@azure/identity 4.6.0 → 4.6.1-alpha.20250116.2

package/dist/browser/msal/nodeFlows/msalPlugins.d.ts

@@ -0,0 +1,91 @@
+import type * as msalNode from "@azure/msal-node";
+import type { MsalClientOptions } from "./msalClient.js";
+import type { NativeBrokerPluginControl } from "../../plugins/provider.js";
+import type { TokenCachePersistenceOptions } from "./tokenCachePersistenceOptions.js";
+/**
+ * Configuration for the plugins used by the MSAL node client.
+ */
+export interface PluginConfiguration {
+    /**
+     * Configuration for the cache plugin.
+     */
+    cache: {
+        /**
+         * The non-CAE cache plugin handler.
+         */
+        cachePlugin?: Promise<msalNode.ICachePlugin>;
+        /**
+         * The CAE cache plugin handler - persisted to a different file.
+         */
+        cachePluginCae?: Promise<msalNode.ICachePlugin>;
+    };
+    /**
+     * Configuration for the broker plugin.
+     */
+    broker: {
+        /**
+         * True if the broker plugin is enabled and available. False otherwise.
+         *
+         * It is a bug if this is true and the broker plugin is not available.
+         */
+        isEnabled: boolean;
+        /**
+         * If true, MSA account will be passed through, required for WAM authentication.
+         */
+        enableMsaPassthrough: boolean;
+        /**
+         * The parent window handle for the broker.
+         */
+        parentWindowHandle?: Uint8Array;
+        /**
+         * The native broker plugin handler.
+         */
+        nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;
+        /**
+         * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication. Default is set to false.
+         */
+        useDefaultBrokerAccount?: boolean;
+    };
+}
+/**
+ * The current persistence provider, undefined by default.
+ * @internal
+ */
+export declare let persistenceProvider: ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>) | undefined;
+/**
+ * An object that allows setting the persistence provider.
+ * @internal
+ */
+export declare const msalNodeFlowCacheControl: {
+    setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void;
+};
+/**
+ * The current native broker provider, undefined by default.
+ * @internal
+ */
+export declare let nativeBrokerInfo: {
+    broker: msalNode.INativeBrokerPlugin;
+} | undefined;
+export declare function hasNativeBroker(): boolean;
+/**
+ * An object that allows setting the native broker provider.
+ * @internal
+ */
+export declare const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl;
+/**
+ * Configures plugins, validating that required plugins are available and enabled.
+ *
+ * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.
+ *
+ * @param options - options for creating the MSAL client
+ * @returns plugin configuration
+ */
+declare function generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration;
+/**
+ * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.
+ */
+export declare const msalPlugins: {
+    generatePluginConfiguration: typeof generatePluginConfiguration;
+};
+export {};
+//# sourceMappingURL=msalPlugins.d.ts.map

package/dist/browser/msal/nodeFlows/msalPlugins.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"msalPlugins.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAQlD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AAC3E,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEtF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,KAAK,EAAE;QACL;;WAEG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC7C;;WAEG;QACH,cAAc,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;KACjD,CAAC;IACF;;OAEG;IACH,MAAM,EAAE;QACN;;;;WAIG;QACH,SAAS,EAAE,OAAO,CAAC;QACnB;;WAEG;QACH,oBAAoB,EAAE,OAAO,CAAC;QAC9B;;WAEG;QACH,kBAAkB,CAAC,EAAE,UAAU,CAAC;QAChC;;WAEG;QACH,kBAAkB,CAAC,EAAE,QAAQ,CAAC,mBAAmB,CAAC;QAClD;;WAEG;QACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAED;;;GAGG;AACH,eAAO,IAAI,mBAAmB,EAC1B,CAAC,CAAC,OAAO,CAAC,EAAE,4BAA4B,KAAK,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,GAC5E,SAAqB,CAAC;AAE1B;;;GAGG;AACH,eAAO,MAAM,wBAAwB;mCACJ,OAAO,CAAC,OAAO,mBAAmB,EAAE,SAAS,CAAC,GAAG,IAAI;CAGrF,CAAC;AAEF;;;GAGG;AACH,eAAO,IAAI,gBAAgB,EACvB;IACE,MAAM,EAAE,QAAQ,CAAC,mBAAmB,CAAC;CACtC,GACD,SAAqB,CAAC;AAE1B,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED;;;GAGG;AACH,eAAO,MAAM,+BAA+B,EAAE,yBAM7C,CAAC;AAEF;;;;;;;GAOG;AACH,iBAAS,2BAA2B,CAAC,OAAO,EAAE,iBAAiB,GAAG,mBAAmB,CAgDpF;AAED;;GAEG;AACH,eAAO,MAAM,WAAW;;CAEvB,CAAC"}

