npm - @azure/identity - Versions diffs - 4.5.1-alpha.20250115.7 → 4.6.0 - Mend

@azure/identity 4.5.1-alpha.20250115.7 → 4.6.0

Files changed (1054) hide show

package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts DELETED Viewed

@@ -1,71 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { AzureDeveloperCliCredentialOptions } from "./azureDeveloperCliCredentialOptions.js";
-/**
- * Mockable reference to the Developer CLI credential cliCredentialFunctions
- * @internal
- */
-export declare const developerCliCredentialInternals: {
-    /**
-     * @internal
-     */
-    getSafeWorkingDir(): string;
-    /**
-     * Gets the access token from Azure Developer CLI
-     * @param scopes - The scopes to use when getting the token
-     * @internal
-     */
-    getAzdAccessToken(scopes: string[], tenantId?: string, timeout?: number): Promise<{
-        stdout: string;
-        stderr: string;
-        error: Error | null;
-    }>;
-};
-/**
- * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
- * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
- * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/entra/fundamentals/">Microsoft Entra ID</a>. The
- * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
- * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
- * service principal and executes an Azure CLI command underneath to authenticate the application against
- * Microsoft Entra ID.
- *
- * <h2> Configure AzureDeveloperCliCredential </h2>
- *
- * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
- * commands below:
- *
- * <ol>
- *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
- *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
- *     --tenant-id tenantID" to authenticate as a service principal.</li>
- * </ol>
- *
- * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
- * organization. Generally, the refresh token validity period is a few weeks to a few months.
- * AzureDeveloperCliCredential will prompt you to sign in again.
- */
-export declare class AzureDeveloperCliCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private timeout?;
-    /**
-     * Creates an instance of the {@link AzureDeveloperCliCredential}.
-     *
-     * To use this credential, ensure that you have already logged
-     * in via the 'azd' tool using the command "azd auth login" from the commandline.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options?: AzureDeveloperCliCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-//# sourceMappingURL=azureDeveloperCliCredential.d.ts.map

package/dist/commonjs/credentials/azureDeveloperCliCredential.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azureDeveloperCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAWlG;;;GAGG;AACH,eAAO,MAAM,+BAA+B;IAC1C;;OAEG;yBACkB,MAAM;IAa3B;;;;OAIG;8BAEO,MAAM,EAAE,aACL,MAAM,YACP,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAiCpE,CAAC;AAIF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IAEzB;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,kCAAkC;IAWxD;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;CA4ExB"}

