@azure/identity 4.5.1-alpha.20250115.7 → 4.6.0

package/dist/commonjs/credentials/clientAssertionCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientAssertionCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAIlC,mEAAmE;AACnE,+DAGkC;AAGlC,4CAA0D;AAC1D,mDAAsD;AACtD,mDAAmD;AAEnD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,2BAA2B,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAa,yBAAyB;IAOpC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAmC,EACnC,UAA4C,EAAE;QAE9C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,sCAA0B,CAClC,qEAAqE,CACtE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,IAAI,CAAC,OAAO,IACpC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAC9C,WAAW,EACX,IAAI,CAAC,YAAY,EACjB,UAAU,CACX,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AAnFD,8DAmFC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { ClientAssertionCredentialOptions } from \"./clientAssertionCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"ClientAssertionCredential\");\n\n/**\n * Authenticates a service principal with a JWT assertion.\n */\nexport class ClientAssertionCredential implements TokenCredential {\n  private msalClient: MsalClient;\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private getAssertion: () => Promise<string>;\n  private options: ClientAssertionCredentialOptions;\n\n  /**\n   * Creates an instance of the ClientAssertionCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a client\n   * assertion provided by the developer through the `getAssertion` function parameter.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param getAssertion - A function that retrieves the assertion for the credential to use.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    getAssertion: () => Promise<string>,\n    options: ClientAssertionCredentialOptions = {},\n  ) {\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: tenantId is a required parameter.\",\n      );\n    }\n\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: clientId is a required parameter.\",\n      );\n    }\n\n    if (!getAssertion) {\n      throw new CredentialUnavailableError(\n        \"ClientAssertionCredential: clientAssertion is a required parameter.\",\n      );\n    }\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    this.options = options;\n    this.getAssertion = getAssertion;\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n      tokenCredentialOptions: this.options,\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n        return this.msalClient.getTokenByClientAssertion(\n          arrayScopes,\n          this.getAssertion,\n          newOptions,\n        );\n      },\n    );\n  }\n}\n"]}

package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts

@@ -1,9 +0,0 @@
-import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
-/**
- * Options for the {@link ClientAssertionCredential}
- */
-export interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-//# sourceMappingURL=clientAssertionCredentialOptions.d.ts.map

package/dist/commonjs/credentials/clientAssertionCredentialOptions.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientAssertionCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,gCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAAG"}

package/dist/commonjs/credentials/clientAssertionCredentialOptions.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=clientAssertionCredentialOptions.js.map

package/dist/commonjs/credentials/clientAssertionCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientAssertionCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientAssertionCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link ClientAssertionCredential}\n */\nexport interface ClientAssertionCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {}\n"]}

package/dist/commonjs/credentials/clientCertificateCredential.d.ts

@@ -1,72 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { CertificateParts } from "../msal/types.js";
-import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions.js";
-import type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificate, ClientCertificatePEMCertificatePath } from "./clientCertificateCredentialModels.js";
-/**
- * Enables authentication to Microsoft Entra ID using a PEM-encoded
- * certificate that is assigned to an App Registration. More information
- * on how to configure certificate authentication can be found here:
- *
- * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
- *
- */
-export declare class ClientCertificateCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private certificateConfiguration;
-    private sendCertificateChain?;
-    private msalClient;
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
-     *                        If the type is ignored, we will throw the value of the path to a PEM certificate.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
-     *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    private buildClientCertificate;
-}
-/**
- * Parses a certificate into its relevant parts
- *
- * @param certificateConfiguration - The certificate contents or path to the certificate
- * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
- * @returns The parsed certificate parts and the certificate contents
- */
-export declare function parseCertificate(certificateConfiguration: ClientCertificateCredentialPEMConfiguration, sendCertificateChain: boolean): Promise<Omit<CertificateParts, "privateKey"> & {
-    certificateContents: string;
-}>;
-//# sourceMappingURL=clientCertificateCredential.d.ts.map