package/dist/browser/msal/nodeFlows/msalPlugins.js

@@ -0,0 +1,87 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { CACHE_CAE_SUFFIX, CACHE_NON_CAE_SUFFIX, DEFAULT_TOKEN_CACHE_NAME, } from "../../constants.js";
+/**
+ * The current persistence provider, undefined by default.
+ * @internal
+ */
+export let persistenceProvider = undefined;
+/**
+ * An object that allows setting the persistence provider.
+ * @internal
+ */
+export const msalNodeFlowCacheControl = {
+    setPersistence(pluginProvider) {
+        persistenceProvider = pluginProvider;
+    },
+};
+/**
+ * The current native broker provider, undefined by default.
+ * @internal
+ */
+export let nativeBrokerInfo = undefined;
+export function hasNativeBroker() {
+    return nativeBrokerInfo !== undefined;
+}
+/**
+ * An object that allows setting the native broker provider.
+ * @internal
+ */
+export const msalNodeFlowNativeBrokerControl = {
+    setNativeBroker(broker) {
+        nativeBrokerInfo = {
+            broker,
+        };
+    },
+};
+/**
+ * Configures plugins, validating that required plugins are available and enabled.
+ *
+ * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.
+ *
+ * @param options - options for creating the MSAL client
+ * @returns plugin configuration
+ */
+function generatePluginConfiguration(options) {
+    var _a, _b, _c, _d, _e, _f, _g;
+    const config = {
+        cache: {},
+        broker: {
+            isEnabled: (_b = (_a = options.brokerOptions) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : false,
+            enableMsaPassthrough: (_d = (_c = options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough) !== null && _d !== void 0 ? _d : false,
+            parentWindowHandle: (_e = options.brokerOptions) === null || _e === void 0 ? void 0 : _e.parentWindowHandle,
+        },
+    };
+    if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
+        if (persistenceProvider === undefined) {
+            throw new Error([
+                "Persistent token caching was requested, but no persistence provider was configured.",
+                "You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
+                "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
+                "`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.",
+            ].join(" "));
+        }
+        const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;
+        config.cache.cachePlugin = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
+        config.cache.cachePluginCae = persistenceProvider(Object.assign({ name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions));
+    }
+    if ((_g = options.brokerOptions) === null || _g === void 0 ? void 0 : _g.enabled) {
+        if (nativeBrokerInfo === undefined) {
+            throw new Error([
+                "Broker for WAM was requested to be enabled, but no native broker was configured.",
+                "You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)",
+                "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
+                "`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.",
+            ].join(" "));
+        }
+        config.broker.nativeBrokerPlugin = nativeBrokerInfo.broker;
+    }
+    return config;
+}
+/**
+ * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.
+ */
+export const msalPlugins = {
+    generatePluginConfiguration,
+};
+//# sourceMappingURL=msalPlugins.js.map