package/dist/commonjs/credentials/azureDeveloperCliCredential.js DELETED Viewed

@@ -1,176 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AzureDeveloperCliCredential = exports.developerCliCredentialInternals = void 0;
-const tslib_1 = require("tslib");
-const logging_js_1 = require("../util/logging.js");
-const errors_js_1 = require("../errors.js");
-const child_process_1 = tslib_1.__importDefault(require("child_process"));
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const tracing_js_1 = require("../util/tracing.js");
-const scopeUtils_js_1 = require("../util/scopeUtils.js");
-/**
- * Mockable reference to the Developer CLI credential cliCredentialFunctions
- * @internal
- */
-exports.developerCliCredentialInternals = {
-    /**
-     * @internal
-     */
-    getSafeWorkingDir() {
-        if (process.platform === "win32") {
-            if (!process.env["SYSTEMROOT"]) {
-                throw new Error("Azure Developer CLI credential expects a 'SYSTEMROOT' environment variable");
-            }
-            return process.env["SYSTEMROOT"];
-        }
-        else {
-            return "/bin";
-        }
-    },
-    /**
-     * Gets the access token from Azure Developer CLI
-     * @param scopes - The scopes to use when getting the token
-     * @internal
-     */
-    async getAzdAccessToken(scopes, tenantId, timeout) {
-        let tenantSection = [];
-        if (tenantId) {
-            tenantSection = ["--tenant-id", tenantId];
-        }
-        return new Promise((resolve, reject) => {
-            try {
-                child_process_1.default.execFile("azd", [
-                    "auth",
-                    "token",
-                    "--output",
-                    "json",
-                    ...scopes.reduce((previous, current) => previous.concat("--scope", current), []),
-                    ...tenantSection,
-                ], {
-                    cwd: exports.developerCliCredentialInternals.getSafeWorkingDir(),
-                    timeout,
-                }, (error, stdout, stderr) => {
-                    resolve({ stdout, stderr, error });
-                });
-            }
-            catch (err) {
-                reject(err);
-            }
-        });
-    },
-};
-const logger = (0, logging_js_1.credentialLogger)("AzureDeveloperCliCredential");
-/**
- * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
- * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
- * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/entra/fundamentals/">Microsoft Entra ID</a>. The
- * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
- * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
- * service principal and executes an Azure CLI command underneath to authenticate the application against
- * Microsoft Entra ID.
- *
- * <h2> Configure AzureDeveloperCliCredential </h2>
- *
- * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
- * commands below:
- *
- * <ol>
- *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
- *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
- *     --tenant-id tenantID" to authenticate as a service principal.</li>
- * </ol>
- *
- * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
- * organization. Generally, the refresh token validity period is a few weeks to a few months.
- * AzureDeveloperCliCredential will prompt you to sign in again.
- */
-class AzureDeveloperCliCredential {
-    /**
-     * Creates an instance of the {@link AzureDeveloperCliCredential}.
-     *
-     * To use this credential, ensure that you have already logged
-     * in via the 'azd' tool using the command "azd auth login" from the commandline.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options) {
-        if (options === null || options === void 0 ? void 0 : options.tenantId) {
-            (0, tenantIdUtils_js_1.checkTenantId)(logger, options === null || options === void 0 ? void 0 : options.tenantId);
-            this.tenantId = options === null || options === void 0 ? void 0 : options.tenantId;
-        }
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.timeout = options === null || options === void 0 ? void 0 : options.processTimeoutInMs;
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options = {}) {
-        const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, options, this.additionallyAllowedTenantIds);
-        if (tenantId) {
-            (0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
-        }
-        let scopeList;
-        if (typeof scopes === "string") {
-            scopeList = [scopes];
-        }
-        else {
-            scopeList = scopes;
-        }
-        logger.getToken.info(`Using the scopes ${scopes}`);
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {
-            var _a, _b, _c, _d;
-            try {
-                scopeList.forEach((scope) => {
-                    (0, scopeUtils_js_1.ensureValidScopeForDevTimeCreds)(scope, logger);
-                });
-                const obj = await exports.developerCliCredentialInternals.getAzdAccessToken(scopeList, tenantId, this.timeout);
-                const isNotLoggedInError = ((_a = obj.stderr) === null || _a === void 0 ? void 0 : _a.match("not logged in, run `azd login` to login")) ||
-                    ((_b = obj.stderr) === null || _b === void 0 ? void 0 : _b.match("not logged in, run `azd auth login` to login"));
-                const isNotInstallError = ((_c = obj.stderr) === null || _c === void 0 ? void 0 : _c.match("azd:(.*)not found")) ||
-                    ((_d = obj.stderr) === null || _d === void 0 ? void 0 : _d.startsWith("'azd' is not recognized"));
-                if (isNotInstallError || (obj.error && obj.error.code === "ENOENT")) {
-                    const error = new errors_js_1.CredentialUnavailableError("Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
-                    logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
-                    throw error;
-                }
-                if (isNotLoggedInError) {
-                    const error = new errors_js_1.CredentialUnavailableError("Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.");
-                    logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
-                    throw error;
-                }
-                try {
-                    const resp = JSON.parse(obj.stdout);
-                    logger.getToken.info((0, logging_js_1.formatSuccess)(scopes));
-                    return {
-                        token: resp.token,
-                        expiresOnTimestamp: new Date(resp.expiresOn).getTime(),
-                        tokenType: "Bearer",
-                    };
-                }
-                catch (e) {
-                    if (obj.stderr) {
-                        throw new errors_js_1.CredentialUnavailableError(obj.stderr);
-                    }
-                    throw e;
-                }
-            }
-            catch (err) {
-                const error = err.name === "CredentialUnavailableError"
-                    ? err
-                    : new errors_js_1.CredentialUnavailableError(err.message || "Unknown error while trying to retrieve the access token");
-                logger.getToken.info((0, logging_js_1.formatError)(scopes, error));
-                throw error;
-            }
-        });
-    }
-}
-exports.AzureDeveloperCliCredential = AzureDeveloperCliCredential;
-//# sourceMappingURL=azureDeveloperCliCredential.js.map