package/dist/commonjs/credentials/clientCertificateCredential.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAIlG,OAAO,KAAK,EACV,2CAA2C,EAC3C,+BAA+B,EAC/B,mCAAmC,EACpC,MAAM,wCAAwC,CAAC;AAKhD;;;;;;;GAOG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,wBAAwB,CAA8C;IAC9E,OAAO,CAAC,oBAAoB,CAAC,CAAU;IACvC,OAAO,CAAC,UAAU,CAAa;IAE/B;;;;;;;;OAQG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,mCAAmC,EAClD,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,+BAA+B,EAC9C,OAAO,CAAC,EAAE,kCAAkC;IA+C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;YAehF,sBAAsB;CA4BrC;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,wBAAwB,EAAE,2CAA2C,EACrE,oBAAoB,EAAE,OAAO,GAC5B,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,GAAG;IAAE,mBAAmB,EAAE,MAAM,CAAA;CAAE,CAAC,CAkCjF"}

package/dist/commonjs/credentials/clientCertificateCredential.js

@@ -1,127 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ClientCertificateCredential = void 0;
-exports.parseCertificate = parseCertificate;
-const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
-const node_crypto_1 = require("node:crypto");
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const logging_js_1 = require("../util/logging.js");
-const promises_1 = require("node:fs/promises");
-const tracing_js_1 = require("../util/tracing.js");
-const credentialName = "ClientCertificateCredential";
-const logger = (0, logging_js_1.credentialLogger)(credentialName);
-/**
- * Enables authentication to Microsoft Entra ID using a PEM-encoded
- * certificate that is assigned to an App Registration. More information
- * on how to configure certificate authentication can be found here:
- *
- * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
- *
- */
-class ClientCertificateCredential {
-    constructor(tenantId, clientId, certificatePathOrConfiguration, options = {}) {
-        if (!tenantId || !clientId) {
-            throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);
-        }
-        this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.sendCertificateChain = options.sendCertificateChain;
-        this.certificateConfiguration = Object.assign({}, (typeof certificatePathOrConfiguration === "string"
-            ? {
-                certificatePath: certificatePathOrConfiguration,
-            }
-            : certificatePathOrConfiguration));
-        const certificate = this.certificateConfiguration
-            .certificate;
-        const certificatePath = this.certificateConfiguration
-            .certificatePath;
-        if (!this.certificateConfiguration || !(certificate || certificatePath)) {
-            throw new Error(`${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
-        }
-        if (certificate && certificatePath) {
-            throw new Error(`${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);
-        }
-        this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {
-            newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-            const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];
-            const certificate = await this.buildClientCertificate();
-            return this.msalClient.getTokenByClientCertificate(arrayScopes, certificate, newOptions);
-        });
-    }
-    async buildClientCertificate() {
-        var _a;
-        const parts = await parseCertificate(this.certificateConfiguration, (_a = this.sendCertificateChain) !== null && _a !== void 0 ? _a : false);
-        let privateKey;
-        if (this.certificateConfiguration.certificatePassword !== undefined) {
-            privateKey = (0, node_crypto_1.createPrivateKey)({
-                key: parts.certificateContents,
-                passphrase: this.certificateConfiguration.certificatePassword,
-                format: "pem",
-            })
-                .export({
-                format: "pem",
-                type: "pkcs8",
-            })
-                .toString();
-        }
-        else {
-            privateKey = parts.certificateContents;
-        }
-        return {
-            thumbprint: parts.thumbprint,
-            privateKey,
-            x5c: parts.x5c,
-        };
-    }
-}
-exports.ClientCertificateCredential = ClientCertificateCredential;
-/**
- * Parses a certificate into its relevant parts
- *
- * @param certificateConfiguration - The certificate contents or path to the certificate
- * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
- * @returns The parsed certificate parts and the certificate contents
- */
-async function parseCertificate(certificateConfiguration, sendCertificateChain) {
-    const certificate = certificateConfiguration.certificate;
-    const certificatePath = certificateConfiguration
-        .certificatePath;
-    const certificateContents = certificate || (await (0, promises_1.readFile)(certificatePath, "utf8"));
-    const x5c = sendCertificateChain ? certificateContents : undefined;
-    const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g;
-    const publicKeys = [];
-    // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c
-    let match;
-    do {
-        match = certificatePattern.exec(certificateContents);
-        if (match) {
-            publicKeys.push(match[3]);
-        }
-    } while (match);
-    if (publicKeys.length === 0) {
-        throw new Error("The file at the specified path does not contain a PEM-encoded certificate.");
-    }
-    const thumbprint = (0, node_crypto_1.createHash)("sha1")
-        .update(Buffer.from(publicKeys[0], "base64"))
-        .digest("hex")
-        .toUpperCase();
-    return {
-        certificateContents,
-        thumbprint,
-        x5c,
-    };
-}
-//# sourceMappingURL=clientCertificateCredential.js.map

