npm - @azure/identity - Versions diffs - 4.6.0 → 4.6.1-alpha.20250116.2 - Mend

@azure/identity 4.6.0 → 4.6.1-alpha.20250116.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1115) hide show

package/dist/commonjs/constants.js ADDED Viewed

@@ -0,0 +1,78 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_TOKEN_CACHE_NAME = exports.CACHE_NON_CAE_SUFFIX = exports.CACHE_CAE_SUFFIX = exports.ALL_TENANTS = exports.DefaultAuthority = exports.DefaultAuthorityHost = exports.AzureAuthorityHosts = exports.DefaultTenantId = exports.DeveloperSignOnClientId = exports.SDK_VERSION = void 0;
+/**
+ * Current version of the `@azure/identity` package.
+ */
+exports.SDK_VERSION = `4.6.1`;
+/**
+ * The default client ID for authentication
+ * @internal
+ */
+// TODO: temporary - this is the Azure CLI clientID - we'll replace it when
+// Developer Sign On application is available
+// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9
+exports.DeveloperSignOnClientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
+/**
+ * The default tenant for authentication
+ * @internal
+ */
+exports.DefaultTenantId = "common";
+/**
+ * A list of known Azure authority hosts
+ */
+var AzureAuthorityHosts;
+(function (AzureAuthorityHosts) {
+    /**
+     * China-based Azure Authority Host
+     */
+    AzureAuthorityHosts["AzureChina"] = "https://login.chinacloudapi.cn";
+    /**
+     * Germany-based Azure Authority Host
+     *
+     * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.
+     *
+     * */
+    AzureAuthorityHosts["AzureGermany"] = "https://login.microsoftonline.de";
+    /**
+     * US Government Azure Authority Host
+     */
+    AzureAuthorityHosts["AzureGovernment"] = "https://login.microsoftonline.us";
+    /**
+     * Public Cloud Azure Authority Host
+     */
+    AzureAuthorityHosts["AzurePublicCloud"] = "https://login.microsoftonline.com";
+})(AzureAuthorityHosts || (exports.AzureAuthorityHosts = AzureAuthorityHosts = {}));
+/**
+ * @internal
+ * The default authority host.
+ */
+exports.DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;
+/**
+ * @internal
+ * The default environment host for Azure Public Cloud
+ */
+exports.DefaultAuthority = "login.microsoftonline.com";
+/**
+ * @internal
+ * Allow acquiring tokens for any tenant for multi-tentant auth.
+ */
+exports.ALL_TENANTS = ["*"];
+/**
+ * @internal
+ */
+exports.CACHE_CAE_SUFFIX = "cae";
+/**
+ * @internal
+ */
+exports.CACHE_NON_CAE_SUFFIX = "nocae";
+/**
+ * @internal
+ *
+ * The default name for the cache persistence plugin.
+ * Matches the constant defined in the cache persistence package.
+ */
+exports.DEFAULT_TOKEN_CACHE_NAME = "msal.cache";
+//# sourceMappingURL=constants.js.map