package/dist/browser/msal/nodeFlows/msalPlugins.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAoD5B;;;GAGG;AACH,MAAM,CAAC,IAAI,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,mBAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,IAAI,gBAAgB,GAIX,SAAS,CAAC;AAE1B,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,gBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,SAAS,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,mCAAI,KAAK;YAClD,oBAAoB,EAAE,MAAA,MAAA,OAAO,CAAC,aAAa,0CAAE,0BAA0B,mCAAI,KAAK;YAChF,kBAAkB,EAAE,MAAA,OAAO,CAAC,aAAa,0CAAE,kBAAkB;SAC9D;KACF,CAAC;IAEF,IAAI,MAAA,OAAO,CAAC,4BAA4B,0CAAE,OAAO,EAAE,CAAC;QAClD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,wBAAwB,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,mBAAmB,iBAC5C,IAAI,EAAE,GAAG,aAAa,IAAI,oBAAoB,EAAE,IAC7C,OAAO,CAAC,4BAA4B,EACvC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,mBAAmB,iBAC/C,IAAI,EAAE,GAAG,aAAa,IAAI,gBAAgB,EAAE,IACzC,OAAO,CAAC,4BAA4B,EACvC,CAAC;IACL,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,aAAa,0CAAE,OAAO,EAAE,CAAC;QACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb;gBACE,kFAAkF;gBAClF,mGAAmG;gBACnG,mFAAmF;gBACnF,8EAA8E;aAC/E,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,gBAAiB,CAAC,MAAM,CAAC;IAC9D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type * as msalNode from \"@azure/msal-node\";\n\nimport {\n  CACHE_CAE_SUFFIX,\n  CACHE_NON_CAE_SUFFIX,\n  DEFAULT_TOKEN_CACHE_NAME,\n} from \"../../constants.js\";\n\nimport type { MsalClientOptions } from \"./msalClient.js\";\nimport type { NativeBrokerPluginControl } from \"../../plugins/provider.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    /**\n     * The non-CAE cache plugin handler.\n     */\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    /**\n     * The CAE cache plugin handler - persisted to a different file.\n     */\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    /**\n     * True if the broker plugin is enabled and available. False otherwise.\n     *\n     * It is a bug if this is true and the broker plugin is not available.\n     */\n    isEnabled: boolean;\n    /**\n     * If true, MSA account will be passed through, required for WAM authentication.\n     */\n    enableMsaPassthrough: boolean;\n    /**\n     * The parent window handle for the broker.\n     */\n    parentWindowHandle?: Uint8Array;\n    /**\n     * The native broker plugin handler.\n     */\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n    /**\n     * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication. Default is set to false.\n     */\n    useDefaultBrokerAccount?: boolean;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      isEnabled: options.brokerOptions?.enabled ?? false,\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n      parentWindowHandle: options.brokerOptions?.parentWindowHandle,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (nativeBrokerInfo === undefined) {\n      throw new Error(\n        [\n          \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n          \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.\",\n        ].join(\" \"),\n      );\n    }\n    config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n  }\n\n  return config;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}

package/dist/browser/msal/nodeFlows/tokenCachePersistenceOptions.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Parameters that enable token cache persistence in the Identity credentials.
+ */
+export interface TokenCachePersistenceOptions {
+    /**
+     * If set to true, persistent token caching will be enabled for this credential instance.
+     */
+    enabled: boolean;
+    /**
+     * Unique identifier for the persistent token cache.
+     *
+     * Based on this identifier, the persistence file will be located in any of the following places:
+     * - Darwin: '/Users/user/.IdentityService/<name>'
+     * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'
+     * - Linux: '/home/user/.IdentityService/<name>'
+     */
+    name?: string;
+    /**
+     * If set to true, the cache will be stored without encryption if no OS level user encryption is available.
+     * When set to false, the PersistentTokenCache will throw an error if no OS level user encryption is available.
+     */
+    unsafeAllowUnencryptedStorage?: boolean;
+}
+//# sourceMappingURL=tokenCachePersistenceOptions.d.ts.map

package/dist/browser/msal/nodeFlows/tokenCachePersistenceOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenCachePersistenceOptions.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/tokenCachePersistenceOptions.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IACjB;;;;;;;OAOG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC"}