package/dist/commonjs/credentials/azureDeveloperCliCredential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azureDeveloperCliCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAGlC,mDAAkF;AAElF,4CAA0D;AAC1D,0EAA0C;AAC1C,+DAIkC;AAClC,mDAAmD;AACnD,yDAAwE;AAExE;;;GAGG;AACU,QAAA,+BAA+B,GAAG;IAC7C;;OAEG;IACH,iBAAiB;QACf,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;YACJ,CAAC;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAgB,EAChB,QAAiB,EACjB,OAAgB;QAEhB,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,aAAa,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,uBAAa,CAAC,QAAQ,CACpB,KAAK,EACL;oBACE,MAAM;oBACN,OAAO;oBACP,UAAU;oBACV,MAAM;oBACN,GAAG,MAAM,CAAC,MAAM,CACd,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAC1D,EAAE,CACH;oBACD,GAAG,aAAa;iBACjB,EACD;oBACE,GAAG,EAAE,uCAA+B,CAAC,iBAAiB,EAAE;oBACxD,OAAO;iBACR,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;oBACxB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrC,CAAC,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,2BAA2B;IAKtC;;;;;;;OAOG;IACH,YAAY,OAA4C;QACtD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,CAAC;YACtB,IAAA,gCAAa,EAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,UAA2B,EAAE;QAE7B,MAAM,QAAQ,GAAG,IAAA,4CAAyB,EACxC,IAAI,CAAC,QAAQ,EACb,OAAO,EACP,IAAI,CAAC,4BAA4B,CAClC,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,SAAmB,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;QAEnD,OAAO,0BAAa,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;;YACrF,IAAI,CAAC;gBACH,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC1B,IAAA,+CAA+B,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,uCAA+B,CAAC,iBAAiB,CACjE,SAAS,EACT,QAAQ,EACR,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,MAAM,kBAAkB,GACtB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,yCAAyC,CAAC;qBAC5D,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,8CAA8C,CAAC,CAAA,CAAC;gBACpE,MAAM,iBAAiB,GACrB,CAAA,MAAA,GAAG,CAAC,MAAM,0CAAE,KAAK,CAAC,mBAAmB,CAAC;qBACtC,MAAA,GAAG,CAAC,MAAM,0CAAE,UAAU,CAAC,yBAAyB,CAAC,CAAA,CAAC;gBAEpD,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,KAAK,IAAK,GAAG,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;oBAC7E,MAAM,KAAK,GAAG,IAAI,sCAA0B,CAC1C,wKAAwK,CACzK,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,sCAA0B,CAC1C,+NAA+N,CAChO,CAAC;oBACF,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAyC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,kBAAkB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;wBACtD,SAAS,EAAE,QAAQ;qBACL,CAAC;gBACnB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,MAAM,IAAI,sCAA0B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC;oBACD,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,KAAK,GACT,GAAG,CAAC,IAAI,KAAK,4BAA4B;oBACvC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,IAAI,sCAA0B,CAC3B,GAAa,CAAC,OAAO,IAAI,yDAAyD,CACpF,CAAC;gBACR,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,wBAAW,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA/GD,kEA+GC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging.js\";\nimport type { AzureDeveloperCliCredentialOptions } from \"./azureDeveloperCliCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport child_process from \"child_process\";\nimport {\n checkTenantId,\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport { ensureValidScopeForDevTimeCreds } from \"../util/scopeUtils.js\";\n\n/**\n * Mockable reference to the Developer CLI credential cliCredentialFunctions\n * @internal\n */\nexport const developerCliCredentialInternals = {\n /**\n * @internal\n */\n getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env[\"SYSTEMROOT\"]) {\n throw new Error(\n \"Azure Developer CLI credential expects a 'SYSTEMROOT' environment variable\",\n );\n }\n return process.env[\"SYSTEMROOT\"];\n } else {\n return \"/bin\";\n }\n },\n\n /**\n * Gets the access token from Azure Developer CLI\n * @param scopes - The scopes to use when getting the token\n * @internal\n */\n async getAzdAccessToken(\n scopes: string[],\n tenantId?: string,\n timeout?: number,\n ): Promise<{ stdout: string; stderr: string; error: Error | null }> {\n let tenantSection: string[] = [];\n if (tenantId) {\n tenantSection = [\"--tenant-id\", tenantId];\n }\n return new Promise((resolve, reject) => {\n try {\n child_process.execFile(\n \"azd\",\n [\n \"auth\",\n \"token\",\n \"--output\",\n \"json\",\n ...scopes.reduce<string[]>(\n (previous, current) => previous.concat(\"--scope\", current),\n [],\n ),\n ...tenantSection,\n ],\n {\n cwd: developerCliCredentialInternals.getSafeWorkingDir(),\n timeout,\n },\n (error, stdout, stderr) => {\n resolve({ stdout, stderr, error });\n },\n );\n } catch (err: any) {\n reject(err);\n }\n });\n },\n};\n\nconst logger = credentialLogger(\"AzureDeveloperCliCredential\");\n\n/**\n * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy\n * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific\n * to Azure developers. It allows users to authenticate as a user and/or a service principal against\n * <a href=\"https://learn.microsoft.com/entra/fundamentals/\">Microsoft Entra ID</a>. The\n * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of\n * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or\n * service principal and executes an Azure CLI command underneath to authenticate the application against\n * Microsoft Entra ID.\n *\n * <h2> Configure AzureDeveloperCliCredential </h2>\n *\n * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the\n * commands below:\n *\n * <ol>\n * <li>Run \"azd auth login\" in Azure Developer CLI to authenticate interactively as a user.</li>\n * <li>Run \"azd auth login --client-id clientID --client-secret clientSecret\n * --tenant-id tenantID\" to authenticate as a service principal.</li>\n * </ol>\n *\n * You may need to repeat this process after a certain time period, depending on the refresh token validity in your\n * organization. Generally, the refresh token validity period is a few weeks to a few months.\n * AzureDeveloperCliCredential will prompt you to sign in again.\n */\nexport class AzureDeveloperCliCredential implements TokenCredential {\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private timeout?: number;\n\n /**\n * Creates an instance of the {@link AzureDeveloperCliCredential}.\n *\n * To use this credential, ensure that you have already logged\n * in via the 'azd' tool using the command \"azd auth login\" from the commandline.\n *\n * @param options - Options, to optionally allow multi-tenant requests.\n */\n constructor(options?: AzureDeveloperCliCredentialOptions) {\n if (options?.tenantId) {\n checkTenantId(logger, options?.tenantId);\n this.tenantId = options?.tenantId;\n }\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n this.timeout = options?.processTimeoutInMs;\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options: GetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n options,\n this.additionallyAllowedTenantIds,\n );\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n let scopeList: string[];\n if (typeof scopes === \"string\") {\n scopeList = [scopes];\n } else {\n scopeList = scopes;\n }\n logger.getToken.info(`Using the scopes ${scopes}`);\n\n return tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async () => {\n try {\n scopeList.forEach((scope) => {\n ensureValidScopeForDevTimeCreds(scope, logger);\n });\n const obj = await developerCliCredentialInternals.getAzdAccessToken(\n scopeList,\n tenantId,\n this.timeout,\n );\n const isNotLoggedInError =\n obj.stderr?.match(\"not logged in, run `azd login` to login\") ||\n obj.stderr?.match(\"not logged in, run `azd auth login` to login\");\n const isNotInstallError =\n obj.stderr?.match(\"azd:(.*)not found\") ||\n obj.stderr?.startsWith(\"'azd' is not recognized\");\n\n if (isNotInstallError || (obj.error && (obj.error as any).code === \"ENOENT\")) {\n const error = new CredentialUnavailableError(\n \"Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (isNotLoggedInError) {\n const error = new CredentialUnavailableError(\n \"Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n try {\n const resp: { token: string; expiresOn: string } = JSON.parse(obj.stdout);\n logger.getToken.info(formatSuccess(scopes));\n return {\n token: resp.token,\n expiresOnTimestamp: new Date(resp.expiresOn).getTime(),\n tokenType: \"Bearer\",\n } as AccessToken;\n } catch (e: any) {\n if (obj.stderr) {\n throw new CredentialUnavailableError(obj.stderr);\n }\n throw e;\n }\n } catch (err: any) {\n const error =\n err.name === \"CredentialUnavailableError\"\n ? err\n : new CredentialUnavailableError(\n (err as Error).message || \"Unknown error while trying to retrieve the access token\",\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n });\n }\n}\n"]}