package/dist/commonjs/constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC;;GAEG;AACU,QAAA,WAAW,GAAG,OAAO,CAAC;AAEnC;;;GAGG;AACH,2EAA2E;AAC3E,6CAA6C;AAC7C,uGAAuG;AAC1F,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;GAGG;AACU,QAAA,eAAe,GAAG,QAAQ,CAAC;AAExC;;GAEG;AACH,IAAY,mBAoBX;AApBD,WAAY,mBAAmB;IAC7B;;OAEG;IACH,oEAA6C,CAAA;IAC7C;;;;;SAKK;IACL,wEAAiD,CAAA;IACjD;;OAEG;IACH,2EAAoD,CAAA;IACpD;;OAEG;IACH,6EAAsD,CAAA;AACxD,CAAC,EApBW,mBAAmB,mCAAnB,mBAAmB,QAoB9B;AAED;;;GAGG;AACU,QAAA,oBAAoB,GAAG,mBAAmB,CAAC,gBAAgB,CAAC;AAEzE;;;GAGG;AACU,QAAA,gBAAgB,GAAG,2BAA2B,CAAC;AAE5D;;;GAGG;AACU,QAAA,WAAW,GAAa,CAAC,GAAG,CAAC,CAAC;AAE3C;;GAEG;AACU,QAAA,gBAAgB,GAAG,KAAK,CAAC;AAEtC;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAO,CAAC;AAE5C;;;;;GAKG;AACU,QAAA,wBAAwB,GAAG,YAAY,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Current version of the `@azure/identity` package.\n */\nexport const SDK_VERSION = `4.6.1`;\n\n/**\n * The default client ID for authentication\n * @internal\n */\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/**\n * The default tenant for authentication\n * @internal\n */\nexport const DefaultTenantId = \"common\";\n\n/**\n * A list of known Azure authority hosts\n */\nexport enum AzureAuthorityHosts {\n /**\n * China-based Azure Authority Host\n */\n AzureChina = \"https://login.chinacloudapi.cn\",\n /**\n * Germany-based Azure Authority Host\n *\n * @deprecated Microsoft Cloud Germany was closed on October 29th, 2021.\n *\n * */\n AzureGermany = \"https://login.microsoftonline.de\",\n /**\n * US Government Azure Authority Host\n */\n AzureGovernment = \"https://login.microsoftonline.us\",\n /**\n * Public Cloud Azure Authority Host\n */\n AzurePublicCloud = \"https://login.microsoftonline.com\",\n}\n\n/**\n * @internal\n * The default authority host.\n */\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n\n/**\n * @internal\n * The default environment host for Azure Public Cloud\n */\nexport const DefaultAuthority = \"login.microsoftonline.com\";\n\n/**\n * @internal\n * Allow acquiring tokens for any tenant for multi-tentant auth.\n */\nexport const ALL_TENANTS: string[] = [\"*\"];\n\n/**\n * @internal\n */\nexport const CACHE_CAE_SUFFIX = \"cae\";\n\n/**\n * @internal\n */\nexport const CACHE_NON_CAE_SUFFIX = \"nocae\";\n\n/**\n * @internal\n *\n * The default name for the cache persistence plugin.\n * Matches the constant defined in the cache persistence package.\n */\nexport const DEFAULT_TOKEN_CACHE_NAME = \"msal.cache\";\n"]}

package/dist/commonjs/credentials/authorityValidationOptions.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Provides options to configure how the Identity library
+ * does authority validation during authentication requests
+ * to Microsoft Entra ID.
+ */
+export interface AuthorityValidationOptions {
+    /**
+     * The field determines whether instance discovery is performed when attempting to authenticate.
+     * Setting this to `true` will completely disable both instance discovery and authority validation.
+     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
+     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
+     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
+     */
+    disableInstanceDiscovery?: boolean;
+}
+//# sourceMappingURL=authorityValidationOptions.d.ts.map

package/dist/commonjs/credentials/authorityValidationOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"authorityValidationOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;;OAMG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}

package/dist/commonjs/credentials/authorityValidationOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authorityValidationOptions.js.map

package/dist/commonjs/credentials/authorityValidationOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorityValidationOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorityValidationOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/**\n * Provides options to configure how the Identity library\n * does authority validation during authentication requests\n * to Microsoft Entra ID.\n */\nexport interface AuthorityValidationOptions {\n /**\n * The field determines whether instance discovery is performed when attempting to authenticate.\n * Setting this to `true` will completely disable both instance discovery and authority validation.\n * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.\n * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.\n * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.\n */\n disableInstanceDiscovery?: boolean;\n}\n"]}

package/dist/commonjs/credentials/authorizationCodeCredential.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { AuthorizationCodeCredentialOptions } from "./authorizationCodeCredentialOptions.js";
+/**
+ * Enables authentication to Microsoft Entra ID using an authorization code
+ * that was obtained through the authorization code flow, described in more detail
+ * in the Microsoft Entra ID documentation:
+ *
+ * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
+ */
+export declare class AuthorizationCodeCredential implements TokenCredential {
+    private msalClient;
+    private disableAutomaticAuthentication?;
+    private authorizationCode;
+    private redirectUri;
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private clientSecret?;
+    /**
+     * Creates an instance of AuthorizationCodeCredential with the details needed
+     * to request an access token using an authentication that was obtained
+     * from Microsoft Entra ID.
+     *
+     * It is currently necessary for the user of this credential to initiate
+     * the authorization code flow to obtain an authorization code to be used
+     * with this credential.  A full example of this flow is provided here:
+     *
+     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
+     *                 'common' may be used when dealing with multi-tenant scenarios.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param clientSecret - A client secret that was generated for the App Registration
+     * @param authorizationCode - An authorization code that was received from following the
+                                authorization code flow.  This authorization code must not
+                                have already been used to obtain an access token.
+     * @param redirectUri - The redirect URI that was used to request the authorization code.
+                          Must be the same URI that is configured for the App Registration.
+     * @param options - Options for configuring the client which makes the access token request.
+     */
+    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
+    /**
+     * Creates an instance of AuthorizationCodeCredential with the details needed
+     * to request an access token using an authentication that was obtained
+     * from Microsoft Entra ID.
+     *
+     * It is currently necessary for the user of this credential to initiate
+     * the authorization code flow to obtain an authorization code to be used
+     * with this credential.  A full example of this flow is provided here:
+     *
+     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
+     *
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
+     *                 'common' may be used when dealing with multi-tenant scenarios.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param authorizationCode - An authorization code that was received from following the
+                                authorization code flow.  This authorization code must not
+                                have already been used to obtain an access token.
+     * @param redirectUri - The redirect URI that was used to request the authorization code.
+                          Must be the same URI that is configured for the App Registration.
+     * @param options - Options for configuring the client which makes the access token request.
+     */
+    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+//# sourceMappingURL=authorizationCodeCredential.d.ts.map

