptions, OnBehalfOfCredentialAssertionOptions, } from "./credentials/onBehalfOfCredentialOptions.js";
+export { UsernamePasswordCredential } from "./credentials/usernamePasswordCredential.js";
+export { UsernamePasswordCredentialOptions } from "./credentials/usernamePasswordCredentialOptions.js";
+export { VisualStudioCodeCredential } from "./credentials/visualStudioCodeCredential.js";
+export { VisualStudioCodeCredentialOptions } from "./credentials/visualStudioCodeCredentialOptions.js";
+export { OnBehalfOfCredential } from "./credentials/onBehalfOfCredential.js";
+export { WorkloadIdentityCredential } from "./credentials/workloadIdentityCredential.js";
+export { WorkloadIdentityCredentialOptions } from "./credentials/workloadIdentityCredentialOptions.js";
+export { BrowserCustomizationOptions } from "./credentials/browserCustomizationOptions.js";
+export { TokenCachePersistenceOptions } from "./msal/nodeFlows/tokenCachePersistenceOptions.js";
+export { TokenCredential, GetTokenOptions, AccessToken } from "@azure/core-auth";
+export { logger } from "./util/logging.js";
+export { AzureAuthorityHosts } from "./constants.js";
+/**
+ * Returns a new instance of the {@link DefaultAzureCredential}.
+ */
+export declare function getDefaultAzureCredential(): TokenCredential;
+export { getBearerTokenProvider, GetBearerTokenProviderOptions } from "./tokenProvider.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/commonjs/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAEtC,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,4BAA4B,EAC5B,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,EAC3B,kCAAkC,GACnC,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,6BAA6B,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AACvG,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAIzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAE7F,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,6BAA6B,EAAE,MAAM,gDAAgD,CAAC;AAE/F,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EACL,6BAA6B,EAC7B,qCAAqC,EACrC,uCAAuC,GACxC,MAAM,gDAAgD,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAE7F,OAAO,EACL,2BAA2B,EAC3B,2CAA2C,EAC3C,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AACzG,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AACrG,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,OAAO,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AACzG,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,OAAO,EACL,uCAAuC,EACvC,4CAA4C,EAC5C,iBAAiB,GAClB,MAAM,sDAAsD,CAAC;AAC9D,OAAO,EACL,yBAAyB,EACzB,wCAAwC,EACxC,0CAA0C,EAC1C,wCAAwC,GACzC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EACL,wBAAwB,EACxB,cAAc,GACf,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,OAAO,EAAE,wBAAwB,IAAI,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACjH,OAAO,EAAE,+BAA+B,IAAI,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AACtI,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,OAAO,EAAE,kCAAkC,EAAE,MAAM,qDAAqD,CAAC;AACzG,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,gCAAgC,EAAE,MAAM,mDAAmD,CAAC;AACrG,OAAO,EACL,2BAA2B,EAC3B,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,GACrC,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,OAAO,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AACvG,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,OAAO,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AACvG,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AACzF,OAAO,EAAE,iCAAiC,EAAE,MAAM,oDAAoD,CAAC;AACvG,OAAO,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAC3F,OAAO,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAEhG,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,eAAe,CAE3D;AAED,OAAO,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/commonjs/index.js ADDED Viewed