package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts DELETED Viewed

@@ -1,15 +0,0 @@
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
-/**
- * Options for the {@link AzureDeveloperCliCredential}
- */
-export interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
-    /**
-     * Allows specifying a tenant ID
-     */
-    tenantId?: string;
-    /**
-     * Process timeout configurable for making token requests, provided in milliseconds
-     */
-    processTimeoutInMs?: number;
-}
-//# sourceMappingURL=azureDeveloperCliCredentialOptions.d.ts.map

package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"azureDeveloperCliCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCAAmC,SAAQ,iCAAiC;IAC3F;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}

package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js DELETED Viewed

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=azureDeveloperCliCredentialOptions.js.map

package/dist/commonjs/credentials/azureDeveloperCliCredentialOptions.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azureDeveloperCliCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureDeveloperCliCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AzureDeveloperCliCredential}\n */\nexport interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {\n /**\n * Allows specifying a tenant ID\n */\n tenantId?: string;\n /**\n * Process timeout configurable for making token requests, provided in milliseconds\n */\n processTimeoutInMs?: number;\n}\n"]}

package/dist/commonjs/credentials/azurePipelinesCredential.d.ts DELETED Viewed

@@ -1,38 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { AzurePipelinesCredentialOptions } from "./azurePipelinesCredentialOptions.js";
-import type { PipelineResponse } from "@azure/core-rest-pipeline";
-/**
- * This credential is designed to be used in Azure Pipelines with service connections
- * as a setup for workload identity federation.
- */
-export declare class AzurePipelinesCredential implements TokenCredential {
-    private clientAssertionCredential;
-    private identityClient;
-    /**
-     * AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.
-     * @param tenantId - tenantId associated with the service connection
-     * @param clientId - clientId associated with the service connection
-     * @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key
-     * @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
-     * @param options - The identity client options to use for authentication.
-     */
-    constructor(tenantId: string, clientId: string, serviceConnectionId: string, systemAccessToken: string, options?: AzurePipelinesCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    /**
-     *
-     * @param oidcRequestUrl - oidc request url
-     * @param systemAccessToken - system access token
-     * @returns OIDC token from Azure Pipelines
-     */
-    private requestOidcToken;
-}
-export declare function handleOidcResponse(response: PipelineResponse): string;
-//# sourceMappingURL=azurePipelinesCredential.d.ts.map

package/dist/commonjs/credentials/azurePipelinesCredential.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azurePipelinesCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAItF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AAG5F,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAQlE;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D,OAAO,CAAC,yBAAyB,CAAwC;IACzE,OAAO,CAAC,cAAc,CAAiB;IAEvC;;;;;;;OAOG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,mBAAmB,EAAE,MAAM,EAC3B,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,+BAAoC;IAwD/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC;IAgBvB;;;;;OAKG;YACW,gBAAgB;CAmB/B;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CA6CrE"}