package/dist/commonjs/credentials/authorizationCodeCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAKtF,OAAO,KAAK,EAAE,kCAAkC,EAAE,MAAM,yCAAyC,CAAC;AAUlG;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,8BAA8B,CAAC,CAAU;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;;;;;;;;;;;;;;;OAqBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IAE9C;;;;;;;;;;;;;;;;;;;;OAoBG;gBAED,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAC3B,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,kCAAkC;IA2C9C;;;;;;;OAOG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;CA0B/F"}

package/dist/commonjs/credentials/authorizationCodeCredential.js ADDED Viewed

@@ -0,0 +1,64 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationCodeCredential = void 0;
+const tenantIdUtils_js_1 = require("../util/tenantIdUtils.js");
+const tenantIdUtils_js_2 = require("../util/tenantIdUtils.js");
+const logging_js_1 = require("../util/logging.js");
+const scopeUtils_js_1 = require("../util/scopeUtils.js");
+const tracing_js_1 = require("../util/tracing.js");
+const msalClient_js_1 = require("../msal/nodeFlows/msalClient.js");
+const logger = (0, logging_js_1.credentialLogger)("AuthorizationCodeCredential");
+/**
+ * Enables authentication to Microsoft Entra ID using an authorization code
+ * that was obtained through the authorization code flow, described in more detail
+ * in the Microsoft Entra ID documentation:
+ *
+ * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
+ */
+class AuthorizationCodeCredential {
+    /**
+     * @hidden
+     * @internal
+     */
+    constructor(tenantId, clientId, clientSecretOrAuthorizationCode, authorizationCodeOrRedirectUri, redirectUriOrOptions, options) {
+        (0, tenantIdUtils_js_2.checkTenantId)(logger, tenantId);
+        this.clientSecret = clientSecretOrAuthorizationCode;
+        if (typeof redirectUriOrOptions === "string") {
+            // the clientId+clientSecret constructor
+            this.authorizationCode = authorizationCodeOrRedirectUri;
+            this.redirectUri = redirectUriOrOptions;
+            // in this case, options are good as they come
+        }
+        else {
+            // clientId only
+            this.authorizationCode = clientSecretOrAuthorizationCode;
+            this.redirectUri = authorizationCodeOrRedirectUri;
+            this.clientSecret = undefined;
+            options = redirectUriOrOptions;
+        }
+        // TODO: Validate tenant if provided
+        this.tenantId = tenantId;
+        this.additionallyAllowedTenantIds = (0, tenantIdUtils_js_1.resolveAdditionallyAllowedTenantIds)(options === null || options === void 0 ? void 0 : options.additionallyAllowedTenants);
+        this.msalClient = (0, msalClient_js_1.createMsalClient)(clientId, tenantId, Object.assign(Object.assign({}, options), { logger, tokenCredentialOptions: options !== null && options !== void 0 ? options : {} }));
+    }
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    async getToken(scopes, options = {}) {
+        return tracing_js_1.tracingClient.withSpan(`${this.constructor.name}.getToken`, options, async (newOptions) => {
+            const tenantId = (0, tenantIdUtils_js_1.processMultiTenantRequest)(this.tenantId, newOptions, this.additionallyAllowedTenantIds);
+            newOptions.tenantId = tenantId;
+            const arrayScopes = (0, scopeUtils_js_1.ensureScopes)(scopes);
+            return this.msalClient.getTokenByAuthorizationCode(arrayScopes, this.redirectUri, this.authorizationCode, this.clientSecret, Object.assign(Object.assign({}, newOptions), { disableAutomaticAuthentication: this.disableAutomaticAuthentication }));
+        });
+    }
+}
+exports.AuthorizationCodeCredential = AuthorizationCodeCredential;
+//# sourceMappingURL=authorizationCodeCredential.js.map