package/dist/commonjs/credentials/clientCertificateCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAgMlC,4CAqCC;AAjOD,mEAAmE;AACnE,6CAA2D;AAC3D,+DAGkC;AAIlC,mDAAsD;AACtD,+CAA4C;AAC5C,mDAAmD;AAOnD,MAAM,cAAc,GAAG,6BAA6B,CAAC;AACrD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,cAAc,CAAC,CAAC;AAEhD;;;;;;;GAOG;AACH,MAAa,2BAA2B;IAsDtC,YACE,QAAgB,EAChB,QAAgB,EAChB,8BAAoF,EACpF,UAA8C,EAAE;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,GAAG,cAAc,kDAAkD,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAEzD,IAAI,CAAC,wBAAwB,qBACxB,CAAC,OAAO,8BAA8B,KAAK,QAAQ;YACpD,CAAC,CAAC;gBACE,eAAe,EAAE,8BAA8B;aAChD;YACH,CAAC,CAAC,8BAA8B,CAAC,CACpC,CAAC;QACF,MAAM,WAAW,GAAI,IAAI,CAAC,wBAA4D;aACnF,WAAW,CAAC;QACf,MAAM,eAAe,GAAI,IAAI,CAAC,wBAAgE;aAC3F,eAAe,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,wBAAwB,IAAI,CAAC,CAAC,WAAW,IAAI,eAAe,CAAC,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,4MAA4M,CAC9N,CAAC;QACJ,CAAC;QACD,IAAI,WAAW,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,cAAc,wOAAwO,CAC1P,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAAC,GAAG,cAAc,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACxF,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,sBAAsB;;QAClC,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAClC,IAAI,CAAC,wBAAwB,EAC7B,MAAA,IAAI,CAAC,oBAAoB,mCAAI,KAAK,CACnC,CAAC;QAEF,IAAI,UAAkB,CAAC;QACvB,IAAI,IAAI,CAAC,wBAAwB,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACpE,UAAU,GAAG,IAAA,8BAAgB,EAAC;gBAC5B,GAAG,EAAE,KAAK,CAAC,mBAAmB;gBAC9B,UAAU,EAAE,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC7D,MAAM,EAAE,KAAK;aACd,CAAC;iBACC,MAAM,CAAC;gBACN,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO;aACd,CAAC;iBACD,QAAQ,EAAE,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,KAAK,CAAC,mBAAmB,CAAC;QACzC,CAAC;QAED,OAAO;YACL,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,UAAU;YACV,GAAG,EAAE,KAAK,CAAC,GAAG;SACf,CAAC;IACJ,CAAC;CACF;AAtJD,kEAsJC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB,CACpC,wBAAqE,EACrE,oBAA6B;IAE7B,MAAM,WAAW,GAAI,wBAA4D,CAAC,WAAW,CAAC;IAC9F,MAAM,eAAe,GAAI,wBAAgE;SACtF,eAAe,CAAC;IACnB,MAAM,mBAAmB,GAAG,WAAW,IAAI,CAAC,MAAM,IAAA,mBAAQ,EAAC,eAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;IACtF,MAAM,GAAG,GAAG,oBAAoB,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,MAAM,kBAAkB,GACtB,+FAA+F,CAAC;IAClG,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,qHAAqH;IACrH,IAAI,KAAK,CAAC;IACV,GAAG,CAAC;QACF,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACrD,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,QAAQ,KAAK,EAAE;IAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,wBAAU,EAAC,MAAM,CAAC;SAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SAC5C,MAAM,CAAC,KAAK,CAAC;SACb,WAAW,EAAE,CAAC;IAEjB,OAAO;QACL,mBAAmB;QACnB,UAAU;QACV,GAAG;KACJ,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createHash, createPrivateKey } from \"node:crypto\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { CertificateParts } from \"../msal/types.js\";\nimport type { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { readFile } from \"node:fs/promises\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type {\n  ClientCertificateCredentialPEMConfiguration,\n  ClientCertificatePEMCertificate,\n  ClientCertificatePEMCertificatePath,\n} from \"./clientCertificateCredentialModels.js\";\n\nconst credentialName = \"ClientCertificateCredential\";\nconst logger = credentialLogger(credentialName);\n\n/**\n * Enables authentication to Microsoft Entra ID using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n *\n * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n *\n */\nexport class ClientCertificateCredential implements TokenCredential {\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private certificateConfiguration: ClientCertificateCredentialPEMConfiguration;\n  private sendCertificateChain?: boolean;\n  private msalClient: MsalClient;\n\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a certificate.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePath: string,\n    options?: ClientCertificateCredentialOptions,\n  );\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a certificate.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param configuration - Other parameters required, including the path of the certificate on the filesystem.\n   *                        If the type is ignored, we will throw the value of the path to a PEM certificate.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    configuration: ClientCertificatePEMCertificatePath,\n    options?: ClientCertificateCredentialOptions,\n  );\n  /**\n   * Creates an instance of the ClientCertificateCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a certificate.