@@ -0,0 +1,69 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getBearerTokenProvider = exports.AzureAuthorityHosts = exports.logger = exports.WorkloadIdentityCredential = exports.OnBehalfOfCredential = exports.VisualStudioCodeCredential = exports.UsernamePasswordCredential = exports.AzurePowerShellCredential = exports.AuthorizationCodeCredential = exports.AzurePipelinesCredential = exports.DeviceCodeCredential = exports.ManagedIdentityCredential = exports.InteractiveBrowserCredential = exports.AzureDeveloperCliCredential = exports.AzureCliCredential = exports.ClientAssertionCredential = exports.ClientCertificateCredential = exports.EnvironmentCredential = exports.DefaultAzureCredential = exports.ClientSecretCredential = exports.ChainedTokenCredential = exports.deserializeAuthenticationRecord = exports.serializeAuthenticationRecord = exports.AuthenticationRequiredError = exports.CredentialUnavailableErrorName = exports.CredentialUnavailableError = exports.AggregateAuthenticationErrorName = exports.AuthenticationErrorName = exports.AggregateAuthenticationError = exports.AuthenticationError = void 0;
+exports.getDefaultAzureCredential = getDefaultAzureCredential;
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./plugins/consumer.js"), exports);
+const defaultAzureCredential_js_1 = require("./credentials/defaultAzureCredential.js");
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return errors_js_1.AuthenticationError; } });
+Object.defineProperty(exports, "AggregateAuthenticationError", { enumerable: true, get: function () { return errors_js_1.AggregateAuthenticationError; } });
+Object.defineProperty(exports, "AuthenticationErrorName", { enumerable: true, get: function () { return errors_js_1.AuthenticationErrorName; } });
+Object.defineProperty(exports, "AggregateAuthenticationErrorName", { enumerable: true, get: function () { return errors_js_1.AggregateAuthenticationErrorName; } });
+Object.defineProperty(exports, "CredentialUnavailableError", { enumerable: true, get: function () { return errors_js_1.CredentialUnavailableError; } });
+Object.defineProperty(exports, "CredentialUnavailableErrorName", { enumerable: true, get: function () { return errors_js_1.CredentialUnavailableErrorName; } });
+Object.defineProperty(exports, "AuthenticationRequiredError", { enumerable: true, get: function () { return errors_js_1.AuthenticationRequiredError; } });
+var utils_js_1 = require("./msal/utils.js");
+Object.defineProperty(exports, "serializeAuthenticationRecord", { enumerable: true, get: function () { return utils_js_1.serializeAuthenticationRecord; } });
+Object.defineProperty(exports, "deserializeAuthenticationRecord", { enumerable: true, get: function () { return utils_js_1.deserializeAuthenticationRecord; } });
+var chainedTokenCredential_js_1 = require("./credentials/chainedTokenCredential.js");
+Object.defineProperty(exports, "ChainedTokenCredential", { enumerable: true, get: function () { return chainedTokenCredential_js_1.ChainedTokenCredential; } });
+var clientSecretCredential_js_1 = require("./credentials/clientSecretCredential.js");
+Object.defineProperty(exports, "ClientSecretCredential", { enumerable: true, get: function () { return clientSecretCredential_js_1.ClientSecretCredential; } });
+var defaultAzureCredential_js_2 = require("./credentials/defaultAzureCredential.js");
+Object.defineProperty(exports, "DefaultAzureCredential", { enumerable: true, get: function () { return defaultAzureCredential_js_2.DefaultAzureCredential; } });
+var environmentCredential_js_1 = require("./credentials/environmentCredential.js");
+Object.defineProperty(exports, "EnvironmentCredential", { enumerable: true, get: function () { return environmentCredential_js_1.EnvironmentCredential; } });
+var clientCertificateCredential_js_1 = require("./credentials/clientCertificateCredential.js");
+Object.defineProperty(exports, "ClientCertificateCredential", { enumerable: true, get: function () { return clientCertificateCredential_js_1.ClientCertificateCredential; } });
+var clientAssertionCredential_js_1 = require("./credentials/clientAssertionCredential.js");