package/dist/commonjs/credentials/authorizationCodeCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredential.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAGlC,+DAGkC;AAElC,+DAAyD;AACzD,mDAAsD;AACtD,yDAAqD;AACrD,mDAAmD;AAEnD,mEAAmE;AAEnE,MAAM,MAAM,GAAG,IAAA,6BAAgB,EAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAa,2BAA2B;IAmEtC;;;OAGG;IACH,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAA6E,EAC7E,OAA4C;QAE5C,IAAA,gCAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;QAEpD,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;YAC7C,wCAAwC;YACxC,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;YACxC,8CAA8C;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,OAAO,GAAG,oBAA0D,CAAC;QACvE,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,4BAA4B,GAAG,IAAA,sDAAmC,EACrE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,0BAA0B,CACpC,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG,IAAA,gCAAgB,EAAC,QAAQ,EAAE,QAAQ,kCAChD,OAAO,KACV,MAAM,EACN,sBAAsB,EAAE,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,IACrC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAyB,EAAE,UAA2B,EAAE;QACrE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EACnC,OAAO,EACP,KAAK,EAAE,UAAU,EAAE,EAAE;YACnB,MAAM,QAAQ,GAAG,IAAA,4CAAyB,EACxC,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,CAAC,4BAA4B,CAClC,CAAC;YACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE/B,MAAM,WAAW,GAAG,IAAA,4BAAY,EAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC,UAAU,CAAC,2BAA2B,CAChD,WAAW,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,kCAEZ,UAAU,KACb,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,IAEtE,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA9ID,kEA8IC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n} from \"../util/tenantIdUtils.js\";\nimport type { AuthorizationCodeCredentialOptions } from \"./authorizationCodeCredentialOptions.js\";\nimport { checkTenantId } from \"../util/tenantIdUtils.js\";\nimport { credentialLogger } from \"../util/logging.js\";\nimport { ensureScopes } from \"../util/scopeUtils.js\";\nimport { tracingClient } from \"../util/tracing.js\";\nimport type { MsalClient } from \"../msal/nodeFlows/msalClient.js\";\nimport { createMsalClient } from \"../msal/nodeFlows/msalClient.js\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/**\n * Enables authentication to Microsoft Entra ID using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Microsoft Entra ID documentation:\n *\n * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow\n */\nexport class AuthorizationCodeCredential implements TokenCredential {\n private msalClient: MsalClient;\n private disableAutomaticAuthentication?: boolean;\n private authorizationCode: string;\n private redirectUri: string;\n private tenantId?: string;\n private additionallyAllowedTenantIds: string[];\n private clientSecret?: string;\n\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * Creates an instance of AuthorizationCodeCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Microsoft Entra ID.\n *\n * It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n *\n * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts\n *\n * @param tenantId - The Microsoft Entra tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: AuthorizationCodeCredentialOptions,\n );\n /**\n * @hidden\n * @internal\n */\n constructor(\n tenantId: string | \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string | AuthorizationCodeCredentialOptions | undefined,\n options?: AuthorizationCodeCredentialOptions,\n ) {\n checkTenantId(logger, tenantId);\n this.clientSecret = clientSecretOrAuthorizationCode;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // in this case, options are good as they come\n } else {\n // clientId only\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n this.clientSecret = undefined;\n options = redirectUriOrOptions as AuthorizationCodeCredentialOptions;\n }\n\n // TODO: Validate tenant if provided\n this.tenantId = tenantId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.additionallyAllowedTenants,\n );\n\n this.msalClient = createMsalClient(clientId, tenantId, {\n ...options,\n logger,\n tokenCredentialOptions: options ?? {},\n });\n }\n\n /**\n * Authenticates with Microsoft Entra ID and returns an access token if successful.\n * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.\n *\n * @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n */\n async getToken(scopes: string | string[], options: GetTokenOptions = {}): Promise<AccessToken> {\n return tracingClient.withSpan(\n `${this.constructor.name}.getToken`,\n options,\n async (newOptions) => {\n const tenantId = processMultiTenantRequest(\n this.tenantId,\n newOptions,\n this.additionallyAllowedTenantIds,\n );\n newOptions.tenantId = tenantId;\n\n const arrayScopes = ensureScopes(scopes);\n return this.msalClient.getTokenByAuthorizationCode(\n arrayScopes,\n this.redirectUri,\n this.authorizationCode,\n this.clientSecret,\n {\n ...newOptions,\n disableAutomaticAuthentication: this.disableAutomaticAuthentication,\n },\n );\n },\n );\n }\n}\n"]}