package/dist/browser/msal/types.d.ts

@@ -0,0 +1,87 @@
+/**
+ * @internal
+ */
+export type AppType = "public" | "confidential" | "publicFirst" | "confidentialFirst";
+/**
+ * The shape we use return the token (and the expiration date).
+ * @internal
+ */
+export interface MsalToken {
+    accessToken?: string;
+    expiresOn: Date | null;
+}
+/**
+ * Represents a valid (i.e. complete) MSAL token.
+ */
+export type ValidMsalToken = {
+    [P in keyof MsalToken]-?: NonNullable<MsalToken[P]>;
+};
+/**
+ * Internal representation of MSAL's Account information.
+ * Helps us to disambiguate the MSAL classes accross environments.
+ * @internal
+ */
+export interface MsalAccountInfo {
+    homeAccountId: string;
+    environment?: string;
+    tenantId: string;
+    username: string;
+    localAccountId: string;
+    name?: string;
+    idTokenClaims?: object;
+}
+/**
+ * Represents the common properties of any of the MSAL responses.
+ * @internal
+ */
+export interface MsalResult {
+    authority?: string;
+    account: MsalAccountInfo | null;
+    accessToken: string;
+    expiresOn: Date | null;
+    refreshOn?: Date | null;
+}
+/**
+ * The record to use to find the cached tokens in the cache.
+ */
+export interface AuthenticationRecord {
+    /**
+     * Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
+     */
+    authority: string;
+    /**
+     * The home account Id.
+     */
+    homeAccountId: string;
+    /**
+     * The associated client ID.
+     */
+    clientId: string;
+    /**
+     * The associated tenant ID.
+     */
+    tenantId: string;
+    /**
+     * The username of the logged in account.
+     */
+    username: string;
+}
+/**
+ * Represents a parsed certificate
+ * @internal
+ */
+export interface CertificateParts {
+    /**
+     * Hex encoded X.509 SHA-1 thumbprint of the certificate.
+     */
+    thumbprint: string;
+    /**
+     * The PEM encoded private key.
+     */
+    privateKey: string;
+    /**
+     * x5c header.
+     */
+    x5c?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/browser/msal/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/msal/types.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,cAAc,GAAG,aAAa,GAAG,mBAAmB,CAAC;AAEtF;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;KAAG,CAAC,IAAI,MAAM,SAAS,CAAC,CAAC,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CAAE,CAAC;AAErF;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,eAAe,GAAG,IAAI,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd"}

package/dist/browser/msal/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/msal/types.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * @internal\n */\nexport type AppType = \"public\" | \"confidential\" | \"publicFirst\" | \"confidentialFirst\";\n\n/**\n * The shape we use return the token (and the expiration date).\n * @internal\n */\nexport interface MsalToken {\n  accessToken?: string;\n  expiresOn: Date | null;\n}\n\n/**\n * Represents a valid (i.e. complete) MSAL token.\n */\nexport type ValidMsalToken = { [P in keyof MsalToken]-?: NonNullable<MsalToken[P]> };\n\n/**\n * Internal representation of MSAL's Account information.\n * Helps us to disambiguate the MSAL classes accross environments.\n * @internal\n */\nexport interface MsalAccountInfo {\n  homeAccountId: string;\n  environment?: string;\n  tenantId: string;\n  username: string;\n  localAccountId: string;\n  name?: string;\n  // Leaving idTokenClaims as object since that's how MSAL has this assigned.\n  idTokenClaims?: object;\n}\n\n/**\n * Represents the common properties of any of the MSAL responses.\n * @internal\n */\nexport interface MsalResult {\n  authority?: string;\n  account: MsalAccountInfo | null;\n  accessToken: string;\n  expiresOn: Date | null;\n  refreshOn?: Date | null;\n}\n\n/**\n * The record to use to find the cached tokens in the cache.\n */\nexport interface AuthenticationRecord {\n  /**\n   * Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)\n   */\n  authority: string;\n  /**\n   * The home account Id.\n   */\n  homeAccountId: string;\n  /**\n   * The associated client ID.\n   */\n  clientId: string;\n  /**\n   * The associated tenant ID.\n   */\n  tenantId: string;\n  /**\n   * The username of the logged in account.\n   */\n  username: string;\n}\n\n/**\n * Represents a parsed certificate\n * @internal\n */\nexport interface CertificateParts {\n  /**\n   * Hex encoded X.509 SHA-1 thumbprint of the certificate.\n   */\n  thumbprint: string;\n\n  /**\n   * The PEM encoded private key.\n   */\n  privateKey: string;\n  /**\n   * x5c header.\n   */\n  x5c?: string;\n}\n"]}