package/dist/commonjs/credentials/azurePipelinesCredential.js DELETED Viewed

@@ -1,146 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AzurePipelinesCredential = void 0;
-exports.handleOidcResponse = handleOidcResponse;
-const errors_js_1 = require("../errors.js");
-const core_rest_pipeline_1 = require("@azure/core-rest-pipeline");
-const clientAssertionCredential_js_1 = require("./clientAssertionCredential.js");
-const identityClient_js_1 = require("../client/identityClient.js");
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const logging_js_1 = require("../util/logging.js");
-const credentialName = "AzurePipelinesCredential";
-const logger = (0, logging_js_1.credentialLogger)(credentialName);
-const OIDC_API_VERSION = "7.1";
-/**
- * This credential is designed to be used in Azure Pipelines with service connections
- * as a setup for workload identity federation.
- */
-class AzurePipelinesCredential {
-    /**
-     * AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.
-     * @param tenantId - tenantId associated with the service connection
-     * @param clientId - clientId associated with the service connection
-     * @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key
-     * @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
-     * @param options - The identity client options to use for authentication.
-     */
-    constructor(tenantId, clientId, serviceConnectionId, systemAccessToken, options = {}) {
-        var _a, _b;
-        if (!clientId) {
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. clientId is a required parameter.`);
-        }
-        if (!tenantId) {
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. tenantId is a required parameter.`);
-        }
-        if (!serviceConnectionId) {
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. serviceConnectionId is a required parameter.`);
-        }
-        if (!systemAccessToken) {
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. systemAccessToken is a required parameter.`);
-        }
-        // Allow these headers to be logged for troubleshooting by AzurePipelines.
-        options.loggingOptions = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.loggingOptions), { additionalAllowedHeaderNames: [
-                ...((_b = (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.additionalAllowedHeaderNames) !== null && _b !== void 0 ? _b : []),
-                "x-vss-e2eid",
-                "x-msedge-ref",
-            ] });
-        this.identityClient = new identityClient_js_1.IdentityClient(options);
-        (0, tenantIdUtils_js_1.checkTenantId)(logger, tenantId);
-        logger.info(`Invoking AzurePipelinesCredential with tenant ID: ${tenantId}, client ID: ${clientId}, and service connection ID: ${serviceConnectionId}`);
-        if (!process.env.SYSTEM_OIDCREQUESTURI) {
-            throw new errors_js_1.CredentialUnavailableError(`${credentialName}: is unavailable. Ensure that you're running this task in an Azure Pipeline, so that following missing system variable(s) can be defined- "SYSTEM_OIDCREQUESTURI"`);
-        }
-        const oidcRequestUrl = `${process.env.SYSTEM_OIDCREQUESTURI}?api-version=${OIDC_API_VERSION}&serviceConnectionId=${serviceConnectionId}`;
-        logger.info(`Invoking ClientAssertionCredential with tenant ID: ${tenantId}, client ID: ${clientId} and service connection ID: ${serviceConnectionId}`);
-        this.clientAssertionCredential = new clientAssertionCredential_js_1.ClientAssertionCredential(tenantId, clientId, this.requestOidcToken.bind(this, oidcRequestUrl, systemAccessToken), options);
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options) {
-        if (!this.clientAssertionCredential) {
-            const errorMessage = `${credentialName}: is unavailable. To use Federation Identity in Azure Pipelines, the following parameters are required -
-      tenantId,
-      clientId,
-      serviceConnectionId,
-      systemAccessToken,
-      "SYSTEM_OIDCREQUESTURI".
-      See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
-            logger.error(errorMessage);
-            throw new errors_js_1.CredentialUnavailableError(errorMessage);
-        }
-        logger.info("Invoking getToken() of Client Assertion Credential");
-        return this.clientAssertionCredential.getToken(scopes, options);
-    }
-    /**
-     *
-     * @param oidcRequestUrl - oidc request url
-     * @param systemAccessToken - system access token
-     * @returns OIDC token from Azure Pipelines
-     */
-    async requestOidcToken(oidcRequestUrl, systemAccessToken) {
-        logger.info("Requesting OIDC token from Azure Pipelines...");
-        logger.info(oidcRequestUrl);
-        const request = (0, core_rest_pipeline_1.createPipelineRequest)({
-            url: oidcRequestUrl,
-            method: "POST",
-            headers: (0, core_rest_pipeline_1.createHttpHeaders)({
-                "Content-Type": "application/json",
-                Authorization: `Bearer ${systemAccessToken}`,
-                // Prevents the service from responding with a redirect HTTP status code (useful for automation).
-                "X-TFS-FedAuthRedirect": "Suppress",
-            }),
-        });
-        const response = await this.identityClient.sendRequest(request);
-        return handleOidcResponse(response);
-    }
-}
-exports.AzurePipelinesCredential = AzurePipelinesCredential;
-function handleOidcResponse(response) {
-    // OIDC token is present in `bodyAsText` field
-    const text = response.bodyAsText;
-    if (!text) {
-        logger.error(`${credentialName}: Authentication Failed. Received null token from OIDC request. Response status- ${response.status}. Complete response - ${JSON.stringify(response)}`);
-        throw new errors_js_1.AuthenticationError(response.status, {
-            error: `${credentialName}: Authentication Failed. Received null token from OIDC request.`,
-            error_description: `${JSON.stringify(response)}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
-        });
-    }
-    try {
-        const result = JSON.parse(text);
-        if (result === null || result === void 0 ? void 0 : result.oidcToken) {
-            return result.oidcToken;
-        }
-        else {
-            const errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
-            let errorDescription = ``;
-            if (response.status !== 200) {
-                errorDescription = `Response body = ${text}. Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;
-            }
-            logger.error(errorMessage);
-            logger.error(errorDescription);
-            throw new errors_js_1.AuthenticationError(response.status, {
-                error: errorMessage,
-                error_description: errorDescription,
-            });
-        }
-    }
-    catch (e) {
-        const errorDetails = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;
-        logger.error(`Response from service = ${text}, Response Headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")}
-      and ["x-msedge-ref"] = ${response.headers.get("x-msedge-ref")}, error message = ${e.message}`);
-        logger.error(errorDetails);
-        throw new errors_js_1.AuthenticationError(response.status, {
-            error: errorDetails,
-            error_description: `Response = ${text}. Response headers ["x-vss-e2eid"] = ${response.headers.get("x-vss-e2eid")} and ["x-msedge-ref"] =  ${response.headers.get("x-msedge-ref")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,
-        });
-    }
-}
-//# sourceMappingURL=azurePipelinesCredential.js.map