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { AuthorityValidationOptions } from "./authorityValidationOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Options for the {@link AuthorizationCodeCredential}
+ */
+export interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+}
+//# sourceMappingURL=authorizationCodeCredentialOptions.d.ts.map

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"authorizationCodeCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,kCACf,SAAQ,iCAAiC,EACvC,0BAA0B;CAAG"}

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authorizationCodeCredentialOptions.js.map

package/dist/commonjs/credentials/authorizationCodeCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorizationCodeCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/authorizationCodeCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { AuthorityValidationOptions } from \"./authorityValidationOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Options for the {@link AuthorizationCodeCredential}\n */\nexport interface AuthorizationCodeCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n AuthorityValidationOptions {}\n"]}

package/dist/commonjs/credentials/azureApplicationCredential.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { AzureApplicationCredentialOptions } from "./azureApplicationCredentialOptions.js";
+import { ChainedTokenCredential } from "./chainedTokenCredential.js";
+/**
+ * Provides a default {@link ChainedTokenCredential} configuration that should
+ * work for most applications that use the Azure SDK.
+ */
+export declare class AzureApplicationCredential extends ChainedTokenCredential {
+    /**
+     * Creates an instance of the AzureApplicationCredential class.
+     *
+     * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications deployed on Azure. The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
+     */
+    constructor(options?: AzureApplicationCredentialOptions);
+}
+//# sourceMappingURL=azureApplicationCredential.d.ts.map

package/dist/commonjs/credentials/azureApplicationCredential.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"azureApplicationCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAChG,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,sBAAsB;IACpE;;;;;;;;;;;;;OAaG;gBACS,OAAO,CAAC,EAAE,iCAAiC;CAOxD"}

package/dist/commonjs/credentials/azureApplicationCredential.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureApplicationCredential = void 0;
+const defaultAzureCredential_js_1 = require("./defaultAzureCredential.js");
+const chainedTokenCredential_js_1 = require("./chainedTokenCredential.js");
+/**
+ * Provides a default {@link ChainedTokenCredential} configuration that should
+ * work for most applications that use the Azure SDK.
+ */
+class AzureApplicationCredential extends chainedTokenCredential_js_1.ChainedTokenCredential {
+    /**
+     * Creates an instance of the AzureApplicationCredential class.
+     *
+     * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications deployed on Azure. The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
+     * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.
+     */
+    constructor(options) {
+        const credentialFunctions = [
+            defaultAzureCredential_js_1.createEnvironmentCredential,
+            defaultAzureCredential_js_1.createDefaultManagedIdentityCredential,
+        ];
+        super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));
+    }
+}
+exports.AzureApplicationCredential = AzureApplicationCredential;
+//# sourceMappingURL=azureApplicationCredential.js.map

package/dist/commonjs/credentials/azureApplicationCredential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureApplicationCredential.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredential.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,2EAGqC;AAGrC,2EAAqE;AAErE;;;GAGG;AACH,MAAa,0BAA2B,SAAQ,kDAAsB;IACpE;;;;;;;;;;;;;OAaG;IACH,YAAY,OAA2C;QACrD,MAAM,mBAAmB,GAAG;YAC1B,uDAA2B;YAC3B,kEAAsC;SACvC,CAAC;QACF,KAAK,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACzF,CAAC;CACF;AAtBD,gEAsBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n createDefaultManagedIdentityCredential,\n createEnvironmentCredential,\n} from \"./defaultAzureCredential.js\";\n\nimport type { AzureApplicationCredentialOptions } from \"./azureApplicationCredentialOptions.js\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential.js\";\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications that use the Azure SDK.\n */\nexport class AzureApplicationCredential extends ChainedTokenCredential {\n /**\n * Creates an instance of the AzureApplicationCredential class.\n *\n * The AzureApplicationCredential provides a default {@link ChainedTokenCredential} configuration that should\n * work for most applications deployed on Azure. The following credential types will be tried, in order:\n *\n * - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n *\n * Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n *\n * @param options - Optional parameters. See {@link AzureApplicationCredentialOptions}.\n */\n constructor(options?: AzureApplicationCredentialOptions) {\n const credentialFunctions = [\n createEnvironmentCredential,\n createDefaultManagedIdentityCredential,\n ];\n super(...credentialFunctions.map((createCredentialFn) => createCredentialFn(options)));\n }\n}\n"]}