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.\n   *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    configuration: ClientCertificatePEMCertificate,\n    options?: ClientCertificateCredentialOptions,\n  );\n  constructor(\n    tenantId: string,\n    clientId: string,\n    certificatePathOrConfiguration: string | ClientCertificateCredentialPEMConfiguration,\n    options: ClientCertificateCredentialOptions = {},\n  ) {\n    if (!tenantId || !clientId) {\n      throw new Error(`${credentialName}: tenantId and clientId are required parameters.`);\n    }\n\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    this.sendCertificateChain = options.sendCertificateChain;\n\n    this.certificateConfiguration = {\n      ...(typeof certificatePathOrConfiguration === \"string\"\n        ? {\n            certificatePath: certificatePathOrConfiguration,\n          }\n        : certificatePathOrConfiguration),\n    };\n    const certificate = (this.certificateConfiguration as ClientCertificatePEMCertificate)\n      .certificate;\n    const certificatePath = (this.certificateConfiguration as ClientCertificatePEMCertificatePath)\n      .certificatePath;\n    if (!this.certificateConfiguration || !(certificate || certificatePath)) {\n      throw new Error(\n        `${credentialName}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n      );\n    }\n    if (certificate && certificatePath) {\n      throw new Error(\n        `${credentialName}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`,\n      );\n    }\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n      tokenCredentialOptions: options,\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(`${credentialName}.getToken`, options, async (newOptions) => {\n      newOptions.tenantId = processMultiTenantRequest(\n        this.tenantId,\n        newOptions,\n        this.additionallyAllowedTenantIds,\n        logger,\n      );\n\n      const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n      const certificate = await this.buildClientCertificate();\n      return this.msalClient.getTokenByClientCertificate(arrayScopes, certificate, newOptions);\n    });\n  }\n\n  private async buildClientCertificate(): Promise<CertificateParts> {\n    const parts = await parseCertificate(\n      this.certificateConfiguration,\n      this.sendCertificateChain ?? false,\n    );\n\n    let privateKey: string;\n    if (this.certificateConfiguration.certificatePassword !== undefined) {\n      privateKey = createPrivateKey({\n        key: parts.certificateContents,\n        passphrase: this.certificateConfiguration.certificatePassword,\n        format: \"pem\",\n      })\n        .export({\n          format: \"pem\",\n          type: \"pkcs8\",\n        })\n        .toString();\n    } else {\n      privateKey = parts.certificateContents;\n    }\n\n    return {\n      thumbprint: parts.thumbprint,\n      privateKey,\n      x5c: parts.x5c,\n    };\n  }\n}\n\n/**\n * Parses a certificate into its relevant parts\n *\n * @param certificateConfiguration - The certificate contents or path to the certificate\n * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise\n * @returns The parsed certificate parts and the certificate contents\n */\nexport async function parseCertificate(\n  certificateConfiguration: ClientCertificateCredentialPEMConfiguration,\n  sendCertificateChain: boolean,\n): Promise<Omit<CertificateParts, \"privateKey\"> & { certificateContents: string }> {\n  const certificate = (certificateConfiguration as ClientCertificatePEMCertificate).certificate;\n  const certificatePath = (certificateConfiguration as ClientCertificatePEMCertificatePath)\n    .certificatePath;\n  const certificateContents = certificate || (await readFile(certificatePath!, \"utf8\"));\n  const x5c = sendCertificateChain ? certificateContents : undefined;\n\n  const certificatePattern =\n    /(-+BEGIN CERTIFICATE-+)(\\n\\r?|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=*)(\\n\\r?|\\r\\n?)(-+END CERTIFICATE-+)/g;\n  const publicKeys: string[] = [];\n\n  // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n  let match;\n  do {\n    match = certificatePattern.exec(certificateContents);\n    if (match) {\n      publicKeys.push(match[3]);\n    }\n  } while (match);\n\n  if (publicKeys.length === 0) {\n    throw new Error(\"The file at the specified path does not contain a PEM-encoded certificate.\");\n  }\n\n  const thumbprint = createHash(\"sha1\")\n    .update(Buffer.from(publicKeys[0], \"base64\"))\n    .digest(\"hex\")\n    .toUpperCase();\n\n  return {\n    certificateContents,\n    thumbprint,\n    x5c,\n  };\n}\n"]}