package/dist/commonjs/credentials/azurePipelinesCredential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azurePipelinesCredential.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAoJlC,gDA6CC;AA9LD,4CAA+E;AAC/E,kEAAqF;AAGrF,iFAA2E;AAC3E,mEAA6D;AAE7D,+DAAyD;AACzD,mDAAsD;AAEtD,MAAM,cAAc,GAAG,0BAA0B,CAAC;AAClD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,cAAc,CAAC,CAAC;AAChD,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B;;;GAGG;AACH,MAAa,wBAAwB;IAInC;;;;;;;OAOG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,mBAA2B,EAC3B,iBAAyB,EACzB,UAA2C,EAAE;;QAE7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qDAAqD,CACvE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,qDAAqD,CACvE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,gEAAgE,CAClF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,8DAA8D,CAChF,CAAC;QACJ,CAAC;QAED,0EAA0E;QAC1E,OAAO,CAAC,cAAc,mCACjB,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,KAC1B,4BAA4B,EAAE;gBAC5B,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,cAAc,0CAAE,4BAA4B,mCAAI,EAAE,CAAC;gBAC/D,aAAa;gBACb,cAAc;aACf,GACF,CAAC;QAEF,IAAI,CAAC,cAAc,GAAG,IAAI,kCAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,MAAM,CAAC,IAAI,CACT,qDAAqD,QAAQ,gBAAgB,QAAQ,gCAAgC,mBAAmB,EAAE,CAC3I,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;YACvC,MAAM,IAAI,sCAA0B,CAClC,GAAG,cAAc,mKAAmK,CACrL,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,gBAAgB,gBAAgB,wBAAwB,mBAAmB,EAAE,CAAC;QACzI,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,gBAAgB,QAAQ,+BAA+B,mBAAmB,EAAE,CAC3I,CAAC;QACF,IAAI,CAAC,yBAAyB,GAAG,IAAI,wDAAyB,CAC5D,QAAQ,EACR,QAAQ,EACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,EAAE,iBAAiB,CAAC,EACnE,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAyB,EACzB,OAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,GAAG,cAAc;;;;;;iIAMqF,CAAC;YAC5H,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3B,MAAM,IAAI,sCAA0B,CAAC,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,gBAAgB,CAC5B,cAAsB,EACtB,iBAAyB;QAEzB,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAA,0CAAqB,EAAC;YACpC,GAAG,EAAE,cAAc;YACnB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAA,sCAAiB,EAAC;gBACzB,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,iBAAiB,EAAE;gBAC5C,iGAAiG;gBACjG,uBAAuB,EAAE,UAAU;aACpC,CAAC;SACH,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AA7HD,4DA6HC;AAED,SAAgB,kBAAkB,CAAC,QAA0B;IAC3D,8CAA8C;IAC9C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC;IACjC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,KAAK,CACV,GAAG,cAAc,oFACf,QAAQ,CAAC,MACX,yBAAyB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CACpD,CAAC;QACF,MAAM,IAAI,+BAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC7C,KAAK,EAAE,GAAG,cAAc,iEAAiE;YACzF,iBAAiB,EAAE,GAAG,IAAI,CAAC,SAAS,CAClC,QAAQ,CACT,8HAA8H;SAChI,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC,SAAS,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,GAAG,cAAc,wEAAwE,CAAC;YAC/G,IAAI,gBAAgB,GAAG,EAAE,CAAC;YAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,gBAAgB,GAAG,mBAAmB,IAAI,wCAAwC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,2BAA2B,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,8HAA8H,CAAC;YACrT,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC/B,MAAM,IAAI,+BAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC7C,KAAK,EAAE,YAAY;gBACnB,iBAAiB,EAAE,gBAAgB;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,YAAY,GAAG,GAAG,cAAc,wEAAwE,CAAC;QAC/G,MAAM,CAAC,KAAK,CACV,2BAA2B,IAAI,wCAAwC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;+BACjF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAC9F,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3B,MAAM,IAAI,+BAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC7C,KAAK,EAAE,YAAY;YACnB,iBAAiB,EAAE,cAAc,IAAI,wCAAwC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,4BAA4B,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,8HAA8H;SAC/S,CAAC,CAAC;IACL,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { AuthenticationError, CredentialUnavailableError } from \"../errors.js\";\nimport { createHttpHeaders, createPipelineRequest } from \"@azure/core-rest-pipeline\";\n\nimport type { AzurePipelinesCredentialOptions } from \"./azurePipelinesCredentialOptions.js\";\nimport { ClientAssertionCredential } from \"./clientAssertionCredential.js\";\nimport { IdentityClient } from \"../client/identityClient.js\";\nimport type { PipelineResponse } from \"@azure/core-rest-pipeline\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\n\nconst credentialName = \"AzurePipelinesCredential\";\nconst logger = credentialLogger(credentialName);\nconst OIDC_API_VERSION = \"7.1\";\n\n/**\n * This credential is designed to be used in Azure Pipelines with service connections\n * as a setup for workload identity federation.\n */\nexport class AzurePipelinesCredential implements TokenCredential {\n private clientAssertionCredential: ClientAssertionCredential | undefined;\n private identityClient: IdentityClient;\n\n /**\n * AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.\n * @param tenantId - tenantId associated with the service connection\n * @param clientId - clientId associated with the service connection\n * @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key\n * @param systemAccessToken - The pipeline's <see href=\"https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken\">System.AccessToken</see> value.\n * @param options - The identity client options to use for authentication.