+Object.defineProperty(exports, "ClientAssertionCredential", { enumerable: true, get: function () { return clientAssertionCredential_js_1.ClientAssertionCredential; } });
+var azureCliCredential_js_1 = require("./credentials/azureCliCredential.js");
+Object.defineProperty(exports, "AzureCliCredential", { enumerable: true, get: function () { return azureCliCredential_js_1.AzureCliCredential; } });
+var azureDeveloperCliCredential_js_1 = require("./credentials/azureDeveloperCliCredential.js");
+Object.defineProperty(exports, "AzureDeveloperCliCredential", { enumerable: true, get: function () { return azureDeveloperCliCredential_js_1.AzureDeveloperCliCredential; } });
+var interactiveBrowserCredential_js_1 = require("./credentials/interactiveBrowserCredential.js");
+Object.defineProperty(exports, "InteractiveBrowserCredential", { enumerable: true, get: function () { return interactiveBrowserCredential_js_1.InteractiveBrowserCredential; } });
+var index_js_1 = require("./credentials/managedIdentityCredential/index.js");
+Object.defineProperty(exports, "ManagedIdentityCredential", { enumerable: true, get: function () { return index_js_1.ManagedIdentityCredential; } });
+var deviceCodeCredential_js_1 = require("./credentials/deviceCodeCredential.js");
+Object.defineProperty(exports, "DeviceCodeCredential", { enumerable: true, get: function () { return deviceCodeCredential_js_1.DeviceCodeCredential; } });
+var azurePipelinesCredential_js_1 = require("./credentials/azurePipelinesCredential.js");
+Object.defineProperty(exports, "AzurePipelinesCredential", { enumerable: true, get: function () { return azurePipelinesCredential_js_1.AzurePipelinesCredential; } });
+var authorizationCodeCredential_js_1 = require("./credentials/authorizationCodeCredential.js");
+Object.defineProperty(exports, "AuthorizationCodeCredential", { enumerable: true, get: function () { return authorizationCodeCredential_js_1.AuthorizationCodeCredential; } });
+var azurePowerShellCredential_js_1 = require("./credentials/azurePowerShellCredential.js");
+Object.defineProperty(exports, "AzurePowerShellCredential", { enumerable: true, get: function () { return azurePowerShellCredential_js_1.AzurePowerShellCredential; } });
+var usernamePasswordCredential_js_1 = require("./credentials/usernamePasswordCredential.js");
+Object.defineProperty(exports, "UsernamePasswordCredential", { enumerable: true, get: function () { return usernamePasswordCredential_js_1.UsernamePasswordCredential; } });
+var visualStudioCodeCredential_js_1 = require("./credentials/visualStudioCodeCredential.js");
+Object.defineProperty(exports, "VisualStudioCodeCredential", { enumerable: true, get: function () { return visualStudioCodeCredential_js_1.VisualStudioCodeCredential; } });
+var onBehalfOfCredential_js_1 = require("./credentials/onBehalfOfCredential.js");
+Object.defineProperty(exports, "OnBehalfOfCredential", { enumerable: true, get: function () { return onBehalfOfCredential_js_1.OnBehalfOfCredential; } });
+var workloadIdentityCredential_js_1 = require("./credentials/workloadIdentityCredential.js");
+Object.defineProperty(exports, "WorkloadIdentityCredential", { enumerable: true, get: function () { return workloadIdentityCredential_js_1.WorkloadIdentityCredential; } });
+var logging_js_1 = require("./util/logging.js");
+Object.defineProperty(exports, "logger", { enumerable: true, get: function () { return logging_js_1.logger; } });
+var constants_js_1 = require("./constants.js");
+Object.defineProperty(exports, "AzureAuthorityHosts", { enumerable: true, get: function () { return constants_js_1.AzureAuthorityHosts; } });
+/**
+ * Returns a new instance of the {@link DefaultAzureCredential}.
+ */
+function getDefaultAzureCredential() {
+    return new defaultAzureCredential_js_1.DefaultAzureCredential();
+}
+var tokenProvider_js_1 = require("./tokenProvider.js");
+Object.defineProperty(exports, "getBearerTokenProvider", { enumerable: true, get: function () { return tokenProvider_js_1.getBearerTokenProvider; } });
+//# sourceMappingURL=index.js.map