package/dist/commonjs/credentials/clientCertificateCredentialModels.d.ts

@@ -1,31 +0,0 @@
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
- */
-export interface ClientCertificatePEMCertificate {
-    /**
-     * The PEM-encoded public/private key certificate on the filesystem.
-     */
-    certificate: string;
-    /**
-     * The password for the certificate file.
-     */
-    certificatePassword?: string;
-}
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
- */
-export interface ClientCertificatePEMCertificatePath {
-    /**
-     * The path to the PEM-encoded public/private key certificate on the filesystem.
-     */
-    certificatePath: string;
-    /**
-     * The password for the certificate file.
-     */
-    certificatePassword?: string;
-}
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
- */
-export type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
-//# sourceMappingURL=clientCertificateCredentialModels.d.ts.map

package/dist/commonjs/credentials/clientCertificateCredentialModels.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredentialModels.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,WAAW,mCAAmC;IAClD;;OAEG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AACD;;GAEG;AACH,MAAM,MAAM,2CAA2C,GACnD,+BAA+B,GAC/B,mCAAmC,CAAC"}

package/dist/commonjs/credentials/clientCertificateCredentialModels.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=clientCertificateCredentialModels.js.map

package/dist/commonjs/credentials/clientCertificateCredentialModels.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredentialModels.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialModels.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate\n */\nexport interface ClientCertificatePEMCertificate {\n  /**\n   * The PEM-encoded public/private key certificate on the filesystem.\n   */\n  certificate: string;\n\n  /**\n   * The password for the certificate file.\n   */\n  certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.\n */\nexport interface ClientCertificatePEMCertificatePath {\n  /**\n   * The path to the PEM-encoded public/private key certificate on the filesystem.\n   */\n  certificatePath: string;\n\n  /**\n   * The password for the certificate file.\n   */\n  certificatePassword?: string;\n}\n/**\n * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.\n */\nexport type ClientCertificateCredentialPEMConfiguration =\n  | ClientCertificatePEMCertificate\n  | ClientCertificatePEMCertificatePath;\n"]}

package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts

@@ -1,14 +0,0 @@
-import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
-/**
- * Optional parameters for the {@link ClientCertificateCredential} class.
- */
-export interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-    /**
-     * Option to include x5c header for SubjectName and Issuer name authorization.
-     * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
-     */
-    sendCertificateChain?: boolean;
-}
-//# sourceMappingURL=clientCertificateCredentialOptions.d.ts.map

package/dist/commonjs/credentials/clientCertificateCredentialOptions.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAQhC"}

package/dist/commonjs/credentials/clientCertificateCredentialOptions.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=clientCertificateCredentialOptions.js.map

package/dist/commonjs/credentials/clientCertificateCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientCertificateCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientCertificateCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link ClientCertificateCredential} class.\n */\nexport interface ClientCertificateCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {\n  /**\n   * Option to include x5c header for SubjectName and Issuer name authorization.\n   * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim\n   */\n  sendCertificateChain?: boolean;\n  // TODO: Export again once we're ready to release this feature.\n  // /**\n  //  * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n  //  * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n  //  * If the property is not specified, the credential uses the global authority endpoint.\n  //  */\n  // regionalAuthority?: string;\n}\n"]}

package/dist/commonjs/credentials/clientSecretCredential.d.ts

@@ -1,37 +0,0 @@
-import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
-import type { ClientSecretCredentialOptions } from "./clientSecretCredentialOptions.js";
-/**
- * Enables authentication to Microsoft Entra ID using a client secret
- * that was generated for an App Registration. More information on how
- * to configure a client secret can be found here:
- *
- * https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
- *
- */
-export declare class ClientSecretCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private msalClient;
-    private clientSecret;
-    /**
-     * Creates an instance of the ClientSecretCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * secret.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param clientSecret - A client secret that was generated for the App Registration.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-//# sourceMappingURL=clientSecretCredential.d.ts.map