package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { CredentialPersistenceOptions } from "./credentialPersistenceOptions.js";
+import type { MultiTenantTokenCredentialOptions } from "./multiTenantTokenCredentialOptions.js";
+/**
+ * Provides options to configure the {@link AzureApplicationCredential} class.
+ */
+export interface AzureApplicationCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
+    /**
+     * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
+     * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
+     */
+    managedIdentityClientId?: string;
+}
+//# sourceMappingURL=azureApplicationCredentialOptions.d.ts.map

package/dist/commonjs/credentials/azureApplicationCredentialOptions.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"azureApplicationCredentialOptions.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAEhG;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,iCAAiC,EACvC,4BAA4B;IAC9B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC"}

package/dist/commonjs/credentials/azureApplicationCredentialOptions.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=azureApplicationCredentialOptions.js.map

package/dist/commonjs/credentials/azureApplicationCredentialOptions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureApplicationCredentialOptions.js","sourceRoot":"","sources":["../../../src/credentials/azureApplicationCredentialOptions.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { CredentialPersistenceOptions } from \"./credentialPersistenceOptions.js\";\nimport type { MultiTenantTokenCredentialOptions } from \"./multiTenantTokenCredentialOptions.js\";\n\n/**\n * Provides options to configure the {@link AzureApplicationCredential} class.\n */\nexport interface AzureApplicationCredentialOptions\n extends MultiTenantTokenCredentialOptions,\n CredentialPersistenceOptions {\n /**\n * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.\n * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.\n */\n managedIdentityClientId?: string;\n}\n"]}

package/dist/commonjs/credentials/azureCliCredential.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
+import type { AzureCliCredentialOptions } from "./azureCliCredentialOptions.js";
+/**
+ * Mockable reference to the CLI credential cliCredentialFunctions
+ * @internal
+ */
+export declare const cliCredentialInternals: {
+    /**
+     * @internal
+     */
+    getSafeWorkingDir(): string;
+    /**
+     * Gets the access token from Azure CLI
+     * @param resource - The resource to use when getting the token
+     * @internal
+     */
+    getAzureCliAccessToken(resource: string, tenantId?: string, subscription?: string, timeout?: number): Promise<{
+        stdout: string;
+        stderr: string;
+        error: Error | null;
+    }>;
+};
+/**
+ * This credential will use the currently logged-in user login information
+ * via the Azure CLI ('az') commandline tool.
+ * To do so, it will read the user access token and expire time
+ * with Azure CLI command "az account get-access-token".
+ */
+export declare class AzureCliCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private timeout?;
+    private subscription?;
+    /**
+     * Creates an instance of the {@link AzureCliCredential}.
+     *
+     * To use this credential, ensure that you have already logged
+     * in via the 'az' tool using the command "az login" from the commandline.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options?: AzureCliCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    /**
+     * Parses the raw JSON response from the Azure CLI into a usable AccessToken object
+     *
+     * @param rawResponse - The raw JSON response from the Azure CLI
+     * @returns An access token with the expiry time parsed from the raw response
+     *
+     * The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
+     *
+     * When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
+     */
+    private parseRawResponse;
+}
+//# sourceMappingURL=azureCliCredential.d.ts.map

package/dist/commonjs/credentials/azureCliCredential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azureCliCredential.d.ts","sourceRoot":"","sources":["../../../src/credentials/azureCliCredential.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAStF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAMhF;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;yBACkB,MAAM;IAW3B;;;;OAIG;qCAES,MAAM,aACL,MAAM,iBACF,MAAM,YACX,MAAM,GACf,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;KAAE,CAAC;CAkCpE,CAAC;AAIF;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,4BAA4B,CAAW;IAC/C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,YAAY,CAAC,CAAS;IAE9B;;;;;;;OAOG;gBACS,OAAO,CAAC,EAAE,yBAAyB;IAe/C;;;;;;;OAOG;IACU,QAAQ,CACnB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC;IAoEvB;;;;;;;;;OASG;IACH,OAAO,CAAC,gBAAgB;CA+BzB"}