package/dist/browser/msal/utils.d.ts

@@ -0,0 +1,95 @@
+import type { AuthenticationRecord, MsalAccountInfo, MsalToken, ValidMsalToken } from "./types.js";
+import type { CredentialLogger } from "../util/logging.js";
+import type { AzureLogLevel } from "@azure/logger";
+import type { GetTokenOptions } from "@azure/core-auth";
+import { msalCommon } from "./msal.js";
+export interface ILoggerCallback {
+    (level: msalCommon.LogLevel, message: string, containsPii: boolean): void;
+}
+/**
+ * Ensures the validity of the MSAL token
+ * @internal
+ */
+export declare function ensureValidMsalToken(scopes: string | string[], msalToken?: MsalToken | null, getTokenOptions?: GetTokenOptions): asserts msalToken is ValidMsalToken;
+/**
+ * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.
+ *
+ * Defaults to {@link DefaultAuthorityHost}.
+ * @internal
+ */
+export declare function getAuthorityHost(options?: {
+    authorityHost?: string;
+}): string;
+/**
+ * Generates a valid authority by combining a host with a tenantId.
+ * @internal
+ */
+export declare function getAuthority(tenantId: string, host?: string): string;
+/**
+ * Generates the known authorities.
+ * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.
+ * For that reason, we have to force MSAL to disable validating the authority
+ * by sending it within the known authorities in the MSAL configuration.
+ * @internal
+ */
+export declare function getKnownAuthorities(tenantId: string, authorityHost: string, disableInstanceDiscovery?: boolean): string[];
+/**
+ * Generates a logger that can be passed to the MSAL clients.
+ * @param credLogger - The logger of the credential.
+ * @internal
+ */
+export declare const defaultLoggerCallback: (logger: CredentialLogger, platform?: "Node" | "Browser") => ILoggerCallback;
+/**
+ * @internal
+ */
+export declare function getMSALLogLevel(logLevel: AzureLogLevel | undefined): msalCommon.LogLevel;
+/**
+ * Wraps core-util's randomUUID in order to allow for mocking in tests.
+ * This prepares the library for the upcoming core-util update to ESM.
+ *
+ * @internal
+ * @returns A string containing a random UUID
+ */
+export declare function randomUUID(): string;
+/**
+ * Handles MSAL errors.
+ */
+export declare function handleMsalError(scopes: string[], error: Error, getTokenOptions?: GetTokenOptions): Error;
+export declare function publicToMsal(account: AuthenticationRecord): msalCommon.AccountInfo;
+export declare function msalToPublic(clientId: string, account: MsalAccountInfo): AuthenticationRecord;
+/**
+ * Serializes an `AuthenticationRecord` into a string.
+ *
+ * The output of a serialized authentication record will contain the following properties:
+ *
+ * - "authority"
+ * - "homeAccountId"
+ * - "clientId"
+ * - "tenantId"
+ * - "username"
+ * - "version"
+ *
+ * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.
+ */
+export declare function serializeAuthenticationRecord(record: AuthenticationRecord): string;
+/**
+ * Deserializes a previously serialized authentication record from a string into an object.
+ *
+ * The input string must contain the following properties:
+ *
+ * - "authority"
+ * - "homeAccountId"
+ * - "clientId"
+ * - "tenantId"
+ * - "username"
+ * - "version"
+ *
+ * If the version we receive is unsupported, an error will be thrown.
+ *
+ * At the moment, the only available version is: "1.0", which is always set when the authentication record is serialized.
+ *
+ * @param serializedRecord - Authentication record previously serialized into string.
+ * @returns AuthenticationRecord.
+ */
+export declare function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord;
+//# sourceMappingURL=utils.d.ts.map

package/dist/browser/msal/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEnG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAM3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,CAAC,KAAK,EAAE,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3E;AAaD;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,EAC5B,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,SAAS,IAAI,cAAc,CAkBrC;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAAE,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ7E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAYpE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,wBAAwB,CAAC,EAAE,OAAO,GACjC,MAAM,EAAE,CAKV;AAED;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,CAClC,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,KAC1B,eAoBF,CAAC;AAEJ;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAcxF;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,EAAE,KAAK,EACZ,eAAe,CAAC,EAAE,eAAe,GAChC,KAAK,CA6CP;AAGD,wBAAgB,YAAY,CAAC,OAAO,EAAE,oBAAoB,GAAG,UAAU,CAAC,WAAW,CAQlF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,oBAAoB,CAU7F;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAElF;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,+BAA+B,CAAC,gBAAgB,EAAE,MAAM,GAAG,oBAAoB,CAQ9F"}