package/dist/commonjs/credentials/clientSecretCredential.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientSecretCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQtF,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AAQxF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAC5D,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;;;;;OASG;gBAED,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,6BAAkC;IAiC7C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CAiB/F"}

package/dist/commonjs/credentials/clientSecretCredential.js

@@ -1,64 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ClientSecretCredential = void 0;
-const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
-const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
-const errors_js_1 = require("../errors.js");
-const logging_js_1 = require("../util/logging.js");
-const scopeUtils_js_1 = require("../util/scopeUtils.js");
-const tracing_js_1 = require("../util/tracing.js");
-const logger = (0, logging_js_1.credentialLogger)("ClientSecretCredential");
-/**
- * Enables authentication to Microsoft Entra ID using a client secret
- * that was generated for an App Registration. More information on how
- * to configure a client secret can be found here:
- *
- * https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
- *
- */
-class ClientSecretCredential {
-    /**
-     * Creates an instance of the ClientSecretCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * secret.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param clientSecret - A client secret that was generated for the App Registration.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId, clientId, clientSecret, options = {}) {
-        if (!tenantId) {
-            throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
-        }
-        if (!clientId) {
-            throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
-        }
-        if (!clientSecret) {
-            throw new errors_js_1.CredentialUnavailableError("ClientSecretCredential: clientSecret is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.");
-        }
-        this.clientSecret = clientSecret;
-        this.tenantId = tenantId;
-        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
-        this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options }));
-    }
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    async getToken(scopes, options = {}) {
-        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
-            newOptions.tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds, logger);
-            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
-            return this.msalClient.getTokenByClientSecret(arrayScopes, this.clientSecret, newOptions);
-        });
-    }
-}
-exports.ClientSecretCredential = ClientSecretCredential;
-//# sourceMappingURL=clientSecretCredential.js.map

package/dist/commonjs/credentials/clientSecretCredential.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientSecretCredential.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAIlC,mEAAmE;AACnE,+DAGkC;AAGlC,4CAA0D;AAC1D,mDAAsD;AACtD,yDAAqD;AACrD,mDAAmD;AAEnD,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAa,sBAAsB;IAMjC;;;;;;;;;OASG;IACH,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,UAAyC,EAAE;QAE3C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sCAA0B,CAClC,gKAAgK,CACjK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,sCAA0B,CAClC,oKAAoK,CACrK,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,IAC/B,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,UAAU,CAAC,QAAQ,GAAG,IAAA,4CAAyB,EAC7C,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,EACjC,MAAM,CACP,CAAC;YAEF,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAC5F,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA9ED,wDA8EC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\n\nimport type { ClientSecretCredentialOptions } from \"./clientSecretCredentialOptions.js\";\nimport { CredentialUnavailableError } from \"../errors.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n *\n * https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n *\n */\nexport class ClientSecretCredential implements TokenCredential {\n  private tenantId: string;\n  private additionallyAllowedTenantIds: string[];\n  private msalClient: MsalClient;\n  private clientSecret: string;\n\n  /**\n   * Creates an instance of the ClientSecretCredential with the details\n   * needed to authenticate against Microsoft Entra ID with a client\n   * secret.\n   *\n   * @param tenantId - The Microsoft Entra tenant (directory) ID.\n   * @param clientId - The client (application) ID of an App Registration in the tenant.\n   * @param clientSecret - A client secret that was generated for the App Registration.\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(\n    tenantId: string,\n    clientId: string,\n    clientSecret: string,\n    options: ClientSecretCredentialOptions = {},\n  ) {\n    if (!tenantId) {\n      throw new CredentialUnavailableError(\n        \"ClientSecretCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\",\n      );\n    }\n\n    if (!clientId) {\n      throw new CredentialUnavailableError(\n        \"ClientSecretCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\",\n      );\n    }\n\n    if (!clientSecret) {\n      throw new CredentialUnavailableError(\n        \"ClientSecretCredential: clientSecret is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.\",\n      );\n    }\n\n    this.clientSecret = clientSecret;\n    this.tenantId = tenantId;\n    this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n      options?.additionallyAllowedTenants,\n    );\n\n    this.msalClient = createMsalClient(clientId, tenantId, {\n      ...options,\n      logger,\n      tokenCredentialOptions: options,\n    });\n  }\n\n  /**\n   * Authenticates with Microsoft Entra ID and returns an access token if successful.\n   * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n   *\n   * @param scopes - The list of scopes for which the token will have access.\n   * @param options - The options used to configure any requests this\n   *                TokenCredential implementation might make.\n   */\n  async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n    return tracingClient.withSpan(\n      `${this.constructor.name}.getToken`,\n      options,\n      async (newOptions) => {\n        newOptions.tenantId = processMultiTenantRequest(\n          this.tenantId,\n          newOptions,\n          this.additionallyAllowedTenantIds,\n          logger,\n        );\n\n        const arrayScopes = ensureScopes(scopes);\n        return this.msalClient.getTokenByClientSecret(arrayScopes, this.clientSecret, newOptions);\n      },\n    );\n  }\n}\n"]}