\n */\n constructor(\n tenantId: string,\n clientId: string,\n serviceConnectionId: string,\n systemAccessToken: string,\n options: AzurePipelinesCredentialOptions = {},\n ) {\n if (!clientId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. clientId is a required parameter.`,\n );\n }\n if (!tenantId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. tenantId is a required parameter.`,\n );\n }\n if (!serviceConnectionId) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. serviceConnectionId is a required parameter.`,\n );\n }\n if (!systemAccessToken) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. systemAccessToken is a required parameter.`,\n );\n }\n\n // Allow these headers to be logged for troubleshooting by AzurePipelines.\n options.loggingOptions = {\n ...options?.loggingOptions,\n additionalAllowedHeaderNames: [\n ...(options.loggingOptions?.additionalAllowedHeaderNames ?? []),\n \"x-vss-e2eid\",\n \"x-msedge-ref\",\n ],\n };\n\n this.identityClient = new IdentityClient(options);\n checkTenantId(logger, tenantId);\n logger.info(\n `Invoking AzurePipelinesCredential with tenant ID: ${tenantId}, client ID: ${clientId}, and service connection ID: ${serviceConnectionId}`,\n );\n if (!process.env.SYSTEM_OIDCREQUESTURI) {\n throw new CredentialUnavailableError(\n `${credentialName}: is unavailable. Ensure that you're running this task in an Azure Pipeline, so that following missing system variable(s) can be defined- \"SYSTEM_OIDCREQUESTURI\"`,\n );\n }\n\n const oidcRequestUrl = `${process.env.SYSTEM_OIDCREQUESTURI}?api-version=${OIDC_API_VERSION}&serviceConnectionId=${serviceConnectionId}`;\n logger.info(\n `Invoking ClientAssertionCredential with tenant ID: ${tenantId}, client ID: ${clientId} and service connection ID: ${serviceConnectionId}`,\n );\n this.clientAssertionCredential = new ClientAssertionCredential(\n tenantId,\n clientId,\n this.requestOidcToken.bind(this, oidcRequestUrl, systemAccessToken),\n options,\n );\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n public async getToken(\n scopes: string | string[],\n options?: GetTokenOptions,\n ): Promise<AccessToken> {\n if (!this.clientAssertionCredential) {\n const errorMessage = `${credentialName}: is unavailable. To use Federation Identity in Azure Pipelines, the following parameters are required - \n tenantId,\n clientId,\n serviceConnectionId,\n systemAccessToken,\n \"SYSTEM_OIDCREQUESTURI\". \n See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;\n logger.error(errorMessage);\n throw new CredentialUnavailableError(errorMessage);\n }\n logger.info(\"Invoking getToken() of Client Assertion Credential\");\n return this.clientAssertionCredential.getToken(scopes, options);\n }\n\n /**\n *\n * @param oidcRequestUrl - oidc request url\n * @param systemAccessToken - system access token\n * @returns OIDC token from Azure Pipelines\n */\n private async requestOidcToken(\n oidcRequestUrl: string,\n systemAccessToken: string,\n ): Promise<string> {\n logger.info(\"Requesting OIDC token from Azure Pipelines...\");\n logger.info(oidcRequestUrl);\n const request = createPipelineRequest({\n url: oidcRequestUrl,\n method: \"POST\",\n headers: createHttpHeaders({\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${systemAccessToken}`,\n // Prevents the service from responding with a redirect HTTP status code (useful for automation).\n \"X-TFS-FedAuthRedirect\": \"Suppress\",\n }),\n });\n const response = await this.identityClient.sendRequest(request);\n return handleOidcResponse(response);\n }\n}\n\nexport function handleOidcResponse(response: PipelineResponse): string {\n // OIDC token is present in `bodyAsText` field\n const text = response.bodyAsText;\n if (!text) {\n logger.error(\n `${credentialName}: Authentication Failed. Received null token from OIDC request. Response status- ${\n response.status\n }. Complete response - ${JSON.stringify(response)}`,\n );\n throw new AuthenticationError(response.status, {\n error: `${credentialName}: Authentication Failed. Received null token from OIDC request.`,\n error_description: `${JSON.stringify(\n response,\n )}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,\n });\n }\n try {\n const result = JSON.parse(text);\n if (result?.oidcToken) {\n return result.oidcToken;\n } else {\n const errorMessage = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;\n let errorDescription = ``;\n if (response.status !== 200) {\n errorDescription = `Response body = ${text}. Response Headers [\"x-vss-e2eid\"] = ${response.headers.get(\"x-vss-e2eid\")} and [\"x-msedge-ref\"] = ${response.headers.get(\"x-msedge-ref\")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`;\n }\n logger.error(errorMessage);\n logger.error(errorDescription);\n throw new AuthenticationError(response.status, {\n error: errorMessage,\n error_description: errorDescription,\n });\n }\n } catch (e: any) {\n const errorDetails = `${credentialName}: Authentication Failed. oidcToken field not detected in the response.`;\n logger.error(\n `Response from service = ${text}, Response Headers [\"x-vss-e2eid\"] = ${response.headers.get(\"x-vss-e2eid\")} \n and [\"x-msedge-ref\"] = ${response.headers.get(\"x-msedge-ref\")}, error message = ${e.message}`,\n );\n logger.error(errorDetails);\n throw new AuthenticationError(response.status, {\n error: errorDetails,\n error_description: `Response = ${text}. Response headers [\"x-vss-e2eid\"] = ${response.headers.get(\"x-vss-e2eid\")} and [\"x-msedge-ref\"] = ${response.headers.get(\"x-msedge-ref\")}. See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/azurepipelinescredential/troubleshoot`,\n });\n }\n}\n"]}