package/dist/browser/msal/utils.js

@@ -0,0 +1,238 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { AuthenticationRequiredError, CredentialUnavailableError } from "../errors.js";
+import { credentialLogger, formatError } from "../util/logging.js";
+import { DefaultAuthority, DefaultAuthorityHost, DefaultTenantId } from "../constants.js";
+import { randomUUID as coreRandomUUID, isNode, isNodeLike } from "@azure/core-util";
+import { AbortError } from "@azure/abort-controller";
+import { msalCommon } from "./msal.js";
+/**
+ * @internal
+ */
+const logger = credentialLogger("IdentityUtils");
+/**
+ * Latest AuthenticationRecord version
+ * @internal
+ */
+const LatestAuthenticationRecordVersion = "1.0";
+/**
+ * Ensures the validity of the MSAL token
+ * @internal
+ */
+export function ensureValidMsalToken(scopes, msalToken, getTokenOptions) {
+    const error = (message) => {
+        logger.getToken.info(message);
+        return new AuthenticationRequiredError({
+            scopes: Array.isArray(scopes) ? scopes : [scopes],
+            getTokenOptions,
+            message,
+        });
+    };
+    if (!msalToken) {
+        throw error("No response");
+    }
+    if (!msalToken.expiresOn) {
+        throw error(`Response had no "expiresOn" property.`);
+    }
+    if (!msalToken.accessToken) {
+        throw error(`Response had no "accessToken" property.`);
+    }
+}
+/**
+ * Returns the authority host from either the options bag or the AZURE_AUTHORITY_HOST environment variable.
+ *
+ * Defaults to {@link DefaultAuthorityHost}.
+ * @internal
+ */
+export function getAuthorityHost(options) {
+    let authorityHost = options === null || options === void 0 ? void 0 : options.authorityHost;
+    if (!authorityHost && isNodeLike) {
+        authorityHost = process.env.AZURE_AUTHORITY_HOST;
+    }
+    return authorityHost !== null && authorityHost !== void 0 ? authorityHost : DefaultAuthorityHost;
+}
+/**
+ * Generates a valid authority by combining a host with a tenantId.
+ * @internal
+ */
+export function getAuthority(tenantId, host) {
+    if (!host) {
+        host = DefaultAuthorityHost;
+    }
+    if (new RegExp(`${tenantId}/?$`).test(host)) {
+        return host;
+    }
+    if (host.endsWith("/")) {
+        return host + tenantId;
+    }
+    else {
+        return `${host}/${tenantId}`;
+    }
+}
+/**
+ * Generates the known authorities.
+ * If the Tenant Id is `adfs`, the authority can't be validated since the format won't match the expected one.
+ * For that reason, we have to force MSAL to disable validating the authority
+ * by sending it within the known authorities in the MSAL configuration.
+ * @internal
+ */
+export function getKnownAuthorities(tenantId, authorityHost, disableInstanceDiscovery) {
+    if ((tenantId === "adfs" && authorityHost) || disableInstanceDiscovery) {
+        return [authorityHost];
+    }
+    return [];
+}
+/**
+ * Generates a logger that can be passed to the MSAL clients.
+ * @param credLogger - The logger of the credential.
+ * @internal
+ */
+export const defaultLoggerCallback = (credLogger, platform = isNode ? "Node" : "Browser") => (level, message, containsPii) => {
+    if (containsPii) {
+        return;
+    }
+    switch (level) {
+        case msalCommon.LogLevel.Error:
+            credLogger.info(`MSAL ${platform} V2 error: ${message}`);
+            return;
+        case msalCommon.LogLevel.Info:
+            credLogger.info(`MSAL ${platform} V2 info message: ${message}`);
+            return;
+        case msalCommon.LogLevel.Verbose:
+            credLogger.info(`MSAL ${platform} V2 verbose message: ${message}`);
+            return;
+        case msalCommon.LogLevel.Warning:
+            credLogger.info(`MSAL ${platform} V2 warning: ${message}`);
+            return;
+    }
+};
+/**
+ * @internal
+ */
+export function getMSALLogLevel(logLevel) {
+    switch (logLevel) {
+        case "error":
+            return msalCommon.LogLevel.Error;
+        case "info":
+            return msalCommon.LogLevel.Info;
+        case "verbose":
+            return msalCommon.LogLevel.Verbose;
+        case "warning":