package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts

@@ -1,9 +0,0 @@
-import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
-import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
-import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
-/**
- * Optional parameters for the {@link ClientSecretCredential} class.
- */
-export interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-//# sourceMappingURL=clientSecretCredentialOptions.d.ts.map

package/dist/commonjs/credentials/clientSecretCredentialOptions.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientSecretCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,6BACf,SAAQ,iCAAiC,EACvC,4BAA4B,EAC5B,0BAA0B;CAQ7B"}

package/dist/commonjs/credentials/clientSecretCredentialOptions.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=clientSecretCredentialOptions.js.map

package/dist/commonjs/credentials/clientSecretCredentialOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"clientSecretCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/clientSecretCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Optional parameters for the {@link ClientSecretCredential} class.\n */\nexport interface ClientSecretCredentialOptions\n  extends MultiTenantTokenCredentialOptions,\n    CredentialPersistenceOptions,\n    AuthorityValidationOptions {\n  // TODO: Export again once we're ready to release this feature.\n  // /**\n  //  * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.\n  //  * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.\n  //  * If the property is not specified, the credential uses the global authority endpoint.\n  //  */\n  // regionalAuthority?: string;\n}\n"]}

package/dist/commonjs/credentials/credentialPersistenceOptions.d.ts

@@ -1,30 +0,0 @@
-import type { TokenCachePersistenceOptions } from "../msal/nodeFlows/tokenCachePersistenceOptions.js";
-/**
- * Shared configuration options for credentials that support persistent token
- * caching.
- */
-export interface CredentialPersistenceOptions {
-    /**
-     * Options to provide to the persistence layer (if one is available) when
-     * storing credentials.
-     *
-     * You must first register a persistence provider plugin. See the
-     * `@azure/identity-cache-persistence` package on NPM.
-     *
-     * Example:
-     *
-     * ```ts snippet:credential_persistence_options_example
-     * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
-     *
-     * useIdentityPlugin(cachePersistencePlugin);
-     *
-     * const credential = new DeviceCodeCredential({
-     *   tokenCachePersistenceOptions: {
-     *     enabled: true,
-     *   },
-     * });
-     * ```
-     */
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
-}
-//# sourceMappingURL=credentialPersistenceOptions.d.ts.map

package/dist/commonjs/credentials/credentialPersistenceOptions.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"credentialPersistenceOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/credentialPersistenceOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mDAAmD,CAAC;AAEtG;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;;;;;;;;;;;;;;OAoBG;IAEH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;CAC7D"}

package/dist/commonjs/credentials/credentialPersistenceOptions.js

@@ -1,5 +0,0 @@
-"use strict";
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=credentialPersistenceOptions.js.map

package/dist/commonjs/credentials/credentialPersistenceOptions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"credentialPersistenceOptions.js","sourceRoot":"","sources":["../../../src/credentials/credentialPersistenceOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCachePersistenceOptions } from \"../msal/nodeFlows/tokenCachePersistenceOptions.js\";\n\n/**\n * Shared configuration options for credentials that support persistent token\n * caching.\n */\nexport interface CredentialPersistenceOptions {\n  /**\n   * Options to provide to the persistence layer (if one is available) when\n   * storing credentials.\n   *\n   * You must first register a persistence provider plugin. See the\n   * `@azure/identity-cache-persistence` package on NPM.\n   *\n   * Example:\n   *\n   * ```ts snippet:credential_persistence_options_example\n   * import { useIdentityPlugin, DeviceCodeCredential } from \"@azure/identity\";\n   *\n   * useIdentityPlugin(cachePersistencePlugin);\n   *\n   * const credential = new DeviceCodeCredential({\n   *   tokenCachePersistenceOptions: {\n   *     enabled: true,\n   *   },\n   * });\n   * ```\n   */\n\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n}\n"]}