package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
-/**
- * Optional parameters for the {@link AzurePipelinesCredential} class.
- */
-export interface AzurePipelinesCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-//# sourceMappingURL=azurePipelinesCredentialOptions.d.ts.map

package/dist/commonjs/credentials/azurePipelinesCredentialOptions.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azurePipelinesCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,+BACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js DELETED Viewed

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=azurePipelinesCredentialOptions.js.map

package/dist/commonjs/credentials/azurePipelinesCredentialOptions.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"azurePipelinesCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azurePipelinesCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link AzurePipelinesCredential} class.\n */\nexport interface AzurePipelinesCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions,\n AuthorityValidationOptions {}\n"]}

package/dist/commonjs/credentials/azurePowerShellCredential.d.ts DELETED Viewed

@@ -1,75 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { AzurePowerShellCredentialOptions } from "./azurePowerShellCredentialOptions.js";
-/**
- * Returns a platform-appropriate command name by appending ".exe" on Windows.
- *
- * @internal
- */
-export declare function formatCommand(commandName: string): string;
-/**
- * Known PowerShell errors
- * @internal
- */
-export declare const powerShellErrors: {
-    login: string;
-    installed: string;
-};
-/**
- * Messages to use when throwing in this credential.
- * @internal
- */
-export declare const powerShellPublicErrorMessages: {
-    login: string;
-    installed: string;
-    troubleshoot: string;
-};
-/**
- * The PowerShell commands to be tried, in order.
- *
- * @internal
- */
-export declare const commandStack: string[];
-/**
- * This credential will use the currently logged-in user information from the
- * Azure PowerShell module. To do so, it will read the user access token and
- * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
- */
-export declare class AzurePowerShellCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private timeout?;
-    /**
-     * Creates an instance of the {@link AzurePowerShellCredential}.
-     *
-     * To use this credential:
-     * - Install the Azure Az PowerShell module with:
-     *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
-     * - You have already logged in to Azure PowerShell using the command
-     * `Connect-AzAccount` from the command line.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options?: AzurePowerShellCredentialOptions);
-    /**
-     * Gets the access token from Azure PowerShell
-     * @param resource - The resource to use when getting the token
-     */
-    private getAzurePowerShellAccessToken;
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- *
- * @internal
- */
-export declare function parseJsonToken(result: string): Promise<{
-    Token: string;
-    ExpiresOn: string;
-}>;
-//# sourceMappingURL=azurePowerShellCredential.d.ts.map