+            return msalCommon.LogLevel.Warning;
+        default:
+            // default msal logging level should be Info
+            return msalCommon.LogLevel.Info;
+    }
+}
+/**
+ * Wraps core-util's randomUUID in order to allow for mocking in tests.
+ * This prepares the library for the upcoming core-util update to ESM.
+ *
+ * @internal
+ * @returns A string containing a random UUID
+ */
+export function randomUUID() {
+    return coreRandomUUID();
+}
+/**
+ * Handles MSAL errors.
+ */
+export function handleMsalError(scopes, error, getTokenOptions) {
+    if (error.name === "AuthError" ||
+        error.name === "ClientAuthError" ||
+        error.name === "BrowserAuthError") {
+        const msalError = error;
+        switch (msalError.errorCode) {
+            case "endpoints_resolution_error":
+                logger.info(formatError(scopes, error.message));
+                return new CredentialUnavailableError(error.message);
+            case "device_code_polling_cancelled":
+                return new AbortError("The authentication has been aborted by the caller.");
+            case "consent_required":
+            case "interaction_required":
+            case "login_required":
+                logger.info(formatError(scopes, `Authentication returned errorCode ${msalError.errorCode}`));
+                break;
+            default:
+                logger.info(formatError(scopes, `Failed to acquire token: ${error.message}`));
+                break;
+        }
+    }
+    if (error.name === "ClientConfigurationError" ||
+        error.name === "BrowserConfigurationAuthError" ||
+        error.name === "AbortError" ||
+        error.name === "AuthenticationError") {
+        return error;
+    }
+    if (error.name === "NativeAuthError") {
+        logger.info(formatError(scopes, `Error from the native broker: ${error.message} with status code: ${error.statusCode}`));
+        return error;
+    }
+    return new AuthenticationRequiredError({ scopes, getTokenOptions, message: error.message });
+}
+// transformations
+export function publicToMsal(account) {
+    return {
+        localAccountId: account.homeAccountId,
+        environment: account.authority,
+        username: account.username,
+        homeAccountId: account.homeAccountId,
+        tenantId: account.tenantId,
+    };
+}
+export function msalToPublic(clientId, account) {
+    var _a;
+    const record = {
+        authority: (_a = account.environment) !== null && _a !== void 0 ? _a : DefaultAuthority,
+        homeAccountId: account.homeAccountId,
+        tenantId: account.tenantId || DefaultTenantId,
+        username: account.username,
+        clientId,
+        version: LatestAuthenticationRecordVersion,
+    };
+    return record;
+}
+/**
+ * Serializes an `AuthenticationRecord` into a string.
+ *
+ * The output of a serialized authentication record will contain the following properties:
+ *
+ * - "authority"
+ * - "homeAccountId"
+ * - "clientId"
+ * - "tenantId"
+ * - "username"
+ * - "version"
+ *
+ * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.
+ */
+export function serializeAuthenticationRecord(record) {
+    return JSON.stringify(record);
+}
+/**
+ * Deserializes a previously serialized authentication record from a string into an object.
+ *
+ * The input string must contain the following properties:
+ *
+ * - "authority"
+ * - "homeAccountId"
+ * - "clientId"
+ * - "tenantId"
+ * - "username"
+ * - "version"
+ *
+ * If the version we receive is unsupported, an error will be thrown.
+ *
+ * At the moment, the only available version is: "1.0", which is always set when the authentication record is serialized.
+ *
+ * @param serializedRecord - Authentication record previously serialized into string.
+ * @returns AuthenticationRecord.
+ */
+export function deserializeAuthenticationRecord(serializedRecord) {
+    const parsed = JSON.parse(serializedRecord);
+    if (parsed.version && parsed.version !== LatestAuthenticationRecordVersion) {
+        throw Error("Unsupported AuthenticationRecord version");
+    }
+    return parsed;
+}
+//# sourceMappingURL=utils.js.map